| // Copyright 2019 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| // The messages in this file comprise the DBus/Proto interface for |
| // the new set of Cryptohome interface after the refactor, and the |
| // associated messages that's used by those interfaces. |
| // All input parameter to a call is named with a "Request" suffix, |
| // and all output parameter to a call is named with a "Reply" suffix. |
| |
| syntax = "proto3"; |
| |
| option optimize_for = LITE_RUNTIME; |
| |
| package user_data_auth; |
| |
| import "fido.proto"; |
| import "key.proto"; |
| |
| /////////////////////////////////////////////////////////////////////////////// |
| // Messages that's used by the actual request/reply goes below |
| /////////////////////////////////////////////////////////////////////////////// |
| |
| // We still need the AccountIdentifier, KeyDelegate and AuthorizationRequest |
| // messages from the old interface. |
| import "rpc.proto"; |
| |
| // Error codes do not need to be sequential per-call. |
| // Prefixes by Request/Reply type should be used to help |
| // callers know if specialized errors apply. |
| // TODO(b/135984863): Rename this. |
| enum CryptohomeErrorCode { |
| // 0 is the default value of BaseReply::error. It |
| // should never be used. |
| CRYPTOHOME_ERROR_NOT_SET = 0; |
| |
| CRYPTOHOME_ERROR_ACCOUNT_NOT_FOUND = 1; |
| CRYPTOHOME_ERROR_AUTHORIZATION_KEY_NOT_FOUND = 2; |
| CRYPTOHOME_ERROR_AUTHORIZATION_KEY_FAILED = 3; |
| CRYPTOHOME_ERROR_NOT_IMPLEMENTED = 4; |
| CRYPTOHOME_ERROR_MOUNT_FATAL = 5; |
| CRYPTOHOME_ERROR_MOUNT_MOUNT_POINT_BUSY = 6; |
| CRYPTOHOME_ERROR_TPM_COMM_ERROR = 7; |
| CRYPTOHOME_ERROR_TPM_DEFEND_LOCK = 8; |
| CRYPTOHOME_ERROR_TPM_NEEDS_REBOOT = 9; |
| CRYPTOHOME_ERROR_AUTHORIZATION_KEY_DENIED = 10; |
| CRYPTOHOME_ERROR_KEY_QUOTA_EXCEEDED = 11; |
| CRYPTOHOME_ERROR_KEY_LABEL_EXISTS = 12; |
| CRYPTOHOME_ERROR_BACKING_STORE_FAILURE = 13; |
| CRYPTOHOME_ERROR_UPDATE_SIGNATURE_INVALID = 14; |
| CRYPTOHOME_ERROR_KEY_NOT_FOUND = 15; |
| CRYPTOHOME_ERROR_LOCKBOX_SIGNATURE_INVALID = 16; |
| CRYPTOHOME_ERROR_LOCKBOX_CANNOT_SIGN = 17; |
| CRYPTOHOME_ERROR_BOOT_ATTRIBUTE_NOT_FOUND = 18; |
| CRYPTOHOME_ERROR_BOOT_ATTRIBUTES_CANNOT_SIGN = 19; |
| CRYPTOHOME_ERROR_TPM_EK_NOT_AVAILABLE = 20; |
| CRYPTOHOME_ERROR_ATTESTATION_NOT_READY = 21; |
| CRYPTOHOME_ERROR_CANNOT_CONNECT_TO_CA = 22; |
| CRYPTOHOME_ERROR_CA_REFUSED_ENROLLMENT = 23; |
| CRYPTOHOME_ERROR_CA_REFUSED_CERTIFICATE = 24; |
| CRYPTOHOME_ERROR_INTERNAL_ATTESTATION_ERROR = 25; |
| CRYPTOHOME_ERROR_FIRMWARE_MANAGEMENT_PARAMETERS_INVALID = 26; |
| CRYPTOHOME_ERROR_FIRMWARE_MANAGEMENT_PARAMETERS_CANNOT_STORE = 27; |
| CRYPTOHOME_ERROR_FIRMWARE_MANAGEMENT_PARAMETERS_CANNOT_REMOVE = 28; |
| CRYPTOHOME_ERROR_MOUNT_OLD_ENCRYPTION = 29; |
| CRYPTOHOME_ERROR_MOUNT_PREVIOUS_MIGRATION_INCOMPLETE = 30; |
| CRYPTOHOME_ERROR_MIGRATE_KEY_FAILED = 31; |
| CRYPTOHOME_ERROR_REMOVE_FAILED = 32; |
| CRYPTOHOME_ERROR_INVALID_ARGUMENT = 33; |
| CRYPTOHOME_ERROR_INSTALL_ATTRIBUTES_GET_FAILED = 34; |
| CRYPTOHOME_ERROR_INSTALL_ATTRIBUTES_SET_FAILED = 35; |
| CRYPTOHOME_ERROR_INSTALL_ATTRIBUTES_FINALIZE_FAILED = 36; |
| CRYPTOHOME_ERROR_UPDATE_USER_ACTIVITY_TIMESTAMP_FAILED = 37; |
| CRYPTOHOME_ERROR_FAILED_TO_READ_PCR = 38; |
| CRYPTOHOME_ERROR_PCR_ALREADY_EXTENDED = 39; |
| CRYPTOHOME_ERROR_FAILED_TO_EXTEND_PCR = 40; |
| CRYPTOHOME_ERROR_TPM_UPDATE_REQUIRED = 41; |
| CRYPTOHOME_ERROR_FINGERPRINT_ERROR_INTERNAL = 42; |
| // Fingerprint match failed but at least one retry count left. |
| CRYPTOHOME_ERROR_FINGERPRINT_RETRY_REQUIRED = 43; |
| // Fingerprint match failed and maximum retry count reached. |
| CRYPTOHOME_ERROR_FINGERPRINT_DENIED = 44; |
| CRYPTOHOME_ERROR_VAULT_UNRECOVERABLE = 45; |
| CRYPTOHOME_ERROR_FIDO_MAKE_CREDENTIAL_FAILED = 46; |
| CRYPTOHOME_ERROR_FIDO_GET_ASSERTION_FAILED = 47; |
| CRYPTOHOME_TOKEN_SERIALIZATION_FAILED = 48; |
| } |
| |
| // This is used by MountRequest to store details about the mount to create |
| message CreateRequest { |
| // In the future, this will contain account-wide data like |
| // the deletion priority or the IdP's origin. |
| |
| // keys contain the key data to add to the key for the mount that we |
| // are creating. Currently, only one key is supported. |
| // TODO(b/133212955): Change the name of this to "key". |
| repeated cryptohome.Key keys = 1; |
| |
| // Explicitly use the |key| from the AuthorizationRequest. |
| // Setting this value means that the |keys| above would be populated with |
| // the |key| specified in MountRequest, so that we can spare the trouble |
| // of specifying |keys| above. |
| bool copy_authorization_key = 2; |
| |
| // If set to true, always use eCryptfs as the encryption method. |
| bool force_ecryptfs = 3; |
| } |
| |
| /////////////////////////////////////////////////////////////////////////////// |
| // Actual request/reply goes below |
| /////////////////////////////////////////////////////////////////////////////// |
| |
| // ------------------------- UserDataAuth Interface ------------------------- |
| |
| // Input parameters to IsMounted() |
| message IsMountedRequest { |
| // If username is available, then it'll check if a specific user's home |
| // directory is mounted. Otherwise, it'll check if any home directory is |
| // mounted. |
| string username = 1; |
| } |
| |
| // Output parameters for IsMounted() |
| message IsMountedReply { |
| // If the requested home directory is mounted. |
| bool is_mounted = 1; |
| // If the mount is ephemeral, that is, if the contents get cleared once |
| // the user logs out. |
| // Note that if there's no username specified in the IsMountedRequest, |
| // then this field is set to true if any mount is ephemeral. |
| bool is_ephemeral_mount = 2; |
| } |
| |
| // Input parameters to Unmount() |
| // Currently we only support unmounting all mounted cryptohomes but in the |
| // future we may implement per-user unmount, at which point we can extend this |
| // proto with the necessary information. |
| message UnmountRequest { |
| } |
| |
| // Output parameters for Unmount() |
| message UnmountReply { |
| // Indicates an error if |error| is not empty. |
| CryptohomeErrorCode error = 1; |
| } |
| |
| // Input parameters to Mount() |
| message MountRequest { |
| // The account of the user whose home directory is requested for mounting. |
| cryptohome.AccountIdentifier account = 1; |
| // Authorization data from the user. |
| cryptohome.AuthorizationRequest authorization = 2; |
| |
| // If set, then perform an ephemeral mount only. |
| bool require_ephemeral = 3; |
| // If defined, the account will be created if it does not exist. |
| // Additionally, a failed AuthorizationRequest will be expected as |
| // there will be no existing keys. |
| CreateRequest create = 4; |
| // If set to true, and cryptohomed supports the new "dircrypto" encryption, |
| // forces to use the new encryption. That is, makes it an error to mount |
| // an existing home directory encrypted in the old way (ecryptfs). |
| bool force_dircrypto_if_available = 5; |
| // If set to true, mounts the existing ecryptfs vault to a temporary location |
| // while setting up a new dircrypto directory. |
| bool to_migrate_from_ecryptfs = 6; |
| // If set, then performs a public mount, which is used for a Kiosk session. |
| // Credentials are not needed in the request; they are synthesized by |
| // cryptohomed from id. |
| bool public_mount = 7; |
| // If set to true, mounts the vault to a temporary location. The mount is not |
| // exposed to the usual locations (/home/user, /home/root). |
| bool hidden_mount = 8; |
| // If set to true, the mount will be for a guest session. |
| bool guest_mount = 9; |
| } |
| |
| // Output parameters for Mount() |
| message MountReply { |
| // Indicate an error when |error| is not empty. |
| CryptohomeErrorCode error = 1; |
| // |recreated| is set when the cryptohome had to be wiped |
| // because the key or data was an unrecoverable. It does not imply |
| // failure to Mount nor is it 'true' when a CreateRequest creates |
| // a cryptohome for the first time. |
| bool recreated = 2; |
| // Returns the filesystem-sanitized username. |
| string sanitized_username = 3; |
| } |
| |
| // Input parameters to Remove() |
| message RemoveRequest { |
| // Identifies the user, whose home directory to remove |
| cryptohome.AccountIdentifier identifier = 1; |
| } |
| |
| // Output parameters for Remove() |
| message RemoveReply { |
| // Indicate an error when |error| is not empty. |
| CryptohomeErrorCode error = 1; |
| } |
| |
| // Input parameters to Rename() |
| message RenameRequest { |
| // Identifies the user, whose home directory to rename |
| cryptohome.AccountIdentifier id_from = 1; |
| // After the Rename() operation the home directory will have a name that is |
| // the same as if it is owned by |id_to| |
| cryptohome.AccountIdentifier id_to = 2; |
| } |
| |
| // Output parameters for Rename() |
| message RenameReply { |
| // Indicate an error when |error| is not empty. |
| CryptohomeErrorCode error = 1; |
| } |
| |
| // Input parameters to ListKeys() |
| message ListKeysRequest { |
| // The default behavior is by label so any extension here should honor that. |
| |
| // List the key(s) that is/are used to protect the home directory whose |
| // owner is identified by account_id. |
| cryptohome.AccountIdentifier account_id = 1; |
| // Provide user authentication if necessary (currently not required). |
| cryptohome.AuthorizationRequest authorization_request = 2; |
| } |
| |
| // Output parameters for ListKeys() |
| message ListKeysReply { |
| // Indicates an error if error is not empty. |
| CryptohomeErrorCode error = 1; |
| // The labels of the Vault Keyset. This will be empty on error. |
| repeated string labels = 2; |
| } |
| |
| // Input parameters to GetKeyData() |
| message GetKeyDataRequest { |
| // The keys whose data to retrieve, is the key whose owner is identified |
| // by account_id. |
| cryptohome.AccountIdentifier account_id = 1; |
| // Provide user authentication if necessary (currently not required). |
| cryptohome.AuthorizationRequest authorization_request = 2; |
| // |key| must supply at least one attribute and all others will be treated as |
| // wildcards. Currently only |key.data().label()| may be supplied. Like |
| // AuthorizationRequest, support can be added for queries by |
| // |key.data().type()| to return all keys of a certain class, testing |
| // |key.secret()|, or |key.data().provider_data()| entries. |
| cryptohome.Key key = 3; |
| } |
| |
| // Output parameters for GetKeyData() |
| message GetKeyDataReply { |
| // Indicates an error if error is not empty. |
| CryptohomeErrorCode error = 1; |
| // The data associated with those keys. |
| repeated cryptohome.KeyData key_data = 2; |
| } |
| |
| // Input parameters to CheckKey() |
| message CheckKeyRequest { |
| // We only check against keys that belongs to the user identified by |
| // account_id. |
| cryptohome.AccountIdentifier account_id = 1; |
| // The authentication credentials to check against the keys |
| cryptohome.AuthorizationRequest authorization_request = 2; |
| } |
| |
| // Output parameters for CheckKey() |
| message CheckKeyReply { |
| // Indicates an error if error is not empty. |
| CryptohomeErrorCode error = 1; |
| } |
| |
| // Input parameters to AddKey() |
| message AddKeyRequest { |
| // The owner of the new key. |
| cryptohome.AccountIdentifier account_id = 1; |
| // The authentication data of the new key. |
| cryptohome.AuthorizationRequest authorization_request = 2; |
| // The key to add. |
| cryptohome.Key key = 3; |
| // Do we delete the existing key if it already exists? |
| bool clobber_if_exists = 4; |
| } |
| |
| // Output parameters for AddKey() |
| message AddKeyReply { |
| // Indicates an error if error is not empty. |
| CryptohomeErrorCode error = 1; |
| } |
| |
| // Input parameters to AddDataRestoreKey() |
| message AddDataRestoreKeyRequest { |
| // The owner the account. |
| cryptohome.AccountIdentifier account_id = 1; |
| // The authentication data of the account. |
| cryptohome.AuthorizationRequest authorization_request = 2; |
| } |
| |
| // Output parameters for AddDataRestoreKey() |
| message AddDataRestoreKeyReply { |
| // Indicates an error if error is not empty. |
| CryptohomeErrorCode error = 1; |
| |
| // 256 bits data restore key in raw bytes |
| bytes data_restore_key = 2; |
| } |
| |
| // Input parameters to RemoveKey() |
| message RemoveKeyRequest { |
| // The owner of the key to remove |
| cryptohome.AccountIdentifier account_id = 1; |
| // Authorization from the user |
| cryptohome.AuthorizationRequest authorization_request = 2; |
| // Only key.data().label() is used at present. |
| cryptohome.Key key = 3; |
| } |
| |
| // Output parameters for RemoveKey() |
| message RemoveKeyReply { |
| // Indicates an error if error is not empty. |
| CryptohomeErrorCode error = 1; |
| } |
| |
| // Input parameters to MassRemoveKeys() |
| message MassRemoveKeysRequest { |
| // The owner of the key to remove |
| cryptohome.AccountIdentifier account_id = 1; |
| // Authorization from the user |
| cryptohome.AuthorizationRequest authorization_request = 2; |
| |
| // Remove all keys whose labels are NOT included in exempt_key_data. |
| repeated cryptohome.KeyData exempt_key_data = 3; |
| } |
| |
| // Output parameters for MassRemoveKeys() |
| message MassRemoveKeysReply { |
| // Indicates an error if error is not empty. |
| CryptohomeErrorCode error = 1; |
| } |
| |
| // Input parameters to MigrateKey() |
| message MigrateKeyRequest { |
| // The owner whose key are going to migrate |
| cryptohome.AccountIdentifier account_id = 1; |
| // Authorization from the user |
| cryptohome.AuthorizationRequest authorization_request = 2; |
| // The new secret for the key. |
| bytes secret = 3; |
| } |
| |
| // Output parameters for MigrateKey() |
| message MigrateKeyReply { |
| // Indicates an error if error is not empty. |
| CryptohomeErrorCode error = 1; |
| } |
| |
| // StartFingerprintAuthSession sets BiometricsDaemon and the Fingerprint MCU to |
| // match mode. EndFingerprintAuthSession sets them back to non-match mode. |
| // A typical call sequence involves one or more other calls that actually wait |
| // for fingerprint scan result, between StartFingerprintAuthSession and |
| // EndFingerprintAuthSession. |
| // |
| // Example 1: successful fingerprint match at first attempt. |
| // --> StartFingerprintAuthSession |
| // --> CheckKey(KEY_TYPE_FINGERPRINT), fingerprint scan success |
| // --> EndFingerprintAuthSession |
| // |
| // Example 2: successful fingerprint match at third attempt. |
| // --> StartFingerprintAuthSession |
| // --> CheckKey(KEY_TYPE_FINGERPRINT), fingerprint scan no match |
| // --> CheckKey(KEY_TYPE_FINGERPRINT), fingerprint scan no match |
| // --> CheckKey(KEY_TYPE_FINGERPRINT), fingerprint scan success |
| // --> EndFingerprintAuthSession |
| // |
| // Example 3: client chooses to cancel before success. |
| // --> StartFingerprintAuthSession |
| // --> CheckKey(KEY_TYPE_FINGERPRINT), fingerprint scan no match |
| // --> CheckKey(KEY_TYPE_FINGERPRINT), fingerprint scan no match |
| // --> EndFingerprintAuthSession |
| |
| // Input parameters to StartFingerprintAuthSession() |
| message StartFingerprintAuthSessionRequest { |
| // This represents the "single user" that we are will be fingerprint for. |
| cryptohome.AccountIdentifier account_id = 1; |
| } |
| |
| // Output parameters for StartFingerprintAuthSession() |
| message StartFingerprintAuthSessionReply { |
| // Indicates an error if |error| is not empty. |
| CryptohomeErrorCode error = 1; |
| } |
| |
| // Input parameters to EndFingerprintAuthSession() |
| message EndFingerprintAuthSessionRequest {} |
| |
| // Output parameters for EndFingerprintAuthSession() |
| message EndFingerprintAuthSessionReply { |
| // Indicates an error if |error| is not empty. |
| CryptohomeErrorCode error = 1; |
| } |
| |
| // Input parameters to GetWebAuthnSecret() |
| message GetWebAuthnSecretRequest { |
| // This represents the "single user" that the secret belongs to. |
| cryptohome.AccountIdentifier account_id = 1; |
| } |
| |
| // Output parameters for GetWebAuthnSecret() |
| message GetWebAuthnSecretReply { |
| // Indicates an error if |error| is not empty. |
| CryptohomeErrorCode error = 1; |
| // The WebAuthn secret. |
| bytes webauthn_secret = 2; |
| } |
| |
| // TODO(b/126307305): For the messages, below, we'll need to add the documentations |
| // for them. |
| |
| // Input parameters to StartMigrateToDircrypto(). |
| message StartMigrateToDircryptoRequest { |
| // The owner of the cryptohome that we are going to migrate. |
| cryptohome.AccountIdentifier account_id = 1; |
| |
| // If true, only a few paths (specified in cryptohomed) that are necessary for |
| // a working profile will be migrated. Most user data will be wiped. |
| bool minimal_migration = 2; |
| } |
| |
| // Output parameters for StartMigrateToDircrypto(). |
| message StartMigrateToDircryptoReply { |
| // Indicates an error if not empty. |
| CryptohomeErrorCode error = 1; |
| } |
| |
| // Status code for the message DircryptoMigrationProgress below. |
| enum DircryptoMigrationStatus { |
| // 0 means a successful completion. |
| DIRCRYPTO_MIGRATION_SUCCESS = 0; |
| // TODO(kinaba,dspaid): Add error codes as needed here. |
| DIRCRYPTO_MIGRATION_FAILED = 1; |
| // TODO(kinaba,dspaid): Add state codes as needed. |
| DIRCRYPTO_MIGRATION_INITIALIZING = 2; |
| DIRCRYPTO_MIGRATION_IN_PROGRESS = 3; |
| } |
| |
| // The data that comes with DircryptoMigrationProgress signal. |
| message DircryptoMigrationProgress { |
| // See cryptohome::dircrypto_data_migrator::MigrationHelper::ProgressCallback |
| // for more information. |
| |
| // The status of the migration |
| DircryptoMigrationStatus status = 1; |
| |
| // The amount of bytes that we've migrated over. |
| uint64 current_bytes = 2; |
| |
| // The total amount of bytes in this migration operation. |
| uint64 total_bytes = 3; |
| } |
| |
| // Input parameters to NeedsDircryptoMigration(). |
| message NeedsDircryptoMigrationRequest { |
| // The account for which we want to check if Dircrypto migration is needed. |
| cryptohome.AccountIdentifier account_id = 1; |
| } |
| |
| // Output parameters for NeedsDircryptoMigration(). |
| message NeedsDircryptoMigrationReply { |
| // Indicates an error if not empty. |
| CryptohomeErrorCode error = 1; |
| |
| // Whether Dircrypto migration is needed. |
| // Note that this is invalid and should be disregarded if |error| is not |
| // empty. |
| bool needs_dircrypto_migration = 2; |
| } |
| |
| // Input parameters to GetSupportedKeyPolicies(). |
| message GetSupportedKeyPoliciesRequest { |
| } |
| |
| // Output parameters for GetSupportedKeyPolicies(). |
| // This informs the caller which KeyPolicy features are supported. |
| message GetSupportedKeyPoliciesReply { |
| // Whether low entropy credentials is supported by the policies |
| bool low_entropy_credentials_supported = 1; |
| } |
| |
| // Input parameters to GetAccountDiskUsage(). |
| message GetAccountDiskUsageRequest { |
| // The owner of the home directory that we are going to compute the |
| // size for. |
| cryptohome.AccountIdentifier identifier = 1; |
| } |
| |
| // Output parameters for GetAccountDiskUsage(). |
| message GetAccountDiskUsageReply { |
| // Indicates an error if not empty. |
| // Note that for this API call, it is not an error to supply a non-existent |
| // user in the |GetAccountDiskUsageRequest.identifier| parameter. |
| CryptohomeErrorCode error = 1; |
| |
| // The size of cryptohome in bytes. If a non-existent user is given in the |
| // request, size will be 0. |
| // Negative values are reserved, see HomeDir::ComputeSize() for more |
| // information. |
| int64 size = 2; |
| } |
| |
| // The data that comes with LowDiskSpace signal. |
| message LowDiskSpace { |
| // The amount of remaining free disk space. |
| uint64 disk_free_bytes = 1; |
| } |
| |
| message StartAuthSessionRequest { |
| // The account of the user whose home directory is requested for mounting. |
| cryptohome.AccountIdentifier account_id = 1; |
| } |
| |
| message StartAuthSessionReply { |
| // Error if any to start the Auth Session |
| CryptohomeErrorCode error = 1; |
| // Token that would be used to conduct any auth-related operation. |
| bytes auth_session_id = 2; |
| } |
| |
| // ------------------------- ArcQuota Interface ------------------------- |
| |
| // Input parameters to GetArcDiskFeatures(). |
| message GetArcDiskFeaturesRequest {} |
| |
| // Output parameters for GetArcDiskFeatures(). |
| message GetArcDiskFeaturesReply { |
| // Set to true if Quota feature is supported for ARC Disk/Storage. |
| bool quota_supported = 1; |
| } |
| |
| // Input parameters to GetCurrentSpaceForArcUid(). |
| message GetCurrentSpaceForArcUidRequest { |
| // The Android UID for whom we are going to query the disk usage. |
| // Note that Android UID is a shifted UID. |
| uint32 uid = 1; |
| } |
| |
| // Output parameters for GetCurrentSpaceForArcUid(). |
| message GetCurrentSpaceForArcUidReply { |
| // The current disk space usage for the given Android UID. |
| // Will be a negative number if the request fails. See |
| // cryptohome/arc_disk_quota.h for more details. |
| int64 cur_space = 1; |
| } |
| |
| // Input parameters to GetCurrentSpaceForArcGid(). |
| message GetCurrentSpaceForArcGidRequest { |
| // The Android GID for whom we are going to query the disk usage. |
| // Note that Android GID is a shifted GID. |
| uint32 gid = 1; |
| } |
| |
| // Output parameters for GetCurrentSpaceForArcGid(). |
| message GetCurrentSpaceForArcGidReply { |
| // The current disk space usage for the given Android GID. |
| // Will be a negative number if the request fails. See |
| // cryptohome/arc_disk_quota.h for more details. |
| int64 cur_space = 1; |
| } |
| |
| // Input parameters to GetCurrentSpaceForArcProjectId(). |
| message GetCurrentSpaceForArcProjectIdRequest { |
| // The project ID for whom we are going to query the disk usage. |
| uint32 project_id = 1; |
| } |
| |
| // Output parameters for GetCurrentSpaceForArcProjectId(). |
| message GetCurrentSpaceForArcProjectIdReply { |
| // The current disk space usage for the given project ID. |
| // Will be a negative number if the request fails. See |
| // cryptohome/arc_disk_quota.h for more details. |
| int64 cur_space = 1; |
| } |
| |
| // Type of paths that are allowed for SetProjectId. |
| enum SetProjectIdAllowedPathType { |
| // /home/user/<obfuscated_username>/Downloads/ |
| PATH_DOWNLOADS = 0; |
| // /home/root/<obfuscated_username>/android-data/ |
| PATH_ANDROID_DATA = 1; |
| } |
| |
| // Input parameters to SetProjectId(). |
| message SetProjectIdRequest { |
| // The project ID. |
| uint32 project_id = 1; |
| |
| // |parent_path|, |child_path| and |account_id| are used for constructing the |
| // target path. (e.g. /home/user/<obfuscated_username>/Downloads/<child_path> |
| // for parent_path=PATH_DOWNLOADS) |
| SetProjectIdAllowedPathType parent_path = 2; |
| string child_path = 3; |
| cryptohome.AccountIdentifier account_id = 4; |
| } |
| |
| // Output parameters for SetProjectId(). |
| message SetProjectIdReply { |
| // Set to true if ioctl syscall for setting the proect ID succeeds. |
| bool success = 1; |
| } |
| |
| // ------------------------- PKCS#11 Interface ------------------------- |
| |
| // Represents the information about a token in PKCS#11, used by |
| // Pkcs11GetTpmTokenInfo() |
| message TpmTokenInfo { |
| // The label of the token. |
| string label = 1; |
| |
| // The pin that is used to access the token. |
| // Note that in most cases this is a default well known value. |
| string user_pin = 2; |
| |
| // The slot number of the token. |
| int32 slot = 3; |
| } |
| |
| // Input parameters to Pkcs11IsTpmTokenReady() |
| message Pkcs11IsTpmTokenReadyRequest { |
| // Nothing at the moment. |
| } |
| |
| // Output parameters for Pkcs11IsTpmTokenReady() |
| message Pkcs11IsTpmTokenReadyReply { |
| // True if the TPM-backed token store for all mount is ready for access. |
| // That is, every TPM-backed token store associated with a mount is in an |
| // initialized state. |
| bool ready = 1; |
| } |
| |
| // Input parameters to Pkcs11GetTpmTokenInfo() |
| message Pkcs11GetTpmTokenInfoRequest { |
| // If username is empty or not set, then the information regarding system TPM |
| // token is returned. Otherwise, the user TPM token is returned. |
| string username = 1; |
| } |
| |
| // Output parameters for Pkcs11GetTpmTokenInfo() |
| message Pkcs11GetTpmTokenInfoReply { |
| // The TPM Token information, generally it's the stuffs required to access |
| // the TPM token. |
| TpmTokenInfo token_info = 1; |
| } |
| |
| // Input parameters to Pkcs11Terminate() |
| message Pkcs11TerminateRequest { |
| // This call will remove all PKCS#11 token store that is associated with a |
| // mount. |
| |
| // Username is currently unused. |
| string username = 1; |
| } |
| |
| // Output parameters for Pkcs11Terminate() |
| message Pkcs11TerminateReply { |
| // Nothing at the moment. |
| } |
| |
| // ----------------------- Install Attributes Interface ----------------------- |
| |
| // The possible states of Install Attributes module, this is used by |
| // InstallAttributesGetStatus(). |
| enum InstallAttributesState { |
| // See InstallAttributes::Status in install_attributes.h for definition |
| // of these states. |
| UNKNOWN = 0; |
| TPM_NOT_OWNED = 1; |
| FIRST_INSTALL = 2; |
| VALID = 3; |
| INVALID = 4; |
| } |
| |
| // Input parameters to InstallAttributesGet() |
| message InstallAttributesGetRequest { |
| // Name of the install attributes to retrieve. |
| // There's no explicit requirement about the name, so generally it can be |
| // any valid string. |
| string name = 1; |
| } |
| |
| // Output parameters for InstallAttributesGet() |
| message InstallAttributesGetReply { |
| // Will be set if an error occurred. |
| CryptohomeErrorCode error = 1; |
| |
| // The value associated with the install attributes. |
| bytes value = 2; |
| } |
| |
| // Input parameters to InstallAttributesSet() |
| message InstallAttributesSetRequest { |
| // Name of the install attributes to set. |
| // There's no explicit requirement about the name, so generally it can be |
| // any valid string. |
| string name = 1; |
| |
| // Value to set for the install attributes. |
| bytes value = 2; |
| } |
| |
| // Output parameters for InstallAttributesSet() |
| message InstallAttributesSetReply { |
| // Will be set if an error occurred. |
| CryptohomeErrorCode error = 1; |
| } |
| |
| // Input parameters to InstallAttributesFinalize() |
| message InstallAttributesFinalizeRequest { |
| // There's no parameters to InstallAttributesFinalize() right now. |
| } |
| |
| // Output parameters for InstallAttributesFinalize() |
| message InstallAttributesFinalizeReply { |
| // If the install attributes are not finalized successfully, then this |
| // error code would be set. Otherwise, the install attribute is correctly |
| // finalized. |
| CryptohomeErrorCode error = 1; |
| } |
| |
| // Input parameters to InstallAttributesGetStatus() |
| message InstallAttributesGetStatusRequest { |
| } |
| |
| // Output parameters for InstallAttributesGetStatus() |
| message InstallAttributesGetStatusReply { |
| // If there's a problem retrieving the status, this will be set. |
| CryptohomeErrorCode error = 1; |
| |
| // How many install attributes are there? |
| int32 count = 2; |
| |
| // Returns true if the attribute storage is securely stored. It does not |
| // indicate if the store has been finalized, just if the system TPM/Lockbox |
| // is being used. |
| bool is_secure = 3; |
| |
| // The state the install attributes are in. |
| InstallAttributesState state = 4; |
| } |
| |
| // ----------------- Firmware Management Parameters Interface ----------------- |
| |
| // This represents the content of Firmware Management Parameters |
| message FirmwareManagementParameters { |
| // The Developer Flags, this is part of the FWMP. |
| uint32 flags = 1; |
| |
| // Developer Key Hash, this is part of the FWMP. |
| // For current version of the FWMP (V1.0), this is the size of SHA256. |
| bytes developer_key_hash = 2; |
| } |
| |
| // Input parameters to GetFirmwareManagementParameters() |
| message GetFirmwareManagementParametersRequest { |
| } |
| |
| // Output parameters for GetFirmwareManagementParameters() |
| message GetFirmwareManagementParametersReply { |
| // If there's a problem retrieving the FWMP, then this will be set. |
| CryptohomeErrorCode error = 1; |
| |
| // The firmware management parameters that is retrieved. |
| FirmwareManagementParameters fwmp = 2; |
| } |
| |
| // Input parameters to RemoveFirmwareManagementParameters() |
| message RemoveFirmwareManagementParametersRequest { |
| // Note that calling this function will destroy the NVRAM space that |
| // stores the FWMP (if defined). |
| } |
| |
| // Output parameters for RemoveFirmwareManagementParameters() |
| message RemoveFirmwareManagementParametersReply { |
| // If there's a problem removing the FWMP, then this will be set. |
| CryptohomeErrorCode error = 1; |
| } |
| |
| // Input parameters to SetFirmwareManagementParameters() |
| message SetFirmwareManagementParametersRequest { |
| // The firmware management parameters to set. |
| FirmwareManagementParameters fwmp = 1; |
| } |
| |
| // Output parameters for SetFirmwareManagementParameters() |
| message SetFirmwareManagementParametersReply { |
| // If there's a problem setting the FWMP, then this will be set. |
| CryptohomeErrorCode error = 1; |
| } |
| |
| // Input parameters to GetSystemSalt() |
| message GetSystemSaltRequest { |
| // No parameter is needed to retrieve the system salt. |
| } |
| |
| // Output parameters for GetSystemSalt() |
| message GetSystemSaltReply { |
| // The system salt. |
| // Note that the caller should not expect the system salt to be a particular |
| // size. The length is defined by the CRYPTOHOME_DEFAULT_SALT_LENGTH |
| // constant. |
| bytes salt = 1; |
| } |
| |
| // Input parameters to UpdateCurrentUserActivityTimestamp() |
| message UpdateCurrentUserActivityTimestampRequest { |
| // This is the time, expressed in number of seconds since the last |
| // user activity. |
| // For instance, if the unix timestamp now is x, if this value is 5, |
| // then the last user activity happened at x-5 unix timestamp. |
| // Note that negative values for this parameter is reserved, and should not |
| // be used. |
| int32 time_shift_sec = 1; |
| } |
| |
| // Output parameters for UpdateCurrentUserActivityTimestamp() |
| message UpdateCurrentUserActivityTimestampReply { |
| // This will be set if there's a problem updating the user activity timestamp |
| // for any user. |
| CryptohomeErrorCode error = 1; |
| } |
| |
| // Input parameters to GetSanitizedUsername() |
| message GetSanitizedUsernameRequest { |
| // The username to sanitize. |
| string username = 1; |
| } |
| |
| // Output parameters for GetSanitizedUsername() |
| message GetSanitizedUsernameReply { |
| // The sanitized username, this is basically a hashed representation |
| // of the username used in the paths of user's home directory. |
| string sanitized_username = 1; |
| } |
| |
| // Input parameters to GetLoginStatus() |
| message GetLoginStatusRequest {} |
| |
| // Output parameters for GetLoginStatus() |
| message GetLoginStatusReply { |
| // This will be set if there's a problem getting login status. |
| CryptohomeErrorCode error = 1; |
| |
| // This is set to true if an owner user is specified in the device policy. |
| bool owner_user_exists = 2; |
| |
| // Note that |boot_lockbox_finalized| is not supplied because current version |
| // of bootlockbox doesn't support querying whether it's finalized. The |
| // previous version that does support that has been deprecated. |
| |
| bool is_locked_to_single_user = 3; |
| } |
| |
| // Input parameters to GetStatusString() |
| message GetStatusStringRequest {} |
| |
| // Output parameters for GetStatusString() |
| message GetStatusStringReply { |
| // Contains a JSON string that includes some tpm status, mount status and |
| // install attributes status information. |
| string status = 1; |
| } |
| |
| // Input parameters to LockToSingleUserMountUntilReboot() |
| // Lock the device to single user use. |
| message LockToSingleUserMountUntilRebootRequest { |
| // This represents the "single user", whose mount we are going to lock to. |
| cryptohome.AccountIdentifier account_id = 1; |
| } |
| |
| // Output parameters for LockToSingleUserMountUntilReboot() |
| // Informs the caller whether the disabling succeeded, that is, whether we are |
| // now locked to a single user mount. |
| message LockToSingleUserMountUntilRebootReply { |
| // Indicates an error if |error| is not empty. |
| CryptohomeErrorCode error = 1; |
| } |
| |
| // Input parameters to GetRsuDeviceId() |
| message GetRsuDeviceIdReply { |
| // This will be set if there's a problem getting device ID. |
| // Note that to be compliant with behaviours before the refactor, failure |
| // in this method call will be reported through DBus error. |
| CryptohomeErrorCode error = 1; |
| |
| // Returns lookup key for Remote Server Unlock |
| bytes rsu_device_id = 2; |
| } |
| |
| // Output parameters for GetRsuDeviceId() |
| message GetRsuDeviceIdRequest {} |
| |
| // Input parameters to CheckHealth() |
| message CheckHealthRequest {} |
| |
| // Output parameters for CheckHealth() |
| message CheckHealthReply { |
| bool requires_powerwash = 2; |
| } |
| |
| // Fido make credential public key options. |
| message FidoMakeCredentialRequest { |
| cryptohome.AccountIdentifier account_id = 1; |
| cryptohome.fido.PublicKeyCredentialCreationOptions make_credential_options = |
| 2; |
| } |
| |
| // Fido make credential response. |
| message FidoMakeCredentialReply { |
| CryptohomeErrorCode error = 1; |
| // Contains MakeCredentialAuthenticatorResponse. |
| cryptohome.fido.MakeCredentialAuthenticatorResponse make_credential_response = |
| 2; |
| } |
| |
| // Fido challenge |
| message FidoGetAssertionRequest { |
| cryptohome.fido.PublicKeyCredentialRequestOptions get_assertion_options = 1; |
| } |
| |
| message FidoGetAssertionReply { |
| CryptohomeErrorCode error = 1; |
| // Contains GetAssertionAuthenticatorResponse. |
| cryptohome.fido.GetAssertionAuthenticatorResponse get_assertion_response = 2; |
| } |
