util.nonce_increment and util.wipe functions, also exported by each module for convenience.

2025-11-07 09:53:39 -06:00
parent 96ce7867de
commit 1dcdafa008
7 changed files with 32 additions and 13 deletions
--- a/pyaegis/aegis128l.py
+++ b/pyaegis/aegis128l.py
@@ -7,7 +7,7 @@ import secrets

 from ._loader import ffi
 from ._loader import lib as _lib
-from .util import Buffer, new_aligned_struct, nonce_inc_inplace
+from .util import Buffer, new_aligned_struct, nonce_increment, wipe

 # Constants exposed as functions in C; mirror them as integers at module import time
 KEYBYTES = _lib.aegis128l_keybytes()
@@ -805,7 +805,8 @@ __all__ = [
    # utility functions
    "random_key",
    "random_nonce",
-    "nonce_inc_inplace",
+    "nonce_increment",
+    "wipe",
    # one-shot functions
    "encrypt_detached",
    "decrypt_detached",
--- a/pyaegis/aegis128x2.py
+++ b/pyaegis/aegis128x2.py
@@ -7,7 +7,7 @@ import secrets

 from ._loader import ffi
 from ._loader import lib as _lib
-from .util import Buffer, new_aligned_struct, nonce_inc_inplace
+from .util import Buffer, new_aligned_struct, nonce_increment, wipe

 # Constants exposed as functions in C; mirror them as integers at module import time
 KEYBYTES = _lib.aegis128x2_keybytes()
@@ -805,7 +805,8 @@ __all__ = [
    # utility functions
    "random_key",
    "random_nonce",
-    "nonce_inc_inplace",
+    "nonce_increment",
+    "wipe",
    # one-shot functions
    "encrypt_detached",
    "decrypt_detached",
--- a/pyaegis/aegis128x4.py
+++ b/pyaegis/aegis128x4.py
@@ -7,7 +7,7 @@ import secrets

 from ._loader import ffi
 from ._loader import lib as _lib
-from .util import Buffer, new_aligned_struct, nonce_inc_inplace
+from .util import Buffer, new_aligned_struct, nonce_increment, wipe

 # Constants exposed as functions in C; mirror them as integers at module import time
 KEYBYTES = _lib.aegis128x4_keybytes()
@@ -805,7 +805,8 @@ __all__ = [
    # utility functions
    "random_key",
    "random_nonce",
-    "nonce_inc_inplace",
+    "nonce_increment",
+    "wipe",
    # one-shot functions
    "encrypt_detached",
    "decrypt_detached",
--- a/pyaegis/aegis256.py
+++ b/pyaegis/aegis256.py
@@ -7,7 +7,7 @@ import secrets

 from ._loader import ffi
 from ._loader import lib as _lib
-from .util import Buffer, new_aligned_struct, nonce_inc_inplace
+from .util import Buffer, new_aligned_struct, nonce_increment, wipe

 # Constants exposed as functions in C; mirror them as integers at module import time
 KEYBYTES = _lib.aegis256_keybytes()
@@ -805,7 +805,8 @@ __all__ = [
    # utility functions
    "random_key",
    "random_nonce",
-    "nonce_inc_inplace",
+    "nonce_increment",
+    "wipe",
    # one-shot functions
    "encrypt_detached",
    "decrypt_detached",
--- a/pyaegis/aegis256x2.py
+++ b/pyaegis/aegis256x2.py
@@ -7,7 +7,7 @@ import secrets

 from ._loader import ffi
 from ._loader import lib as _lib
-from .util import Buffer, new_aligned_struct, nonce_inc_inplace
+from .util import Buffer, new_aligned_struct, nonce_increment, wipe

 # Constants exposed as functions in C; mirror them as integers at module import time
 KEYBYTES = _lib.aegis256x2_keybytes()
@@ -805,7 +805,8 @@ __all__ = [
    # utility functions
    "random_key",
    "random_nonce",
-    "nonce_inc_inplace",
+    "nonce_increment",
+    "wipe",
    # one-shot functions
    "encrypt_detached",
    "decrypt_detached",
--- a/pyaegis/aegis256x4.py
+++ b/pyaegis/aegis256x4.py
@@ -7,7 +7,7 @@ import secrets

 from ._loader import ffi
 from ._loader import lib as _lib
-from .util import Buffer, new_aligned_struct, nonce_inc_inplace
+from .util import Buffer, new_aligned_struct, nonce_increment, wipe

 # Constants exposed as functions in C; mirror them as integers at module import time
 KEYBYTES = _lib.aegis256x4_keybytes()
@@ -805,7 +805,8 @@ __all__ = [
    # utility functions
    "random_key",
    "random_nonce",
-    "nonce_inc_inplace",
+    "nonce_increment",
+    "wipe",
    # one-shot functions
    "encrypt_detached",
    "decrypt_detached",
--- a/pyaegis/util.py
+++ b/pyaegis/util.py
@@ -10,7 +10,7 @@ from typing import Protocol

 from ._loader import ffi

-__all__ = ["new_aligned_struct", "aligned_address", "Buffer", "nonce_increment"]
+__all__ = ["new_aligned_struct", "aligned_address", "Buffer", "nonce_increment", "wipe"]

 try:
    from collections.abc import Buffer as _Buffer
@@ -61,3 +61,16 @@ def nonce_increment(nonce: Buffer) -> None:
            n[i] += 1
            return
        n[i] = 0
+
+
+def wipe(buffer: Buffer) -> None:
+    """Set all bytes of the input buffer to zero.
+
+    Useful for securely clearing sensitive data from memory.
+
+    Args:
+        buffer: The buffer to wipe (modified in place).
+    """
+    n = memoryview(buffer)
+    for i in range(len(n)):
+        n[i] = 0