| // Copyright 2021 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| namespace cryptohome; |
| |
| // Encryption algorithms used in the user secret stash. |
| enum UserSecretStashEncryptionAlgorithm : int { |
| NONE = 0, // designator of an unset enum field in tables |
| AES_GCM_256 = 1, // AES-GCM-256 |
| } |
| |
| // Container for the encrypted user secret stash. It can be persisted to disk |
| // as-is. |
| table UserSecretStashContainer { |
| // The algorithm used for encrypting UserSecretStashPayload. |
| encryption_algorithm:UserSecretStashEncryptionAlgorithm (id: 0); |
| // This is the encrypted UserSecretStashPayload. |
| ciphertext:[ubyte] (id: 1); |
| // The random IV used by the encryption algorithm. |
| iv:[ubyte] (id: 2); |
| // The GCM tag generated by the block cipher. |
| gcm_tag:[ubyte] (id: 3); |
| // Holds multiple wrapped (encrypted) representations of the main key, each |
| // wrapped using a different intermediate key. |
| wrapped_key_blocks:[UserSecretStashWrappedKeyBlock] (id: 4); |
| } |
| |
| // Holds the USS main key, wrapped (encrypted) using an intermediate key. |
| table UserSecretStashWrappedKeyBlock { |
| // The wrapping ID that allows the programmatic layers to identify the |
| // intermediate key needed for decrypting this table. |
| wrapping_id:string (id: 0); |
| // The algorithm used for encrypting the USS main key. |
| encryption_algorithm:UserSecretStashEncryptionAlgorithm (id: 1); |
| // This is the encrypted USS main key. |
| encrypted_key:[ubyte] (id: 2); |
| // The random IV used in the encryption of the USS main key. |
| iv:[ubyte] (id: 3); |
| // The GCM tag generated by the block cipher. |
| gcm_tag:[ubyte] (id: 4); |
| } |
| |
| root_type UserSecretStashContainer; |
