1 // Copyright (c) 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 // The messages in this file comprise the DBus/Proto interface for
6 // Cryptohome where there is an AccountIdentifer argument, an
7 // AuthorizationRequest (if needed for the call), and the call's
8 // parameters as <Call>Request.
10 // 'optional' annotations are used heavily in the RPC definition
11 // because the RPC endpoints most properly sanity check the contents
12 // for application-specific logic, and the more optional-with-default
13 // parameters exist, the less data is actually transferred on the wire
14 // in "default" situations.
16 option optimize_for = LITE_RUNTIME;
22 // Error codes do not need to be sequential per-call.
23 // Prefixes by Request/Reply type should be used to help
24 // callers know if specialized errors apply.
25 enum CryptohomeErrorCode {
26 // 0 is the default value of BaseReply::error. It
27 // should never be used.
28 CRYPTOHOME_ERROR_NOT_SET = 0;
30 CRYPTOHOME_ERROR_ACCOUNT_NOT_FOUND = 1;
31 CRYPTOHOME_ERROR_AUTHORIZATION_KEY_NOT_FOUND = 2;
32 CRYPTOHOME_ERROR_AUTHORIZATION_KEY_FAILED = 3;
33 CRYPTOHOME_ERROR_NOT_IMPLEMENTED = 4;
34 CRYPTOHOME_ERROR_MOUNT_FATAL = 5;
35 CRYPTOHOME_ERROR_MOUNT_MOUNT_POINT_BUSY = 6;
36 CRYPTOHOME_ERROR_TPM_COMM_ERROR = 7;
37 CRYPTOHOME_ERROR_TPM_DEFEND_LOCK = 8;
38 CRYPTOHOME_ERROR_TPM_NEEDS_REBOOT = 9;
39 CRYPTOHOME_ERROR_AUTHORIZATION_KEY_DENIED = 10;
40 CRYPTOHOME_ERROR_KEY_QUOTA_EXCEEDED = 11;
41 CRYPTOHOME_ERROR_KEY_LABEL_EXISTS = 12;
42 CRYPTOHOME_ERROR_BACKING_STORE_FAILURE = 13;
43 CRYPTOHOME_ERROR_UPDATE_SIGNATURE_INVALID = 14;
44 CRYPTOHOME_ERROR_KEY_NOT_FOUND = 15;
45 CRYPTOHOME_ERROR_LOCKBOX_SIGNATURE_INVALID = 16;
46 CRYPTOHOME_ERROR_LOCKBOX_CANNOT_SIGN = 17;
47 CRYPTOHOME_ERROR_BOOT_ATTRIBUTE_NOT_FOUND = 18;
48 CRYPTOHOME_ERROR_BOOT_ATTRIBUTES_CANNOT_SIGN = 19;
51 message AccountIdentifier {
52 optional string email = 1;
55 message AuthorizationRequest {
56 // |key| must supply at least a |key.secret()|. If no |key.data()| or
57 // |key.data().label()| is supplied, the |key.secret()| will be tested
58 // against all compatible |key.data().type()| keys, where
59 // KEY_TYPE_PASSWORD is the default type. If
60 // |key.data().label()| is supplied, then the |key.secret()| will only be
61 // tested against the matching VaultKeyset.
65 // These parameters are for inbound data to Cryptohome RPC
66 // interfaces. When calls are added that return data, a
67 // <Call>Response should be defined.
68 message MountRequest {
69 // Perform an ephemeral mount only.
70 optional bool require_ephemeral = 1 [default=false];
71 // If defined, the account will be created if it does not exist.
72 // Additionally, a failed AuthorizationRequest will be expected as
73 // there will be no existing keys.
74 optional CreateRequest create = 2;
77 // A BaseReply type is used for all cryptohomed responses. A shared base class
78 // is used because all calls will always reply with no-error or an error value.
79 // A centralized definition allows for a reusable reply handler for cases where
80 // there is no Request-specific reply data. Any specialized data will live in
81 // an extension as per MountReply below:
82 // if (reply.HasExtension(MountReply::reply)) { ... }
85 // If a call was successful, error will not be defined (clear_error()).
86 // If a call failed, it must set an error code (set_error(CODE)).
87 // In either case, call-specific data may be added as an extension.
88 optional CryptohomeErrorCode error = 1;
90 extensions 1000 to max;
93 // The MountRequest call may return more than just success or failure
94 // so it embeds itself in a BaseReply as an extension.
97 optional MountReply reply = 1000;
99 // |recreated| is set when the cryptohome had to be wiped
100 // because the key or data was an unrecoverable. It does not imply
101 // failure to Mount nor is it 'true' when a CreateRequest creates
102 // a cryptohome for the first time.
103 optional bool recreated = 1 [default=false];
104 // Returns the filesystem-sanitized username.
105 optional string sanitized_username = 2;
108 message CreateRequest {
109 repeated Key keys = 1;
110 // Explicitly use the |key| from the AuthorizationRequest.
111 // Setting this value means that the KeyData is filled as it
112 // would be with a Key above or in an AddKeyRequest.
113 optional bool copy_authorization_key = 2 [default=false];
114 // In the future, this will contain account-wide data like
115 // the deletion priority or the IdP's origin.
118 message AddKeyRequest {
119 optional Key key = 1;
120 optional bool clobber_if_exists = 2 [default=false];
123 message UpdateKeyRequest {
124 optional Key changes = 1;
125 optional bytes authorization_signature = 2;
128 message CheckKeyRequest {
131 message RemoveKeyRequest {
132 // Only key.data().label() is used at present.
133 optional Key key = 1;
136 message SignBootLockboxRequest {
137 // The data to be signed.
138 optional bytes data = 1;
141 message SignBootLockboxReply {
143 optional SignBootLockboxReply reply = 1001;
145 optional bytes signature = 1;
148 message VerifyBootLockboxRequest {
149 // The signed data to be verified.
150 optional bytes data = 1;
151 // The signature to be verified.
152 optional bytes signature = 2;
155 message FinalizeBootLockboxRequest {
158 message GetKeyDataRequest {
159 // |key| must supply at least one attribute and all others will be treated as
160 // wildcards. Currently only |key.data().label()| may be supplied. Like
161 // AuthorizationRequest, support can be added for queries by
162 // |key.data().type()| to return all keys of a certain class, testing
163 // |key.secret()|, or |key.data().provider_data()| entries.
164 optional Key key = 1;
167 message GetKeyDataReply {
169 optional GetKeyDataReply reply = 1002;
171 repeated KeyData key_data = 1;
174 message GetBootAttributeRequest {
175 optional string name = 1;
178 message GetBootAttributeReply {
180 optional GetBootAttributeReply reply = 1003;
182 optional bytes value = 1;
185 message SetBootAttributeRequest {
186 optional string name = 1;
187 optional bytes value = 2;
190 message FlushAndSignBootAttributesRequest {
193 message ListKeysRequest {
194 // The default behavior is by label so any extension here should honor that.
197 message ListKeysReply {
199 optional ListKeysReply reply = 1004;
201 repeated string labels = 1;
204 message GetLoginStatusRequest {
207 message GetLoginStatusReply {
209 optional GetLoginStatusReply reply = 1005;
211 optional bool owner_user_exists=1;
212 optional bool boot_lockbox_finalized=2;