cryptohome/flatbuffer_schemas/user_secret_stash_container.fbs - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2021 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 // Our Python generator removes the "_serialized_" namespace when generating
 // the code, to avoid symbol clash with the code generated by flatc.
 namespace cryptohome._serialized_;

 // Defined the attributes that may be used in this schema file.
 attribute "serializable";

 // Encryption algorithms used in the user secret stash.
 enum UserSecretStashEncryptionAlgorithm : int {
   AES_GCM_256 = 1,  // AES-GCM-256
 }

 // Container for the encrypted user secret stash. It can be persisted to disk
 // as-is.
 table UserSecretStashContainer (serializable) {
   // The algorithm used for encrypting UserSecretStashPayload.
   encryption_algorithm:UserSecretStashEncryptionAlgorithm = null (id: 0);
   // This is the encrypted UserSecretStashPayload.
   ciphertext:[ubyte] (id: 1);
   // The random IV used by the encryption algorithm.
   iv:[ubyte] (id: 2);
   // The GCM tag generated by the block cipher.
   gcm_tag:[ubyte] (id: 3);
   // Holds multiple wrapped (encrypted) representations of the main key, each
   // wrapped using a different intermediate key.
   wrapped_key_blocks:[UserSecretStashWrappedKeyBlock] (id: 4);
   // Version of Chrome OS on which this particular user secret stash was
   // originally created. The format is the one of the CHROMEOS_RELEASE_VERSION
   // field in /etc/lsb-release, e.g.: "11012.0.2018_08_28_1422". Empty if the
   // version fetch failed at the creation time.
   created_on_os_version:string (id: 5);
 }

 // Holds the USS main key, wrapped (encrypted) using an intermediate key.
 table UserSecretStashWrappedKeyBlock {
   // The wrapping ID that allows the programmatic layers to identify the
   // intermediate key needed for decrypting this table.
   wrapping_id:string (id: 0);
   // The algorithm used for encrypting the USS main key.
   encryption_algorithm:UserSecretStashEncryptionAlgorithm = null (id: 1);
   // This is the encrypted USS main key.
   encrypted_key:[ubyte] (id: 2);
   // The random IV used in the encryption of the USS main key.
   iv:[ubyte] (id: 3);
   // The GCM tag generated by the block cipher.
   gcm_tag:[ubyte] (id: 4);
 }

 root_type UserSecretStashContainer;
	// Copyright 2021 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	// Our Python generator removes the "_serialized_" namespace when generating
	// the code, to avoid symbol clash with the code generated by flatc.
	namespace cryptohome._serialized_;

	// Defined the attributes that may be used in this schema file.
	attribute "serializable";

	// Encryption algorithms used in the user secret stash.
	enum UserSecretStashEncryptionAlgorithm : int {
	AES_GCM_256 = 1, // AES-GCM-256
	}

	// Container for the encrypted user secret stash. It can be persisted to disk
	// as-is.
	table UserSecretStashContainer (serializable) {
	// The algorithm used for encrypting UserSecretStashPayload.
	encryption_algorithm:UserSecretStashEncryptionAlgorithm = null (id: 0);
	// This is the encrypted UserSecretStashPayload.
	ciphertext:[ubyte] (id: 1);
	// The random IV used by the encryption algorithm.
	iv:[ubyte] (id: 2);
	// The GCM tag generated by the block cipher.
	gcm_tag:[ubyte] (id: 3);
	// Holds multiple wrapped (encrypted) representations of the main key, each
	// wrapped using a different intermediate key.
	wrapped_key_blocks:[UserSecretStashWrappedKeyBlock] (id: 4);
	// Version of Chrome OS on which this particular user secret stash was
	// originally created. The format is the one of the CHROMEOS_RELEASE_VERSION
	// field in /etc/lsb-release, e.g.: "11012.0.2018_08_28_1422". Empty if the
	// version fetch failed at the creation time.
	created_on_os_version:string (id: 5);
	}

	// Holds the USS main key, wrapped (encrypted) using an intermediate key.
	table UserSecretStashWrappedKeyBlock {
	// The wrapping ID that allows the programmatic layers to identify the
	// intermediate key needed for decrypting this table.
	wrapping_id:string (id: 0);
	// The algorithm used for encrypting the USS main key.
	encryption_algorithm:UserSecretStashEncryptionAlgorithm = null (id: 1);
	// This is the encrypted USS main key.
	encrypted_key:[ubyte] (id: 2);
	// The random IV used in the encryption of the USS main key.
	iv:[ubyte] (id: 3);
	// The GCM tag generated by the block cipher.
	gcm_tag:[ubyte] (id: 4);
	}

	root_type UserSecretStashContainer;