| // Copyright 2021 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| // Our Python generator removes the "_serialized_" namespace when generating |
| // the code, to avoid symbol clash with the code generated by flatc. |
| namespace cryptohome._serialized_; |
| |
| // Defined the attributes that may be used in this schema file. |
| attribute "secure"; |
| attribute "serializable"; |
| |
| // The user secret stash payload. Because it contains sensitive secrets, it can |
| // be stored to disk only in encrypted form. |
| table UserSecretStashPayload (serializable, secure) { |
| // The file encryption key. |
| fek:[ubyte] (id: 0); |
| // The file name encryption key. |
| fnek:[ubyte] (id: 1); |
| // The salt used with |fek|. |
| fek_salt:[ubyte] (id: 2); |
| // The salt used with |fnek|. |
| fnek_salt:[ubyte] (id: 3); |
| // The key identifier of |fek|. |
| fek_sig:[ubyte] (id: 4); |
| // The key identifier of |fnek|. |
| fnek_sig:[ubyte] (id: 5); |
| |
| // Chaps database encryption key. |
| chaps_key:[ubyte] (id: 6); |
| |
| // In the UserSecretStash world, there is one global reset secret that any |
| // PinWeaver backed credential uses. |
| reset_secret:[ubyte] (id: 7); |
| } |
| |
| root_type UserSecretStashPayload; |
