bitlocker/lib.rs
1//! # bitlocker-core — a from-scratch BitLocker (BDE) reader and decryptor
2//!
3//! Parses the BitLocker Drive Encryption on-disk format (the `-FVE-FS-` /
4//! BitLocker To Go volume header, the FVE metadata block, and its key-protector
5//! entries) and decrypts a volume from a password, exposing a plaintext
6//! `Read + Seek` view.
7//!
8//! Scope of this build: the **password** protector (type `0x2000`) over the
9//! **AES-128-CBC + Elephant Diffuser** cipher (method `0x8000`) — exactly what
10//! the Tier-1 dfvfs `bdetogo.raw` oracle validates. AES-XTS, recovery-password,
11//! startup-key and TPM protectors are deliberately out of scope here (see the
12//! crate README); the metadata parser still *reports* their presence.
13//!
14//! Every primitive comes from an audited RustCrypto crate — `aes`, `cbc`, `ccm`,
15//! `sha2` — except the Elephant Diffuser, for which no crate exists; it is
16//! implemented to the `libbde` reference and validated **only** against the
17//! Tier-1 oracle (never a self-authored round-trip, which would prove nothing).
18//!
19//! ```no_run
20//! use std::fs::File;
21//! use bitlocker::BitLockerVolume;
22//!
23//! let image = File::open("bdetogo.raw")?;
24//! let mut volume = BitLockerVolume::unlock_with_password(image, "bde-TEST")?;
25//! let mut boot = [0u8; 512];
26//! volume.read_at(0, &mut boot)?;
27//! # Ok::<(), Box<dyn std::error::Error>>(())
28//! ```
29
30#![forbid(unsafe_code)]
31#![cfg_attr(test, allow(clippy::unwrap_used, clippy::expect_used))]
32
33mod bytes;
34mod crypto;
35mod error;
36mod guid;
37mod header;
38mod metadata;
39mod volume;
40
41pub use error::{BdeError, Result};
42pub use guid::format_guid;
43pub use header::{BdeVariant, VolumeHeader};
44pub use metadata::{FveMetadata, MetadataEntry};
45pub use volume::{BitLockerVolume, DecryptedVolume};