-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: improve hidden data handling (#52)
Some data, like cryptographic key material or passwords, needs special handling. Such data typically should: - be zeroized when it goes out of scope - never be displayed or written to debug logs - not typically be accessed except by (mutable) reference - have a strictly enforced type to avoid misuse This PR updates the `Hidden` type to handle this kind of data in a generic way. Hidden types can be instantiated using any underlying type that implements `Zeroize` and an optional differentiated type created by a macro that enforces context and prevents misuse. The hidden data is stored on the heap in a `Box` wrapper. This allows us to safely zeroize it on drop, and automatically prevents display and debug from revealing it unintentionally. Further, we only expose access to the data via immutable and mutable reference. The implementation supports `Clone` for cases where we need it, but does not support `Copy`. We also update `SafePassword` to be an instantiation of the updated `Hidden` type. This refactor is transparent to callers, as its existing API is unchanged.
- Loading branch information
1 parent
6d6800c
commit f35006f
Showing
6 changed files
with
486 additions
and
71 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.