impl.ha (810B)
1 // SPDX-License-Identifier: MPL-2.0 2 // (c) Hare authors <https://harelang.org> 3 4 // TODO: At least use mlock or something 5 use bytes; 6 use errors; 7 8 export type key = []u8; 9 10 // Creates a new secure key. The caller should clear the secret buffer with 11 // [[bytes::zero]] after initialization. 12 export fn newkey(buf: []u8, name: str) (key | errors::error) = { 13 return alloc(buf...): []u8: key; 14 }; 15 16 // Destroys a secure key. 17 export fn destroy(key: key) void = { 18 bytes::zero(key[..]); 19 free(key); 20 }; 21 22 // Reads secret data from a secure key. When the caller is done using the secret 23 // buffer, they should use [[bytes::zero]] to securely wipe the buffer memory. 24 export fn read(key: key, buf: []u8) size = { 25 let amt = len(buf); 26 if (len(key) < len(buf)) { 27 amt = len(key); 28 }; 29 buf[..amt] = key[..amt]; 30 return amt; 31 };