memguard

package
Version: v0.0.0-...-0e84ff7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 21, 2020 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Examples

Constants

This section is empty.

Variables

View Source
var AllocTimer = metrics.GetOrRegisterTimer("secret.memguard.alloctimer", nil)

AllocTimer is used to record the time taken to allocate a secret.

Functions

This section is empty.

Types

type Secret

type Secret struct {
	// contains filtered or unexported fields
}

Secret contains sensitive memory and stores data in protected page(s) in memory. Always call close after use to avoid memory leaks.

func (*Secret) Close

func (s *Secret) Close() error

Close closes the data container and frees any associated memory.

func (*Secret) IsClosed

func (s *Secret) IsClosed() bool

IsClosed returns true if the underlying data container has already been closed

func (*Secret) WithBytes

func (s *Secret) WithBytes(action func([]byte) error) error

WithBytes makes the underlying bytes readable and passes them to the function provided. A reference MUST not be kept to the bytes passed to the function as the underlying array will no longer be readable after the function exits. WithBytes panics if it is not able to update the access protection of the data region's memory pages as needed.

Example
package main

import (
	"fmt"

	"github.com/nikoo28/test-go/languages/go/securememory/memguard"
)

func main() {
	factory := new(memguard.SecretFactory)

	secret, err := factory.CreateRandom(32)
	if err != nil {
		panic("unexpected error!")
	}

	defer secret.Close()

	err = secret.WithBytes(func(bytes []byte) error {
		// You obviously shouldn't ever print a secret but this is just an example
		fmt.Printf("my original secret: %s", string(bytes))
		return nil
	})
	if err != nil {
		panic("unexpected error!")
	}
}
Output:

func (*Secret) WithBytesFunc

func (s *Secret) WithBytesFunc(action func([]byte) ([]byte, error)) ([]byte, error)

WithBytesFunc makes the underlying bytes readable and passes them to the function provided. A reference MUST not be kept to the bytes passed to the function as the underlying array will no longer be readable after the function exits. WithBytesFunc panics if it is not able to update the access protection of the data region's memory pages as needed.

Example
package main

import (
	"encoding/base64"
	"fmt"

	"github.com/nikoo28/test-go/languages/go/securememory/memguard"
)

func main() {
	factory := new(memguard.SecretFactory)

	secret, err := factory.CreateRandom(32)
	if err != nil {
		panic("unexpected error!")
	}

	defer secret.Close()

	// In this example we're encoding our underlying secret data using base64
	encryptedBytes, err := secret.WithBytesFunc(func(bytes []byte) ([]byte, error) {
		return []byte(base64.StdEncoding.EncodeToString(bytes)), nil
	})
	if err != nil {
		panic("unexpected error!")
	}

	fmt.Printf("my encrypted payload is: %s", string(encryptedBytes))
}
Output:

type SecretFactory

type SecretFactory struct {
}

SecretFactory is used to create memguard-based Secret implementations.

func (SecretFactory) CreateRandom

func (SecretFactory) CreateRandom(size int) (securememory.Secret, error)

CreateRandom returns a memguard-backed Secret that contains a random byte slice of the specified size. CreateRandom panics if it is not able to set the access protection of the data region's memory pages to none.

Example
package main

import (
	"github.com/nikoo28/test-go/languages/go/securememory/memguard"
)

func main() {
	factory := new(memguard.SecretFactory)

	secret, err := factory.CreateRandom(32)
	if err != nil {
		panic("unexpected error!")
	}

	defer secret.Close()

	// do something with the secret...
}
Output:

func (SecretFactory) New

New takes in a byte slice and returns a memguard-backed Secret containing that data. New panics if it is not able to set the access protection of the data region's memory pages to none. The underlying array will be wiped after the function exits.

Example
package main

import (
	"github.com/nikoo28/test-go/languages/go/securememory/memguard"
)

func main() {
	factory := new(memguard.SecretFactory)

	secret, err := factory.New([]byte("some really secret value"))
	if err != nil {
		panic("unexpected error!")
	}

	defer secret.Close()

	// do something with the secret...
}
Output:

Source Files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL