Skip to main content

SecurityLevel

hyde_core::security_level

Enum SecurityLevel 

Source 
pub enum SecurityLevel {
    Paranoid,
    Standard {
        ttl: Duration,
    },
    Performance {
        ttl: Duration,
    },
}
Expand description

Controls the trade-off between security and performance when accessing TEE-protected data.

LevelCachedAttack surfaceSpeed
ParanoidNothingMinimalSlow (TPM every call)
StandardData Key only32-byte key in memoryFast (AES-GCM only)
PerformanceData Key + plaintextFull plaintext in memoryFastest

Variants§

§

Paranoid

Every unprotect() call hits the TEE (TPM unseal + AES decrypt). No plaintext or data key is ever cached in memory. Slowest, but smallest attack surface.

§

Standard

The unwrapped data key is cached in mlock’d, zeroize-on-drop memory for a configurable TTL. The plaintext itself is never cached. Each unprotect() still performs AES-GCM decryption, but avoids the expensive TPM unseal round-trip for repeated accesses.

Fields

§ttl: Duration

How long to keep the unwrapped data key in memory.

§

Performance

Both the unwrapped data key AND the decrypted plaintext are cached in mlock’d, zeroize-on-drop memory for the TTL period. Fastest for repeated reads of the same data, but the plaintext lives in process memory until the TTL expires or the cache is flushed.

Fields

§ttl: Duration

How long to keep cached data in memory.

Implementations§

Source§

impl SecurityLevel

Source

pub fn standard() -> Self

Standard level with a default TTL of 30 seconds.

Source

pub fn performance() -> Self

Performance level with a default TTL of 10 seconds.

Source

pub fn ttl(&self) -> Option<Duration>

Returns the TTL if caching is enabled, or None for Paranoid.

Source

pub fn caches_plaintext(&self) -> bool

Returns true if plaintext caching is enabled (Performance level).

Source

pub fn caches_data_key(&self) -> bool

Returns true if data key caching is enabled (Standard or Performance).

Trait Implementations§

Source§

impl Clone for SecurityLevel

Source§

fn clone(&self) -> SecurityLevel

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for SecurityLevel

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for SecurityLevel

Source§

fn default() -> Self

Defaults to Paranoid for maximum security and backward compatibility.

Source§

impl PartialEq for SecurityLevel

Source§

fn eq(&self, other: &SecurityLevel) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Copy for SecurityLevel

Source§

impl Eq for SecurityLevel

Source§

impl StructuralPartialEq for SecurityLevel

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more