1// Copyright 2019 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5// Contains messages and data types used by request, response, and directive 6// messages in the CryptAuth v2 Enrollment protocol. 7syntax = "proto3"; 8 9package cryptauthv2; 10 11option optimize_for = LITE_RUNTIME; 12 13// The types of cryptographic keys that are supported. 14enum KeyType { 15 // Default value. Don't use! 16 KEY_TYPE_UNSPECIFIED = 0; 17 18 // 16-byte random byte string 19 RAW128 = 1; 20 // 32-byte random byte string 21 RAW256 = 2; 22 // Curve25519 23 CURVE25519 = 3; 24 // P256 25 P256 = 4; 26 27 // The key will be provided by the application. 28 CUSTOM = 127; 29} 30 31// The generic format for public-key certificates. 32message Certificate { 33 // The identifier bound to the cert, e.g., an email address or phone number. 34 string common_name = 1; 35 // The raw bytes of the public key. 36 bytes public_key = 2; 37 // The UNIX timestamp when the cert will expire. 38 int64 expire_time_millis = 3; 39 40 // A restriction imposed on the applications using this key. 41 // Claims are validated along with the signature, when this key is used. 42 message Claim { 43 // Claim name. 44 string name = 1; 45 // Whether this claim is critical in the certificate. If it is critical, 46 // the client must fail the validation of the certificate if the client does 47 // not recognize the name of the claim. 48 bool critical = 2; 49 // Claim value. 50 bytes value = 3; 51 } 52 // All claims associated with the use of this key. 53 repeated Claim claims = 4; 54 55 // The signature over all of the above. 56 bytes signature = 5; 57} 58 59// Uniquely identifies a server-side policy instance, which is associated with a 60// key or a client. Subset of this policy is communicated to the client and 61// referenced using this message. 62// A set of related policies are identified by a name. Every time the policy 63// changes, it gets a new unique version number to distinguish it from the 64// policy instance it is based on. Together, following fields uniquely identify 65// a policy instance. 66message PolicyReference { 67 // The name of the policy. 68 string name = 1; 69 70 // The version of the policy. 71 int64 version = 2; 72} 73 74// The client-specific metadata contained in SyncKeysRequest. 75// 76// Note: This message is encoded as query parameters for some requests. If any 77// field or subfield of this proto changes, update the files 78// cryptauth_proto_to_query_parameters_util.{h,cc}. 79message ClientMetadata { 80 // The counter for how many times the request has been retried. 81 int64 retry_count = 1; 82 83 // The reason why the request has been invoked. 84 enum InvocationReason { 85 // Unspecified invocation reason. 86 INVOCATION_REASON_UNSPECIFIED = 0; 87 88 // First run of the software package invoking this call. 89 INITIALIZATION = 1; 90 // Ordinary periodic actions (e.g., monthly key rotation). 91 PERIODIC = 2; 92 // Slow-cycle periodic action (e.g., yearly keypair rotation). 93 SLOW_PERIODIC = 3; 94 // Fast-cycle periodic action (e.g., daily sync for Smart Lock users). 95 FAST_PERIODIC = 4; 96 97 // Expired state (e.g., expired credentials, or cached entries) was 98 // detected. 99 EXPIRATION = 5; 100 // An unexpected protocol failure occurred (so attempting to repair state). 101 FAILURE_RECOVERY = 6; 102 103 // A new account has been added to the device. 104 NEW_ACCOUNT = 7; 105 // An existing account on the device has been changed. 106 CHANGED_ACCOUNT = 8; 107 108 // The user toggled the state of a feature (e.g., Smart Lock enabled via 109 // bluetooth). 110 FEATURE_TOGGLED = 9; 111 // A "push" from the server caused this action (e.g., a sync tickle). 112 SERVER_INITIATED = 10; 113 114 // A local address change triggered this (e.g., GCM registration id 115 // changed). 116 ADDRESS_CHANGE = 11; 117 // A software update has triggered this. 118 SOFTWARE_UPDATE = 12; 119 120 // A manual action by the user triggered this (e.g., commands sent via adb). 121 MANUAL = 13; 122 123 // A custom key has been invalidated on the device (e.g. screen lock is 124 // disabled). 125 CUSTOM_KEY_INVALIDATION = 14; 126 127 // Periodic action triggered by auth_proximity 128 PROXIMITY_PERIODIC = 15; 129 } 130 // Reason for invocation. 131 InvocationReason invocation_reason = 2; 132 133 // Whether the platform has hardware supports for certain algorithms. 134 message CryptoHardware { 135 // AES-128 136 bool aes128 = 1; 137 // ASE-256 138 bool aes256 = 2; 139 // Carryless multiplication 140 bool clmul = 3; 141 // Curve25519 142 bool curve25519 = 4; 143 // P256 144 bool p256 = 5; 145 } 146 // Crypto hardware available on the client. 147 CryptoHardware crypto_hardware = 3; 148 149 // If the request is issued as a direct result, or a follow-up for a 150 // notification/tickle, the session_id from that notification. 151 string session_id = 4; 152} 153 154// Identifies Cryptauth services. 155enum TargetService { 156 // Unspecified Cryptauth service. 157 TARGET_SERVICE_UNSPECIFIED = 0; 158 159 // Cryptauth Enrollment. 160 ENROLLMENT = 1; 161 162 // Cryptauth DeviceSync. 163 DEVICE_SYNC = 2; 164} 165