metadata: introduce protobuf structures

This commit adds in the metadata package. The primary purpose of this
package is to provide the on-disk metadata structures in the form of
protocol buffers. This includes:
	- Policy metadata structure
	- Protector metadata structure
	- Config file structure
	- All necessary sub-structures (wrapped keys, parameters, etc)

This commit also adds in an example usage of the Config structure, which
represents the structure of the global config file. All the package
does at this point is convert between the Config structure and a JSON
representation.

Here we introduce govendor, which is described more in the README. This
means we will have all of our Go dependencies in the vendor
subdirectory. This means we will have no Go source dependencies, only
dependencies on the build tools (Go and govendor). The README describes
this in detail.

Note that we commit the generated files.
  see: https://blog.golang.org/generate

Change-Id: Iaacd46666b5d3e4e865a0f4045dd63ed7e3d6f96

1 files changed, 95 insertions, 0 deletions

diff --git a/metadata/metadata.proto b/metadata/metadata.proto
new file mode 100644
index 0000000..b967407
--- /dev/null
+++ b/metadata/metadata.proto
@@ -0,0 +1,95 @@
+/*
+ * metadata.proto - File which contains all of the metadata structures which we
+ * write to metadata files. Must be compiled with protoc to use the library.
+ * Compilation can be invoked with go generate.
+ *
+ * Copyright 2017 Google Inc.
+ * Author: Joe Richey (joerichey@google.com)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+syntax = "proto3";
+package metadata;
+
+// Cost parameters to be used in our hashing functions.
+message HashingCosts {
+  int64 time = 2;
+  int64 memory = 3;
+  int64 parallelism = 4;
+}
+
+// This structure is used for our authenticated wrapping/unwrapping of keys.
+message WrappedKeyData {
+  bytes IV = 1;
+  bytes encrypted_key = 2;
+  bytes hmac = 3;
+}
+
+// Specifies the method in which an outside secret is obtained for a Protector
+enum SourceType {
+  none = 0;
+  pam_passphrase = 1;
+  custom_passphrase = 2;
+  raw_key = 3;
+}
+
+// The associated data for each protector
+message ProtectorData {
+  string protector_descriptor = 1;
+  string name = 2;
+  SourceType source = 3;
+
+  // These are only used by some of the protector types
+  HashingCosts costs = 4;
+  bytes salt = 5;
+  int64 uid = 6;
+
+  WrappedKeyData wrapped_key = 7;
+}
+
+// Type of encryption, should match the declarations of FS_ENCRYPTION_MODE
+enum EncryptionMode {
+  default = 0;
+  XTS = 1;
+  GCM = 2;
+  CBC = 3;
+  CTS = 4;
+}
+
+// Encryption policy specifics, should match struct fscrypt_policy
+message EncryptionOptions {
+  int64 padding = 1;
+  EncryptionMode contents_mode = 2;
+  EncryptionMode filenames_mode = 3;
+}
+
+message WrappedPolicyKey {
+  string protector_descriptor = 1;
+  WrappedKeyData wrapped_key = 2;
+}
+
+// The associated data for each policy
+message PolicyData {
+  string key_descriptor = 1;
+  EncryptionOptions options = 2;
+  repeated WrappedPolicyKey wrapped_policy_keys = 3;
+}
+
+// Data stored in the config file
+message Config {
+  SourceType source = 1;
+  HashingCosts hash_costs = 2;
+  string compatibility = 3;
+  EncryptionOptions options = 4;
+}