1 // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 // Copyright by contributors to this project. 3 // SPDX-License-Identifier: (Apache-2.0 OR MIT) 4 5 use alloc::vec::Vec; 6 use core::{ 7 fmt::{self, Debug}, 8 ops::{Deref, DerefMut}, 9 }; 10 use zeroize::Zeroizing; 11 12 #[cfg_attr( 13 all(feature = "ffi", not(test)), 14 safer_ffi_gen::ffi_type(clone, opaque) 15 )] 16 #[derive(Clone, Eq, PartialEq)] 17 /// Wrapper struct that represents a zeroize-on-drop `Vec<u8>` 18 pub struct Secret(Zeroizing<Vec<u8>>); 19 20 impl Debug for Secret { fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result21 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { 22 crate::debug::pretty_bytes(&self.0).named("Secret").fmt(f) 23 } 24 } 25 26 #[cfg_attr(all(feature = "ffi", not(test)), safer_ffi_gen::safer_ffi_gen)] 27 impl Secret { as_bytes(&self) -> &[u8]28 pub fn as_bytes(&self) -> &[u8] { 29 &self.0 30 } 31 } 32 33 impl From<Vec<u8>> for Secret { from(bytes: Vec<u8>) -> Self34 fn from(bytes: Vec<u8>) -> Self { 35 Zeroizing::new(bytes).into() 36 } 37 } 38 39 impl From<Zeroizing<Vec<u8>>> for Secret { from(bytes: Zeroizing<Vec<u8>>) -> Self40 fn from(bytes: Zeroizing<Vec<u8>>) -> Self { 41 Self(bytes) 42 } 43 } 44 45 impl Deref for Secret { 46 type Target = [u8]; 47 deref(&self) -> &[u8]48 fn deref(&self) -> &[u8] { 49 &self.0 50 } 51 } 52 53 impl DerefMut for Secret { deref_mut(&mut self) -> &mut [u8]54 fn deref_mut(&mut self) -> &mut [u8] { 55 &mut self.0 56 } 57 } 58