1// Copyright 2019 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5// Contains messages and data types used by request, response, and directive
6// messages in the CryptAuth v2 Enrollment protocol.
7syntax = "proto3";
8
9package cryptauthv2;
10
11option optimize_for = LITE_RUNTIME;
12
13// The types of cryptographic keys that are supported.
14enum KeyType {
15  // Default value. Don't use!
16  KEY_TYPE_UNSPECIFIED = 0;
17
18  // 16-byte random byte string
19  RAW128 = 1;
20  // 32-byte random byte string
21  RAW256 = 2;
22  // Curve25519
23  CURVE25519 = 3;
24  // P256
25  P256 = 4;
26
27  // The key will be provided by the application.
28  CUSTOM = 127;
29}
30
31// The generic format for public-key certificates.
32message Certificate {
33  // The identifier bound to the cert, e.g., an email address or phone number.
34  string common_name = 1;
35  // The raw bytes of the public key.
36  bytes public_key = 2;
37  // The UNIX timestamp when the cert will expire.
38  int64 expire_time_millis = 3;
39
40  // A restriction imposed on the applications using this key.
41  // Claims are validated along with the signature, when this key is used.
42  message Claim {
43    // Claim name.
44    string name = 1;
45    // Whether this claim is critical in the certificate. If it is critical,
46    // the client must fail the validation of the certificate if the client does
47    // not recognize the name of the claim.
48    bool critical = 2;
49    // Claim value.
50    bytes value = 3;
51  }
52  // All claims associated with the use of this key.
53  repeated Claim claims = 4;
54
55  // The signature over all of the above.
56  bytes signature = 5;
57}
58
59// Uniquely identifies a server-side policy instance, which is associated with a
60// key or a client. Subset of this policy is communicated to the client and
61// referenced using this message.
62// A set of related policies are identified by a name. Every time the policy
63// changes, it gets a new unique version number to distinguish it from the
64// policy instance it is based on. Together, following fields uniquely identify
65// a policy instance.
66message PolicyReference {
67  // The name of the policy.
68  string name = 1;
69
70  // The version of the policy.
71  int64 version = 2;
72}
73
74// The client-specific metadata contained in SyncKeysRequest.
75//
76// Note: This message is encoded as query parameters for some requests. If any
77// field or subfield of this proto changes, update the files
78// cryptauth_proto_to_query_parameters_util.{h,cc}.
79message ClientMetadata {
80  // The counter for how many times the request has been retried.
81  int64 retry_count = 1;
82
83  // The reason why the request has been invoked.
84  enum InvocationReason {
85    // Unspecified invocation reason.
86    INVOCATION_REASON_UNSPECIFIED = 0;
87
88    // First run of the software package invoking this call.
89    INITIALIZATION = 1;
90    // Ordinary periodic actions (e.g., monthly key rotation).
91    PERIODIC = 2;
92    // Slow-cycle periodic action (e.g., yearly keypair rotation).
93    SLOW_PERIODIC = 3;
94    // Fast-cycle periodic action (e.g., daily sync for Smart Lock users).
95    FAST_PERIODIC = 4;
96
97    // Expired state (e.g., expired credentials, or cached entries) was
98    // detected.
99    EXPIRATION = 5;
100    // An unexpected protocol failure occurred (so attempting to repair state).
101    FAILURE_RECOVERY = 6;
102
103    // A new account has been added to the device.
104    NEW_ACCOUNT = 7;
105    // An existing account on the device has been changed.
106    CHANGED_ACCOUNT = 8;
107
108    // The user toggled the state of a feature (e.g., Smart Lock enabled via
109    // bluetooth).
110    FEATURE_TOGGLED = 9;
111    // A "push" from the server caused this action (e.g., a sync tickle).
112    SERVER_INITIATED = 10;
113
114    // A local address change triggered this (e.g., GCM registration id
115    // changed).
116    ADDRESS_CHANGE = 11;
117    // A software update has triggered this.
118    SOFTWARE_UPDATE = 12;
119
120    // A manual action by the user triggered this (e.g., commands sent via adb).
121    MANUAL = 13;
122
123    // A custom key has been invalidated on the device (e.g. screen lock is
124    // disabled).
125    CUSTOM_KEY_INVALIDATION = 14;
126
127    // Periodic action triggered by auth_proximity
128    PROXIMITY_PERIODIC = 15;
129  }
130  // Reason for invocation.
131  InvocationReason invocation_reason = 2;
132
133  // Whether the platform has hardware supports for certain algorithms.
134  message CryptoHardware {
135    // AES-128
136    bool aes128 = 1;
137    // ASE-256
138    bool aes256 = 2;
139    // Carryless multiplication
140    bool clmul = 3;
141    // Curve25519
142    bool curve25519 = 4;
143    // P256
144    bool p256 = 5;
145  }
146  // Crypto hardware available on the client.
147  CryptoHardware crypto_hardware = 3;
148
149  // If the request is issued as a direct result, or a follow-up for a
150  // notification/tickle, the session_id from that notification.
151  string session_id = 4;
152}
153
154// Identifies Cryptauth services.
155enum TargetService {
156  // Unspecified Cryptauth service.
157  TARGET_SERVICE_UNSPECIFIED = 0;
158
159  // Cryptauth Enrollment.
160  ENROLLMENT = 1;
161
162  // Cryptauth DeviceSync.
163  DEVICE_SYNC = 2;
164}
165