blob: 817b7b40d606d70941de123aa4e89ccf1d208fc3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
syntax = "proto2";
package android_backup_crypto;
option java_package = "com.android.server.backup.encryption.protos";
option java_outer_classname = "WrappedKeyProto";
// Metadata associated with a tertiary key.
message KeyMetadata {
// Type of Cipher algorithm the key is used for.
enum Type {
UNKNOWN = 0;
// No padding. Uses 12-byte nonce. Tag length 16 bytes.
AES_256_GCM = 1;
}
// What kind of Cipher algorithm the key is used for. We assume at the moment
// that this will always be AES_256_GCM and throw if this is not the case.
// Provided here for forwards compatibility in case at some point we need to
// change Cipher algorithm.
optional Type type = 1;
}
// An encrypted tertiary key.
message WrappedKey {
// The Cipher with which the key was encrypted.
enum WrapAlgorithm {
UNKNOWN = 0;
// No padding. Uses 16-byte nonce (see nonce field). Tag length 16 bytes.
// The nonce is 16-bytes as this is wrapped with a key in AndroidKeyStore.
// AndroidKeyStore requires that it generates the IV, and it generates a
// 16-byte IV for you. You CANNOT provide your own IV.
AES_256_GCM = 1;
}
// Cipher algorithm used to wrap the key. We assume at the moment that this
// is always AES_256_GC and throw if this is not the case. Provided here for
// forwards compatibility if at some point we need to change Cipher algorithm.
optional WrapAlgorithm wrap_algorithm = 1;
// The nonce used to initialize the Cipher in AES/256/GCM mode.
optional bytes nonce = 2;
// The encrypted bytes of the key material.
optional bytes key = 3;
// Associated key metadata.
optional KeyMetadata metadata = 4;
// Deprecated field; Do not use
reserved 5;
}
|
