| // Copyright 2018 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| syntax = "proto2"; |
| |
| package cryptohome; |
| |
| // Container for the signature-sealed data, including the additional non-secret |
| // information required for unsealing. |
| message SignatureSealedData { |
| // Data for the TPM 2.0 method based on the "TPM2_PolicySigned" feature. |
| message Tpm2PolicySignedData { |
| // DER-encoded blob of the X.509 Subject Public Key Info of the key that |
| // should be used for unsealing. |
| optional bytes public_key_spki_der = 1; |
| |
| // The secret blob, wrapped by the TPM's Storage Root Key. |
| optional bytes srk_wrapped_secret = 2; |
| |
| // The signature scheme (TPM_ALG_ID) that should be used for unsealing. |
| optional int32 scheme = 3; |
| |
| // The signature hash algorithm (TPM_ALG_ID) that should be used for |
| // unsealing. |
| optional int32 hash_alg = 4; |
| |
| // Indexes of Platform Configuration Registers that should be used for |
| // constructing the TPM policy for unsealing. Note that the order of items |
| // is relevant. |
| repeated uint32 bound_pcr = 5; |
| } |
| |
| // Data for the TPM 1.2 method based on the "Certified Migratable Key" |
| // functionality. |
| message Tpm12CertifiedMigratableKeyData { |
| // DER-encoded blob of the X.509 Subject Public Key Info of the key that |
| // should be used for unsealing. |
| optional bytes public_key_spki_der = 1; |
| |
| // The blob of the Certified Migratable Key wrapped by the TPM's Storage |
| // Root Key. |
| optional bytes srk_wrapped_cmk = 2; |
| |
| // The TPM_PUBKEY blob of the Certified Migratable Key. |
| optional bytes cmk_pubkey = 3; |
| } |
| |
| // The union containing the data depending on the sealing method. |
| oneof data { |
| Tpm2PolicySignedData tpm2_policy_signed_data = 1; |
| Tpm12CertifiedMigratableKeyData tpm12_certified_migratable_key_data = 2; |
| } |
| } |
