Skip to main content

Dynamic

secure_gate

Struct Dynamic 

Source 
pub struct Dynamic<T: ?Sized + Zeroize> { /* private fields */ }
Expand description

Heap-allocated secret wrapper with explicit access and automatic zeroization on drop.

Requires alloc feature. Inner type must implement Zeroize. Zero-cost heap-allocated wrapper for variable-length secrets.

Requires alloc. Inner type must implement Zeroize for automatic zeroization on drop (including spare capacity in Vec/String).

No Deref, AsRef, or Copy by default — all access requires expose_secret() or with_secret() (scoped, preferred). For the common concrete types, Dynamic::<Vec<u8>>::new_with and Dynamic::<String>::new_with are the matching scoped constructors — closures that write directly into the wrapper. new(value) remains available as the ergonomic default. Debug always prints [REDACTED].

Implementations§

Source§

impl<T: ?Sized + Zeroize> Dynamic<T>

Source

pub fn new<U>(value: U) -> Self
where U: Into<Box<T>>,

Source§

impl Dynamic<Vec<u8>>

Source

pub fn to_hex(&self) -> String

Source

pub fn to_hex_upper(&self) -> String

Source

pub fn to_base64url(&self) -> String

Source

pub fn new_with<F>(f: F) -> Self
where F: FnOnce(&mut Vec<u8>),

Closure-based constructor for consistent API with Fixed::new_with. The actual secret data is allocated on the heap; this method exists for ergonomic uniformity across the crate.

Source§

impl Dynamic<String>

Source

pub fn new_with<F>(f: F) -> Self
where F: FnOnce(&mut String),

Closure-based constructor for consistent API with Fixed::new_with. The actual secret data is allocated on the heap; this method exists for ergonomic uniformity across the crate.

Source§

impl Dynamic<Vec<u8>>

Source

pub fn from_random(len: usize) -> Self

Allocates a Vec<u8> of length len, fills it with cryptographically secure random bytes, and wraps it.

Uses the system RNG (OsRng). Requires the rand feature and alloc (implicit — Dynamic<T> itself requires alloc).

§Panics

Panics if the RNG fails (TryRngCore::try_fill_bytes returns Err). This is treated as a fatal environment error.

Source

pub fn from_rng<R: TryRngCore + TryCryptoRng>( len: usize, rng: &mut R, ) -> Result<Self, R::Error>

Allocates a Vec<u8> of length len, fills it from rng, and wraps it.

Accepts any TryCryptoRng + TryRngCore (e.g. a seeded generator for deterministic tests). Requires the rand feature and alloc.

§Errors

Returns R::Error if try_fill_bytes fails.

Source§

impl Dynamic<Vec<u8>>

Source

pub fn try_from_hex(s: &str) -> Result<Self, HexError>

Decodes a lowercase hex string into Dynamic<Vec<u8>>.

The decoded buffer is kept inside a Zeroizing wrapper until after the Box allocation completes, guaranteeing zeroization even on OOM panic.

Source§

impl Dynamic<Vec<u8>>

Source

pub fn try_from_base64url(s: &str) -> Result<Self, Base64Error>

Decodes a Base64url (unpadded) string into Dynamic<Vec<u8>>.

The decoded buffer is kept inside a Zeroizing wrapper until after the Box allocation completes, guaranteeing zeroization even on OOM panic.

Source§

impl Dynamic<Vec<u8>>

Source

pub fn try_from_bech32_unchecked(s: &str) -> Result<Self, Bech32Error>

Decodes a Bech32 (BIP-173) string into Dynamic<Vec<u8>>.

The decoded buffer is kept inside a Zeroizing wrapper until after the Box allocation completes, guaranteeing zeroization even on OOM panic.

§Warning

The HRP is not validated — any HRP will be accepted as long as the checksum is valid. For security-critical code where cross-protocol confusion must be prevented, use try_from_bech32.

Source

pub fn try_from_bech32(s: &str, expected_hrp: &str) -> Result<Self, Bech32Error>

Decodes a Bech32 (BIP-173) string into Dynamic<Vec<u8>>, validating that the HRP matches expected_hrp (case-insensitive).

The decoded buffer is kept inside a Zeroizing wrapper until after the Box allocation completes, guaranteeing zeroization even on OOM panic.

Prefer this over try_from_bech32_unchecked in security-critical code to prevent cross-protocol confusion attacks.

Source§

impl Dynamic<Vec<u8>>

Source

pub fn try_from_bech32m_unchecked(s: &str) -> Result<Self, Bech32Error>

Decodes a Bech32m (BIP-350) string into Dynamic<Vec<u8>>.

The decoded buffer is kept inside a Zeroizing wrapper until after the Box allocation completes, guaranteeing zeroization even on OOM panic.

§Warning

The HRP is not validated — any HRP will be accepted as long as the checksum is valid. For security-critical code where cross-protocol confusion must be prevented, use try_from_bech32m.

Source

pub fn try_from_bech32m( s: &str, expected_hrp: &str, ) -> Result<Self, Bech32Error>

Decodes a Bech32m (BIP-350) string into Dynamic<Vec<u8>>, validating that the HRP matches expected_hrp (case-insensitive).

The decoded buffer is kept inside a Zeroizing wrapper until after the Box allocation completes, guaranteeing zeroization even on OOM panic.

Prefer this over try_from_bech32m_unchecked in security-critical code to prevent cross-protocol confusion attacks.

Source§

impl Dynamic<Vec<u8>>

Source

pub fn deserialize_with_limit<'de, D>( deserializer: D, limit: usize, ) -> Result<Self, D::Error>
where D: Deserializer<'de>,

Deserializes into Dynamic<Vec<u8>>, rejecting payloads larger than limit bytes.

The standard serde::Deserialize impl calls this with MAX_DESERIALIZE_BYTES. Use this method directly when you need a tighter or looser ceiling.

The intermediate buffer is kept inside a Zeroizing wrapper until after the Box allocation completes, guaranteeing zeroization even on OOM panic. Oversized buffers are also zeroized before the error is returned.

Important: this limit is enforced after the upstream deserializer has fully materialized the payload. It is a result-length acceptance bound, not a pre-allocation DoS guard. For untrusted input, enforce size limits at the transport or parser layer upstream.

Source§

impl Dynamic<String>

Source

pub fn deserialize_with_limit<'de, D>( deserializer: D, limit: usize, ) -> Result<Self, D::Error>
where D: Deserializer<'de>,

Deserializes into Dynamic<String>, rejecting payloads larger than limit bytes.

The standard serde::Deserialize impl calls this with MAX_DESERIALIZE_BYTES. Use this method directly when you need a tighter or looser ceiling.

The intermediate buffer is kept inside a Zeroizing wrapper until after the Box allocation completes, guaranteeing zeroization even on OOM panic. Oversized buffers are also zeroized before the error is returned.

Important: this limit is enforced after the upstream deserializer has fully materialized the payload. It is a result-length acceptance bound, not a pre-allocation DoS guard. For untrusted input, enforce size limits at the transport or parser layer upstream.

Trait Implementations§

Source§

impl<T: Zeroize + CloneableSecret> Clone for Dynamic<T>

Available on crate feature cloneable only.
Source§

fn clone(&self) -> Self

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<T> ConstantTimeEq for Dynamic<T>
where T: ConstantTimeEq + ?Sized + Zeroize,

Available on crate feature ct-eq only.
Source§

fn ct_eq(&self, other: &Self) -> bool

Performs equality comparison in constant time. Read more
Source§

impl<T: ?Sized + Zeroize> Debug for Dynamic<T>

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for Dynamic<String>

Available on crate feature serde-deserialize only.
Source§

fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
where D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl<'de> Deserialize<'de> for Dynamic<Vec<u8>>

Available on crate feature serde-deserialize only.
Source§

fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
where D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl<T: ?Sized + Zeroize> Drop for Dynamic<T>

Source§

fn drop(&mut self)

Executes the destructor for this type. Read more
Source§

impl ExposeSecret<String> for Dynamic<String>

Source§

fn expose_secret(&self) -> &String

Returns a shared reference to the inner secret.
Source§

impl<T: Zeroize> ExposeSecret<Vec<T>> for Dynamic<Vec<T>>

Source§

fn expose_secret(&self) -> &Vec<T>

Returns a shared reference to the inner secret.
Source§

impl ExposeSecretMut<String> for Dynamic<String>

Source§

fn expose_secret_mut(&mut self) -> &mut String

Returns a mutable reference to the inner secret.
Source§

impl<T: Zeroize> ExposeSecretMut<Vec<T>> for Dynamic<Vec<T>>

Source§

fn expose_secret_mut(&mut self) -> &mut Vec<T>

Returns a mutable reference to the inner secret.
Source§

impl From<&[u8]> for Dynamic<Vec<u8>>

Source§

fn from(slice: &[u8]) -> Self

Converts to this type from the input type.
Source§

impl From<&str> for Dynamic<String>

Source§

fn from(input: &str) -> Self

Converts to this type from the input type.
Source§

impl<T: ?Sized + Zeroize> From<Box<T>> for Dynamic<T>

Source§

fn from(boxed: Box<T>) -> Self

Converts to this type from the input type.
Source§

impl From<Dynamic<String>> for Secret<String>

Converts a Dynamic<String> into Secret<String>.

Source§

fn from(d: Dynamic<String>) -> Self

Converts to this type from the input type.
Source§

impl From<Dynamic<String>> for SecretBox<String>

Converts a Dynamic<String> back into a SecretBox<String>.

Clones the inner String. Both the source and the new wrapper are zeroized on drop.

Source§

fn from(d: Dynamic<String>) -> Self

Converts to this type from the input type.
Source§

impl From<Dynamic<String>> for SecretString

Converts a Dynamic<String> into a SecretString (= SecretBox<str>).

Clones the inner string. Both ends are zeroized on drop.

Source§

fn from(d: Dynamic<String>) -> Self

Converts to this type from the input type.
Source§

impl<S: Clone + Zeroize + 'static> From<Dynamic<Vec<S>>> for SecretBox<Vec<S>>

Converts a Dynamic<Vec<S>> back into a SecretBox<Vec<S>>.

Clones the inner Vec. Both ends are zeroized on drop.

Source§

fn from(d: Dynamic<Vec<S>>) -> Self

Converts to this type from the input type.
Source§

impl<T: Clone + Zeroize + 'static> From<Dynamic<Vec<T>>> for Secret<Vec<T>>

Converts a Dynamic<Vec<T>> into Secret<Vec<T>>.

Source§

fn from(d: Dynamic<Vec<T>>) -> Self

Converts to this type from the input type.
Source§

impl From<Secret<String>> for Dynamic<String>

Converts Secret<String> into a Dynamic<String>.

Source§

fn from(s: Secret<String>) -> Self

Converts to this type from the input type.
Source§

impl<T: Clone + Zeroize + 'static> From<Secret<Vec<T>>> for Dynamic<Vec<T>>

Converts Secret<Vec<T>> into a Dynamic<Vec<T>>.

Source§

fn from(s: Secret<Vec<T>>) -> Self

Converts to this type from the input type.
Source§

impl<S: Clone + Zeroize + 'static> From<SecretBox<S>> for Dynamic<S>

Converts a SecretBox<S> into a Dynamic<S> (primary migration path).

Requires S: Clone because the inner Box<S> cannot be moved out of SecretBox without unsafe code (SecretBox has a Drop impl). The clone is immediately wrapped in Dynamic and the original is zeroized on drop.

For zero-copy migration, construct Dynamic<S> directly instead.

Source§

fn from(sb: SecretBox<S>) -> Self

Converts to this type from the input type.
Source§

impl From<SecretBox<str>> for Dynamic<String>

Converts a SecretString (= SecretBox<str>) into a Dynamic<String>.

Clones the inner str into a new String. Both ends are zeroized on drop.

Source§

fn from(sb: SecretString) -> Self

Converts to this type from the input type.
Source§

impl<T: 'static + Zeroize> From<T> for Dynamic<T>

Source§

fn from(value: T) -> Self

Converts to this type from the input type.
Source§

impl RevealSecret for Dynamic<String>

Source§

type Inner = String

The inner secret type being revealed. Read more
Source§

fn with_secret<F, R>(&self, f: F) -> R
where F: FnOnce(&String) -> R,

Provides scoped (recommended) read-only access to the secret. Read more
Source§

fn expose_secret(&self) -> &String

Returns a direct (auditable) read-only reference to the secret. Read more
Source§

fn len(&self) -> usize

Returns the length of the secret in bytes. Read more
Source§

fn is_empty(&self) -> bool

Returns true if the secret is empty. Read more
Source§

impl<T: Zeroize> RevealSecret for Dynamic<Vec<T>>

Source§

type Inner = Vec<T>

The inner secret type being revealed. Read more
Source§

fn with_secret<F, R>(&self, f: F) -> R
where F: FnOnce(&Vec<T>) -> R,

Provides scoped (recommended) read-only access to the secret. Read more
Source§

fn expose_secret(&self) -> &Vec<T>

Returns a direct (auditable) read-only reference to the secret. Read more
Source§

fn len(&self) -> usize

Returns the length of the secret in bytes. Read more
Source§

fn is_empty(&self) -> bool

Returns true if the secret is empty. Read more
Source§

impl RevealSecretMut for Dynamic<String>

Source§

fn with_secret_mut<F, R>(&mut self, f: F) -> R
where F: FnOnce(&mut String) -> R,

Provides scoped (recommended) mutable access to the secret. Read more
Source§

fn expose_secret_mut(&mut self) -> &mut String

Returns a direct (auditable) mutable reference to the secret. Read more
Source§

impl<T: Zeroize> RevealSecretMut for Dynamic<Vec<T>>

Source§

fn with_secret_mut<F, R>(&mut self, f: F) -> R
where F: FnOnce(&mut Vec<T>) -> R,

Provides scoped (recommended) mutable access to the secret. Read more
Source§

fn expose_secret_mut(&mut self) -> &mut Vec<T>

Returns a direct (auditable) mutable reference to the secret. Read more
Source§

impl<T: Zeroize + SerializableSecret> Serialize for Dynamic<T>

Available on crate feature serde-serialize only.
Source§

fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
where S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl<T: ?Sized + Zeroize> Zeroize for Dynamic<T>

Source§

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler.
Source§

impl<T: ?Sized + Zeroize> ZeroizeOnDrop for Dynamic<T>

Auto Trait Implementations§

§

impl<T> Freeze for Dynamic<T>
where T: ?Sized,

§

impl<T> RefUnwindSafe for Dynamic<T>
where T: RefUnwindSafe + ?Sized,

§

impl<T> Send for Dynamic<T>
where T: Send + ?Sized,

§

impl<T> Sync for Dynamic<T>
where T: Sync + ?Sized,

§

impl<T> Unpin for Dynamic<T>
where T: ?Sized,

§

impl<T> UnsafeUnpin for Dynamic<T>
where T: ?Sized,

§

impl<T> UnwindSafe for Dynamic<T>
where T: UnwindSafe + ?Sized,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,