Moved //components/proximity_auth/cryptauth to //components/cryptauth.

components/proximity_auth/cryptauth/proto/cryptauth_api.proto

-// Copyright 2014 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// Definitions for CryptAuth API calls. Do not edit unless transcribing
-// from server definitions.
-syntax = "proto2";
-
-package cryptauth;
-
-option optimize_for = LITE_RUNTIME;
-
-// Basic device information used to classify the source of a request.
-message DeviceClassifier {
-  // The Operating System version number on the device.
-  // (e.g., an android.os.Build.VERSION.SDK_INT)
-  optional int64 device_os_version_code = 14;
-
-  // The software version number running on the device
-  // (e.g., GmsCore version code).
-  optional int64 device_software_version_code = 18;
-
-  // Software package information if applicable
-  // (e.g., com.google.android.apps.authenticator2).
-  optional string device_software_package = 19;
-
-  // Device type/platform.
-  optional DeviceType device_type = 32 [default = UNKNOWN];
-}
-
-enum DeviceType {
-  UNKNOWN = 0;
-  ANDROIDOS = 1;
-  CHROME = 2;
-  IOS = 3;
-  BROWSER = 4;
-}
-
-// Device information provided to external clients that need to sync device
-// state.
-message ExternalDeviceInfo {
-  // A cryptographic public key associated with the device.
-  optional bytes public_key = 1;
-
-  // A user friendly (human readable) name for this device.
-  optional string friendly_device_name = 2;
-
-  // If available, the device's bluetooth MAC address.
-  optional string bluetooth_address = 3;
-
-  // Whether or not this device can be used as an unlock key.
-  optional bool unlock_key = 4;
-
-  // Whether or not this device can be unlocked.
-  optional bool unlockable = 5;
-}
-
-// Determine if the calling device is allowed to promote the SmartLock
-// feature to the user and contact the user's authzen enrolled devices to make
-// them update their enrollments and to check if they're reachable (we don't
-// want to show a promotional popup if the user has no reachable devices).
-message FindEligibleForPromotionRequest {
-  // The public key of the device that is asking us whether it should show
-  // promotional material. Required.
-  optional bytes promoter_public_key = 2;
-
-  // Information about the requesting device and its platform.
-  optional DeviceClassifier device_classifier = 3;
-}
-
-// Contains the authzen transaction id that the caller can use to check if
-// there are reachable devices.
-message FindEligibleForPromotionResponse {
-  // Whether the caller is allowed to show promotional material.
-  optional bool may_show_promo = 1;
-}
-
-// Request for a list of devices that could be used as Unlock Keys, optionally
-// requesting a callback over bluetooth (for proximity detection).
-message FindEligibleUnlockDevicesRequest {
-  // A bluetooth MAC address to be contacted if a device that may be eligible
-  // for unlock is nearby. If set, a message will be pushed to all eligible
-  // unlock devices requesting that they contact the specified MAC address. If
-  // this field is left unset, no callback will be made, and no message will be
-  // pushed to the user's devices.
-  optional string callback_bluetooth_address = 2;
-
-  // During setup, we call find and sendDeviceSyncTickle. If no devices are
-  // found, we call find again, in hopes that the tickle caused a state
-  // change that made some device eligible. This is the count for these
-  // retries (in practice, this will always be 0 or 1).
-  // Should always be set.
-  optional int32 retry_count = 3;
-
-  // If present and positive, the devices must have been updated within this
-  // many milliseconds of the RPC in order to be considered eligible.
-  optional int64 max_last_update_time_delta_millis = 4;
-
-  // If true, we will not examine the push connectivity status of devices
-  // when determining eligibility.
-  optional bool offline_allowed = 5 [default = false];
-
-  // Information about the requesting device and its platform.
-  optional DeviceClassifier device_classifier = 6;
-}
-
-// Response containing a list of devices that could be made Unlock Keys
-message FindEligibleUnlockDevicesResponse {
-  // Devices that could be made Unlock Keys (even if they aren't enabled yet)
-  repeated ExternalDeviceInfo eligible_devices = 1;
-
-  // Devices that cannot be made unlock keys, and reasons for this. This list
-  // will not contain any non-gms core devices, even though these are also not
-  // eligible to be unlock keys.
-  repeated IneligibleDevice ineligible_devices = 2;
-}
-
-// Request to complete a device enrollment.
-message FinishEnrollmentRequest {
-  // The enrollment session identifer from the <code>setup</code> response.
-  optional bytes enrollment_session_id = 2;
-
-  // An encrypted payload containing enrollment information for the device.
-  optional bytes enrollment_message = 3;
-
-  // A Diffie-Hellman public key for the device, to complete the key exchange.
-  optional bytes device_ephemeral_key = 4;
-
-  // An integer encoding the reason this enrollment was invoked (triggered).
-  // See InvocationReason enum for definitions.
-  optional int32 invocation_reason = 11 [default = 0];
-
-  // How many retries of this operation have happened thus far.
-  optional int32 retry_count = 12 [default = 0];
-
-  // Information about the requesting device and its platform.
-  optional DeviceClassifier device_classifier = 13;
-}
-
-// Response indicating whether a device enrollment completed successfully.
-message FinishEnrollmentResponse {
-  // Status should be OK if the request was successful.
-  optional string status = 1;
-
-  // A detailed error message if there was a failure.
-  optional string error_message = 2;
-}
-
-// Device info uploaded during enrollment.
-message GcmDeviceInfo {
-  // This field's name does not match the one in DeviceInfo for legacy reasons.
-  // Consider using long_device_id and device_type instead when enrolling
-  // non-android devices.
-  optional fixed64 android_device_id = 1;
-
-  // Used for device_address of DeviceInfo field 2, but for GCM capable devices.
-  optional bytes gcm_registration_id = 102;
-
-  // Used for device_address of DeviceInfo field 2, but for iOS devices.
-  optional bytes apn_registration_id = 202;
-
-  // Has the user enabled the associated apn_registration_id for notifications.
-  optional bool apn_notification_enabled = 203 [default = false];
-
-  // Used for device_address of DeviceInfo field 2, a Bluetooth Mac address for
-  // the device (e.g., to be used with EasyUnlock).
-  optional string bluetooth_mac_address = 302;
-
-  // SHA-256 hash of the device master key (from the key exchange).
-  // Differs from DeviceInfo field 3, which contains the actual master key.
-  optional bytes device_master_key_hash = 103;
-
-  // A SecureMessage.EcP256PublicKey.
-  required bytes user_public_key = 4;
-
-  // device's model name
-  // (e.g., an android.os.Build.MODEL or UIDevice.model).
-  optional string device_model = 7;
-
-  // device's locale
-  optional string locale = 8;
-
-  // The handle for user_public_key (and implicitly, a master key).
-  optional bytes key_handle = 9;
-
-  // The initial counter value for the device, sent by the device.
-  optional int64 counter = 12 [default = 0];
-
-  // The Operating System version on the device
-  // (e.g., an android.os.Build.DISPLAY or UIDevice.systemVersion).
-  optional string device_os_version = 13;
-
-  // The Operating System version number on the device
-  // (e.g., an android.os.Build.VERSION.SDK_INT).
-  optional int64 device_os_version_code = 14;
-
-  // The Operating System release on the device
-  // (e.g., an android.os.Build.VERSION.RELEASE).
-  optional string device_os_release = 15;
-
-  // The Operating System codename on the device
-  // (e.g., an android.os.Build.VERSION.CODENAME or UIDevice.systemName).
-  optional string device_os_codename = 16;
-
-  // The software version running on the device
-  // (e.g., Authenticator app version string).
-  optional string device_software_version = 17;
-
-  // The software version number running on the device
-  // (e.g., Authenticator app version code).
-  optional int64 device_software_version_code = 18;
-
-  // Software package information if applicable
-  // (e.g., com.google.android.apps.authenticator2).
-  optional string device_software_package = 19;
-
-  // Size of the display in thousandths of an inch (e.g., 7000 mils = 7 in).
-  optional int32 device_display_diagonal_mils = 22;
-
-  // For Authzen capable devices, their Authzen protocol version.
-  optional int32 device_authzen_version = 24;
-
-  // Not all devices have device identifiers that fit in 64 bits.
-  optional bytes long_device_id = 29;
-
-  // The device manufacturer name
-  // (e.g., android.os.Build.MANUFACTURER).
-  optional string device_manufacturer = 31;
-
-  // Used to indicate which type of device this is.
-  optional DeviceType device_type = 32 [default = ANDROIDOS];
-
-  // Fields corresponding to screenlock type/features and hardware features
-  // should be numbered in the 400 range.
-
-  // Is this device using  a secure screenlock (e.g., pattern or pin unlock).
-  optional bool using_secure_screenlock = 400 [default = false];
-
-  // Is auto-unlocking the screenlock (e.g., when at "home") supported?
-  optional bool auto_unlock_screenlock_supported = 401 [default = false];
-
-  // Is auto-unlocking the screenlock (e.g., when at "home") enabled?
-  optional bool auto_unlock_screenlock_enabled = 402 [default = false];
-
-  // Does the device have a Bluetooth (classic) radio?
-  optional bool bluetooth_radio_supported = 403 [default = false];
-
-  // Is the Bluetooth (classic) radio on?
-  optional bool bluetooth_radio_enabled = 404 [default = false];
-
-  // The enrollment session id this is sent with.
-  optional bytes enrollment_session_id = 1000;
-
-  // A copy of the user's OAuth token.
-  optional string oauth_token = 1001;
-}
-
-message GcmMetadata {
-  required MessageType type = 1;
-  optional int32 version = 2 [default = 0];
-}
-
-// Request for a listing of a user's own devices.
-message GetMyDevicesRequest {
-  // Return only devices that can act as EasyUnlock keys.
-  optional bool approved_for_unlock_required = 2;
-
-  // Allow the returned list to be somewhat out of date (read will be faster).
-  optional bool allow_stale_read = 3 [default = false];
-
-  // An integer encoding the reason this request was invoked (triggered).
-  // See InvocationReason enum for definitions.
-  optional int32 invocation_reason = 4 [default = 0];
-
-  // How many retries of this operation have happened thus far.
-  optional int32 retry_count = 5 [default = 0];
-
-  // Information about the requesting device and its platform.
-  optional DeviceClassifier device_classifier = 6;
-}
-
-// Response containing a listing of the users devices.
-message GetMyDevicesResponse {
-  // A listing of all sync-able devices.
-  repeated ExternalDeviceInfo devices = 1;
-}
-
-// A device that the server thinks is not eligible to be an unlock key, and the
-// reason for this.
-message IneligibleDevice {
-  // The device that is not eligible to be an unlock key.
-  optional ExternalDeviceInfo device = 1;
-
-  // The reasons why the server thinks it is not an unlock key. NOTE: for now,
-  // this list of reasons will contain exactly one element. It is a repeated
-  // field because, in principle, there can be more than one reason that makes a
-  // device not eligible to be an unlock key, and we want to be able to add
-  // multiple reasons in the future.
-  repeated string reasons = 2;
-}
-
-// A list of "reasons" that can be provided for calling server-side APIs.
-// This is particularly important for calls that can be triggered by different
-// kinds of events.
-// NOTE: Added INVOCATION_* prefix to enum names due to name conflict with
-// preprocessor MACRO on Windows.
-enum InvocationReason {
-  INVOCATION_REASON_UNKNOWN = 0;
-  // First run of the software package invoking this call.
-  INVOCATION_REASON_INITIALIZATION = 1;
-  // Ordinary periodic actions (e.g. monthly master key rotation).
-  INVOCATION_REASON_PERIODIC = 2;
-  // Slow-cycle periodic action (e.g. yearly keypair rotation???).
-  INVOCATION_REASON_SLOW_PERIODIC = 3;
-  // Fast-cycle periodic action (e.g. daily sync for Smart Lock users).
-  INVOCATION_REASON_FAST_PERIODIC = 4;
-  // Expired state (e.g. expired credentials, or cached entries) was detected.
-  INVOCATION_REASON_EXPIRATION = 5;
-  // An unexpected protocol failure occurred (so attempting to repair state).
-  INVOCATION_REASON_FAILURE_RECOVERY = 6;
-  // A new account has been added to the device.
-  INVOCATION_REASON_NEW_ACCOUNT = 7;
-  // An existing account on the device has been changed.
-  INVOCATION_REASON_CHANGED_ACCOUNT = 8;
-  // The user toggled the state of a feature (e.g. Smart Lock enabled via BT).
-  INVOCATION_REASON_FEATURE_TOGGLED = 9;
-  // A "push" from the server caused this action (e.g. a sync tickle).
-  INVOCATION_REASON_SERVER_INITIATED = 10;
-  // A local address change triggered this (e.g. GCM registration id changed).
-  INVOCATION_REASON_ADDRESS_CHANGE = 11;
-  // A software update has triggered this.
-  INVOCATION_REASON_SOFTWARE_UPDATE = 12;
-  // A manual action by the user triggered this (e.g. commands sent via adb).
-  INVOCATION_REASON_MANUAL = 13;
-}
-
-// Note: This is the same enum as securegcm.Type in securegcm.proto in the
-// server definitions. Renamed for clarity here.
-enum MessageType {
-  ENROLLMENT = 0;
-  TICKLE = 1;
-  TX_REQUEST = 2;
-  TX_REPLY = 3;
-  TX_SYNC_REQUEST = 4;
-  TX_SYNC_RESPONSE = 5;
-  TX_PING = 6;
-  DEVICE_INFO_UPDATE = 7;
-  TX_CANCEL_REQUEST = 8;
-  PROXIMITYAUTH_PAIRING = 10;
-  GCMV1_IDENTITY_ASSERTION = 11;
-
-  // Device-to-device communications are protected by an unauthenticated
-  // Diffie-Hellman exchange. The InitiatorHello message is simply the
-  // initiator's public DH key, and is not encoded as a SecureMessage, so
-  // it doesn't have a tag.
-  // The ResponderHello message (which is sent by the responder
-  // to the initiator), on the other hand, carries a payload that is protected
-  // by the derived shared key. It also contains the responder's
-  // public DH key. ResponderHelloAndPayload messages have the
-  // DEVICE_TO_DEVICE_RESPONDER_HELLO tag.
-  DEVICE_TO_DEVICE_RESPONDER_HELLO_PAYLOAD = 12;
-
-  // Device-to-device communications are protected by an unauthenticated
-  // Diffie-Hellman exchange. Once the initiator and responder
-  // agree on a shared key (through Diffie-Hellman), they will use messages
-  // tagged with DEVICE_TO_DEVICE_MESSAGE to exchange data.
-  DEVICE_TO_DEVICE_MESSAGE = 13;
-
-  // Notification to let a device know it should contact a nearby device.
-  DEVICE_PROXIMITY_CALLBACK = 14;
-
-  // Device-to-device communications are protected by an unauthenticated
-  // Diffie-Hellman exchange. During device-to-device authentication, the first
-  // message from initiator (the challenge) is signed and put into the payload
-  // of the message sent back to the initiator.
-  UNLOCK_KEY_SIGNED_CHALLENGE = 15;
-}
-
-// GCM tickles related to registration management.
-enum RegistrationTickleType {
-  UNKNOWN_REGISTRATION_TICKLE_TYPE = 0;
-
-  // Force a re-enrollment with the server.
-  FORCE_ENROLLMENT = 1;
-
-  // Update enrollment information with the server. This could either be an
-  // authzen re-enrollment or a SyncTx.
-  UPDATE_ENROLLMENT = 2;
-
-  // Devices that receive this should sync the user's list of devices.
-  DEVICES_SYNC = 3;
-}
-
-// Requests to send a "tickle" requesting to sync all of a user's devices now
-message SendDeviceSyncTickleRequest {
-  // The type of tickle. *_ENROLLMENT tickles will only be sent to
-  // android devices. DEVICES_SYNC will be sent to chromebooks and android
-  // devices. UNKNOWN_TICKLE_TYPE or absent will be treated as
-  // UPDATE_ENROLLMENT.
-  // This field will also determine GCM parameters, such as
-  // TTL and collapse token.
-  optional RegistrationTickleType tickle_type = 3;
-
-  // Information about the requesting device and its platform.
-  optional DeviceClassifier device_classifier = 4;
-}
-
-message SendDeviceSyncTickleResponse {
-  // empty for now.
-}
-
-// Contains information needed to begin a device enrollment.
-message SetupEnrollmentInfo {
-  // Type of protocol this setup information was requested for.
-  optional string type = 1;
-
-  // A session identifier to be used for this enrollment session.
-  optional bytes enrollment_session_id = 2;
-
-  // A Diffie-Hellman public key used to perform a key exchange during
-  // enrollment.
-  optional bytes server_ephemeral_key = 3;
-}
-
-// Requests information needed to begin a device enrollment.
-message SetupEnrollmentRequest {
-  // Deprecated. See <code>application_id</code>.
-  optional string origin = 2;
-
-  // Type(s) of protocol supported by this enrolling device (e.g. "gcmV1").
-  repeated string types = 3;
-
-  // Indicates whether a legacy crypto suite must be used with this device.
-  optional bool use_legacy_crypto = 4;
-
-  // A URL describing which application facets this enrollment can be used (see
-  // http://go/appid).
-  optional string application_id = 5;
-
-  // An integer encoding the reason this enrollment was invoked (triggered).
-  // See InvocationReason enum for definitions.
-  optional int32 invocation_reason = 6 [default = 0];
-
-  // How many retries of this operation have happened thus far.
-  optional int32 retry_count = 7 [default = 0];
-
-  // Information about the requesting device and its platform.
-  optional DeviceClassifier device_classifier = 8;
-}
-
-// Contains information needed to begin a device enrollment.
-message SetupEnrollmentResponse {
-  // Should return OK if the request was well formed.
-  optional string status = 1;
-
-  // Information for each of the requested protocol <code>type</code>s.
-  repeated SetupEnrollmentInfo infos = 2;
-}
-
-// Used to enable or disable EasyUnlock features on a specified device, and also
-// causes other devices to sync the new EasyUnlock state.
-message ToggleEasyUnlockRequest {
-  // If true, Easy Unlock will be enabled for the device with public key equal
-  // to public_key. Otherwise, it will be disabled for that device.
-  optional bool enable = 1;
-
-  // Encoded public key of the device to enable/disable (here you must use the
-  // same exact encoding that was sent during device enrollment).
-  optional bytes public_key = 2;
-
-  // If true, EasyUnlock enabled state will be set to the value of "enable" for
-  // all of a user's devices. This is the same as calling the toggle RPC for
-  // every device. However, this removes the need for calling GetMyDevices, so
-  // it reduces network overhead. If this field is set "public_key" must not be
-  // set.  NOTE: the case enable=true is not yet supported, so this option can
-  // only disable EasyUnlock for all devices.
-  optional bool apply_to_all = 3;
-
-  // Information about the requesting device and its platform.
-  optional DeviceClassifier device_classifier = 4;
-}
-
-message ToggleEasyUnlockResponse {
-  // empty for now.
-}