Skip to main content

SealedSeed

lexe_api::types::sealed_seed

Struct SealedSeed

pub struct SealedSeed {
    pub id: SealedSeedId,
    pub ciphertext: Vec<u8>,
}

Expand description

The user node’s provisioned seed that is sealed and persisted using its platform enclave keys that are software and version specific.

This struct is returned directly from the DB so it should be considered as untrusted and not-yet-validated.

To validate and convert a SealedSeed into a RootSeed, use unseal_and_validate. The returned RootSeed is bound to the returned DeployEnv and Network, which can be used to validate e.g. the Network supplied by the Lexe operators via CLI args.
To encrypt an existing RootSeed (and DeployEnv and Network) into a SealedSeed, use seal_from_root_seed.

See lexe_enclave::enclave::seal for more implementation details.

Fields§

§id: SealedSeedId§ciphertext: Vec<u8>

The root seed, fully sealed + serialized.

Implementations§

impl SealedSeed

pub fn new( user_pk: UserPk, measurement: Measurement, machine_id: MachineId, ciphertext: Vec<u8>, ) -> SealedSeed

pub fn seal_from_root_seed<R>( rng: &mut R, root_seed: &RootSeed, deploy_env: DeployEnv, network: Network, measurement: Measurement, machine_id: MachineId, ) -> Result<SealedSeed, Error>
where R: Crng,

pub fn unseal_and_validate( self, expected_measurement: &Measurement, expected_machine_id: &MachineId, ) -> Result<(RootSeed, DeployEnv, Network), Error>

Trait Implementations§

impl Clone for SealedSeed

fn clone(&self) -> SealedSeed

Returns a duplicate of the value. Read more

1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

impl Debug for SealedSeed

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more

impl<'de> Deserialize<'de> for SealedSeed

fn deserialize<D>( deserializer: D, ) -> Result<SealedSeed, <D as Deserializer<'de>>::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more

impl PartialEq for SealedSeed

fn eq(&self, other: &SealedSeed) -> bool

Tests for self and other values to be equal, and is used by ==.

1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for SealedSeed

fn serialize<S>( &self, serializer: S, ) -> Result<<S as Serializer>::Ok, <S as Serializer>::Error>
where S: Serializer,

Serialize this value into the given Serde serializer. Read more

impl Signable for SealedSeed

const DOMAIN_SEPARATOR: [u8; 32]

Implementors will only need to fill in this value. An example is array::pad(*b"LEXE-REALM::RootSeed"), used in the RootSeed.

impl StructuralPartialEq for SealedSeed

Auto Trait Implementations§

impl Freeze for SealedSeed

impl RefUnwindSafe for SealedSeed

impl Send for SealedSeed

impl Sync for SealedSeed

impl Unpin for SealedSeed

impl UnsafeUnpin for SealedSeed

impl UnwindSafe for SealedSeed

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<F, T, U> Apply<F, U> for T
where F: FnOnce(T) -> U,

fn apply(self, f: F) -> U

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> CloneToUninit for T
where T: Clone,

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)

Performs copy-assignment from self to dest. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T> FromRef<T> for T
where T: Clone,

fn from_ref(input: &T) -> T

Converts to this type from a reference to the input type.

impl<T> Instrument for T

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> PolicyExt for T
where T: ?Sized,

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more

impl<T> ToOwned for T
where T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<T> WithSubscriber for T

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,