Home | History | Annotate | Download | only in cryptohome 
      1 // Copyright (c) 2014 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 //
      5 // Provides wire-type for cryptohome Key objects.  It does not
      6 // represent the entirety of the bookkeeping data needed by Cryptohome.
      7 //
      8 // Anything in this file may be persisted on disk.  Update carefully!
      9 
     10 syntax = "proto2";
     11 
     12 option optimize_for = LITE_RUNTIME;
     13 
     14 package cryptohome;
     15 
     16 message KeyAuthorizationSecretUsage {
     17   optional bool encrypt = 1;
     18   optional bool sign = 2;
     19 }
     20 
     21 message KeyAuthorizationSecret {
     22   optional KeyAuthorizationSecretUsage usage = 1;
     23   optional bytes symmetric_key = 2;
     24   optional bytes public_key = 3;
     25   // Indicates if the symmetric_key is wrapped.
     26   optional bool wrapped = 4 [default=false];
     27 }
     28 
     29 message KeyAuthorizationData {
     30   enum KeyAuthorizationType {
     31     KEY_AUTHORIZATION_TYPE_HMACSHA256 = 0;
     32     KEY_AUTHORIZATION_TYPE_AES256CBC_HMACSHA256 = 1;
     33   }
     34   optional KeyAuthorizationType type = 1;
     35   repeated KeyAuthorizationSecret secrets = 2;
     36 }
     37 
     38 // Software-enforced privileges.
     39 message KeyPrivileges {
     40   // Allows the key to mount the cryptohome.
     41   optional bool mount = 1 [default=true];
     42   // Allows new keys to be added.
     43   optional bool add = 2 [default=true];
     44   // Allows other existing keys to be removed.
     45   optional bool remove = 3 [default=true];
     46   // Allows the key to update itself.
     47   optional bool update = 4 [default=true];
     48   // Allows a key to update itself iff the requested change
     49   // is authorized as per KeyAuthorizationData.
     50   optional bool authorized_update = 5 [default=false];
     51 }
     52 
     53 // Public metadata stored on behalf of the KeyProvider.
     54 message KeyProviderData {
     55   message Entry {
     56     optional string name = 1;
     57     optional int64 number = 2;
     58     optional bytes bytes = 3;
     59   }
     60   repeated Entry entry = 1;
     61 }
     62 
     63 // Cryptographic signature algorithm type for challenge requests. Used with
     64 // challenge-response cryptohome keys.
     65 enum ChallengeSignatureAlgorithm {
     66   CHALLENGE_RSASSA_PKCS1_V1_5_SHA1 = 1;
     67   CHALLENGE_RSASSA_PKCS1_V1_5_SHA256 = 2;
     68   CHALLENGE_RSASSA_PKCS1_V1_5_SHA384 = 3;
     69   CHALLENGE_RSASSA_PKCS1_V1_5_SHA512 = 4;
     70 }
     71 
     72 // Description of a public key of an asymmetric cryptographic key. Used with
     73 // challenge-response cryptohome keys.
     74 message ChallengePublicKeyInfo {
     75   // DER-encoded blob of the X.509 Subject Public Key Info.
     76   optional bytes public_key_spki_der = 1;
     77   // Supported signature algorithms, in the order of preference (starting from
     78   // the most preferred). Absence of this field denotes that the key cannot be
     79   // used for signing.
     80   repeated ChallengeSignatureAlgorithm signature_algorithm = 2;
     81 }
     82 
     83 // Policies which determine how a key can be used. |GetSupportedKeyPolicies|
     84 // request can be used to determine if a given policy value is supported.
     85 // This message is also used inside of |GetKeyDataReply|, which allows clients
     86 // to query current key state without submitting an authentication attempt.
     87 message KeyPolicy {
     88   // Is this key additionally protected from brute force attacks as a low
     89   // entropy credential? For such keys, delays between subsequent unsuccessful
     90   // authorization attempts and/or a limit on the number of such attempts are
     91   // enforced to slow down dictionary-based attacks. Set this to true when
     92   // registering a key to protect it.
     93   optional bool low_entropy_credential = 1;
     94   // If true, the key is "locked" after too many unsuccessful authorization
     95   // attempts. Future authentication attempts against a locked key fail with
     96   // CRYPTOHOME_ERROR_TPM_DEFEND_LOCK error.
     97   // Currently, such locking is supported only for keys with
     98   // |low_entropy_credential| policy set to true,
     99   // This field is ignored when registering a new key.
    100   optional bool auth_locked = 2;
    101 }
    102 
    103 // Non-secret data describing the key.
    104 message KeyData {
    105   // The KeyType should specify the handling needed by Cryptohome
    106   // and not a provider KeyType.
    107   enum KeyType {
    108     // Password-based key. The password's text or its hashed/transformed
    109     // representation is transmitted in the |secret| field of the Key message.
    110     KEY_TYPE_PASSWORD = 0;
    111     // The challenge-response type of key. The secret data for such key is not
    112     // passed clear-text through D-Bus calls, but is instead handled by
    113     // cryptohome internally. In order to authenticate using such key,
    114     // cryptohome will issue one or multiple challenge requests.
    115     KEY_TYPE_CHALLENGE_RESPONSE = 1;
    116   }
    117   optional KeyType type = 1;
    118   // All keys must be labeled when persisted to disk, but when KeyData
    119   // is used in an UpdateKeyRequest, only defined fields are necessary
    120   // (so that the caller doesn't need the full KeyData first).
    121   optional string label = 2;
    122   // If undefined, use the default settings.
    123   optional KeyPrivileges privileges = 3;
    124   optional int64 revision = 4;
    125   // At present, only support for one authorization mechanism is implemented.
    126   repeated KeyAuthorizationData authorization_data = 5;
    127   // Data stored for use by the provider of the key, often for pre-processing
    128   // of passwords or custom provider key typing.
    129   // This will be size-limited by serialized size (e.g., 4096 bytes).
    130   optional KeyProviderData provider_data = 6;
    131   // Is set when |type| is |KEY_TYPE_CHALLENGE_RESPONSE|. Specifies the list of
    132   // keys that should be used for challenge requests.
    133   repeated ChallengePublicKeyInfo challenge_response_key = 7;
    134   // Optional additional policy to apply to the key. Certain policy values
    135   // require hardware support which may not be available.
    136   optional KeyPolicy policy = 8;
    137 }
    138 
    139 // Key is not presently persisted to disk, but it acts as the single authority
    140 // for what comprises a key.
    141 message Key {
    142   // In most cases, |data| is required.  When used in an UpdateKeyRequest, it
    143   // is only required if KeyData is changing.  If only the |secret| is changing,
    144   // this field may be left unset.
    145   optional KeyData data = 1;
    146   // |secret| is required for many requests, like AddKeyRequest, but not all.
    147   // An UpdateKeyRequest only requires the changes to the Key that was
    148   // was authorized in the AuthorizationRequest. Making |secret| required would
    149   // logically force a key rotation even if the values were the same.
    150   optional bytes secret = 2;
    151 }
    152