android_frameworks_base/packages/BackupEncryption/proto/wrapped_key.proto

syntax = "proto2";

package android_backup_crypto;

option java_package = "com.android.server.backup.encryption.protos";
option java_outer_classname = "WrappedKeyProto";

// Metadata associated with a tertiary key.
message KeyMetadata {
  // Type of Cipher algorithm the key is used for.
  enum Type {
    UNKNOWN = 0;
    // No padding. Uses 12-byte nonce. Tag length 16 bytes.
    AES_256_GCM = 1;
  }

  // What kind of Cipher algorithm the key is used for. We assume at the moment
  // that this will always be AES_256_GCM and throw if this is not the case.
  // Provided here for forwards compatibility in case at some point we need to
  // change Cipher algorithm.
  optional Type type = 1;
}

// An encrypted tertiary key.
message WrappedKey {
  // The Cipher with which the key was encrypted.
  enum WrapAlgorithm {
    UNKNOWN = 0;
    // No padding. Uses 16-byte nonce (see nonce field). Tag length 16 bytes.
    // The nonce is 16-bytes as this is wrapped with a key in AndroidKeyStore.
    // AndroidKeyStore requires that it generates the IV, and it generates a
    // 16-byte IV for you. You CANNOT provide your own IV.
    AES_256_GCM = 1;
  }

  // Cipher algorithm used to wrap the key. We assume at the moment that this
  // is always AES_256_GC and throw if this is not the case. Provided here for
  // forwards compatibility if at some point we need to change Cipher algorithm.
  optional WrapAlgorithm wrap_algorithm = 1;

  // The nonce used to initialize the Cipher in AES/256/GCM mode.
  optional bytes nonce = 2;

  // The encrypted bytes of the key material.
  optional bytes key = 3;

  // Associated key metadata.
  optional KeyMetadata metadata = 4;

  // Deprecated field; Do not use
  reserved 5;
}
Migrate KeyWrapUtils Bring KeyWrapUtils in from GMSCore. This class relies heavily on a set of protobufs, so this CL includes the creation of the protobuf target support it and the inclusion of that target in the tests. Bug: 111386661 Test: atest BackupFrameworksServicesRoboTests Change-Id: I89e0c68a449f784b132780410d9de32824bb674a 2019-08-20 15:43:30 +01:00			`syntax = "proto2";`

			`package android_backup_crypto;`

			`option java_package = "com.android.server.backup.encryption.protos";`
			`option java_outer_classname = "WrappedKeyProto";`

			`// Metadata associated with a tertiary key.`
			`message KeyMetadata {`
			`// Type of Cipher algorithm the key is used for.`
			`enum Type {`
			`UNKNOWN = 0;`
			`// No padding. Uses 12-byte nonce. Tag length 16 bytes.`
			`AES_256_GCM = 1;`
			`}`

			`// What kind of Cipher algorithm the key is used for. We assume at the moment`
			`// that this will always be AES_256_GCM and throw if this is not the case.`
			`// Provided here for forwards compatibility in case at some point we need to`
			`// change Cipher algorithm.`
			`optional Type type = 1;`
			`}`

			`// An encrypted tertiary key.`
			`message WrappedKey {`
			`// The Cipher with which the key was encrypted.`
			`enum WrapAlgorithm {`
			`UNKNOWN = 0;`
			`// No padding. Uses 16-byte nonce (see nonce field). Tag length 16 bytes.`
			`// The nonce is 16-bytes as this is wrapped with a key in AndroidKeyStore.`
			`// AndroidKeyStore requires that it generates the IV, and it generates a`
			`// 16-byte IV for you. You CANNOT provide your own IV.`
			`AES_256_GCM = 1;`
			`}`

			`// Cipher algorithm used to wrap the key. We assume at the moment that this`
			`// is always AES_256_GC and throw if this is not the case. Provided here for`
			`// forwards compatibility if at some point we need to change Cipher algorithm.`
			`optional WrapAlgorithm wrap_algorithm = 1;`

			`// The nonce used to initialize the Cipher in AES/256/GCM mode.`
			`optional bytes nonce = 2;`

			`// The encrypted bytes of the key material.`
			`optional bytes key = 3;`

			`// Associated key metadata.`
			`optional KeyMetadata metadata = 4;`

			`// Deprecated field; Do not use`
			`reserved 5;`
			`}`