| // Copyright (c) 2009 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| syntax = "proto2"; |
| |
| package cryptohome; |
| |
| import "key.proto"; |
| |
| message SerializedVaultKeyset { |
| enum Flags { |
| NONE = 0; |
| TPM_WRAPPED = 1; |
| SCRYPT_WRAPPED = 2; |
| SCRYPT_DERIVED = 4; |
| LE_CREDENTIAL = 8; |
| } |
| required int32 flags = 1; |
| required bytes salt = 2; |
| required bytes wrapped_keyset = 3; |
| optional bytes tpm_key = 4; |
| optional bytes tpm_public_key_hash = 5; |
| optional int32 password_rounds = 6; |
| repeated string deprecated_tracked_subdirectories = 7; |
| optional int64 last_activity_timestamp = 8; |
| |
| // Metadata that should be defined in one file |
| // per principal (not per key). |
| // TODO(wad) ^^^ |
| // optional string human_readable_name; |
| // required bytes identifier; // Unique to the origin |
| // required string origin; |
| // optional string idp_uri; // authoritative uri for the key |
| // message OptionalMetadata { |
| // required string name = 1; |
| // required bytes value = 2; |
| // } |
| // repeated OptionalMetadata metadata; |
| |
| // This will come from system_api once we're finalized on the API. |
| optional KeyData key_data = 9; |
| |
| optional bytes wrapped_chaps_key = 10; |
| |
| // Used to derive the high entropy reset secret. |
| // |
| // There is a single reset_seed per user. The reset_seed will be used |
| // to generate a reset credential, which is stored in the Low Entropy (LE) |
| // credential metadata. Since the reset_seed can be used to unlock |
| // previously locked out LE credentials, it has to be stored in encrypted |
| // form inside wrapped_reset_seed. |
| // |
| // We encrypt the reset_seed with the VKK, which is tied to the user |
| // phrase. This way, the reset_seed will only be available during |
| // sign-in. |
| // |
| // Once a user signs in, the VaultKeyset will have the unwrapped version, |
| // i.e reset_seed. |
| // |
| // The reset_seed is kept in sync across different Keysets for a particular |
| // user. When a new keyset is being added using Homedirs::AddKeyset() |
| // we check whether a wrapped_reset_seed is already present in the |
| // VaultKeyset. If one exists, we simply re-use it. |
| // |
| // If a previously created "normal" credential is being used to create |
| // an LE credential in AddKeyset(), and it doesn't have a reset_seed, |
| // we generate one and resave the credential before creating the |
| // LE credential. |
| optional bytes wrapped_reset_seed = 11; |
| |
| // Used during EncryptTPM/DecryptTPM to perform AES encryption of the |
| // reset_seed. |
| optional bytes reset_iv = 12; |
| |
| // Label under which this key's low entropy and high entropy secrets |
| // are stored by LECredentialManager. |
| optional uint64 le_label = 13; |
| |
| // Used during EncryptLECredential/DecryptLECredential to perform AES |
| // encryption of the file encryption key and chaps key in VaultKeyset. |
| optional bytes le_fek_iv = 14; |
| optional bytes le_chaps_iv = 15; |
| |
| // Used *only* by EncryptLECredenrtial/DecryptLECredential to wrap |
| // conver the reset_seed (which is only 1-per-user) to a per LE |
| // Credential reset secret using HMACSha256. |
| optional bytes reset_salt = 16; |
| } |