Initial commit: Open sourcing all of the Maple Open Technologies code.

cloud/maplepress-backend/pkg/security/securebytes/securebytes.go

@@ -0,0 +1,49 @@
+package securebytes
+
+import (
+	"errors"
+
+	"github.com/awnumar/memguard"
+)
+
+// SecureBytes is used to store a byte slice securely in memory.
+// It uses memguard to protect sensitive data from being exposed in memory dumps,
+// swap files, or other memory scanning attacks.
+type SecureBytes struct {
+	buffer *memguard.LockedBuffer
+}
+
+// NewSecureBytes creates a new SecureBytes instance from the given byte slice.
+// The original byte slice should be wiped after creating SecureBytes to ensure
+// the sensitive data is only stored in the secure buffer.
+func NewSecureBytes(b []byte) (*SecureBytes, error) {
+	if len(b) == 0 {
+		return nil, errors.New("byte slice cannot be empty")
+	}
+
+	buffer := memguard.NewBuffer(len(b))
+
+	// Check if buffer was created successfully
+	if buffer == nil {
+		return nil, errors.New("failed to create buffer")
+	}
+
+	copy(buffer.Bytes(), b)
+
+	return &SecureBytes{buffer: buffer}, nil
+}
+
+// Bytes returns the securely stored byte slice.
+// WARNING: The returned bytes are still protected by memguard, but any copies
+// made from this slice will not be protected. Use with caution.
+func (sb *SecureBytes) Bytes() []byte {
+	return sb.buffer.Bytes()
+}
+
+// Wipe removes the byte slice from memory and makes it unrecoverable.
+// After calling Wipe, the SecureBytes instance should not be used.
+func (sb *SecureBytes) Wipe() error {
+	sb.buffer.Wipe()
+	sb.buffer = nil
+	return nil
+}