| // Copyright 2021 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| // Our Python generator removes the "_serialized_" namespace when generating |
| // the code, to avoid symbol clash with the code generated by flatc. |
| namespace cryptohome._serialized_; |
| |
| // Defined the attributes that may be used in this schema file. |
| attribute "secure"; |
| attribute "serializable"; |
| |
| // Encryption algorithms used in the user secret stash. |
| enum UserSecretStashEncryptionAlgorithm : int { |
| AES_GCM_256 = 1, // AES-GCM-256 |
| } |
| |
| // Container for the encrypted user secret stash. It can be persisted to disk |
| // as-is. |
| // TODO(b/218943323): Drop the "secure" attribute as this is persisted in clear. |
| table UserSecretStashContainer (serializable, secure) { |
| // The algorithm used for encrypting UserSecretStashPayload. |
| encryption_algorithm:UserSecretStashEncryptionAlgorithm = null (id: 0); |
| // This is the encrypted UserSecretStashPayload. |
| ciphertext:[ubyte] (id: 1); |
| // The random IV used by the encryption algorithm. |
| iv:[ubyte] (id: 2); |
| // The GCM tag generated by the block cipher. |
| gcm_tag:[ubyte] (id: 3); |
| // Holds multiple wrapped (encrypted) representations of the main key, each |
| // wrapped using a different intermediate key. |
| wrapped_key_blocks:[UserSecretStashWrappedKeyBlock] (id: 4); |
| } |
| |
| // Holds the USS main key, wrapped (encrypted) using an intermediate key. |
| // TODO(b/218943323): Drop the "secure" attribute as this is persisted in clear. |
| table UserSecretStashWrappedKeyBlock (secure) { |
| // The wrapping ID that allows the programmatic layers to identify the |
| // intermediate key needed for decrypting this table. |
| wrapping_id:string (id: 0); |
| // The algorithm used for encrypting the USS main key. |
| encryption_algorithm:UserSecretStashEncryptionAlgorithm = null (id: 1); |
| // This is the encrypted USS main key. |
| encrypted_key:[ubyte] (id: 2); |
| // The random IV used in the encryption of the USS main key. |
| iv:[ubyte] (id: 3); |
| // The GCM tag generated by the block cipher. |
| gcm_tag:[ubyte] (id: 4); |
| } |
| |
| root_type UserSecretStashContainer; |