diff options
| author | Al Sutton <alsutton@google.com> | 2019-08-20 15:43:30 +0100 |
|---|---|---|
| committer | Al Sutton <alsutton@google.com> | 2019-09-06 11:12:23 +0100 |
| commit | c949517f4d7f29778e201875e57fc900b57f3cf3 (patch) | |
| tree | 56fba2662aaeaef67e1d52be8baae4d7b58fb3d7 /packages/BackupEncryption/proto | |
| parent | ad52c6bc3a56f8ec7b7c32e38fe28659cbba7109 (diff) | |
Migrate KeyWrapUtils
Bring KeyWrapUtils in from GMSCore. This class relies heavily on a set
of protobufs, so this CL includes the creation of the protobuf target
support it and the inclusion of that target in the tests.
Bug: 111386661
Test: atest BackupFrameworksServicesRoboTests
Change-Id: I89e0c68a449f784b132780410d9de32824bb674a
Diffstat (limited to 'packages/BackupEncryption/proto')
| -rw-r--r-- | packages/BackupEncryption/proto/wrapped_key.proto | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/packages/BackupEncryption/proto/wrapped_key.proto b/packages/BackupEncryption/proto/wrapped_key.proto new file mode 100644 index 000000000000..817b7b40d606 --- /dev/null +++ b/packages/BackupEncryption/proto/wrapped_key.proto @@ -0,0 +1,52 @@ +syntax = "proto2"; + +package android_backup_crypto; + +option java_package = "com.android.server.backup.encryption.protos"; +option java_outer_classname = "WrappedKeyProto"; + +// Metadata associated with a tertiary key. +message KeyMetadata { + // Type of Cipher algorithm the key is used for. + enum Type { + UNKNOWN = 0; + // No padding. Uses 12-byte nonce. Tag length 16 bytes. + AES_256_GCM = 1; + } + + // What kind of Cipher algorithm the key is used for. We assume at the moment + // that this will always be AES_256_GCM and throw if this is not the case. + // Provided here for forwards compatibility in case at some point we need to + // change Cipher algorithm. + optional Type type = 1; +} + +// An encrypted tertiary key. +message WrappedKey { + // The Cipher with which the key was encrypted. + enum WrapAlgorithm { + UNKNOWN = 0; + // No padding. Uses 16-byte nonce (see nonce field). Tag length 16 bytes. + // The nonce is 16-bytes as this is wrapped with a key in AndroidKeyStore. + // AndroidKeyStore requires that it generates the IV, and it generates a + // 16-byte IV for you. You CANNOT provide your own IV. + AES_256_GCM = 1; + } + + // Cipher algorithm used to wrap the key. We assume at the moment that this + // is always AES_256_GC and throw if this is not the case. Provided here for + // forwards compatibility if at some point we need to change Cipher algorithm. + optional WrapAlgorithm wrap_algorithm = 1; + + // The nonce used to initialize the Cipher in AES/256/GCM mode. + optional bytes nonce = 2; + + // The encrypted bytes of the key material. + optional bytes key = 3; + + // Associated key metadata. + optional KeyMetadata metadata = 4; + + // Deprecated field; Do not use + reserved 5; +} |