1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
// Copyright 2014 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
//
// Provides wire-type for cryptohome Key objects. It does not
// represent the entirety of the bookkeeping data needed by Cryptohome.
//
// Anything in this file may be persisted on disk. Update carefully!
syntax = "proto2";
option optimize_for = LITE_RUNTIME;
package cryptohome;
option go_package = "go.chromium.org/chromiumos/system_api/cryptohome_proto";
// Software-enforced privileges.
message KeyPrivileges {
// Allows new keys to be added.
optional bool add = 2 [default = true];
// Allows other existing keys to be removed.
optional bool remove = 3 [default = true];
// Allows the key to update itself.
optional bool update = 4 [default = true];
// Reserved fields as privileges are deprecated.
reserved 1, 5;
}
// Public metadata stored on behalf of the KeyProvider.
message KeyProviderData {
message Entry {
optional string name = 1;
optional int64 number = 2;
optional bytes bytes = 3;
}
repeated Entry entry = 1;
}
// Cryptographic signature algorithm type for challenge requests. Used with
// challenge-response cryptohome keys.
enum ChallengeSignatureAlgorithm {
CHALLENGE_RSASSA_PKCS1_V1_5_SHA1 = 1;
CHALLENGE_RSASSA_PKCS1_V1_5_SHA256 = 2;
CHALLENGE_RSASSA_PKCS1_V1_5_SHA384 = 3;
CHALLENGE_RSASSA_PKCS1_V1_5_SHA512 = 4;
}
// Description of a public key of an asymmetric cryptographic key. Used with
// challenge-response cryptohome keys.
message ChallengePublicKeyInfo {
// DER-encoded blob of the X.509 Subject Public Key Info.
optional bytes public_key_spki_der = 1;
// Supported signature algorithms, in the order of preference (starting from
// the most preferred). Absence of this field denotes that the key cannot be
// used for signing.
repeated ChallengeSignatureAlgorithm signature_algorithm = 2;
}
// Policies which determine how a key can be used. |GetSupportedKeyPolicies|
// request can be used to determine if a given policy value is supported.
message KeyPolicy {
// Is this key additionally protected from brute force attacks as a low
// entropy credential? For such keys, delays between subsequent unsuccessful
// authorization attempts and/or a limit on the number of such attempts are
// enforced to slow down dictionary-based attacks. Set this to true when
// registering a key to protect it.
optional bool low_entropy_credential = 1;
// If true, the key is "locked" after too many unsuccessful authorization
// attempts. Future authentication attempts against a locked key fail with
// CRYPTOHOME_ERROR_TPM_DEFEND_LOCK error.
// Currently, such locking is supported only for keys with
// |low_entropy_credential| policy set to true,
// This field is ignored when registering a new key.
optional bool auth_locked = 2;
}
// Non-secret data describing the key.
message KeyData {
// The KeyType should specify the handling needed by Cryptohome
// and not a provider KeyType.
enum KeyType {
// Password-based key. The password's text or its hashed/transformed
// representation is transmitted in the |secret| field of the Key message.
KEY_TYPE_PASSWORD = 0;
// The challenge-response type of key. The secret data for such key is not
// passed clear-text through D-Bus calls, but is instead handled by
// cryptohome internally. In order to authenticate using such key,
// cryptohome will issue one or multiple challenge requests.
KEY_TYPE_CHALLENGE_RESPONSE = 1;
// Fingerprint-based key. Cryptohome needs to start fingerprint auth
// session and get fingerprint-based secret from biod.
KEY_TYPE_FINGERPRINT = 2;
// For the kiosk key is generated based on the app_id, which is passed as a
// username.
KEY_TYPE_KIOSK = 3;
}
optional KeyType type = 1;
// All keys must be labeled when persisted to disk, but when KeyData
// is used in an UpdateKeyRequest, only defined fields are necessary
// (so that the caller doesn't need the full KeyData first).
optional string label = 2;
// If undefined, use the default settings.
optional KeyPrivileges privileges = 3;
optional int64 revision = 4;
// Data stored for use by the provider of the key, often for pre-processing
// of passwords or custom provider key typing.
// This will be size-limited by serialized size (e.g., 4096 bytes).
optional KeyProviderData provider_data = 6;
// Is set when |type| is |KEY_TYPE_CHALLENGE_RESPONSE|. Specifies the list of
// keys that should be used for challenge requests.
repeated ChallengePublicKeyInfo challenge_response_key = 7;
// Optional additional policy to apply to the key. Certain policy values
// require hardware support which may not be available.
optional KeyPolicy policy = 8;
reserved 5;
}
// Key is not presently persisted to disk, but it acts as the single authority
// for what comprises a key.
message Key {
// In most cases, |data| is required. When used in an UpdateKeyRequest, it
// is only required if KeyData is changing. If only the |secret| is changing,
// this field may be left unset.
optional KeyData data = 1;
// |secret| is required for many requests, like AddKeyRequest, but not all.
// An UpdateKeyRequest only requires the changes to the Key that was
// was authorized in the AuthorizationRequest. Making |secret| required would
// logically force a key rotation even if the values were the same.
optional bytes secret = 2;
}
|
