secure_gate/encoding/mod.rs
1//! Encoding utilities for secure handling of encoded secret data.
2//!
3//! This module provides validated string wrappers for various encoding formats
4//! commonly used with cryptographic secrets. Each wrapper ensures the contained
5//! string is valid for its encoding format and provides secure decoding methods.
6//!
7//! The wrappers are designed to prevent accidental leakage of sensitive data:
8//! - Input validation with secure zeroization of invalid inputs
9//! - Controlled access to decoded bytes through explicit methods
10//! - Constant-time equality comparison (when `ct-eq` feature is enabled)
11//! - Debug redaction to prevent accidental logging of secrets
12//!
13//! # Available Encodings
14//!
15//! - **Hex**: Lowercase hexadecimal strings via `hex` module
16//! - **Base64**: URL-safe base64 (no padding) via `base64` module
17//! - **Bech32/Bech32m**: Human-readable encoded strings via `bech32` module
18//!
19//! # Security Features
20//!
21//! All encoding wrappers implement secure practices:
22//! - **Security**: Invalid inputs are only zeroized when the `zeroize` feature is enabled.
23//! Without `zeroize`, rejected secrets may remain in memory until normal drop.
24//! - Constant-time equality prevents timing attacks (with `ct-eq`)
25//! - Memory is securely zeroized when wrappers are dropped
26//! - Debug output shows `[REDACTED]` to prevent accidental exposure
27
28#![cfg_attr(
29 not(any(
30 feature = "encoding-hex",
31 feature = "encoding-base64",
32 feature = "encoding-bech32"
33 )),
34 forbid(unsafe_code)
35)]
36
37#[cfg(feature = "encoding-hex")]
38pub mod hex;
39#[cfg(feature = "encoding-hex")]
40pub mod hex_random_ext;
41
42#[cfg(feature = "encoding-base64")]
43pub mod base64;
44#[cfg(feature = "encoding-base64")]
45pub mod base64_random_ext;
46
47#[cfg(feature = "encoding-bech32")]
48pub mod bech32;
49#[cfg(feature = "encoding-bech32")]
50pub mod bech32_random_ext;