aboutsummaryrefslogtreecommitdiff
path: root/metadata/metadata.proto
diff options
context:
space:
mode:
Diffstat (limited to 'metadata/metadata.proto')
-rw-r--r--metadata/metadata.proto95
1 files changed, 95 insertions, 0 deletions
diff --git a/metadata/metadata.proto b/metadata/metadata.proto
new file mode 100644
index 0000000..b967407
--- /dev/null
+++ b/metadata/metadata.proto
@@ -0,0 +1,95 @@
+/*
+ * metadata.proto - File which contains all of the metadata structures which we
+ * write to metadata files. Must be compiled with protoc to use the library.
+ * Compilation can be invoked with go generate.
+ *
+ * Copyright 2017 Google Inc.
+ * Author: Joe Richey (joerichey@google.com)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+syntax = "proto3";
+package metadata;
+
+// Cost parameters to be used in our hashing functions.
+message HashingCosts {
+ int64 time = 2;
+ int64 memory = 3;
+ int64 parallelism = 4;
+}
+
+// This structure is used for our authenticated wrapping/unwrapping of keys.
+message WrappedKeyData {
+ bytes IV = 1;
+ bytes encrypted_key = 2;
+ bytes hmac = 3;
+}
+
+// Specifies the method in which an outside secret is obtained for a Protector
+enum SourceType {
+ none = 0;
+ pam_passphrase = 1;
+ custom_passphrase = 2;
+ raw_key = 3;
+}
+
+// The associated data for each protector
+message ProtectorData {
+ string protector_descriptor = 1;
+ string name = 2;
+ SourceType source = 3;
+
+ // These are only used by some of the protector types
+ HashingCosts costs = 4;
+ bytes salt = 5;
+ int64 uid = 6;
+
+ WrappedKeyData wrapped_key = 7;
+}
+
+// Type of encryption, should match the declarations of FS_ENCRYPTION_MODE
+enum EncryptionMode {
+ default = 0;
+ XTS = 1;
+ GCM = 2;
+ CBC = 3;
+ CTS = 4;
+}
+
+// Encryption policy specifics, should match struct fscrypt_policy
+message EncryptionOptions {
+ int64 padding = 1;
+ EncryptionMode contents_mode = 2;
+ EncryptionMode filenames_mode = 3;
+}
+
+message WrappedPolicyKey {
+ string protector_descriptor = 1;
+ WrappedKeyData wrapped_key = 2;
+}
+
+// The associated data for each policy
+message PolicyData {
+ string key_descriptor = 1;
+ EncryptionOptions options = 2;
+ repeated WrappedPolicyKey wrapped_policy_keys = 3;
+}
+
+// Data stored in the config file
+message Config {
+ SourceType source = 1;
+ HashingCosts hash_costs = 2;
+ string compatibility = 3;
+ EncryptionOptions options = 4;
+}
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-10 15:41:29 +0000