class Volume

Defined at line 55 of file ../../src/security/lib/zxcrypt/volume.h

Public Members

static Version kDefaultVersion

static const uint32_t kBufferSize

Protected Members

uint64_t reserved_blocks_

uint64_t reserved_slices_

Bytes block_

zx_off_t offset_

Bytes guid_

Bytes header_

Algorithm aead_

Secret wrap_key_

Bytes wrap_iv_

Algorithm cipher_

Secret data_key_

Bytes data_iv_

size_t slot_len_

size_t num_key_slots_

Algorithm digest_

static const size_t MAX_SLICE_REGIONS

Public Methods

void Volume ()

Defined at line 68 of file ../../src/security/lib/zxcrypt/volume.cc

void ~Volume ()

Defined at line 70 of file ../../src/security/lib/zxcrypt/volume.cc

void Volume (const Volume & )

Defined at line 73 of file ../../src/security/lib/zxcrypt/volume.h

void Volume (Volume && )

Defined at line 73 of file ../../src/security/lib/zxcrypt/volume.h

Volume & operator= (const Volume & )

Defined at line 73 of file ../../src/security/lib/zxcrypt/volume.h

Volume & operator= (Volume && )

Defined at line 73 of file ../../src/security/lib/zxcrypt/volume.h

size_t reserved_blocks ()

Returns space reserved for metadata and keys

Defined at line 76 of file ../../src/security/lib/zxcrypt/volume.h

size_t reserved_slices ()

Defined at line 77 of file ../../src/security/lib/zxcrypt/volume.h

size_t num_slots ()

Defined at line 78 of file ../../src/security/lib/zxcrypt/volume.h

zx_status_t Format (const crypto::Secret & key, key_slot_t slot)

Defined at line 90 of file ../../src/security/lib/zxcrypt/volume.cc

zx_status_t Unlock (const crypto::Secret & key, key_slot_t slot)

Opens a zxcrypt volume on the block device described by |fd| using the |key| corresponding to

given key |slot|.

Defined at line 113 of file ../../src/security/lib/zxcrypt/volume.cc

zx_status_t Shred ()

Removes ALL keys, rendering any data in the zxcrypt device inaccessible. It is an error to

call any method except the destructor on this instance after this methods returns.

Defined at line 129 of file ../../src/security/lib/zxcrypt/volume.cc

Protected Methods

zx_status_t Init ()

Retrieves the block and FVM information and adjusts it.

Defined at line 176 of file ../../src/security/lib/zxcrypt/volume.cc

zx_status_t Configure (Version version)

Maps the volume version to crypto algorithms.

Defined at line 253 of file ../../src/security/lib/zxcrypt/volume.cc

zx_status_t GetSlotOffset (key_slot_t slot, zx_off_t * out)

Returns via |out| the offset in bytes for the given key |slot|. Returns an error if the

volume hasn't been initialized, or if |slot| is out of range.

Defined at line 157 of file ../../src/security/lib/zxcrypt/volume.cc

zx_status_t DeriveSlotKeys (const crypto::Secret & key, key_slot_t slot)

Derives intermediate keys for the given key |slot| from the given |key|.

Defined at line 285 of file ../../src/security/lib/zxcrypt/volume.cc

void Reset ()

Resets all fields in this object to initial values

Defined at line 72 of file ../../src/security/lib/zxcrypt/volume.cc

zx_status_t Begin ()

Block methods

Defined at line 327 of file ../../src/security/lib/zxcrypt/volume.cc

zx_status_t Next ()

Advances the superblock offset to the next volume location. Returns ZX_ERR_STOP if no more

offsets available; ZX_ERR_NEXT otherwise.

Defined at line 332 of file ../../src/security/lib/zxcrypt/volume.cc

zx_status_t CreateBlock ()

Creates a new volume, with a new instance GUID and data key and IV, and seals it with the

given |key|

Defined at line 337 of file ../../src/security/lib/zxcrypt/volume.cc

zx_status_t CommitBlock ()

Writes |block| out to each of the superblock locations.

Defined at line 379 of file ../../src/security/lib/zxcrypt/volume.cc

zx_status_t SealBlock (const crypto::Secret & key, key_slot_t slot)

Encrypts the current data key and IV to the given |slot| using the given |key|.

Defined at line 406 of file ../../src/security/lib/zxcrypt/volume.cc

zx_status_t UnsealBlock (const crypto::Secret & key, key_slot_t slot)

Reads the block and parses and checks various fields before attempting to open it with the

given |key| corresponding to the given |slot|.

Defined at line 450 of file ../../src/security/lib/zxcrypt/volume.cc

zx_status_t GetBlockInfo (BlockInfo * out)

/////////////

Device methods

zx_status_t GetFvmSliceSize (uint64_t * out)

zx_status_t DoBlockFvmVsliceQuery (uint64_t vslice_start, SliceRegion[16] ranges, uint64_t * slice_count)

zx_status_t DoBlockFvmExtend (uint64_t start_slice, uint64_t slice_count)

zx_status_t Read ()

Reads a block from the current offset on the underlying device.

zx_status_t Write ()

Writes a block to the current offset on the underlying device.

zx_status_t Flush ()

Flushes all pending writes to the underlying device.

Enumerations

enum Version

Name	Value
kUninitialized	0
kAES256_XTS_SHA256	1

The supported version, named by the algorithms they use. New version should increment the

version number and update the default version. Zero indicates an error state.

Defined at line 59 of file ../../src/security/lib/zxcrypt/volume.h

Friends

class TestDevice