secure_types::vec

Struct SecureVec

Source 
pub struct SecureVec<T>
where
    T: Zeroize,
{ /* private fields */ }
Expand description

A securely allocated, growable vector, analogous to std::vec::Vec.

SecureVec<T> is designed to hold a sequence of sensitive data elements. It serves as the foundational secure collection in this crate.

§Security Model

When compiled with the std feature (the default), it provides several layers of protection:

  • Zeroization on Drop: The memory region is securely zeroized when the vector is dropped.
  • Memory Locking: The underlying memory pages are locked using mlock (Unix) or VirtualLock (Windows) to prevent the OS from swapping them to disk.
  • Memory Encryption: On Windows, the memory is also encrypted using CryptProtectMemory.

In a no_std environment, it falls back to providing only the zeroization-on-drop guarantee.

§Program Termination

Direct indexing (e.g., vec[0]) on a locked vector will cause the operating system to terminate the process with an access violation error.

Always use the provided scope methods (slice_scope, slice_mut_scope) for safe access.

§Examples

Using SecureBytes (a type alias for SecureVec<u8>) to handle a secret key.

use secure_types::SecureBytes;

// Create a new, empty secure vector.
let mut secret_key = SecureBytes::new().unwrap();

// Push some sensitive data into it.
secret_key.push(0xAB);
secret_key.push(0xCD);
secret_key.push(0xEF);

// The memory is locked here.

// Use a scope to safely access the contents as a slice.
secret_key.slice_scope(|unlocked_slice| {
    assert_eq!(unlocked_slice, &[0xAB, 0xCD, 0xEF]);
    println!("Secret Key: {:?}", unlocked_slice);
});

// The memory is automatically locked again when the scope ends.

// When `secret_key` is dropped, its memory is securely zeroized.

Implementations§

Source§

impl<T: Zeroize> SecureVec<T>

Source

pub fn new() -> Result<Self, Error>

Source

pub fn new_with_capacity(capacity: usize) -> Result<Self, Error>

Source

pub fn from_vec(vec: Vec<T>) -> Result<Self, Error>

Source

pub fn from_slice_mut(slice: &mut [T]) -> Result<Self, Error>
where T: Clone + DefaultIsZeroes,

Create a new SecureVec from a mutable slice. The slice is zeroized afterwards

Source

pub fn from_slice(slice: &[T]) -> Result<Self, Error>
where T: Clone,

Create a new SecureVec from a slice. The slice is not zeroized, you are responsible for zeroizing it

Source

pub fn len(&self) -> usize

Source

pub fn as_ptr(&self) -> *const T

Source

pub fn as_mut_ptr(&mut self) -> *mut u8

Source

pub fn unlock_scope<F, R>(&self, f: F) -> R
where F: FnOnce(&SecureVec<T>) -> R,

Immutable access to the SecureVec

Source

pub fn slice_scope<F, R>(&self, f: F) -> R
where F: FnOnce(&[T]) -> R,

Immutable access to the SecureVec as &[T]

Source

pub fn slice_mut_scope<F, R>(&mut self, f: F) -> R
where F: FnOnce(&mut [T]) -> R,

Mutable access to the SecureVec as &mut [T]

Source

pub fn iter_scope<F, R>(&self, f: F) -> R
where F: FnOnce(Iter<'_, T>) -> R,

Immutable access to the SecureVec as Iter<T>

§Use with caution

You can actually return a new allocated Vec from this function

If you do that you are responsible for zeroizing its contents

Source

pub fn iter_mut_scope<F, R>(&mut self, f: F) -> R
where F: FnOnce(IterMut<'_, T>) -> R,

Mutable access to the SecureVec as IterMut<T>

§Use with caution

You can actually return a new allocated Vec from this function

If you do that you are responsible for zeroizing its contents

Source

pub fn erase(&mut self)

Erase the underlying data and clears the vector

The memory is locked again and the capacity is preserved for reuse

Source

pub fn clear(&mut self)

Clear the vector

This just sets the vector’s len to zero it does not erase the underlying data

Source

pub fn push(&mut self, value: T)

Source

pub fn reserve(&mut self, additional: usize)

Ensures that the vector has enough capacity for at least additional more elements.

If more capacity is needed, it will reallocate. This may cause the buffer location to change.

§Panics

Panics if the new capacity overflows usize or if the allocation fails.

Source

pub fn drain<R>(&mut self, range: R) -> Drain<'_, T>
where R: RangeBounds<usize>,

Creates a draining iterator that removes the specified range from the vector and yields the removed items.

Note: The vector is unlocked during the lifetime of the Drain iterator. The memory is relocked when the Drain iterator is dropped.

§Panics

Panics if the starting point is greater than the end point or if the end point is greater than the length of the vector.

Trait Implementations§

Source§

impl<T: Clone + Zeroize> Clone for SecureVec<T>

Source§

fn clone(&self) -> Self

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<T: Zeroize> Drop for SecureVec<T>

Source§

fn drop(&mut self)

Executes the destructor for this type. Read more
Source§

impl<const LENGTH: usize> From<SecureArray<u8, LENGTH>> for SecureVec<u8>

Source§

fn from(array: SecureArray<u8, LENGTH>) -> Self

Converts to this type from the input type.
Source§

impl From<SecureVec<u8>> for SecureString

Source§

fn from(vec: SecureVec<u8>) -> Self

Converts to this type from the input type.
Source§

impl<T: Zeroize> Index<usize> for SecureVec<T>

Source§

type Output = T

The returned type after indexing.
Source§

fn index(&self, index: usize) -> &Self::Output

Performs the indexing (container[index]) operation. Read more
Source§

impl<const LENGTH: usize> TryFrom<SecureVec<u8>> for SecureArray<u8, LENGTH>

Source§

fn try_from(vec: SecureVec<u8>) -> Result<Self, Self::Error>

Tries to convert a SecureVec<u8> into a SecureArray<u8, LENGTH>.

This operation will only succeed if vec.len() == LENGTH. The original SecureVec is consumed.

Source§

type Error = Error

The type returned in the event of a conversion error.
Source§

impl<T: Zeroize + Send> Send for SecureVec<T>

Source§

impl<T: Zeroize + Send + Sync> Sync for SecureVec<T>

Auto Trait Implementations§

§

impl<T> Freeze for SecureVec<T>

§

impl<T> RefUnwindSafe for SecureVec<T>
where T: RefUnwindSafe,

§

impl<T> Unpin for SecureVec<T>
where T: Unpin,

§

impl<T> UnwindSafe for SecureVec<T>
where T: RefUnwindSafe + UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.