Struct runtime::Secret

pub struct Secret<T: Bytes> { /* fields omitted */ }

A Type for guarding secrets allocated to the stack.

Provides the following security features and guarentees:

• The Memory is locked with [mlock].
• When the memory is freed, [munlock] is called.
• the memory is zeroed out when no longer in use.
• values are compared in constant time.
• values are prevented from being Debugged.
• Values can not be cloned.

Implementations

impl<T: Bytes> Secret<T>

pub fn new<F, A>(f: F) -> A where
    F: FnOnce(RefMut<'_, T>) -> A, 

Creates a new Secret and invokes the provided callback with a wrapper to the protected memory.

let sec = [0u8, 1u8];
// Wraps the sec data in a secret.
Secret::<[u8; 2]>::new(|mut s| {
   s.copy_from_slice(&sec[..]);
});

impl<T: Bytes + Zeroed> Secret<T>

pub fn zero<F, A>(f: F) -> A where
    F: FnOnce(RefMut<'_, T>) -> A, 

Creates a new Secret filled with zeroed bytes and invokes the callback with a wrapper to the protected memory.

Secret::<u8>::zero(|s| {
    assert_eq!(*s, 0);
});

pub fn from<F, A>(v: &mut T, f: F) -> A where
    F: FnOnce(RefMut<'_, T>) -> A, 

Creates a new Secret from existing, unprotected data, and immediately zeroes out the memory of the data being moved in.

let mut value = [1u8, 2u8];

// the contents of `value` will be copied into the Secret before
// being zeroed out
Secret::from(&mut value, |s| {
    assert_eq!(*s, [1, 2]);
});

// the contents of `value` have been zeroed
assert_eq!(value, [0, 0]);

impl<T: Bytes + Randomized> Secret<T>

pub fn random<F, U>(f: F) -> U where
    F: FnOnce(RefMut<'_, T>) -> U, 

Creates a new Secret filled with random bytes and invokes the callback with a wrapper to the protected memory.

Secret::<u128>::random(|s| {
    // s is filled with random bytes
})

Trait Implementations

impl<T: Bytes> Drop for Secret<T>

fn drop(&mut self)

Ensures that the Secret’s underlying memory is munlocked and zeroed when it leaves scope.