// Copyright 2019 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
syntax = "proto2";
option optimize_for = LITE_RUNTIME;
package trusted_vault_pb;
// This enum is used in histograms. These values are persisted to logs. Entries
// should not be renumbered and numeric values should never be reused, only add
// at the end and. Also remember to update in tools/metrics/histograms/enums.xml
// TrustedVaultDegradedRecoverabilityValue enum.
// LINT.IfChange(TrustedVaultDegradedRecoverabilityValue)
enum DegradedRecoverabilityValue {
kUnknown = 0;
kNotDegraded = 1;
kDegraded = 2;
}
// LINT.ThenChange(/tools/metrics/histograms/metadata/sync/enums.xml:TrustedVaultDegradedRecoverabilityValue)
message LocalTrustedVaultKey {
// The actual key.
optional bytes key_material = 1;
}
message LocalDeviceRegistrationInfo {
// Private SecureBox key.
optional bytes private_key_material = 1;
// Indicates whether device is registered, i.e. whether its public key is
// successfully submitted to the server. If set to true, it is only
// trustworthy depending on whether re-registration completed successfully,
// reflected in `device_registered_version`.
optional bool device_registered = 2;
// Used to trigger another device registration attempt, even if device is
// already registered. Not set if `device_registered` is false.
optional int32 device_registered_version = 3;
// If true, it indicates that a previous attempt to register or reregister
// the device failed, with a failure that suggests future attempts will fail
// too. This usually means additional keys are needed, which can be resolved
// via key retrieval.
//
// Note that true doesn't imply the device isn't registered. It may be that
// the failure corresponds to a re-registration attempt. In this case, besides
// key retrieval, it may be possible to resolve the error by attempting to
// download new keys.
optional bool last_registration_returned_local_data_obsolete = 4;
}
message LocalTrustedVaultDegradedRecoverabilityState {
reserved 1;
// The time (in milliseconds since UNIX epoch) at which last refreshing
// request was sent.
optional int64 last_refresh_time_millis_since_unix_epoch = 2;
// Indicates whether the recoverability is degraded.
optional DegradedRecoverabilityValue degraded_recoverability_value = 3;
}
message RecoveryKeyStoreState {
// Whether LSKF-wrapped recovery keys should be uploaded to the Recovery Key
// Store service periodically.
optional bool recovery_key_store_upload_enabled = 1;
// The last time an update to recovery key store succeeded.
optional int64 last_recovery_key_store_update_millis_since_unix_epoch = 2;
// The public part of the LSKF-wrapped application key pair that was uploaded
// to the recovery key store service.
optional bytes public_key = 3;
// Whether `public_key` is registered as a member of the security domain.
optional bool recovery_key_is_registered_to_security_domain = 4;
};
message LocalTrustedVaultPerUser {
// User identifier.
optional bytes gaia_id = 1;
// All keys known for a user.
repeated LocalTrustedVaultKey vault_key = 2;
// The version corresponding to the last element in `vault_key`.
optional int32 last_vault_key_version = 3;
// Indicates whether `vault_key` is marked as stale by upper layers, which
// suggests (but doesn't guarantee) that the server may contain additional
// (newer) keys. If the device is registered in the security domain, it means
// it may be worth downloading new keys (follow key rotation). Otherwise, new
// keys need to be fetched through key retrieval procedure.
optional bool keys_marked_as_stale_by_consumer = 4;
// Device key and corresponding registration metadata.
optional LocalDeviceRegistrationInfo local_device_registration_info = 5;
// The time (in milliseconds since UNIX epoch) at which last unsuccessful (due
// to transient errors) request was sent to the vault service. Used for
// throttling requests to the server.
optional int64 last_failed_request_millis_since_unix_epoch = 6;
// Whether keys relevant for the user should be deleted when account becomes
// non-primary.
optional bool should_delete_keys_when_non_primary = 7;
// The state of the degraded recoverability, indicates whether the
// recoverability is degraded and when was the last refreshing time.
optional LocalTrustedVaultDegradedRecoverabilityState
degraded_recoverability_state = 8;
optional RecoveryKeyStoreState recovery_key_store_state = 9;
}
message LocalTrustedVault {
repeated LocalTrustedVaultPerUser user = 1;
// Version of the stored data, used to perform data migrations.
optional int32 data_version = 2;
}
// Encapsulates serialized local data (LocalTrustedVault) together with its MD5
// digest, used to store data in the file and verify its integrity.
message LocalTrustedVaultFileContent {
// Serialized LocalTrustedVault.
optional string serialized_local_trusted_vault = 1;
// MD5 digest of `serialized_local_trusted_vault` formatted as hexadecimal
// string.
optional string md5_digest_hex_string = 2;
}
Codebase Browser
chromium