KeyMaterial
public class KeyMaterial
This class can be used to securely store key material in memory.
-
The size of the key material in bytes.
Declaration
Swift
public var sizeInBytes: UInt32 { get }
-
Initializes new key material of a given size.
Declaration
Swift
public init(sizeInBytes: UInt32, initialize: Bool = true)
Parameters
sizeInBytes
The size of the key material in bytes.
initialze
If
true
, then the allocated memory will be filled cryptographically secure random data, else it will be filled with0xdb
. -
Initializes key material by a given byte array. The byte array is copied to a secure memory location and overwritten with zeros afterwards in order to avoid the key material from being compromised.
Declaration
Swift
public init?(bytes: inout Bytes)
Parameters
bytes
The key material.
-
Creates another instance pointing to the same secure memory location.
Declaration
Swift
public init(_ other: KeyMaterial)
Parameters
other
Other key material.
-
Read raw bytes from the key material.
Usually you do not need to call this function.
Declaration
Swift
public func withUnsafeBytes<ResultType, ContentType>(body: (UnsafePointer<ContentType>) throws -> ResultType) rethrows -> ResultType
Parameters
body
A code block where the key material is readable.
Return Value
The result from the
body
code block. -
Make changes to the raw bytes of the key material.
Warning
Use this with caution, as setting key material manually might lead to insecure key material.
Declaration
Swift
func withUnsafeMutableBytes<ResultType, ContentType>(body: (UnsafeMutablePointer<ContentType>) throws -> ResultType) rethrows -> ResultType
Parameters
body
A code block where the key material is writable.
Return Value
The result from the
body
code block. -
Copy the key material from the secure memory into an insecure byte array.
Warning
Use this with caution, as the output is not located in secure memory.
Declaration
Swift
@inline(__always) public func copyBytes() -> Bytes
Return Value
A copy of the key material.
-
Returns a fingerprint of the key material. This can be used to compare key materials of different sizes.
The fingerprint will only be calculated the first time this function is called.
Declaration
Swift
func fingerprint() -> Bytes
Return Value
The fingerprint.
-
Constant time comparison of the key material.
Warning
Do not use if
other
might have a different size.Note
Explicitly do not conform to the
Equatable
protocol, as its invocation is determined statically. Therefore subclasses might end up being compared with this method. This can lead to problems if their sizes do not match, i.e. the application might crash or worse consider two instances equal if this instance is a prefix of theother
. Hence, if a subclass is used to guarantee a fixed size, this method can safely called in an implementation of the==
operator of theEquatable
protocol. Then the compiler will only allow to compare instances of fixed length types. To compare instances of possibly different sizes, useisFingerprintEqual(to:)
.Precondition
sizeInBytes
=other.sizeInBytes
Declaration
Swift
func isEqual(to other: KeyMaterial) -> Bool
Parameters
other
Other key material to which this should be compared to.
Return Value
true
if the key material is equal. -
Constant time comparison of the hash representing the key material.
This can be used to compare instances that potentially have different sizes. If they are guaranteed to have the same size, use
isEqual(to:)
instead, as it is faster.Declaration
Swift
func isFingerprintEqual(to other: KeyMaterial) -> Bool
Return Value
true
if both key materials have the same fingerprint.