[fxfs] Keep key structure versioning in Fxfs rather than fxfs-crypto

sutes-work · CQ Bot · commit b0a91ab82577 · 2025-08-29T00:01:28.000-07:00
After this CL, the fxfs-crypto crate always has the latest versions of keey structures and Fxfs just has aliases to them. When these structures evolve, we will have to copy legacy versions into Fxfs. This differs from the approach suggested in the bug which had the downside that we would have had to have two copies of the structures. Fixed: 419723745 Change-Id: I62cff5fa7bf1e0ef56abf85afb185995b8c955f3 Reviewed-on: https://fuchsia-review.googlesource.com/c/fuchsia/+/1357344 Reviewed-by: Aaron Drew <ripper@google.com> Fuchsia-Auto-Submit: Chris Suter <csuter@google.com> Commit-Queue: Chris Suter <csuter@google.com>
diff --git a/src/storage/fxfs/crypto/src/lib.rs b/src/storage/fxfs/crypto/src/lib.rs
@@ -44,11 +44,9 @@ impl std::ops::Deref for UnwrappedKey {
 }
 
 /// A fixed length array of 48 bytes that holds an AES-256-GCM-SIV wrapped key.
-// TODO(b/419723745): Move this to Fxfs and keep fxfs-crypto free of versioned types.
-pub type WrappedKeyBytes = WrappedKeyBytesV32;
 #[repr(transparent)]
 #[derive(Clone, Debug, PartialEq)]
-pub struct WrappedKeyBytesV32(pub [u8; FXFS_WRAPPED_KEY_SIZE]);
+pub struct WrappedKeyBytes(pub [u8; FXFS_WRAPPED_KEY_SIZE]);
 impl Default for WrappedKeyBytes {
     fn default() -> Self {
         Self([0u8; FXFS_WRAPPED_KEY_SIZE])
@@ -131,13 +129,10 @@ impl<'de> Deserialize<'de> for WrappedKeyBytes {
     }
 }
 
-// TODO(b/419723745): Move this to Fxfs and keep fxfs-crypto free of versioned types.
-pub type FxfsKey = FxfsKeyV40;
-
 /// An Fxfs encryption key wrapped in AES-256-GCM-SIV and the associated wrapping key ID.
 /// This can be provided to Crypt::unwrap_key to obtain the unwrapped key.
 #[derive(Clone, Default, Debug, Serialize, Deserialize, TypeFingerprint, PartialEq)]
-pub struct FxfsKeyV40 {
+pub struct FxfsKey {
     /// The identifier of the wrapping key.  The identifier has meaning to whatever is doing the
     /// unwrapping.
     pub wrapping_key_id: u128,
@@ -146,7 +141,7 @@ pub struct FxfsKeyV40 {
     /// https://csrc.nist.gov/CSRC/media/Projects/Block-Cipher-Techniques/documents/BCM/Comments/XTS/follow-up_XTS_comments-Ball.pdf)
     /// which is what we do here.  Since the key is wrapped with AES-GCM-SIV, there are an
     /// additional 16 bytes paid per key (so the actual key material is 32 bytes once unwrapped).
-    pub key: WrappedKeyBytesV32,
+    pub key: WrappedKeyBytes,
 }
 
 impl Into<fidl_fuchsia_fxfs::FxfsKey> for FxfsKey {
@@ -165,9 +160,6 @@ impl<'a> arbitrary::Arbitrary<'a> for FxfsKey {
     }
 }
 
-#[derive(Serialize, Deserialize, TypeFingerprint)]
-pub struct WrappedKeysV40(pub Vec<(u64, FxfsKeyV40)>);
-
 /// A thin wrapper around a ChaCha20 stream cipher.  This will use a zero nonce. **NOTE**: Great
 /// care must be taken not to encrypt different plaintext with the same key and offset (even across
 /// multiple boots), so consider if this suits your purpose before using it.
diff --git a/src/storage/fxfs/src/object_store.rs b/src/storage/fxfs/src/object_store.rs
@@ -59,9 +59,7 @@ use fidl_fuchsia_io as fio;
 use fprint::TypeFingerprint;
 use fuchsia_sync::Mutex;
 use fxfs_crypto::ff1::Ff1;
-use fxfs_crypto::{
-    Cipher, Crypt, FxfsCipher, FxfsKey, FxfsKeyV40, KeyPurpose, StreamCipher, UnwrappedKey,
-};
+use fxfs_crypto::{Cipher, Crypt, FxfsCipher, KeyPurpose, StreamCipher, UnwrappedKey};
 use once_cell::sync::OnceCell;
 use scopeguard::ScopeGuard;
 use serde::{Deserialize, Serialize};
@@ -76,9 +74,9 @@ pub use extent_record::{
     FSVERITY_MERKLE_ATTRIBUTE_ID,
 };
 pub use object_record::{
-    AttributeKey, EncryptionKey, EncryptionKeys, ExtendedAttributeValue, FsverityMetadata,
-    ObjectAttributes, ObjectKey, ObjectKeyData, ObjectKind, ObjectValue, ProjectProperty,
-    RootDigest,
+    AttributeKey, EncryptionKey, EncryptionKeys, ExtendedAttributeValue, FsverityMetadata, FxfsKey,
+    FxfsKeyV40, ObjectAttributes, ObjectKey, ObjectKeyData, ObjectKind, ObjectValue,
+    ProjectProperty, RootDigest,
 };
 pub use transaction::Mutation;
 
diff --git a/src/storage/fxfs/src/object_store/object_record.rs b/src/storage/fxfs/src/object_store/object_record.rs
@@ -17,9 +17,7 @@ use crate::object_store::extent_record::{
 };
 use crate::serialized_types::{Migrate, Versioned, migrate_nodefault, migrate_to_version};
 use fprint::TypeFingerprint;
-use fxfs_crypto::{
-    FscryptKeyIdentifier, FscryptKeyIdentifierAndNonce, FxfsKeyV40, WrappedKey, WrappedKeysV40,
-};
+use fxfs_crypto::{FscryptKeyIdentifier, FscryptKeyIdentifierAndNonce, WrappedKey};
 use fxfs_unicode::CasefoldString;
 use serde::{Deserialize, Serialize};
 use std::collections::BTreeMap;
@@ -573,6 +571,11 @@ pub type EncryptionKey = EncryptionKeyV47;
 #[cfg_attr(fuzz, derive(arbitrary::Arbitrary))]
 pub enum EncryptionKeyV47 {
     Fxfs(FxfsKeyV40),
+    // NOTE: `key_identifier` can be thought of as the "name" of the key to use; it is not a
+    // per-file or per-directory key. It is similar to Fxfs's wrapping key ID, although it
+    // doesn't wrap anything. Files using the same `key_identifier` are encrypted using the
+    // same underlying key, with just differences in the tweak used. Directories also use the
+    // same underlying key, but some structures are further salted using the provided nonce.
     FscryptInoLblk32File { key_identifier: [u8; 16] },
     FscryptInoLblk32Dir { key_identifier: [u8; 16], nonce: [u8; 16] },
 }
@@ -817,6 +820,9 @@ impl<'a> From<ItemRef<'a, ObjectKey, ObjectValue>>
     }
 }
 
+pub type FxfsKey = FxfsKeyV40;
+pub type FxfsKeyV40 = fxfs_crypto::FxfsKey;
+
 #[cfg(test)]
 mod tests {
     use super::{ObjectKey, ObjectKeyV43};
diff --git a/src/storage/fxfs/src/object_store/object_record/legacy.rs b/src/storage/fxfs/src/object_store/object_record/legacy.rs
@@ -96,6 +96,9 @@ impl From<EncryptionKeysV40> for EncryptionKeysV47 {
     }
 }
 
+#[derive(Serialize, Deserialize, TypeFingerprint)]
+pub struct WrappedKeysV40(pub Vec<(u64, FxfsKeyV40)>);
+
 #[derive(Migrate, Serialize, Deserialize, TypeFingerprint, Versioned)]
 #[migrate_to_version(ObjectValueV47)]
 pub enum ObjectValueV46 {
diff --git a/src/storage/fxfs/src/object_store/transaction.rs b/src/storage/fxfs/src/object_store/transaction.rs
@@ -12,8 +12,8 @@ use crate::object_store::AttributeKey;
 use crate::object_store::allocator::{AllocatorItem, Reservation};
 use crate::object_store::object_manager::{ObjectManager, reserved_space_from_journal_usage};
 use crate::object_store::object_record::{
-    ObjectItem, ObjectItemV40, ObjectItemV41, ObjectItemV43, ObjectItemV46, ObjectItemV47,
-    ObjectKey, ObjectKeyData, ObjectValue, ProjectProperty,
+    FxfsKey, FxfsKeyV40, ObjectItem, ObjectItemV40, ObjectItemV41, ObjectItemV43, ObjectItemV46,
+    ObjectItemV47, ObjectKey, ObjectKeyData, ObjectValue, ProjectProperty,
 };
 use crate::serialized_types::{Migrate, Versioned, migrate_nodefault, migrate_to_version};
 use anyhow::Error;
@@ -22,7 +22,6 @@ use fprint::TypeFingerprint;
 use fuchsia_sync::Mutex;
 use futures::future::poll_fn;
 use futures::pin_mut;
-use fxfs_crypto::{FxfsKey, FxfsKeyV40};
 use rustc_hash::FxHashMap as HashMap;
 use scopeguard::ScopeGuard;
 use serde::{Deserialize, Serialize};

Original file line number	Diff line number	Diff line change
`@@ -96,6 +96,9 @@ impl From<EncryptionKeysV40> for EncryptionKeysV47 {`
`96`	`96`	`}`
`97`	`97`	`}`
`98`	`98`
	`99`	`+#[derive(Serialize, Deserialize, TypeFingerprint)]`
	`100`	`+pub struct WrappedKeysV40(pub Vec<(u64, FxfsKeyV40)>);`
	`101`	`+`
`99`	`102`	`#[derive(Migrate, Serialize, Deserialize, TypeFingerprint, Versioned)]`
`100`	`103`	`#[migrate_to_version(ObjectValueV47)]`
`101`	`104`	`pub enum ObjectValueV46 {`