| Index: components/proximity_auth/cryptauth/proto/cryptauth_api.proto
|
| diff --git a/components/proximity_auth/cryptauth/proto/cryptauth_api.proto b/components/proximity_auth/cryptauth/proto/cryptauth_api.proto
|
| deleted file mode 100644
|
| index 301355f0dc5089ecd56f73437b6404a2c97731a3..0000000000000000000000000000000000000000
|
| --- a/components/proximity_auth/cryptauth/proto/cryptauth_api.proto
|
| +++ /dev/null
|
| @@ -1,485 +0,0 @@
|
| -// Copyright 2014 The Chromium Authors. All rights reserved.
|
| -// Use of this source code is governed by a BSD-style license that can be
|
| -// found in the LICENSE file.
|
| -
|
| -// Definitions for CryptAuth API calls. Do not edit unless transcribing
|
| -// from server definitions.
|
| -syntax = "proto2";
|
| -
|
| -package cryptauth;
|
| -
|
| -option optimize_for = LITE_RUNTIME;
|
| -
|
| -// Basic device information used to classify the source of a request.
|
| -message DeviceClassifier {
|
| - // The Operating System version number on the device.
|
| - // (e.g., an android.os.Build.VERSION.SDK_INT)
|
| - optional int64 device_os_version_code = 14;
|
| -
|
| - // The software version number running on the device
|
| - // (e.g., GmsCore version code).
|
| - optional int64 device_software_version_code = 18;
|
| -
|
| - // Software package information if applicable
|
| - // (e.g., com.google.android.apps.authenticator2).
|
| - optional string device_software_package = 19;
|
| -
|
| - // Device type/platform.
|
| - optional DeviceType device_type = 32 [default = UNKNOWN];
|
| -}
|
| -
|
| -enum DeviceType {
|
| - UNKNOWN = 0;
|
| - ANDROIDOS = 1;
|
| - CHROME = 2;
|
| - IOS = 3;
|
| - BROWSER = 4;
|
| -}
|
| -
|
| -// Device information provided to external clients that need to sync device
|
| -// state.
|
| -message ExternalDeviceInfo {
|
| - // A cryptographic public key associated with the device.
|
| - optional bytes public_key = 1;
|
| -
|
| - // A user friendly (human readable) name for this device.
|
| - optional string friendly_device_name = 2;
|
| -
|
| - // If available, the device's bluetooth MAC address.
|
| - optional string bluetooth_address = 3;
|
| -
|
| - // Whether or not this device can be used as an unlock key.
|
| - optional bool unlock_key = 4;
|
| -
|
| - // Whether or not this device can be unlocked.
|
| - optional bool unlockable = 5;
|
| -}
|
| -
|
| -// Determine if the calling device is allowed to promote the SmartLock
|
| -// feature to the user and contact the user's authzen enrolled devices to make
|
| -// them update their enrollments and to check if they're reachable (we don't
|
| -// want to show a promotional popup if the user has no reachable devices).
|
| -message FindEligibleForPromotionRequest {
|
| - // The public key of the device that is asking us whether it should show
|
| - // promotional material. Required.
|
| - optional bytes promoter_public_key = 2;
|
| -
|
| - // Information about the requesting device and its platform.
|
| - optional DeviceClassifier device_classifier = 3;
|
| -}
|
| -
|
| -// Contains the authzen transaction id that the caller can use to check if
|
| -// there are reachable devices.
|
| -message FindEligibleForPromotionResponse {
|
| - // Whether the caller is allowed to show promotional material.
|
| - optional bool may_show_promo = 1;
|
| -}
|
| -
|
| -// Request for a list of devices that could be used as Unlock Keys, optionally
|
| -// requesting a callback over bluetooth (for proximity detection).
|
| -message FindEligibleUnlockDevicesRequest {
|
| - // A bluetooth MAC address to be contacted if a device that may be eligible
|
| - // for unlock is nearby. If set, a message will be pushed to all eligible
|
| - // unlock devices requesting that they contact the specified MAC address. If
|
| - // this field is left unset, no callback will be made, and no message will be
|
| - // pushed to the user's devices.
|
| - optional string callback_bluetooth_address = 2;
|
| -
|
| - // During setup, we call find and sendDeviceSyncTickle. If no devices are
|
| - // found, we call find again, in hopes that the tickle caused a state
|
| - // change that made some device eligible. This is the count for these
|
| - // retries (in practice, this will always be 0 or 1).
|
| - // Should always be set.
|
| - optional int32 retry_count = 3;
|
| -
|
| - // If present and positive, the devices must have been updated within this
|
| - // many milliseconds of the RPC in order to be considered eligible.
|
| - optional int64 max_last_update_time_delta_millis = 4;
|
| -
|
| - // If true, we will not examine the push connectivity status of devices
|
| - // when determining eligibility.
|
| - optional bool offline_allowed = 5 [default = false];
|
| -
|
| - // Information about the requesting device and its platform.
|
| - optional DeviceClassifier device_classifier = 6;
|
| -}
|
| -
|
| -// Response containing a list of devices that could be made Unlock Keys
|
| -message FindEligibleUnlockDevicesResponse {
|
| - // Devices that could be made Unlock Keys (even if they aren't enabled yet)
|
| - repeated ExternalDeviceInfo eligible_devices = 1;
|
| -
|
| - // Devices that cannot be made unlock keys, and reasons for this. This list
|
| - // will not contain any non-gms core devices, even though these are also not
|
| - // eligible to be unlock keys.
|
| - repeated IneligibleDevice ineligible_devices = 2;
|
| -}
|
| -
|
| -// Request to complete a device enrollment.
|
| -message FinishEnrollmentRequest {
|
| - // The enrollment session identifer from the <code>setup</code> response.
|
| - optional bytes enrollment_session_id = 2;
|
| -
|
| - // An encrypted payload containing enrollment information for the device.
|
| - optional bytes enrollment_message = 3;
|
| -
|
| - // A Diffie-Hellman public key for the device, to complete the key exchange.
|
| - optional bytes device_ephemeral_key = 4;
|
| -
|
| - // An integer encoding the reason this enrollment was invoked (triggered).
|
| - // See InvocationReason enum for definitions.
|
| - optional int32 invocation_reason = 11 [default = 0];
|
| -
|
| - // How many retries of this operation have happened thus far.
|
| - optional int32 retry_count = 12 [default = 0];
|
| -
|
| - // Information about the requesting device and its platform.
|
| - optional DeviceClassifier device_classifier = 13;
|
| -}
|
| -
|
| -// Response indicating whether a device enrollment completed successfully.
|
| -message FinishEnrollmentResponse {
|
| - // Status should be OK if the request was successful.
|
| - optional string status = 1;
|
| -
|
| - // A detailed error message if there was a failure.
|
| - optional string error_message = 2;
|
| -}
|
| -
|
| -// Device info uploaded during enrollment.
|
| -message GcmDeviceInfo {
|
| - // This field's name does not match the one in DeviceInfo for legacy reasons.
|
| - // Consider using long_device_id and device_type instead when enrolling
|
| - // non-android devices.
|
| - optional fixed64 android_device_id = 1;
|
| -
|
| - // Used for device_address of DeviceInfo field 2, but for GCM capable devices.
|
| - optional bytes gcm_registration_id = 102;
|
| -
|
| - // Used for device_address of DeviceInfo field 2, but for iOS devices.
|
| - optional bytes apn_registration_id = 202;
|
| -
|
| - // Has the user enabled the associated apn_registration_id for notifications.
|
| - optional bool apn_notification_enabled = 203 [default = false];
|
| -
|
| - // Used for device_address of DeviceInfo field 2, a Bluetooth Mac address for
|
| - // the device (e.g., to be used with EasyUnlock).
|
| - optional string bluetooth_mac_address = 302;
|
| -
|
| - // SHA-256 hash of the device master key (from the key exchange).
|
| - // Differs from DeviceInfo field 3, which contains the actual master key.
|
| - optional bytes device_master_key_hash = 103;
|
| -
|
| - // A SecureMessage.EcP256PublicKey.
|
| - required bytes user_public_key = 4;
|
| -
|
| - // device's model name
|
| - // (e.g., an android.os.Build.MODEL or UIDevice.model).
|
| - optional string device_model = 7;
|
| -
|
| - // device's locale
|
| - optional string locale = 8;
|
| -
|
| - // The handle for user_public_key (and implicitly, a master key).
|
| - optional bytes key_handle = 9;
|
| -
|
| - // The initial counter value for the device, sent by the device.
|
| - optional int64 counter = 12 [default = 0];
|
| -
|
| - // The Operating System version on the device
|
| - // (e.g., an android.os.Build.DISPLAY or UIDevice.systemVersion).
|
| - optional string device_os_version = 13;
|
| -
|
| - // The Operating System version number on the device
|
| - // (e.g., an android.os.Build.VERSION.SDK_INT).
|
| - optional int64 device_os_version_code = 14;
|
| -
|
| - // The Operating System release on the device
|
| - // (e.g., an android.os.Build.VERSION.RELEASE).
|
| - optional string device_os_release = 15;
|
| -
|
| - // The Operating System codename on the device
|
| - // (e.g., an android.os.Build.VERSION.CODENAME or UIDevice.systemName).
|
| - optional string device_os_codename = 16;
|
| -
|
| - // The software version running on the device
|
| - // (e.g., Authenticator app version string).
|
| - optional string device_software_version = 17;
|
| -
|
| - // The software version number running on the device
|
| - // (e.g., Authenticator app version code).
|
| - optional int64 device_software_version_code = 18;
|
| -
|
| - // Software package information if applicable
|
| - // (e.g., com.google.android.apps.authenticator2).
|
| - optional string device_software_package = 19;
|
| -
|
| - // Size of the display in thousandths of an inch (e.g., 7000 mils = 7 in).
|
| - optional int32 device_display_diagonal_mils = 22;
|
| -
|
| - // For Authzen capable devices, their Authzen protocol version.
|
| - optional int32 device_authzen_version = 24;
|
| -
|
| - // Not all devices have device identifiers that fit in 64 bits.
|
| - optional bytes long_device_id = 29;
|
| -
|
| - // The device manufacturer name
|
| - // (e.g., android.os.Build.MANUFACTURER).
|
| - optional string device_manufacturer = 31;
|
| -
|
| - // Used to indicate which type of device this is.
|
| - optional DeviceType device_type = 32 [default = ANDROIDOS];
|
| -
|
| - // Fields corresponding to screenlock type/features and hardware features
|
| - // should be numbered in the 400 range.
|
| -
|
| - // Is this device using a secure screenlock (e.g., pattern or pin unlock).
|
| - optional bool using_secure_screenlock = 400 [default = false];
|
| -
|
| - // Is auto-unlocking the screenlock (e.g., when at "home") supported?
|
| - optional bool auto_unlock_screenlock_supported = 401 [default = false];
|
| -
|
| - // Is auto-unlocking the screenlock (e.g., when at "home") enabled?
|
| - optional bool auto_unlock_screenlock_enabled = 402 [default = false];
|
| -
|
| - // Does the device have a Bluetooth (classic) radio?
|
| - optional bool bluetooth_radio_supported = 403 [default = false];
|
| -
|
| - // Is the Bluetooth (classic) radio on?
|
| - optional bool bluetooth_radio_enabled = 404 [default = false];
|
| -
|
| - // The enrollment session id this is sent with.
|
| - optional bytes enrollment_session_id = 1000;
|
| -
|
| - // A copy of the user's OAuth token.
|
| - optional string oauth_token = 1001;
|
| -}
|
| -
|
| -message GcmMetadata {
|
| - required MessageType type = 1;
|
| - optional int32 version = 2 [default = 0];
|
| -}
|
| -
|
| -// Request for a listing of a user's own devices.
|
| -message GetMyDevicesRequest {
|
| - // Return only devices that can act as EasyUnlock keys.
|
| - optional bool approved_for_unlock_required = 2;
|
| -
|
| - // Allow the returned list to be somewhat out of date (read will be faster).
|
| - optional bool allow_stale_read = 3 [default = false];
|
| -
|
| - // An integer encoding the reason this request was invoked (triggered).
|
| - // See InvocationReason enum for definitions.
|
| - optional int32 invocation_reason = 4 [default = 0];
|
| -
|
| - // How many retries of this operation have happened thus far.
|
| - optional int32 retry_count = 5 [default = 0];
|
| -
|
| - // Information about the requesting device and its platform.
|
| - optional DeviceClassifier device_classifier = 6;
|
| -}
|
| -
|
| -// Response containing a listing of the users devices.
|
| -message GetMyDevicesResponse {
|
| - // A listing of all sync-able devices.
|
| - repeated ExternalDeviceInfo devices = 1;
|
| -}
|
| -
|
| -// A device that the server thinks is not eligible to be an unlock key, and the
|
| -// reason for this.
|
| -message IneligibleDevice {
|
| - // The device that is not eligible to be an unlock key.
|
| - optional ExternalDeviceInfo device = 1;
|
| -
|
| - // The reasons why the server thinks it is not an unlock key. NOTE: for now,
|
| - // this list of reasons will contain exactly one element. It is a repeated
|
| - // field because, in principle, there can be more than one reason that makes a
|
| - // device not eligible to be an unlock key, and we want to be able to add
|
| - // multiple reasons in the future.
|
| - repeated string reasons = 2;
|
| -}
|
| -
|
| -// A list of "reasons" that can be provided for calling server-side APIs.
|
| -// This is particularly important for calls that can be triggered by different
|
| -// kinds of events.
|
| -// NOTE: Added INVOCATION_* prefix to enum names due to name conflict with
|
| -// preprocessor MACRO on Windows.
|
| -enum InvocationReason {
|
| - INVOCATION_REASON_UNKNOWN = 0;
|
| - // First run of the software package invoking this call.
|
| - INVOCATION_REASON_INITIALIZATION = 1;
|
| - // Ordinary periodic actions (e.g. monthly master key rotation).
|
| - INVOCATION_REASON_PERIODIC = 2;
|
| - // Slow-cycle periodic action (e.g. yearly keypair rotation???).
|
| - INVOCATION_REASON_SLOW_PERIODIC = 3;
|
| - // Fast-cycle periodic action (e.g. daily sync for Smart Lock users).
|
| - INVOCATION_REASON_FAST_PERIODIC = 4;
|
| - // Expired state (e.g. expired credentials, or cached entries) was detected.
|
| - INVOCATION_REASON_EXPIRATION = 5;
|
| - // An unexpected protocol failure occurred (so attempting to repair state).
|
| - INVOCATION_REASON_FAILURE_RECOVERY = 6;
|
| - // A new account has been added to the device.
|
| - INVOCATION_REASON_NEW_ACCOUNT = 7;
|
| - // An existing account on the device has been changed.
|
| - INVOCATION_REASON_CHANGED_ACCOUNT = 8;
|
| - // The user toggled the state of a feature (e.g. Smart Lock enabled via BT).
|
| - INVOCATION_REASON_FEATURE_TOGGLED = 9;
|
| - // A "push" from the server caused this action (e.g. a sync tickle).
|
| - INVOCATION_REASON_SERVER_INITIATED = 10;
|
| - // A local address change triggered this (e.g. GCM registration id changed).
|
| - INVOCATION_REASON_ADDRESS_CHANGE = 11;
|
| - // A software update has triggered this.
|
| - INVOCATION_REASON_SOFTWARE_UPDATE = 12;
|
| - // A manual action by the user triggered this (e.g. commands sent via adb).
|
| - INVOCATION_REASON_MANUAL = 13;
|
| -}
|
| -
|
| -// Note: This is the same enum as securegcm.Type in securegcm.proto in the
|
| -// server definitions. Renamed for clarity here.
|
| -enum MessageType {
|
| - ENROLLMENT = 0;
|
| - TICKLE = 1;
|
| - TX_REQUEST = 2;
|
| - TX_REPLY = 3;
|
| - TX_SYNC_REQUEST = 4;
|
| - TX_SYNC_RESPONSE = 5;
|
| - TX_PING = 6;
|
| - DEVICE_INFO_UPDATE = 7;
|
| - TX_CANCEL_REQUEST = 8;
|
| - PROXIMITYAUTH_PAIRING = 10;
|
| - GCMV1_IDENTITY_ASSERTION = 11;
|
| -
|
| - // Device-to-device communications are protected by an unauthenticated
|
| - // Diffie-Hellman exchange. The InitiatorHello message is simply the
|
| - // initiator's public DH key, and is not encoded as a SecureMessage, so
|
| - // it doesn't have a tag.
|
| - // The ResponderHello message (which is sent by the responder
|
| - // to the initiator), on the other hand, carries a payload that is protected
|
| - // by the derived shared key. It also contains the responder's
|
| - // public DH key. ResponderHelloAndPayload messages have the
|
| - // DEVICE_TO_DEVICE_RESPONDER_HELLO tag.
|
| - DEVICE_TO_DEVICE_RESPONDER_HELLO_PAYLOAD = 12;
|
| -
|
| - // Device-to-device communications are protected by an unauthenticated
|
| - // Diffie-Hellman exchange. Once the initiator and responder
|
| - // agree on a shared key (through Diffie-Hellman), they will use messages
|
| - // tagged with DEVICE_TO_DEVICE_MESSAGE to exchange data.
|
| - DEVICE_TO_DEVICE_MESSAGE = 13;
|
| -
|
| - // Notification to let a device know it should contact a nearby device.
|
| - DEVICE_PROXIMITY_CALLBACK = 14;
|
| -
|
| - // Device-to-device communications are protected by an unauthenticated
|
| - // Diffie-Hellman exchange. During device-to-device authentication, the first
|
| - // message from initiator (the challenge) is signed and put into the payload
|
| - // of the message sent back to the initiator.
|
| - UNLOCK_KEY_SIGNED_CHALLENGE = 15;
|
| -}
|
| -
|
| -// GCM tickles related to registration management.
|
| -enum RegistrationTickleType {
|
| - UNKNOWN_REGISTRATION_TICKLE_TYPE = 0;
|
| -
|
| - // Force a re-enrollment with the server.
|
| - FORCE_ENROLLMENT = 1;
|
| -
|
| - // Update enrollment information with the server. This could either be an
|
| - // authzen re-enrollment or a SyncTx.
|
| - UPDATE_ENROLLMENT = 2;
|
| -
|
| - // Devices that receive this should sync the user's list of devices.
|
| - DEVICES_SYNC = 3;
|
| -}
|
| -
|
| -// Requests to send a "tickle" requesting to sync all of a user's devices now
|
| -message SendDeviceSyncTickleRequest {
|
| - // The type of tickle. *_ENROLLMENT tickles will only be sent to
|
| - // android devices. DEVICES_SYNC will be sent to chromebooks and android
|
| - // devices. UNKNOWN_TICKLE_TYPE or absent will be treated as
|
| - // UPDATE_ENROLLMENT.
|
| - // This field will also determine GCM parameters, such as
|
| - // TTL and collapse token.
|
| - optional RegistrationTickleType tickle_type = 3;
|
| -
|
| - // Information about the requesting device and its platform.
|
| - optional DeviceClassifier device_classifier = 4;
|
| -}
|
| -
|
| -message SendDeviceSyncTickleResponse {
|
| - // empty for now.
|
| -}
|
| -
|
| -// Contains information needed to begin a device enrollment.
|
| -message SetupEnrollmentInfo {
|
| - // Type of protocol this setup information was requested for.
|
| - optional string type = 1;
|
| -
|
| - // A session identifier to be used for this enrollment session.
|
| - optional bytes enrollment_session_id = 2;
|
| -
|
| - // A Diffie-Hellman public key used to perform a key exchange during
|
| - // enrollment.
|
| - optional bytes server_ephemeral_key = 3;
|
| -}
|
| -
|
| -// Requests information needed to begin a device enrollment.
|
| -message SetupEnrollmentRequest {
|
| - // Deprecated. See <code>application_id</code>.
|
| - optional string origin = 2;
|
| -
|
| - // Type(s) of protocol supported by this enrolling device (e.g. "gcmV1").
|
| - repeated string types = 3;
|
| -
|
| - // Indicates whether a legacy crypto suite must be used with this device.
|
| - optional bool use_legacy_crypto = 4;
|
| -
|
| - // A URL describing which application facets this enrollment can be used (see
|
| - // http://go/appid).
|
| - optional string application_id = 5;
|
| -
|
| - // An integer encoding the reason this enrollment was invoked (triggered).
|
| - // See InvocationReason enum for definitions.
|
| - optional int32 invocation_reason = 6 [default = 0];
|
| -
|
| - // How many retries of this operation have happened thus far.
|
| - optional int32 retry_count = 7 [default = 0];
|
| -
|
| - // Information about the requesting device and its platform.
|
| - optional DeviceClassifier device_classifier = 8;
|
| -}
|
| -
|
| -// Contains information needed to begin a device enrollment.
|
| -message SetupEnrollmentResponse {
|
| - // Should return OK if the request was well formed.
|
| - optional string status = 1;
|
| -
|
| - // Information for each of the requested protocol <code>type</code>s.
|
| - repeated SetupEnrollmentInfo infos = 2;
|
| -}
|
| -
|
| -// Used to enable or disable EasyUnlock features on a specified device, and also
|
| -// causes other devices to sync the new EasyUnlock state.
|
| -message ToggleEasyUnlockRequest {
|
| - // If true, Easy Unlock will be enabled for the device with public key equal
|
| - // to public_key. Otherwise, it will be disabled for that device.
|
| - optional bool enable = 1;
|
| -
|
| - // Encoded public key of the device to enable/disable (here you must use the
|
| - // same exact encoding that was sent during device enrollment).
|
| - optional bytes public_key = 2;
|
| -
|
| - // If true, EasyUnlock enabled state will be set to the value of "enable" for
|
| - // all of a user's devices. This is the same as calling the toggle RPC for
|
| - // every device. However, this removes the need for calling GetMyDevices, so
|
| - // it reduces network overhead. If this field is set "public_key" must not be
|
| - // set. NOTE: the case enable=true is not yet supported, so this option can
|
| - // only disable EasyUnlock for all devices.
|
| - optional bool apply_to_all = 3;
|
| -
|
| - // Information about the requesting device and its platform.
|
| - optional DeviceClassifier device_classifier = 4;
|
| -}
|
| -
|
| -message ToggleEasyUnlockResponse {
|
| - // empty for now.
|
| -}
|
|
|
Chromium Code Reviews
Issue 2502343003:
Moved //components/proximity_auth/cryptauth to //components/cryptauth. (Closed)
