Crypt

fxfs_crypto

Trait Crypt 

Source 
pub trait Crypt: Send + Sync {
    // Required methods
    fn create_key<'life0, 'async_trait>(
        &'life0 self,
        owner: u64,
        purpose: KeyPurpose,
    ) -> Pin<Box<dyn Future<Output = Result<(FxfsKey, UnwrappedKey), Status>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait;
    fn create_key_with_id<'life0, 'async_trait>(
        &'life0 self,
        owner: u64,
        wrapping_key_id: WrappingKeyId,
        object_type: ObjectType,
    ) -> Pin<Box<dyn Future<Output = Result<(EncryptionKey, UnwrappedKey), Status>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait;
    fn unwrap_key<'life0, 'life1, 'async_trait>(
        &'life0 self,
        wrapped_key: &'life1 WrappedKey,
        owner: u64,
    ) -> Pin<Box<dyn Future<Output = Result<UnwrappedKey, Status>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait;

    // Provided method
    fn unwrap_keys<'life0, 'life1, 'async_trait>(
        &'life0 self,
        keys: &'life1 BTreeMap<u64, WrappedKey>,
        owner: u64,
    ) -> Pin<Box<dyn Future<Output = Result<CipherSet, Status>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait { ... }
}
Expand description

The keys it unwraps can be wrapped with either Aes256GcmSiv (ideally) or using via legacy fscrypt master key + HKDF. An interface trait with the ability to wrap and unwrap encryption keys.

Note that existence of this trait does not imply that an object will securely wrap and unwrap keys; rather just that it presents an interface for wrapping operations.

Required Methods§

Source

fn create_key<'life0, 'async_trait>( &'life0 self, owner: u64, purpose: KeyPurpose, ) -> Pin<Box<dyn Future<Output = Result<(FxfsKey, UnwrappedKey), Status>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait,

owner is intended to be used such that when the key is wrapped, it appears to be different to that of the same key wrapped by a different owner. In this way, keys can be shared amongst different filesystem objects (e.g. for clones), but it is not possible to tell just by looking at the wrapped keys.

Source

fn create_key_with_id<'life0, 'async_trait>( &'life0 self, owner: u64, wrapping_key_id: WrappingKeyId, object_type: ObjectType, ) -> Pin<Box<dyn Future<Output = Result<(EncryptionKey, UnwrappedKey), Status>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait,

owner is intended to be used such that when the key is wrapped, it appears to be different to that of the same key wrapped by a different owner. In this way, keys can be shared amongst different filesystem objects (e.g. for clones), but it is not possible to tell just by looking at the wrapped keys.

Source

fn unwrap_key<'life0, 'life1, 'async_trait>( &'life0 self, wrapped_key: &'life1 WrappedKey, owner: u64, ) -> Pin<Box<dyn Future<Output = Result<UnwrappedKey, Status>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Unwraps a single key, returning a raw unwrapped key. This method is generally only used with StreamCipher and FF1.

Provided Methods§

Source

fn unwrap_keys<'life0, 'life1, 'async_trait>( &'life0 self, keys: &'life1 BTreeMap<u64, WrappedKey>, owner: u64, ) -> Pin<Box<dyn Future<Output = Result<CipherSet, Status>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Unwraps object keys and stores the result as a CipherSet mapping key_id to:

  • Some(cipher) if unwrapping key was found or
  • None if unwrapping key was missing. The cipher can be used directly to encrypt/decrypt data.

Implementors§