Expand description
Secret handling utilities for the PAKEs-Conflux workspace.
This crate is intended to centralize secret-handling patterns across the
aucpace, spake2, and srp crates. It will provide:
- Typed wrappers for secret material (passwords, verifiers, scalars, derived keys).
- Reliable in-memory erasure via zeroization semantics.
- Clear API boundaries that prevent accidental exposure or cloning of secrets.
- Testing guidance and utilities to validate zeroization behavior where feasible.
Design goals
- Minimize accidental copies of secret data.
- Ensure secrets are zeroized on drop and after critical transitions.
- Provide clear documentation and policies for secret lifecycles.
- Remain no_std-friendly with an
alloc-based default.
Scope (initial scaffolding)
- This initial version is documentation-only with module placeholders. There are no public APIs yet. Follow-up phases will introduce concrete wrappers, traits, and utilities, along with unit and integration tests.
Feature flags
alloc(default): Enables heap-backed containers to support secret buffers.std: Convenience alias that impliesalloc. Intended for environments where the standard library is available.
Usage policy (to be enforced in subsequent phases)
- All password bytes, ephemeral private scalars, long-lived verifiers, and derived session keys must be wrapped by secret types provided here.
- Public APIs must not expose raw secret bytes. Controlled exposure methods will be provided and documented.
- Conversions to/from public representations (e.g., serialized forms) will be centralized in audited helpers.
Tests and CI (to be added in later phases)
- Unit tests to verify zeroization semantics and API boundaries.
- Integration tests to exercise protocol flows without leaking secrets.
- CI gates to help prevent regressions in secret-handling policies.
Modulesยง
- test_
utils - Placeholder module for internal test utilities.
- traits
- Placeholder module for secret-related traits and policies.
- wrappers
- Placeholder module for secret wrappers.