Skip to content

Sanitization 1.1.0

Latest
Latest

Choose a tag to compare

View all tags
@eldryoth eldryoth released this 10 Jun 10:33
v1.1.0
This tag was signed with the committer’s verified signature.
eldryoth
SSH Key Fingerprint: EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4
Verified
Learn about vigilant mode.
903abf3
This commit was signed with the committer’s verified signature.
eldryoth
SSH Key Fingerprint: EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4
Verified
Learn about vigilant mode.

sanitization v1.1.0

This release expands sanitization from fixed-size secret storage into a broader secret-lifecycle toolkit while keeping the default build no_std and dependency-free.

Added

  • LockedSecretVec for dynamic-length secrets in native memory-locked mappings.
  • SecretPool<N, SLOTS> for many fixed-size secrets under one locked allocation, reducing mlock/VirtualLock quota overhead.
  • GuardedSecretVec dynamic guarded storage with optional locked backing.
  • Canary integrity checks for locked, pooled, and guarded secrets.
  • Optional OS-random canaries through random-canary.
  • Explicit wasm-compat feature for reduced-guarantee WASM compatibility backends.
  • No-std monotonic expiring secrets via caller-provided clocks.
  • In-place secret transformation and derivation APIs for SecretBytes.
  • ReadOnceSecret for secrets consumed and cleared on first access.
  • Optional multi-pass volatile clear helpers.
  • Runtime page-size handling for supported platform mappings.
  • Optional SIMD/vector register scrubbing helpers.
  • Optional x86_64 cache-line flush helpers.
  • Optional x86_64 assembly-backed comparison path.
  • Hardware-secret provider traits for enclave, HSM, TEE, and platform-keystore integrations.
  • SplitSecretBytes<N, SHARES> N-of-N XOR split storage.
  • Optional zeroize-interop and subtle-interop features.
  • Optional serde loading support with redacted serialization.
  • Sister crates:
    • sanitization-derive
    • sanitization-arrayvec
    • sanitization-bytes

Security and hardening

  • Volatile clearing remains the default clear path.
  • WASM memory-lock compatibility is now explicit with wasm-compat; native memory-lock expectations are not silently downgraded.
  • SecretBytesMut in sanitization-bytes refuses implicit reallocation to avoid leaving old secret bytes in freed heap allocations.
  • Register scrubbing now handles AVX-aware x86_64 paths with documented residual limits.
  • Split-secret mask generation has stronger security documentation and debug checks for trivial generators.
  • Documentation now covers remaining platform limits, WASM caveats, cache-flush side-channel scope, and serde ingestion caveats.

Verification

This release passed the project test matrix, clippy, Miri, Kani proofs, codegen checks, GitHub CI, and the final pentest review.

Assets 2
Loading
0 Join discussion