SecureVec

secure_types::vec

Struct SecureVec 

Source 
pub struct SecureVec<T>
where
    T: Zeroize,
{ /* private fields */ }
Expand description

A securely allocated, growable vector, just like std::vec::Vec.

§Security Model

When compiled with the use_os feature (the default), it provides several layers of protection:

  • Zeroization on Drop: The memory is zeroized when the vector is dropped.
  • Memory Locking: The underlying memory pages are locked using mlock & madvise for (Unix) or VirtualLock & VirtualProtect for (Windows) to prevent the OS from memory-dump/swap to disk or other processes accessing the memory.

In a no_std environment, it falls back to providing only the zeroization-on-drop guarantee.

§Program Termination

Direct indexing (e.g., vec[0]) on a locked vector will cause the operating system to terminate the process with an access violation error.

Always use the provided scope methods (unlock_slice, unlock_slice_mut) for safe access.

§Notes

If you return a new allocated Vec from one of the unlock methods you are responsible for zeroizing the memory.

§Example

Using SecureBytes (a type alias for SecureVec<u8>) to handle a secret key.

use secure_types::{SecureBytes, Zeroize};

// Create a new, empty secure vector.
let mut secret_key = SecureBytes::new().unwrap();

// Push some sensitive data into it.
secret_key.push(0xAB);
secret_key.push(0xCD);
secret_key.push(0xEF);

// The memory is locked here.

// Use a scope to safely access the contents as a slice.
secret_key.unlock_slice(|unlocked_slice| {
    assert_eq!(unlocked_slice, &[0xAB, 0xCD, 0xEF]);
});

// Not recommended but if you allocate a new Vec make sure to zeroize it
let mut exposed = secret_key.unlock_slice(|unlocked_slice| {
    Vec::from(unlocked_slice)
});

// Do what you need to to do with the new vector
// When you are done with it, zeroize it
exposed.zeroize();

// The memory is automatically locked again when the scope ends.

// When `secret_key` is dropped, its memory is securely zeroized.

Implementations§

Source§

impl<T: Zeroize> SecureVec<T>

Source

pub fn new() -> Result<Self, Error>

Create a new SecureVec with a capacity of 1

Source

pub fn new_with_capacity(capacity: usize) -> Result<Self, Error>

Create a new SecureVec with the given capacity

Source

pub fn from_vec(vec: Vec<T>) -> Result<Self, Error>

Create a new SecureVec from a Vec

The Vec is zeroized afterwards

Source

pub fn from_slice_mut(slice: &mut [T]) -> Result<Self, Error>
where T: Clone + DefaultIsZeroes,

Create a new SecureVec from a mutable slice.

The slice is zeroized afterwards

Source

pub fn from_slice(slice: &[T]) -> Result<Self, Error>
where T: Clone,

Create a new SecureVec from a slice.

The slice is not zeroized, you are responsible for zeroizing it

Source

pub fn len(&self) -> usize

Source

pub fn is_empty(&self) -> bool

Source

pub fn unlock<F, R>(&self, f: F) -> R
where F: FnOnce(&SecureVec<T>) -> R,

Immutable access to the SecureVec

Source

pub fn unlock_slice<F, R>(&self, f: F) -> R
where F: FnOnce(&[T]) -> R,

Immutable access to the SecureVec as &[T]

Source

pub fn unlock_slice_mut<F, R>(&mut self, f: F) -> R
where F: FnOnce(&mut [T]) -> R,

Mutable access to the SecureVec as &mut [T]

Source

pub fn unlock_iter<F, R>(&self, f: F) -> R
where F: FnOnce(Iter<'_, T>) -> R,

Immutable access to the SecureVec as Iter<T>

Source

pub fn unlock_iter_mut<F, R>(&mut self, f: F) -> R
where F: FnOnce(IterMut<'_, T>) -> R,

Mutable access to the SecureVec as IterMut<T>

Source

pub fn erase(&mut self)

Erase the underlying data and clears the vector

The memory is locked again and the capacity is preserved for reuse

Source

pub fn clear(&mut self)

Clear the vector

This just sets the vector’s len to zero it does not erase the underlying data

Source

pub fn push(&mut self, value: T)

Source

pub fn reserve(&mut self, additional: usize)

Ensures that the vector has enough capacity for at least additional more elements.

If more capacity is needed, it will reallocate. This may cause the buffer location to change.

§Panics

Panics if the new capacity overflows usize or if the allocation fails.

Source

pub fn drain<R>(&mut self, range: R) -> Drain<'_, T>
where R: RangeBounds<usize>,

Creates a draining iterator that removes the specified range from the vector and yields the removed items.

Note: The vector is unlocked during the lifetime of the Drain iterator. The memory is relocked when the Drain iterator is dropped.

§Panics

Panics if the starting point is greater than the end point or if the end point is greater than the length of the vector.

Trait Implementations§

Source§

impl<T: Clone + Zeroize> Clone for SecureVec<T>

Source§

fn clone(&self) -> Self

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<T: Zeroize> Drop for SecureVec<T>

Source§

fn drop(&mut self)

Executes the destructor for this type. Read more
Source§

impl<const LENGTH: usize> From<SecureArray<u8, LENGTH>> for SecureVec<u8>

Source§

fn from(array: SecureArray<u8, LENGTH>) -> Self

Converts to this type from the input type.
Source§

impl From<SecureVec<u8>> for SecureString

Source§

fn from(vec: SecureVec<u8>) -> Self

Converts to this type from the input type.
Source§

impl<T: Zeroize> Index<usize> for SecureVec<T>

Source§

type Output = T

The returned type after indexing.
Source§

fn index(&self, index: usize) -> &Self::Output

Performs the indexing (container[index]) operation. Read more
Source§

impl<const LENGTH: usize> TryFrom<SecureVec<u8>> for SecureArray<u8, LENGTH>

Source§

fn try_from(vec: SecureVec<u8>) -> Result<Self, Self::Error>

Tries to convert a SecureVec<u8> into a SecureArray<u8, LENGTH>.

This operation will only succeed if vec.len() == LENGTH.

The SecureVec is consumed.

Source§

type Error = Error

The type returned in the event of a conversion error.
Source§

impl<T: Zeroize + Send> Send for SecureVec<T>

Source§

impl<T: Zeroize + Send + Sync> Sync for SecureVec<T>

Auto Trait Implementations§

§

impl<T> Freeze for SecureVec<T>

§

impl<T> RefUnwindSafe for SecureVec<T>
where T: RefUnwindSafe,

§

impl<T> Unpin for SecureVec<T>
where T: Unpin,

§

impl<T> UnwindSafe for SecureVec<T>
where T: RefUnwindSafe + UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.