Skip to main content

fxfs_platform/fuchsia/
remote_crypt.rs

1// Copyright 2021 The Fuchsia Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5use super::errors::map_to_status;
6use async_trait::async_trait;
7use fidl::endpoints::ClientEnd;
8use fidl_fuchsia_fxfs::{CryptMarker, CryptProxy, KeyPurpose as FidlKeyPurpose};
9use fxfs_crypto::{
10    Crypt, EncryptionKey, FxfsKey, KeyPurpose, ObjectType, UnwrappedKey, WrappedKey,
11    WrappedKeyBytes, WrappingKeyId,
12};
13
14pub struct RemoteCrypt {
15    client: CryptProxy,
16}
17
18impl RemoteCrypt {
19    pub fn new(client: ClientEnd<CryptMarker>) -> Self {
20        Self { client: client.into_proxy() }
21    }
22}
23
24trait IntoFidlKeyPurpose {
25    fn into_fidl(self) -> FidlKeyPurpose;
26}
27
28impl IntoFidlKeyPurpose for KeyPurpose {
29    fn into_fidl(self) -> FidlKeyPurpose {
30        match self {
31            KeyPurpose::Data => FidlKeyPurpose::Data,
32            KeyPurpose::Metadata => FidlKeyPurpose::Metadata,
33        }
34    }
35}
36
37#[async_trait]
38impl Crypt for RemoteCrypt {
39    async fn create_key(
40        &self,
41        owner: u64,
42        purpose: KeyPurpose,
43    ) -> Result<(FxfsKey, UnwrappedKey), zx::Status> {
44        let (wrapping_key_id, key, unwrapped_key) = self
45            .client
46            .create_key(owner, purpose.into_fidl())
47            .await
48            .map_err(|e| map_to_status(e.into()))?
49            .map_err(|e| zx::Status::from_raw(e))?;
50        Ok((
51            FxfsKey {
52                wrapping_key_id,
53                key: WrappedKeyBytes::try_from(key).map_err(map_to_status)?,
54            },
55            UnwrappedKey::new(unwrapped_key),
56        ))
57    }
58
59    async fn create_key_with_id(
60        &self,
61        owner: u64,
62        wrapping_key_id: WrappingKeyId,
63        object_type: ObjectType,
64    ) -> Result<(EncryptionKey, UnwrappedKey), zx::Status> {
65        let (key, unwrapped_key) = self
66            .client
67            .create_key_with_id(owner, &wrapping_key_id, object_type)
68            .await
69            .map_err(|e| map_to_status(e.into()))?
70            .map_err(|e| zx::Status::from_raw(e))?;
71        Ok((key.try_into()?, UnwrappedKey::new(unwrapped_key)))
72    }
73
74    async fn unwrap_key(
75        &self,
76        wrapped_key: &WrappedKey,
77        owner: u64,
78    ) -> Result<UnwrappedKey, zx::Status> {
79        let unwrapped = self
80            .client
81            .unwrap_key(owner, &wrapped_key)
82            .await
83            .map_err(|e| map_to_status(e.into()))?
84            .map_err(|e| zx::Status::from_raw(e))?;
85        Ok(UnwrappedKey::new(unwrapped))
86    }
87}