diff options
author | antrim <antrim@chromium.org> | 2014-02-14 13:41:53 +0400 |
---|---|---|
committer | chrome-internal-fetch <chrome-internal-fetch@google.com> | 2014-02-14 15:29:04 +0000 |
commit | 06e526f77f73cb9ca28d962c31e693fd4492e5e3 (patch) | |
tree | 2aef419be75aac19ca87508bf447d207814042cb /dbus/cryptohome | |
parent | 874a39664f1538b1855391f98bf14026a5dd2c24 (diff) | |
download | system_api-06e526f77f73cb9ca28d962c31e693fd4492e5e3.tar.gz |
Moving protobufs around so that they can be reused by chrome.
Phase one: add protos to public_api, extract enums to separate proto file.
BUG=chromium:316189
TEST=compile test. Protos are optional and unreferenced.
Change-Id: I91a403ecacaafbd0b44ab74cb60322a3a35cbde2
Reviewed-on: https://chromium-review.googlesource.com/186540
Tested-by: Denis Kuznetsov <antrim@chromium.org>
Reviewed-by: Nikita Kostylev <nkostylev@chromium.org>
Commit-Queue: Nikita Kostylev <nkostylev@chromium.org>
Diffstat (limited to 'dbus/cryptohome')
-rw-r--r-- | dbus/cryptohome/key_enums.proto | 36 | ||||
-rw-r--r-- | dbus/cryptohome/key_parameters.proto | 45 |
2 files changed, 81 insertions, 0 deletions
diff --git a/dbus/cryptohome/key_enums.proto b/dbus/cryptohome/key_enums.proto new file mode 100644 index 0000000..e5ce286 --- /dev/null +++ b/dbus/cryptohome/key_enums.proto @@ -0,0 +1,36 @@ +// Copyright (c) 2009 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +package cryptohome; + +enum KeyType { + PASSWORD_CROS_LEGACY = 0; + // Password plain which is signed by a RSA-SHA256 key + PASSWORD_PLAIN = 1; +} + +// Software-enforced privileges. +enum KeyPrivileges { + // Can mount + MOUNT = 1; + // Can add other keys + ADD = 2; + // Can remove other keys + REMOVE = 4; + // Destroys all other keys and replaces the old key. + MIGRATE = 8; + DEFAULT = 15; // (MOUNT|ADD|REMOVE|MIGRATE) + // Allows a key to be updated in place if authorized (e.g., by a signature). + AUTHORIZED_UPDATE = 16; +} + +enum KeyAuthorizationType { + // Changes must be authorized by a HMAC-SHA256 + // with a sub-key of the privilege_key, which is wrapped by the + // wrapped_keyset, used to authenticate the encrypted payload of + // (revision||new_passphrase), encrypted using a sub-key of + // the unwrapped privilege_key. + // The subkeys are computed as one-half of a SHA512 of the priv_key. + AES256_HMAC_SHA256 = 0; +} diff --git a/dbus/cryptohome/key_parameters.proto b/dbus/cryptohome/key_parameters.proto new file mode 100644 index 0000000..dd206b3 --- /dev/null +++ b/dbus/cryptohome/key_parameters.proto @@ -0,0 +1,45 @@ +// Copyright (c) 2014 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +option optimize_for = LITE_RUNTIME; + +package cryptohome; + +import "key_enums.proto"; + +message KeyParameters { + message KeyAuthorization { + required string label = 1; + // At present, the only signature authorized privilege is + // a superviser user key which will can replace itself iff + // the new key and the new revision have a valid signature + // (and the revision is not old). + optional bytes authorization_signature = 3; + } + optional KeyAuthorization auth = 1; + + // Used when a key is being added, even if it is being + // clobbered as long as the authorizing key is not the same. + message KeyAddition { + required KeyType type = 1; + required string label = 2; + optional KeyPrivileges + privs = 3 [default=DEFAULT]; + optional KeyAuthorizationType + authorization_type = 4; + optional bytes authorization_key = 5; + } + optional KeyAddition add = 2; + + // Used when a key is updating itself. If another key is being used, + // it should be a clobbering KeyAddition. + message KeyUpdate { + // These fields only need to be specified if an explicit change is required. + optional string label = 1; + // The new_revision must be larger than the current revision. + // Revisions are not incremented automatically. + optional int64 new_revision = 2; + } + optional KeyUpdate update = 3; +} |