Function encrypt_session_block 

pub fn encrypt_session_block(
    cipher: &Aes256Enc,
    session_iv: &Iv16,
    session_key: &Aes256Key32,
    public_iv: &Iv16,
    enc_block: &mut EncryptedSessionBlock48,
    hmac: &mut HmacSha256,
) -> Result<(), AescryptError>

Encrypts the 48-byte session block (session IV + session key) under the setup key and feeds each ciphertext block into the running HMAC.

The session block is laid out as three 16-byte AES-CBC plaintext blocks:

1. session_iv (16 bytes)
2. first half of session_key (16 bytes)
3. second half of session_key (16 bytes)

CBC chains off public_iv. Each ciphertext block is written to enc_block and folded into hmac (which is the same HMAC instance the caller will later finalize and serialize with crate::encryption::write_hmac).

Errors

This function is currently infallible at the type level (returns Ok(())); the Result is preserved to keep the signature stable across future security-hardening changes.

Panics

Never panics on valid input.

Security

• All sensitive values (session_iv, session_key, enc_block) are secure-gate aliases that zeroize on drop.
• public_iv is treated as a public, unique-per-file value (it appears in the file header verbatim).
• hmac is keyed with the setup key by the caller; this function only updates it.

Arguments

• cipher — AES-256 encryption initialized with the setup key.
• session_iv — Randomly generated 16-byte session IV.
• session_key — Randomly generated 32-byte session key.
• public_iv — 16-byte public IV from the file header (CBC IV).
• enc_block — Output buffer (48 bytes) for the encrypted session block.
• hmac — Running HMAC-SHA256 instance, updated in place.