SecureArray

secure_types::array

Struct SecureArray 

Source 
pub struct SecureArray<T, const LENGTH: usize>
where
    T: Zeroize,
{ /* private fields */ }
Expand description

A fixed-size array allocated in a secure memory region.

§Security Model

When compiled with the std feature (the default), it provides several layers of protection:

  • Zeroization on Drop: The memory is zeroized when the array is dropped.
  • Memory Locking: The underlying memory pages are locked using mlock & madvise for (Unix) or VirtualLock & VirtualProtect for (Windows) to prevent the OS from memory-dump/swap to disk or other processes accessing the memory.
  • Memory Encryption: On Windows, the memory is also encrypted using CryptProtectMemory.

In a no_std environment, it falls back to providing only the zeroization-on-drop guarantee.

§Program Termination

Direct indexing (e.g., array[0]) on a locked array will cause the operating system to terminate the process with an access violation error. Always use the provided scope methods (unlock, unlock_mut) for safe access.

§Notes

If you return a new allocated [T; LENGTH] from one of the unlock methods you are responsible for zeroizing the memory.

§Example

use secure_types::{SecureArray, Zeroize};

let exposed_key: &mut [u8; 32] = &mut [1u8; 32];
let secure_key: SecureArray<u8, 32> = SecureArray::from_slice_mut(exposed_key).unwrap();

secure_key.unlock(|unlocked_slice| {
    assert_eq!(unlocked_slice.len(), 32);
    assert_eq!(unlocked_slice[0], 1);
});
 
// Not recommended but if you allocate a new [u8; LENGTH] make sure to zeroize it
let mut exposed = secure_key.unlock(|unlocked_slice| {
    [unlocked_slice[0], unlocked_slice[1], unlocked_slice[2]]
});
 
// Do what you need to to do with the new array
// When you are done with it, zeroize it
exposed.zeroize();

Implementations§

Source§

impl<T, const LENGTH: usize> SecureArray<T, LENGTH>
where T: Zeroize,

Source

pub fn empty() -> Result<Self, Error>

Creates an empty (but allocated) SecureArray.

The memory is allocated but not initialized, and it’s the caller’s responsibility to fill it.

Source

pub fn from_slice_mut(content: &mut [T; LENGTH]) -> Result<Self, Error>

Creates a new SecureArray from a &mut [T; LENGTH].

The passed slice is zeroized afterwards

Source

pub fn from_slice(content: &[T; LENGTH]) -> Result<Self, Error>

Creates a new SecureArray from a &[T; LENGTH].

The array is not zeroized, you are responsible for zeroizing it

Source

pub fn len(&self) -> usize

Source

pub fn is_empty(&self) -> bool

Source

pub fn as_ptr(&self) -> *const T

Source

pub fn as_mut_ptr(&mut self) -> *mut u8

Source

pub fn unlock<F, R>(&self, f: F) -> R
where F: FnOnce(&[T]) -> R,

Immutable access to the array’s data as a &[T]

Source

pub fn unlock_mut<F, R>(&mut self, f: F) -> R
where F: FnOnce(&mut [T]) -> R,

Mutable access to the array’s data as a &mut [T]

Source

pub fn erase(&mut self)

Securely erases the contents of the array by zeroizing the memory.

Trait Implementations§

Source§

impl<T: Clone + Zeroize, const LENGTH: usize> Clone for SecureArray<T, LENGTH>

Source§

fn clone(&self) -> Self

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<T: Zeroize, const LENGTH: usize> Drop for SecureArray<T, LENGTH>

Source§

fn drop(&mut self)

Executes the destructor for this type. Read more
Source§

impl<const LENGTH: usize> From<SecureArray<u8, LENGTH>> for SecureVec<u8>

Source§

fn from(array: SecureArray<u8, LENGTH>) -> Self

Converts to this type from the input type.
Source§

impl<T: Zeroize, const LENGTH: usize> Index<usize> for SecureArray<T, LENGTH>

Source§

type Output = T

The returned type after indexing.
Source§

fn index(&self, index: usize) -> &Self::Output

Performs the indexing (container[index]) operation. Read more
Source§

impl<T: Zeroize, const LENGTH: usize> IndexMut<usize> for SecureArray<T, LENGTH>

Source§

fn index_mut(&mut self, index: usize) -> &mut Self::Output

Performs the mutable indexing (container[index]) operation. Read more
Source§

impl<const LENGTH: usize> TryFrom<SecureVec<u8>> for SecureArray<u8, LENGTH>

Source§

fn try_from(vec: SecureVec<u8>) -> Result<Self, Self::Error>

Tries to convert a SecureVec<u8> into a SecureArray<u8, LENGTH>.

This operation will only succeed if vec.len() == LENGTH.

The SecureVec is consumed.

Source§

type Error = Error

The type returned in the event of a conversion error.
Source§

impl<T: Zeroize + Send, const LENGTH: usize> Send for SecureArray<T, LENGTH>

Source§

impl<T: Zeroize + Send + Sync, const LENGTH: usize> Sync for SecureArray<T, LENGTH>

Auto Trait Implementations§

§

impl<T, const LENGTH: usize> Freeze for SecureArray<T, LENGTH>

§

impl<T, const LENGTH: usize> RefUnwindSafe for SecureArray<T, LENGTH>
where T: RefUnwindSafe,

§

impl<T, const LENGTH: usize> Unpin for SecureArray<T, LENGTH>
where T: Unpin,

§

impl<T, const LENGTH: usize> UnwindSafe for SecureArray<T, LENGTH>
where T: RefUnwindSafe + UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.