1 // Copyright (c) 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 // The messages in this file comprise the DBus/Proto interface for
6 // Cryptohome where there is an AccountIdentifer argument, an
7 // AuthorizationRequest (if needed for the call), and the call's
8 // parameters as <Call>Request.
10 // 'optional' annotations are used heavily in the RPC definition
11 // because the RPC endpoints most properly sanity check the contents
12 // for application-specific logic, and the more optional-with-default
13 // parameters exist, the less data is actually transferred on the wire
14 // in "default" situations.
16 option optimize_for = LITE_RUNTIME;
22 // Error codes do not need to be sequential per-call.
23 // Prefixes by Request/Reply type should be used to help
24 // callers know if specialized errors apply.
25 enum CryptohomeErrorCode {
26 // 0 is the default value of BaseReply::error. It
27 // should never be used.
28 CRYPTOHOME_ERROR_NOT_SET = 0;
30 CRYPTOHOME_ERROR_ACCOUNT_NOT_FOUND = 1;
31 CRYPTOHOME_ERROR_AUTHORIZATION_KEY_NOT_FOUND = 2;
32 CRYPTOHOME_ERROR_AUTHORIZATION_KEY_FAILED = 3;
33 CRYPTOHOME_ERROR_NOT_IMPLEMENTED = 4;
34 CRYPTOHOME_ERROR_MOUNT_FATAL = 5;
35 CRYPTOHOME_ERROR_MOUNT_MOUNT_POINT_BUSY = 6;
36 CRYPTOHOME_ERROR_TPM_COMM_ERROR = 7;
37 CRYPTOHOME_ERROR_TPM_DEFEND_LOCK = 8;
38 CRYPTOHOME_ERROR_TPM_NEEDS_REBOOT = 9;
39 CRYPTOHOME_ERROR_AUTHORIZATION_KEY_DENIED = 10;
40 CRYPTOHOME_ERROR_KEY_QUOTA_EXCEEDED = 11;
41 CRYPTOHOME_ERROR_KEY_LABEL_EXISTS = 12;
42 CRYPTOHOME_ERROR_BACKING_STORE_FAILURE = 13;
43 CRYPTOHOME_ERROR_UPDATE_SIGNATURE_INVALID = 14;
44 CRYPTOHOME_ERROR_KEY_NOT_FOUND = 15;
45 CRYPTOHOME_ERROR_LOCKBOX_SIGNATURE_INVALID = 16;
46 CRYPTOHOME_ERROR_LOCKBOX_CANNOT_SIGN = 17;
49 message AccountIdentifier {
50 optional string email = 1;
53 message AuthorizationRequest {
54 // |key| must supply at least a |key.secret()|. If no |key.data()| or
55 // |key.data().label()| is supplied, the |key.secret()| will be tested
56 // against all compatible |key.data().type()| keys, where
57 // KEY_TYPE_PASSWORD_CROS_LEGACY is the default type. If
58 // |key.data().label()| is supplied, then the |key.secret()| will only be
59 // tested against the matching VaultKeyset.
63 // These parameters are for inbound data to Cryptohome RPC
64 // interfaces. When calls are added that return data, a
65 // <Call>Response should be defined.
66 message MountRequest {
67 // Perform an ephemeral mount only.
68 optional bool require_ephemeral = 1 [default=false];
69 // If defined, the account will be created if it does not exist.
70 // Additionally, a failed AuthorizationRequest will be expected as
71 // there will be no existing keys.
72 optional CreateRequest create = 2;
75 // A BaseReply type is used for all cryptohomed responses. A shared base class
76 // is used because all calls will always reply with no-error or an error value.
77 // A centralized definition allows for a reusable reply handler for cases where
78 // there is no Request-specific reply data. Any specialized data will live in
79 // an extension as per MountReply below:
80 // if (reply.HasExtension(MountReply::reply)) { ... }
83 // If a call was successful, error will not be defined (clear_error()).
84 // If a call failed, it must set an error code (set_error(CODE)).
85 // In either case, call-specific data may be added as an extension.
86 optional CryptohomeErrorCode error = 1;
88 extensions 1000 to max;
91 // The MountRequest call may return more than just success or failure
92 // so it embeds itself in a BaseReply as an extension.
95 optional MountReply reply = 1000;
97 // |recreated| is set when the cryptohome had to be wiped
98 // because the key or data was an unrecoverable. It does not imply
99 // failure to Mount nor is it 'true' when a CreateRequest creates
100 // a cryptohome for the first time.
101 optional bool recreated = 1 [default=false];
102 // Returns the filesystem-sanitized username.
103 optional string sanitized_username = 2;
106 message CreateRequest {
107 repeated Key keys = 1;
108 // Explicitly use the |key| from the AuthorizationRequest.
109 // Setting this value means that the KeyData is filled as it
110 // would be with a Key above or in an AddKeyRequest.
111 optional bool copy_authorization_key = 2 [default=false];
112 // In the future, this will contain account-wide data like
113 // the deletion priority or the IdP's origin.
116 message AddKeyRequest {
117 optional Key key = 1;
118 optional bool clobber_if_exists = 2 [default=false];
121 message UpdateKeyRequest {
122 optional Key changes = 1;
123 optional bytes authorization_signature = 2;
126 message CheckKeyRequest {
129 message RemoveKeyRequest {
130 // Only key.data().label() is used at present.
131 optional Key key = 1;
134 message SignBootLockboxRequest {
135 // The data to be signed.
136 optional bytes data = 1;
139 message SignBootLockboxReply {
141 optional SignBootLockboxReply reply = 1001;
143 optional bytes signature = 1;
146 message VerifyBootLockboxRequest {
147 // The signed data to be verified.
148 optional bytes data = 1;
149 // The signature to be verified.
150 optional bytes signature = 2;
153 message FinalizeBootLockboxRequest {