pub struct JvckCbcCodec;Expand description
Default JVCK suite codec: AES-256-CBC EncryptedMetadata, keys derived via
HKDF-SHA256 (Volume ID ‖ salt), authenticated with HMAC-SHA256. Delegates to
the reference functions in crate::jvck::metadata (which operate on the
full 512-byte block).
Trait Implementations§
Source§impl MetadataCodec for JvckCbcCodec
impl MetadataCodec for JvckCbcCodec
Source§fn unseal(&self, ctx: &ReplicaCtx<'_>, vmk: &[u8]) -> VckResult<Unsealed>
fn unseal(&self, ctx: &ReplicaCtx<'_>, vmk: &[u8]) -> VckResult<Unsealed>
Authenticate + decrypt the EncryptedMetadata of
ctx’s replica. A wrong
vmk (or a replica that does not belong to this codec) must error so the
reader can try the next replica.Source§fn seal(
&self,
header: &JvckHeader,
secrets: &JvckSecrets,
encrypted_offset: u64,
state: VolumeState,
salt: &[u8; 16],
vmk: &[u8],
out: &mut [u8; 512],
) -> VckResult<()>
fn seal( &self, header: &JvckHeader, secrets: &JvckSecrets, encrypted_offset: u64, state: VolumeState, salt: &[u8; 16], vmk: &[u8], out: &mut [u8; 512], ) -> VckResult<()>
Serialize
header + the sensitive secrets/encrypted_offset/state
into a 512-byte out block (encrypting the inner payload, computing
auth). salt is the per-write random salt.Source§fn read_offset(&self, ctx: &ReplicaCtx<'_>, vmk: &[u8]) -> VckResult<u64>
fn read_offset(&self, ctx: &ReplicaCtx<'_>, vmk: &[u8]) -> VckResult<u64>
Read only
encrypted_offset (recovery scan) without retaining the FVEK.
Default: unseal then drop the secrets.Auto Trait Implementations§
impl Freeze for JvckCbcCodec
impl RefUnwindSafe for JvckCbcCodec
impl Send for JvckCbcCodec
impl Sync for JvckCbcCodec
impl Unpin for JvckCbcCodec
impl UnsafeUnpin for JvckCbcCodec
impl UnwindSafe for JvckCbcCodec
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more