Struct sequoia_openpgp::crypto::mem::Encrypted

pub struct Encrypted { /* private fields */ }

Encrypted memory.

This type encrypts sensitive data, such as secret keys, in memory while they are unused, and decrypts them on demand. This protects against cross-protection-boundary readout via microarchitectural flaws like Spectre or Meltdown, via attacks on physical layout like Rowbleed, and even via coldboot attacks.

The key insight is that these kinds of attacks are imperfect, i.e. the recovered data contains bitflips, or the attack only provides a probability for any given bit. Applied to cryptographic keys, these kind of imperfect attacks are enough to recover the actual key.

This implementation on the other hand, derives a sealing key from a large area of memory, the “pre-key”, using a key derivation function. Now, any single bitflip in the readout of the pre-key will avalanche through all the bits in the sealing key, rendering it unusable with no indication of where the error occurred.

This kind of protection was pioneered by OpenSSH. The commit adding it can be found here.

Examples

use sequoia_openpgp::crypto::mem::Encrypted;

let e = Encrypted::new(vec![0, 1, 2].into());
e.map(|p| {
    // e is temporarily decrypted and made available to the closure.
    assert_eq!(p.as_ref(), &[0, 1, 2]);
    // p is cleared once the function returns.
});

Implementations

impl Encrypted

pub fn new(p: Protected) -> Self

Encrypts the given chunk of memory.

pub fn map<F, T>(&self, fun: F) -> Twhere
    F: FnMut(&Protected) -> T,

Maps the given function over the temporarily decrypted memory.

Trait Implementations

impl Clone for Encrypted

fn clone(&self) -> Encrypted

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Encrypted

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Hash for Encrypted

fn hash<H: Hasher>(&self, state: &mut H)

Feeds this value into the given Hasher.

fn hash_slice<H>(data: &[Self], state: &mut H)where
    H: Hasher,
    Self: Sized,

Feeds a slice of this type into the given Hasher.

impl PartialEq<Encrypted> for Encrypted

fn eq(&self, other: &Self) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Eq for Encrypted