1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
// Copyright 2019 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
syntax = "proto2";
option optimize_for = LITE_RUNTIME;
package trusted_vault_pb;
// This enum is used in histograms. These values are persisted to logs. Entries
// should not be renumbered and numeric values should never be reused, only add
// at the end and. Also remember to update in tools/metrics/histograms/enums.xml
// TrustedVaultDegradedRecoverabilityValue enum.
// LINT.IfChange(TrustedVaultDegradedRecoverabilityValue)
enum DegradedRecoverabilityValue {
kUnknown = 0;
kNotDegraded = 1;
kDegraded = 2;
}
// LINT.ThenChange(/tools/metrics/histograms/metadata/sync/enums.xml:TrustedVaultDegradedRecoverabilityValue)
message LocalTrustedVaultKey {
// The actual key.
optional bytes key_material = 1;
}
message LocalDeviceRegistrationInfo {
// Private SecureBox key.
optional bytes private_key_material = 1;
// Indicates whether device is registered, i.e. whether its public key is
// successfully submitted to the server. If set to true, it is only
// trustworthy depending on whether re-registration completed successfully,
// reflected in `device_registered_version`.
optional bool device_registered = 2;
// Used to trigger another device registration attempt, even if device is
// already registered. Not set if `device_registered` is false.
optional int32 device_registered_version = 3;
// Deprecated. Use
// `LocalTrustedVaultPerUser.last_registration_returned_local_data_obsolete`
// instead.
optional bool deprecated_last_registration_returned_local_data_obsolete = 4
[deprecated = true];
}
message ICloudKeychainRegistrationInfo {
// Indicates whether iCloud Keychain is registered, i.e. whether its public
// key is successfully submitted to the server.
// Note: The iCloud Keychain could have been registered successfully on
// another device already, which isn't reflected in this field initially.
// Attempting a registration will, however, detect that state an update this
// field.
optional bool registered = 1;
}
message LocalTrustedVaultDegradedRecoverabilityState {
reserved 1;
// The time (in milliseconds since UNIX epoch) at which last refreshing
// request was sent.
optional int64 last_refresh_time_millis_since_unix_epoch = 2;
// Indicates whether the recoverability is degraded.
optional DegradedRecoverabilityValue degraded_recoverability_value = 3;
}
message LocalTrustedVaultPerUser {
// User identifier.
optional bytes gaia_id = 1;
// All keys known for a user.
repeated LocalTrustedVaultKey vault_key = 2;
// The version corresponding to the last element in `vault_key`.
optional int32 last_vault_key_version = 3;
// Indicates whether `vault_key` is marked as stale by upper layers, which
// suggests (but doesn't guarantee) that the server may contain additional
// (newer) keys. If the device is registered in the security domain, it means
// it may be worth downloading new keys (follow key rotation). Otherwise, new
// keys need to be fetched through key retrieval procedure.
optional bool keys_marked_as_stale_by_consumer = 4;
// Device key and corresponding registration metadata.
optional LocalDeviceRegistrationInfo local_device_registration_info = 5;
// Registration metadata for iCloud Keychain member.
optional ICloudKeychainRegistrationInfo icloud_keychain_registration_info =
10;
// The time (in milliseconds since UNIX epoch) at which last unsuccessful (due
// to transient errors) request was sent to the vault service. Used for
// throttling requests to the server.
optional int64 last_failed_request_millis_since_unix_epoch = 6;
// Whether keys relevant for the user should be deleted when account becomes
// non-primary.
optional bool should_delete_keys_when_non_primary = 7;
// The state of the degraded recoverability, indicates whether the
// recoverability is degraded and when was the last refreshing time.
optional LocalTrustedVaultDegradedRecoverabilityState
degraded_recoverability_state = 8;
// If true, it indicates that a previous attempt to register or reregister
// the device failed, with a failure that suggests future attempts will fail
// too. This usually means additional keys are needed, which can be resolved
// via key retrieval.
//
// Note that true doesn't imply the device isn't registered. It may be that
// the failure corresponds to a re-registration attempt. In this case, besides
// key retrieval, it may be possible to resolve the error by attempting to
// download new keys.
optional bool last_registration_returned_local_data_obsolete = 11;
reserved 9;
}
message LocalTrustedVault {
repeated LocalTrustedVaultPerUser user = 1;
// Version of the stored data, used to perform data migrations.
optional int32 data_version = 2;
}
// Encapsulates serialized local data (LocalTrustedVault) together with its MD5
// digest, used to store data in the file and verify its integrity.
message LocalTrustedVaultFileContent {
// Serialized LocalTrustedVault.
optional string serialized_local_trusted_vault = 1;
// MD5 digest of `serialized_local_trusted_vault` formatted as hexadecimal
// string.
optional string md5_digest_hex_string = 2;
}
|
