Module dryoc::dryocstream::protected

source ·
Available on crate feature nightly only.
Expand description

Protected memory type aliases for DryocStream

This mod provides re-exports of type aliases for protected memory usage with DryocStream. These type aliases are provided for convenience.

Example

use dryoc::dryocstream::protected::*;
use dryoc::dryocstream::{DryocStream, Tag};

// Load some message into locked readonly memory.
let message1 = HeapBytes::from_slice_into_readonly_locked(b"Arbitrary data to encrypt")
    .expect("from slice failed");
let message2 =
    HeapBytes::from_slice_into_readonly_locked(b"split into").expect("from slice failed");
let message3 =
    HeapBytes::from_slice_into_readonly_locked(b"three messages").expect("from slice failed");

// Generate a random key into locked readonly memory.
let key = Key::gen_readonly_locked().expect("key failed");

// Initialize the push stream, place the header into locked memory
let (mut push_stream, header): (_, Locked<Header>) = DryocStream::init_push(&key);

// Encrypt the set of messages, placing everything into locked memory.
let c1: LockedBytes = push_stream
    .push(&message1, None, Tag::MESSAGE)
    .expect("Encrypt failed");
let c2: LockedBytes = push_stream
    .push(&message2, None, Tag::MESSAGE)
    .expect("Encrypt failed");
let c3: LockedBytes = push_stream
    .push(&message3, None, Tag::FINAL)
    .expect("Encrypt failed");

// Initialized the pull stream
let mut pull_stream = DryocStream::init_pull(&key, &header);

// Decrypt the set of messages, putting everything into locked memory
let (m1, tag1): (LockedBytes, Tag) = pull_stream.pull(&c1, None).expect("Decrypt failed");
let (m2, tag2): (LockedBytes, Tag) = pull_stream.pull(&c2, None).expect("Decrypt failed");
let (m3, tag3): (LockedBytes, Tag) = pull_stream.pull(&c3, None).expect("Decrypt failed");

assert_eq!(message1.as_slice(), m1.as_slice());
assert_eq!(message2.as_slice(), m2.as_slice());
assert_eq!(message3.as_slice(), m3.as_slice());

assert_eq!(tag1, Tag::MESSAGE);
assert_eq!(tag2, Tag::MESSAGE);
assert_eq!(tag3, Tag::FINAL);

Re-exports

Type Definitions

  • Header
    Heap-allocated, page-aligned header for authenticated secret streams, for use with protected memory.
  • Key
    Heap-allocated, page-aligned secret key for authenticated secret streams, for use with protected memory.
  • Nonce
    Heap-allocated, page-aligned nonce for authenticated secret streams, for use with protected memory.