Crate fxfs_crypto

Modules§

CipherSet: A container that holds ciphers related to a specific object.
EmptyStruct
FscryptKeyIdentifier
FscryptKeyIdentifierAndNonce
FxfsCipher
FxfsKey: An Fxfs encryption key wrapped in AES-256-GCM-SIV and the associated wrapping key ID. This can be provided to Crypt::unwrap_key to obtain the unwrapped key.
StreamCipher: A thin wrapper around a ChaCha20 stream cipher. This will use a zero nonce. NOTE: Great care must be taken not to encrypt different plaintext with the same key and offset (even across multiple boots), so consider if this suits your purpose before using it.
UnwrappedKey: Essentially just a vector by another name to indicate that it holds unwrapped key material. The length of an unwrapped key depends on the type of key that is wrapped.
WrappedKeyBytes: A fixed length array of 48 bytes that holds an AES-256-GCM-SIV wrapped key.

EncryptionKey: This specifies a single key to be used to encrypt/decrypt.
FindKeyResult
KeyPurpose: Different keys are used for metadata and data in order to make certain operations requiring a metadata key rotation (e.g. secure erase) more efficient.
ObjectType: Designates the type of object that is interacting with the Crypt protocol.
WrappedKey
WrappingKey: The Crypt trait below provides a mechanism to unwrap a key or set of keys. The wrapping keys can be one of these types.

Cipher: Trait defining common methods shared across all ciphers.
Crypt: The keys it unwraps can be wrapped with either Aes256GcmSiv (ideally) or using via legacy fscrypt master key + HKDF. An interface trait with the ability to wrap and unwrap encryption keys.