safebox

Struct SafeBox

Source 
pub struct SafeBox<T: ?Sized>(/* private fields */);
Expand description

A safe box for your secrets.

On Drop the content T is zeroed in RAM with memzero.

It can only be instantiated with Copy types. This forbids instantiating a SafeBox<Vec<T>> for example, which cannot be zeroed.

&T access is guarded behind the unsafe get_ref method. This prevents involuntary copies or clone of the content. Deref is not implemented.

&mut T is also guarded behind unsafe get_mut. This prevents involuntary memswap or memreplace of the content. And because DerefMut is not implemented, the content cannot be moved out either. Remember that it is perfectly safe to move or swap the SafeBox itself, because the content never moves, merely the smart pointer details.

Because only Copy types are accepted for the content, it is possible to provide a safe implementation of Clone. It allocates a new SafeBox with a memcopy of the content.

It is implemented as a wrapper around a Box.

Implementations§

Source§

impl<T: Copy> SafeBox<T>

Source

pub fn new(v: T) -> Self

Allocate a new SafeBox from the given value.

Since v is passed by copy/move, it is advised to initialize with some safe value. Then use SafeBox::get_mut to write the secret value with the least amount of intermediate copies.

Source§

impl<T: Copy> SafeBox<[T]>

Source

pub fn new_slice(v: T, len: usize) -> Self

Allocate a new SafeBox<[T]>.

The value v is copied into all len elements.

Source§

impl<T> SafeBox<[T]>

Source

pub fn new_slice_with<F: Fn() -> T>(len: usize, f: F) -> Self

Allocate a new SafeBox<[T]>.

The function f is called to initialize the len elements.

use safebox::SafeBox;
use rand::prelude::*;
let random_secret = SafeBox::new_slice_with(8, &random::<u8>);
Source§

impl<T: ?Sized> SafeBox<T>

Source

pub unsafe fn get_ref(&self) -> &T

A &T reference to the content.

This is unsafe, because it allows for copying the content around in memory. Of course, a secret must be read at some point to be useful. But you bear all responsibility in copying it around.

Source

pub unsafe fn get_mut(&mut self) -> &mut T

A &mut T reference to the content.

This is unsafe, because it allows for copying the content around in memory. Of course, a secret must be initialized at some point to be useful. But you bear all responsibility in copying it around.

Trait Implementations§

Source§

impl<T: Copy> Clone for SafeBox<[T]>

Source§

fn clone(&self) -> Self

Clone a SafeBox<[T]> via memcopy.

1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<T: Copy> Clone for SafeBox<T>

Source§

fn clone(&self) -> Self

Clone a SafeBox<T> via memcopy.

1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<T: Default + Copy> Default for SafeBox<T>

Source§

fn default() -> Self

Allocate a new SafeBox with the default value.

See SafeBox::new.

Source§

impl<T: ?Sized> Drop for SafeBox<T>

Source§

fn drop(&mut self)

Executes the destructor for this type. Read more

Auto Trait Implementations§

§

impl<T> Freeze for SafeBox<T>
where T: ?Sized,

§

impl<T> RefUnwindSafe for SafeBox<T>
where T: RefUnwindSafe + ?Sized,

§

impl<T> Send for SafeBox<T>
where T: Send + ?Sized,

§

impl<T> Sync for SafeBox<T>
where T: Sync + ?Sized,

§

impl<T> Unpin for SafeBox<T>
where T: ?Sized,

§

impl<T> UnwindSafe for SafeBox<T>
where T: UnwindSafe + ?Sized,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.