MCPcopy
hub / github.com/awnumar/memguard

github.com/awnumar/memguard @v0.23.0 sqlite

repository ↗ · DeepWiki ↗ · release v0.23.0 ↗
220 symbols 1,201 edges 36 files 111 documented · 50%
README


MemGuard

Software enclave for storage of sensitive information in memory.

<a href="https://github.com/awnumar/memguard/actions/workflows/ci.yml"><img src="https://github.com/awnumar/memguard/actions/workflows/ci.yml/badge.svg?branch=master"></a>
<a href="https://pkg.go.dev/github.com/awnumar/memguard?tab=doc"><img src="https://godoc.org/github.com/awnumar/memguard?status.svg"></a>

This package attempts to reduce the likelihood of sensitive data being exposed when in memory. It aims to support all major operating systems and is written in pure Go.

Features

  • Sensitive data is encrypted and authenticated in memory with XSalsa20Poly1305. The scheme used also defends against cold-boot attacks.
  • Memory allocation bypasses the language runtime by using system calls to query the kernel for resources directly. This avoids interference from the garbage-collector.
  • Buffers that store plaintext data are fortified with guard pages and canary values to detect spurious accesses and overflows.
  • Effort is taken to prevent sensitive data from touching the disk. This includes locking memory to prevent swapping and handling core dumps.
  • Kernel-level immutability is implemented so that attempted modification of protected regions results in an access violation.
  • Multiple endpoints provide session purging and safe termination capabilities as well as signal handling to prevent remnant data being left behind.
  • Side-channel attacks are mitigated against by making sure that the copying and comparison of data is done in constant-time.

Some features were inspired by libsodium, so credits to them.

Full documentation and a complete overview of the API can be found here. Interesting and useful code samples can be found within the examples subpackage.

Installation

$ go get github.com/awnumar/memguard

API is experimental and may have unstable changes. You should pin a version. [modules]

Contributing

  • Submitting program samples to ./examples.
  • Reporting bugs, vulnerabilities, and any difficulties in using the API.
  • Writing useful security and crypto libraries that utilise memguard.
  • Implementing kernel-specific/cpu-specific protections.
  • Submitting performance improvements.

Issues are for reporting bugs and for discussion on proposals. Pull requests should be made against master.

Core symbols most depended-on inside this repo

Bytes
called by 157
buffer.go
NewBuffer
called by 58
buffer.go
Destroy
called by 58
core/buffer.go
Destroy
called by 57
core/coffer.go
Data
called by 52
core/buffer.go
Size
called by 49
stream.go
IsMutable
called by 43
buffer.go
newNullBuffer
called by 34
buffer.go

Shape

Function 142
Method 66
Struct 12

Languages

Go100%

Modules by API surface

buffer_test.go41 symbols
buffer.go37 symbols
core/buffer.go21 symbols
stream.go12 symbols
stream_test.go8 symbols
core/crypto.go8 symbols
core/coffer.go8 symbols
core/enclave.go7 symbols
core/crypto_test.go7 symbols
examples/casting/casting_test.go6 symbols
examples/casting/casting.go6 symbols
core/coffer_test.go6 symbols

Dependencies from manifests, versioned

github.com/awnumar/memcallv0.4.0 · 1×
golang.org/x/cryptov0.41.0 · 1×
golang.org/x/sysv0.35.0 · 1×
lukechampine.com/frandv1.5.1 · 1×

For agents

$ claude mcp add memguard \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact