cryptohome/flatbuffer_schemas/user_secret_stash_container.fbs - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2021 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 // Our Python generator removes the "_serialized_" namespace when generating
 // the code, to avoid symbol clash with the code generated by flatc.
 namespace cryptohome._serialized_;

 // Defined the attributes that may be used in this schema file.
 attribute "secure";
 attribute "serializable";

 // Encryption algorithms used in the user secret stash.
 enum UserSecretStashEncryptionAlgorithm : int {
   AES_GCM_256 = 1,  // AES-GCM-256
 }

 // Container for the encrypted user secret stash. It can be persisted to disk
 // as-is.
 // TODO(b/218943323): Drop the "secure" attribute as this is persisted in clear.
 table UserSecretStashContainer (serializable, secure) {
   // The algorithm used for encrypting UserSecretStashPayload.
   encryption_algorithm:UserSecretStashEncryptionAlgorithm = null (id: 0);
   // This is the encrypted UserSecretStashPayload.
   ciphertext:[ubyte] (id: 1);
   // The random IV used by the encryption algorithm.
   iv:[ubyte] (id: 2);
   // The GCM tag generated by the block cipher.
   gcm_tag:[ubyte] (id: 3);
   // Holds multiple wrapped (encrypted) representations of the main key, each
   // wrapped using a different intermediate key.
   wrapped_key_blocks:[UserSecretStashWrappedKeyBlock] (id: 4);
 }

 // Holds the USS main key, wrapped (encrypted) using an intermediate key.
 // TODO(b/218943323): Drop the "secure" attribute as this is persisted in clear.
 table UserSecretStashWrappedKeyBlock (secure) {
   // The wrapping ID that allows the programmatic layers to identify the
   // intermediate key needed for decrypting this table.
   wrapping_id:string (id: 0);
   // The algorithm used for encrypting the USS main key.
   encryption_algorithm:UserSecretStashEncryptionAlgorithm = null (id: 1);
   // This is the encrypted USS main key.
   encrypted_key:[ubyte] (id: 2);
   // The random IV used in the encryption of the USS main key.
   iv:[ubyte] (id: 3);
   // The GCM tag generated by the block cipher.
   gcm_tag:[ubyte] (id: 4);
 }

 root_type UserSecretStashContainer;
	// Copyright 2021 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	// Our Python generator removes the "_serialized_" namespace when generating
	// the code, to avoid symbol clash with the code generated by flatc.
	namespace cryptohome._serialized_;

	// Defined the attributes that may be used in this schema file.
	attribute "secure";
	attribute "serializable";

	// Encryption algorithms used in the user secret stash.
	enum UserSecretStashEncryptionAlgorithm : int {
	AES_GCM_256 = 1, // AES-GCM-256
	}

	// Container for the encrypted user secret stash. It can be persisted to disk
	// as-is.
	// TODO(b/218943323): Drop the "secure" attribute as this is persisted in clear.
	table UserSecretStashContainer (serializable, secure) {
	// The algorithm used for encrypting UserSecretStashPayload.
	encryption_algorithm:UserSecretStashEncryptionAlgorithm = null (id: 0);
	// This is the encrypted UserSecretStashPayload.
	ciphertext:[ubyte] (id: 1);
	// The random IV used by the encryption algorithm.
	iv:[ubyte] (id: 2);
	// The GCM tag generated by the block cipher.
	gcm_tag:[ubyte] (id: 3);
	// Holds multiple wrapped (encrypted) representations of the main key, each
	// wrapped using a different intermediate key.
	wrapped_key_blocks:[UserSecretStashWrappedKeyBlock] (id: 4);
	}

	// Holds the USS main key, wrapped (encrypted) using an intermediate key.
	// TODO(b/218943323): Drop the "secure" attribute as this is persisted in clear.
	table UserSecretStashWrappedKeyBlock (secure) {
	// The wrapping ID that allows the programmatic layers to identify the
	// intermediate key needed for decrypting this table.
	wrapping_id:string (id: 0);
	// The algorithm used for encrypting the USS main key.
	encryption_algorithm:UserSecretStashEncryptionAlgorithm = null (id: 1);
	// This is the encrypted USS main key.
	encrypted_key:[ubyte] (id: 2);
	// The random IV used in the encryption of the USS main key.
	iv:[ubyte] (id: 3);
	// The GCM tag generated by the block cipher.
	gcm_tag:[ubyte] (id: 4);
	}

	root_type UserSecretStashContainer;