File: nigori_local_data.proto

package info (click to toggle)
chromium 139.0.7258.127-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,068 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (131 lines) | stat: -rw-r--r-- 5,034 bytes parent folder | download | duplicates (6) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
 
// Copyright 2019 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

// If you change or add any fields in this file, update proto_visitors.h and
// potentially proto_enum_conversions.{h, cc}.

syntax = "proto2";

option java_multiple_files = true;
option java_package = "org.chromium.components.sync.protocol";

option optimize_for = LITE_RUNTIME;

package sync_pb;

import "components/sync/protocol/data_type_state.proto";
import "components/sync/protocol/encryption.proto";
import "components/sync/protocol/entity_metadata.proto";
import "components/sync/protocol/nigori_specifics.proto";

message CrossUserSharingKeys {
  // Asymmetric private-keys used for cross user sharing.
  repeated CrossUserSharingPrivateKey private_key = 1;
}

message LocalNigoriKeyBag {
  // Used for encrypting within the sync account boundary.
  repeated NigoriKey key = 2;
}

message CryptographerData {
  // Contains all known Nigori keys.
  optional LocalNigoriKeyBag key_bag = 1;

  // Default key is the key, that should be used for encryption. Can be empty
  // in case we have pending keys (waiting for explicit passphrase, or client
  // didn't received keystore keys).
  optional string default_key_name = 2;

  // Contains cross user sharing related keys.
  optional CrossUserSharingKeys cross_user_sharing_keys = 3;
}

message CustomPassphraseKeyDerivationParams {
  // Method used for deriving keys from custom passphrase.
  optional NigoriSpecifics.KeyDerivationMethod
      custom_passphrase_key_derivation_method = 1;

  // Salt used for the derivation of the key from the custom passphrase. Should
  // be set iff custom_passphrase_key_derivation_method == SCRYPT_8192_8_11.
  optional string custom_passphrase_key_derivation_salt = 2;
}

message NigoriModel {
  // Represents state of the cryptographer.
  optional CryptographerData cryptographer_data = 1;

  // Contains the name of the key, used for encryption of
  // NigoriSpecifics.keystore_decryptor_token, should always be the name of the
  // latest keystore key. Equals to cryptographer_data.default_key_name iff it
  // is Nigori in full keystore mode (not in backward compatible keystore
  // mode).
  optional string current_keystore_key_name = 2;

  // Contains keybag in encrypted form, should be empty once we were able to
  // decrypt keybag from specifics.
  optional EncryptedData pending_keys = 3;

  // PassphraseType used for encryption. IMPLICIT_PASSPRHASE shouldn't be used
  // here.
  optional NigoriSpecifics.PassphraseType passphrase_type = 4
      [default = UNKNOWN];

  // The time (in UNIX epoch milliseconds) at which the keystore migration was
  // performed.
  optional int64 keystore_migration_time = 5;

  // The time (in UNIX epoch milliseconds) at which a custom passphrase was
  // set.
  // Note: this field may not be set if the custom passphrase was applied before
  // corresponding field in NigoriSpecifics was introduced.
  optional int64 custom_passphrase_time = 6;

  // Params used for deriving keys from custom passphrase. Should be set iff
  // `passphrase_type` is CUSTOM_PASSPHRASE.
  optional CustomPassphraseKeyDerivationParams
      custom_passphrase_key_derivation_params = 7;

  // Indicates whether we need to encrypt all encryptable user types.
  optional bool encrypt_everything = 8;

  // The list of encrypted UserEncryptableTypes, represented by their specifics
  // field number.
  repeated int32 encrypted_types_specifics_field_number = 9;

  // Keystore keys are used to decrypt keystore-based Nigori. Should be
  // persisted in order to not ask the keystore server for them during every
  // browser startup. Due to backward compatibility requirements keys are
  // always Base64 encoded.
  repeated string keystore_key = 10;

  // Encryptor keystore decryptor token. Used for decryption of keystore Nigori
  // in case keystore keys arrived after NigoriSpecifics.
  optional EncryptedData pending_keystore_decryptor_token = 11;

  // Contains the name of the latest available trusted vault key that was used
  // as the default encryption key. Resets when the client go out of pending
  // decryption state and transits to other passphrase types.
  optional string last_default_trusted_vault_key_name = 12;

  // Some debug-only fields for passphrase type TRUSTED_VAULT_PASSPHRASE.
  optional NigoriSpecifics.TrustedVaultDebugInfo trusted_vault_debug_info = 13;

  // Current Public-key.
  optional CrossUserSharingPublicKey cross_user_sharing_public_key = 14;
}

// Sync proto to store Nigori data in storage. Proto should be encrypted with
// os_crypt before storing it somewhere, because it contains sensitive data (
// nigori_model.cryptographer_data.key_bag and nigori_model.keystore_keys).
message NigoriLocalData {
  // Global metadata.
  optional DataTypeState data_type_state = 1;

  // Metadata for Nigori entity.
  optional EntityMetadata entity_metadata = 2;

  // Nigori model state.
  optional NigoriModel nigori_model = 3;
}