CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/npm-sodium-native

Low level bindings for libsodium cryptographic library

Pending
Overview
Eval results
Files

memory.mddocs/

Memory Management

Secure memory allocation, protection, and cleanup utilities for handling sensitive cryptographic data in sodium-native.

Capabilities

Secure Memory Allocation

Allocates secure memory that is protected from being swapped to disk and automatically locked in memory.

/**
 * Allocate secure memory buffer
 * @param size - Number of bytes to allocate
 * @returns SecureBuffer with .secure property set to true
 * @throws Error if size is negative
 */
function sodium_malloc(size: number): SecureBuffer;

Usage Example:

const sodium = require('sodium-native');

// Allocate secure memory for a secret key
const key = sodium.sodium_malloc(32);
console.log(key.secure); // true

// Use the key for cryptographic operations
sodium.randombytes_buf(key);

Secure Memory Deallocation

Safely deallocates secure memory and zeros it before freeing.

/**
 * Free secure memory buffer
 * @param buf - Buffer to free (must have .secure property)
 */
function sodium_free(buf: Buffer): void;

Usage Example:

const key = sodium.sodium_malloc(32);
// ... use key for cryptographic operations
sodium.sodium_free(key); // Memory is zeroed and freed

Memory Zeroing

Securely zeros memory content to prevent sensitive data from remaining in memory.

/**
 * Zero memory buffer content
 * @param buf - Buffer to zero
 */
function sodium_memzero(buf: Buffer): void;

Memory Locking

Lock memory pages to prevent them from being swapped to disk.

/**
 * Lock memory buffer to prevent swapping
 * @param buf - Buffer to lock
 * @throws Error if memory lock fails
 */
function sodium_mlock(buf: Buffer): void;

/**
 * Unlock previously locked memory buffer
 * @param buf - Buffer to unlock
 * @throws Error if memory unlock fails
 */
function sodium_munlock(buf: Buffer): void;

Memory Protection

Control read/write access to memory regions for additional security.

/**
 * Make buffer inaccessible (no read/write access)
 * @param buf - Buffer to protect
 * @throws Error if protection fails
 */
function sodium_mprotect_noaccess(buf: Buffer): void;

/**
 * Make buffer read-only
 * @param buf - Buffer to make read-only
 * @throws Error if protection fails
 */
function sodium_mprotect_readonly(buf: Buffer): void;

/**
 * Make buffer read-write accessible
 * @param buf - Buffer to make read-write
 * @throws Error if protection fails
 */
function sodium_mprotect_readwrite(buf: Buffer): void;

Usage Example:

const sodium = require('sodium-native');

// Allocate and use secure memory
const secret = sodium.sodium_malloc(32);
sodium.randombytes_buf(secret);

// Make read-only while not being modified
sodium.sodium_mprotect_readonly(secret);

// Later, make writable again if needed
sodium.sodium_mprotect_readwrite(secret);

// Clean up
sodium.sodium_free(secret);

Types

interface SecureBuffer extends Buffer {
  secure: true;
}

Install with Tessl CLI

npx tessl i tessl/npm-sodium-native

docs

aead.md

auth.md

box.md

ed25519.md

hash.md

index.md

kdf.md

kx.md

memory.md

pwhash.md

random.md

secretbox.md

secretstream.md

shorthash.md

sign.md

stream.md

tile.json