hyde_core/recovery.rs
1use crate::{
2 backend::WrappedKey,
3 error::Result,
4};
5use serde::{Deserialize, Serialize};
6
7/// Identifies the recovery method used for a backup.
8#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
9pub enum RecoveryType {
10 /// Passphrase-based recovery (Argon2id + AES-256-GCM).
11 Passphrase,
12 /// One-time recovery key (random key displayed once).
13 RecoveryKey,
14}
15
16/// Output of a backup operation.
17#[derive(Debug, Clone, Serialize, Deserialize)]
18pub struct BackupBundle {
19 /// Which recovery strategy produced this backup.
20 pub recovery_type: RecoveryType,
21 /// Encrypted backup data (safe to store on disk / cloud).
22 pub data: Vec<u8>,
23 /// One-time secret to display to the user (e.g., recovery key).
24 /// `None` for passphrase-based recovery (user already knows the secret).
25 #[serde(skip_serializing_if = "Option::is_none")]
26 pub user_secret: Option<Vec<u8>>,
27}
28
29/// Strategy for backing up and restoring a `WrappedKey`.
30///
31/// Recovery is independent of the TEE backend — any strategy can be used
32/// with any backend (TPM, TDX, SEV, etc.).
33pub trait RecoveryStrategy: Send + Sync {
34 /// Create an encrypted backup of `key`.
35 ///
36 /// `secret` is strategy-specific input:
37 /// - Passphrase: the user's passphrase
38 /// - RecoveryKey: ignored (a random key is generated internally)
39 fn backup(&self, key: &WrappedKey, secret: Option<&[u8]>) -> Result<BackupBundle>;
40
41 /// Restore a `WrappedKey` from a backup.
42 ///
43 /// `secret` is strategy-specific input:
44 /// - Passphrase: the user's passphrase
45 /// - RecoveryKey: the recovery key that was displayed at backup time
46 fn restore(&self, bundle: &BackupBundle, secret: &[u8]) -> Result<WrappedKey>;
47
48 /// Return the recovery type identifier.
49 fn recovery_type(&self) -> RecoveryType;
50}