components/trusted_vault/proto/local_trusted_vault.proto

// Copyright 2019 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

syntax = "proto2";

option optimize_for = LITE_RUNTIME;

package trusted_vault_pb;

// This enum is used in histograms. These values are persisted to logs. Entries
// should not be renumbered and numeric values should never be reused, only add
// at the end and. Also remember to update in tools/metrics/histograms/enums.xml
// TrustedVaultDegradedRecoverabilityValue enum.
// LINT.IfChange(TrustedVaultDegradedRecoverabilityValue)
enum DegradedRecoverabilityValue {
  kUnknown = 0;
  kNotDegraded = 1;
  kDegraded = 2;
}
// LINT.ThenChange(/tools/metrics/histograms/metadata/sync/enums.xml:TrustedVaultDegradedRecoverabilityValue)

message LocalTrustedVaultKey {
  // The actual key.
  optional bytes key_material = 1;
}

message LocalDeviceRegistrationInfo {
  // Private SecureBox key.
  optional bytes private_key_material = 1;

  // Indicates whether device is registered, i.e. whether its public key is
  // successfully submitted to the server. If set to true, it is only
  // trustworthy depending on whether re-registration completed successfully,
  // reflected in `device_registered_version`.
  optional bool device_registered = 2;

  // Used to trigger another device registration attempt, even if device is
  // already registered. Not set if `device_registered` is false.
  optional int32 device_registered_version = 3;

  // Deprecated. Use
  // `LocalTrustedVaultPerUser.last_registration_returned_local_data_obsolete`
  // instead.
  optional bool deprecated_last_registration_returned_local_data_obsolete = 4
      [deprecated = true];
}

message ICloudKeychainRegistrationInfo {
  // Indicates whether iCloud Keychain is registered, i.e. whether its public
  // key is successfully submitted to the server.
  // Note: The iCloud Keychain could have been registered successfully on
  // another device already, which isn't reflected in this field initially.
  // Attempting a registration will, however, detect that state an update this
  // field.
  optional bool registered = 1;
}

message LocalTrustedVaultDegradedRecoverabilityState {
  reserved 1;

  // The time (in milliseconds since UNIX epoch) at which last refreshing
  // request was sent.
  optional int64 last_refresh_time_millis_since_unix_epoch = 2;

  // Indicates whether the recoverability is degraded.
  optional DegradedRecoverabilityValue degraded_recoverability_value = 3;
}

message LocalTrustedVaultPerUser {
  // User identifier.
  optional bytes gaia_id = 1;

  // All keys known for a user.
  repeated LocalTrustedVaultKey vault_key = 2;

  // The version corresponding to the last element in `vault_key`.
  optional int32 last_vault_key_version = 3;

  // Indicates whether `vault_key` is marked as stale by upper layers, which
  // suggests (but doesn't guarantee) that the server may contain additional
  // (newer) keys. If the device is registered in the security domain, it means
  // it may be worth downloading new keys (follow key rotation). Otherwise, new
  // keys need to be fetched through key retrieval procedure.
  optional bool keys_marked_as_stale_by_consumer = 4;

  // Device key and corresponding registration metadata.
  optional LocalDeviceRegistrationInfo local_device_registration_info = 5;

  // Registration metadata for iCloud Keychain member.
  optional ICloudKeychainRegistrationInfo icloud_keychain_registration_info =
      10;

  // The time (in milliseconds since UNIX epoch) at which last unsuccessful (due
  // to transient errors) request was sent to the vault service. Used for
  // throttling requests to the server.
  optional int64 last_failed_request_millis_since_unix_epoch = 6;

  // Whether keys relevant for the user should be deleted when account becomes
  // non-primary.
  optional bool should_delete_keys_when_non_primary = 7;

  // The state of the degraded recoverability, indicates whether the
  // recoverability is degraded and when was the last refreshing time.
  optional LocalTrustedVaultDegradedRecoverabilityState
      degraded_recoverability_state = 8;

  // If true, it indicates that a previous attempt to register or reregister
  // the device failed, with a failure that suggests future attempts will fail
  // too. This usually means additional keys are needed, which can be resolved
  // via key retrieval.
  //
  // Note that true doesn't imply the device isn't registered. It may be that
  // the failure corresponds to a re-registration attempt. In this case, besides
  // key retrieval, it may be possible to resolve the error by attempting to
  // download new keys.
  optional bool last_registration_returned_local_data_obsolete = 11;

  reserved 9;
}

message LocalTrustedVault {
  repeated LocalTrustedVaultPerUser user = 1;

  // Version of the stored data, used to perform data migrations.
  optional int32 data_version = 2;
}

// Encapsulates serialized local data (LocalTrustedVault) together with its MD5
// digest, used to store data in the file and verify its integrity.
message LocalTrustedVaultFileContent {
  // Serialized LocalTrustedVault.
  optional string serialized_local_trusted_vault = 1;

  // MD5 digest of `serialized_local_trusted_vault` formatted as hexadecimal
  // string.
  optional string md5_digest_hex_string = 2;

  // SHA256 digest of `serialized_local_trusted_vault` formatted as hexadecimal
  // string. Added in crrev.com/c/6702027 as part of a migtation effort away
  // from MD5.
  optional string sha256_digest_hex_string = 3;
}