Skip to main content

SelfReferenceDecoy

key_vault::decoy

Struct SelfReferenceDecoy 

Source 
pub struct SelfReferenceDecoy;
Expand description

Decoy strategy that draws bytes from the real key at random positions.

Threat profile. SelfReferenceDecoy is the strongest of the three built-in strategies and the recommended default. The decoy bytes are literally drawn from the key’s own byte distribution, so any statistical analysis of memory regions (byte-value histogram, entropy estimate, chi-squared distinguisher) will report identical profiles for real fragments and decoy fragments. An attacker has no statistical signal to separate them.

The only way for an attacker to recover the key, given this strategy, is to (a) obtain the position map (separately mlock’d) and (b) reverse the fragmentation. Statistical attacks alone do not work.

§Why not just shuffle key bytes?

Sampling with replacement (which is what we do) is important: shuffling would still preserve the multiset of key bytes, and a long contiguous match would reveal a chunk boundary. With independent sampling, the decoy bytes match the key’s byte distribution without containing any contiguous run of key bytes long enough to be confirmed.

§Examples

use key_vault::decoy::{DecoyStrategy, SelfReferenceDecoy};
use key_vault::RawKey;

let key = RawKey::new(vec![0xa1, 0xb2, 0xc3, 0xd4, 0xe5]);
let decoy = SelfReferenceDecoy.generate(&key, 32).unwrap();
assert_eq!(decoy.len(), 32);
// Every decoy byte is drawn from the key's byte set.
for b in &decoy {
    assert!([0xa1, 0xb2, 0xc3, 0xd4, 0xe5].contains(b));
}

Trait Implementations§

Source§

impl Clone for SelfReferenceDecoy

Source§

fn clone(&self) -> SelfReferenceDecoy

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for SelfReferenceDecoy

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl DecoyStrategy for SelfReferenceDecoy

Source§

fn generate(&self, key: &RawKey, output_len: usize) -> Result<Vec<u8>>

Generate output_len bytes of decoy material derived (or not) from key. Read more
Source§

fn describe(&self) -> Cow<'_, str>

Short identifier for audit and error attribution.
Source§

impl Default for SelfReferenceDecoy

Source§

fn default() -> SelfReferenceDecoy

Returns the “default value” for a type. Read more
Source§

impl Copy for SelfReferenceDecoy

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more