Primitive operations on unmanaged mlocked memory. These are all implemented in IO underneath, but should morally be in ST. There are two use cases for this: - Running mlocked-memory operations in a mocking context (e.g. IOSim) for testing purposes. - Running mlocked-memory operations directly on some monad stack with IO at the bottom.

Foreign pointer to securely allocated memory.

A block of raw memory of a known size, protected with mlock().

Monadic flavor of Eq, for things that can only be compared in a monadic context. This is needed because we cannot have a sound Eq instance on mlocked memory types.

Infix version of equalsM

Infix version of nequalsM

Helper newtype, useful for defining MEq in terms of Eq for types that have sound Eq instances, using DerivingVia. An Applicative context must be provided for such instances to work, so this will generally require StandaloneDeriving as well.

Ex.: deriving via PureEq Int instance Applicative m => MEq m Int

Allocate a new MLockedSizedBytes. The caller is responsible for deallocating it (mlsbFinalize) when done with it. The contents of the memory block is undefined.

Overwrite an existing MLockedSizedBytes with zeroes.

Allocate a new MLockedSizedBytes, and pre-fill it with zeroes. The caller is responsible for deallocating it (mlsbFinalize) when done with it. (See also mlsbNew).

Create a deep mlocked copy of an MLockedSizedBytes.

Calls finalizeMLockedForeignPtr on underlying pointer. This function invalidates argument.

Note: this function will leak mlocked memory to the Haskell heap and should not be used in production code.

Note: the resulting ByteString will still refer to secure memory, but the types don't prevent it from be exposed. Note further that any subsequent operations (splicing & dicing, copying, conversion, packing/unpacking, etc.) on the resulting ByteString may create copies of the mlocked memory on the unprotected GHC heap, and thus leak secrets, so use this function with extreme care.

Allocate a new MLockedSizedBytes, and fill it with the contents of a ByteString. The size of the input is not checked. Note: since the input ByteString is a plain old Haskell value, it has already violated the secure-forgetting properties afforded by MLockedSizedBytes, so this function is useless outside of testing. Use mlsbNew or mlsbNewZero to create MLockedSizedBytes values, and manipulate them through withMLSB, mlsbUseAsCPtr, or mlsbUseAsSizedPtr. (See also mlsbFromByteStringCheck)

Allocate a new MLockedSizedBytes, and fill it with the contents of a ByteString. The size of the input is checked. Note: since the input ByteString is a plain old Haskell value, it has already violated the secure-forgetting properties afforded by MLockedSizedBytes, so this function is useless outside of testing. Use mlsbNew or mlsbNewZero to create MLockedSizedBytes values, and manipulate them through withMLSB, mlsbUseAsCPtr, or mlsbUseAsSizedPtr. (See also mlsbFromByteString)

Use an MLockedSizedBytes value as a SizedPtr of the same size. Care should be taken to never copy the contents of the MLockedSizedBytes value into managed memory through the sized pointer, because that would violate the secure-forgetting property of mlocked memory.

Use an MLockedSizedBytes value as a raw C pointer. Care should be taken to never copy the contents of the MLockedSizedBytes value into managed memory through the raw pointer, because that would violate the secure-forgetting property of mlocked memory.

compareM on MLockedSizedBytes

equalsM on MLockedSizedBytes