1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 // Sync protocol datatype extension for nigori keys.
7 // Update proto_value_conversions{.h,.cc,_unittest.cc} if you change
8 // any fields in this file.
12 option optimize_for = LITE_RUNTIME;
13 option retain_unknown_fields = true;
17 import "encryption.proto";
20 optional string name = 1;
21 optional bytes user_key = 2;
22 optional bytes encryption_key = 3;
23 optional bytes mac_key = 4;
26 message NigoriKeyBag {
27 repeated NigoriKey key = 2;
30 // Properties of nigori sync object.
31 message NigoriSpecifics {
32 optional EncryptedData encryption_keybag = 1;
33 // Once keystore migration is performed, we have to freeze the keybag so that
34 // older clients (that don't support keystore encryption) do not attempt to
36 // Previously |using_explicit_passphrase|.
37 optional bool keybag_is_frozen = 2;
39 // Obsolete encryption fields. These were deprecated due to legacy versions
40 // that understand their usage but did not perform encryption properly.
41 // optional bool deprecated_encrypt_bookmarks = 3;
42 // optional bool deprecated_encrypt_preferences = 4;
43 // optional bool deprecated_encrypt_autofill_profile = 5;
44 // optional bool deprecated_encrypt_autofill = 6;
45 // optional bool deprecated_encrypt_themes = 7;
46 // optional bool deprecated_encrypt_typed_urls = 8;
47 // optional bool deprecated_encrypt_extensions = 9;
48 // optional bool deprecated_encrypt_sessions = 10;
49 // optional bool deprecated_encrypt_apps = 11;
50 // optional bool deprecated_encrypt_search_engines = 12;
52 // Booleans corresponding to whether a datatype should be encrypted.
53 // Passwords are always encrypted, so we don't need a field here.
54 // History delete directives need to be consumable by the server, and
55 // thus can't be encrypted.
56 // Synced Notifications need to be consumed by the server (the read flag)
57 // and thus can't be encrypted.
58 // Synced Notification App Info is set by the server, and thus cannot be
60 optional bool encrypt_bookmarks = 13;
61 optional bool encrypt_preferences = 14;
62 optional bool encrypt_autofill_profile = 15;
63 optional bool encrypt_autofill = 16;
64 optional bool encrypt_themes = 17;
65 optional bool encrypt_typed_urls = 18;
66 optional bool encrypt_extensions = 19;
67 optional bool encrypt_sessions = 20;
68 optional bool encrypt_apps = 21;
69 optional bool encrypt_search_engines = 22;
71 // Deprecated on clients where tab sync is enabled by default.
72 // optional bool sync_tabs = 23;
74 // If true, all current and future datatypes will be encrypted.
75 optional bool encrypt_everything = 24;
77 optional bool encrypt_extension_settings = 25;
78 optional bool encrypt_app_notifications = 26;
79 optional bool encrypt_app_settings = 27;
81 // User device information. Contains information about each device that has a
82 // sync-enabled Chrome browser connected to the user account.
83 // This has been moved to the DeviceInfo message.
84 // repeated DeviceInformation deprecated_device_information = 28;
86 // Enable syncing favicons as part of tab sync.
87 optional bool sync_tab_favicons = 29;
89 // The state of the passphrase required to decrypt |encryption_keybag|.
91 // Gaia-based encryption passphrase. Deprecated.
92 IMPLICIT_PASSPHRASE = 1;
93 // Keystore key encryption passphrase. Uses |keystore_bootstrap| to
94 // decrypt |encryption_keybag|.
95 KEYSTORE_PASSPHRASE = 2;
96 // Previous Gaia-based passphrase frozen and treated as a custom passphrase.
97 FROZEN_IMPLICIT_PASSPHRASE = 3;
98 // User provided custom passphrase.
99 CUSTOM_PASSPHRASE = 4;
101 optional PassphraseType passphrase_type = 30
102 [default = IMPLICIT_PASSPHRASE];
104 // The keystore decryptor token blob. Encrypted with the keystore key, and
105 // contains the encryption key used to decrypt |encryption_keybag|.
106 // Only set if passphrase_state == KEYSTORE_PASSPHRASE.
107 optional EncryptedData keystore_decryptor_token = 31;
109 // The time (in epoch milliseconds) at which the keystore migration was
111 optional int64 keystore_migration_time = 32;
113 // The time (in epoch milliseconds) at which a custom passphrase was set.
114 // Note: this field may not be set if the custom passphrase was applied before
115 // this field was introduced.
116 optional int64 custom_passphrase_time = 33;
118 // Boolean corresponding to whether custom spelling dictionary should be
120 optional bool encrypt_dictionary = 34;
122 // Boolean corresponding to Whether to encrypt favicons data or not.
123 optional bool encrypt_favicon_images = 35;
124 optional bool encrypt_favicon_tracking = 36;
126 // Boolean corresponding to whether articles should be encrypted.
127 optional bool encrypt_articles = 37;
129 // Boolean corresponding to whether app list items should be encrypted.
130 optional bool encrypt_app_list = 38;
132 // Boolean corresponding to whether usage count and last use date of Wallet
133 // data should be encrypted.
134 optional bool encrypt_autofill_wallet_metadata = 39;
136 // Boolean indicating whether this node was originally missing a
137 // |keystore_migration_time| field value, and was fixed on the server by
138 // giving the field a value.
139 // THIS FIELD SHOULD ONLY BE SET BY THE SERVER.
140 optional bool server_only_was_missing_keystore_migration_time = 40;