9 releases (4 breaking)

0.5.0 Jan 7, 2022
0.4.0 Dec 27, 2021
0.3.1 Dec 26, 2021
0.2.2 Nov 29, 2021
0.1.1 Jun 26, 2021

#2116 in Cryptography

25 downloads per month

MIT/Apache

59KB
634 lines

Hard - Hardened Buffers for Rust

crates.io docs.rs

Storing sensitive data (cryptographic keys, passwords, plaintexts, etc.) can be fraught with issues. Data can be recovered from uninitialised memory, from the contents of core dumps/crash reports, or accidentally revealed via buffer overflows.

Hard attempts to provide buffer types which are hardened against these types of errors. Based on the libsodium cryptographic library, we make use of its secure memory utilities to allocate and manage the memory backing buffer types. Memory allocated using hard is placed directly at the end of a page, followed by a guard page, so any buffer overflow will immediately result in the termination of the program. A canary is placed before the allocated memory to detect modifications on free, and another guard page is placed before this. The operating system is advised not to swap the memory to disk, or include it in crash reports/core dumps. Finally, when the memory is freed, it is first securely cleared, in such a way that the compiler will not attempt to optimise away the operation.

For more information, see the docs.

Security/Vulnerability Disclosures

If you find a vulnerability in hard, please immediately contact tom25519@pm.me with details.

My age public key (preferred) is:

age1gglesedq4m2z9kc7urjhq3zlpc6qewcwpcna7s0lwh8k2c4e6fxqf3kdvq

My PGP public key has fingerprint 0x4712EC7C9F404B14, and is available from keyserver.ubuntu.com, pgp.mit.edu, or Github.

License

Licensed under either of:

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Dependencies

~2.3–4.5MB
~45K SLoC