1syntax = "proto2"; 2 3package android_backup_crypto; 4 5option java_package = "com.android.server.backup.encryption.protos"; 6option java_outer_classname = "WrappedKeyProto"; 7 8// Metadata associated with a tertiary key. 9message KeyMetadata { 10 // Type of Cipher algorithm the key is used for. 11 enum Type { 12 UNKNOWN = 0; 13 // No padding. Uses 12-byte nonce. Tag length 16 bytes. 14 AES_256_GCM = 1; 15 } 16 17 // What kind of Cipher algorithm the key is used for. We assume at the moment 18 // that this will always be AES_256_GCM and throw if this is not the case. 19 // Provided here for forwards compatibility in case at some point we need to 20 // change Cipher algorithm. 21 optional Type type = 1; 22} 23 24// An encrypted tertiary key. 25message WrappedKey { 26 // The Cipher with which the key was encrypted. 27 enum WrapAlgorithm { 28 UNKNOWN = 0; 29 // No padding. Uses 16-byte nonce (see nonce field). Tag length 16 bytes. 30 // The nonce is 16-bytes as this is wrapped with a key in AndroidKeyStore. 31 // AndroidKeyStore requires that it generates the IV, and it generates a 32 // 16-byte IV for you. You CANNOT provide your own IV. 33 AES_256_GCM = 1; 34 } 35 36 // Cipher algorithm used to wrap the key. We assume at the moment that this 37 // is always AES_256_GC and throw if this is not the case. Provided here for 38 // forwards compatibility if at some point we need to change Cipher algorithm. 39 optional WrapAlgorithm wrap_algorithm = 1; 40 41 // The nonce used to initialize the Cipher in AES/256/GCM mode. 42 optional bytes nonce = 2; 43 44 // The encrypted bytes of the key material. 45 optional bytes key = 3; 46 47 // Associated key metadata. 48 optional KeyMetadata metadata = 4; 49 50 // Deprecated field; Do not use 51 reserved 5; 52} 53