1/* Copyright 2018 Google LLC
2 *
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     https://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15syntax = "proto2";
16
17package securegcm;
18
19option java_package = "com.google.security.cryptauth.lib.securegcm";
20option java_outer_classname = "SecureGcmProto";
21option objc_class_prefix = "SGCM";
22
23// Message used only during enrollment
24// Field numbers should be kept in sync with DeviceInfo in:
25//   java/com/google/security/cryptauth/backend/services/common/common.proto
26message GcmDeviceInfo {
27  // This field's name does not match the one in DeviceInfo for legacy reasons.
28  // Consider using long_device_id and device_type instead when enrolling
29  // non-android devices.
30  optional fixed64 android_device_id = 1;
31
32  // Used for device_address of DeviceInfo field 2, but for GCM capable devices.
33  optional bytes gcm_registration_id = 102;
34
35  // Used for device_address of DeviceInfo field 2, but for iOS devices.
36  optional bytes apn_registration_id = 202;
37
38  // Does the user have notifications enabled for the given device address.
39  optional bool notification_enabled = 203 [ default = true ];
40
41  // Used for device_address of DeviceInfo field 2, a Bluetooth Mac address for
42  // the device (e.g., to be used with EasyUnlock)
43  optional string bluetooth_mac_address = 302;
44
45  // SHA-256 hash of the device master key (from the key exchange).
46  // Differs from DeviceInfo field 3, which contains the actual master key.
47  optional bytes device_master_key_hash = 103;
48
49  // A SecureMessage.EcP256PublicKey
50  required bytes user_public_key = 4;
51
52  // device's model name
53  // (e.g., an android.os.Build.MODEL or UIDevice.model)
54  optional string device_model = 7;
55
56  // device's locale
57  optional string locale = 8;
58
59  // The handle for user_public_key (and implicitly, a master key)
60  optional bytes key_handle = 9;
61
62  // The initial counter value for the device, sent by the device
63  optional int64 counter = 12 [default = 0];
64
65  // The Operating System version on the device
66  // (e.g., an android.os.Build.DISPLAY or UIDevice.systemVersion)
67  optional string device_os_version = 13;
68
69  // The Operating System version number on the device
70  // (e.g., an android.os.Build.VERSION.SDK_INT)
71  optional int64 device_os_version_code = 14;
72
73  // The Operating System release on the device
74  // (e.g., an android.os.Build.VERSION.RELEASE)
75  optional string device_os_release = 15;
76
77  // The Operating System codename on the device
78  // (e.g., an android.os.Build.VERSION.CODENAME or UIDevice.systemName)
79  optional string device_os_codename = 16;
80
81  // The software version running on the device
82  // (e.g., Authenticator app version string)
83  optional string device_software_version = 17;
84
85  // The software version number running on the device
86  // (e.g., Authenticator app version code)
87  optional int64 device_software_version_code = 18;
88
89  // Software package information if applicable
90  // (e.g., com.google.android.apps.authenticator2)
91  optional string device_software_package = 19;
92
93  // Size of the display in thousandths of an inch (e.g., 7000 mils = 7 in)
94  optional int32 device_display_diagonal_mils = 22;
95
96  // For Authzen capable devices, their Authzen protocol version
97  optional int32 device_authzen_version = 24;
98
99  // Not all devices have device identifiers that fit in 64 bits.
100  optional bytes long_device_id = 29;
101
102  // The device manufacturer name
103  // (e.g., android.os.Build.MANUFACTURER)
104  optional string device_manufacturer = 31;
105
106  // Used to indicate which type of device this is.
107  optional DeviceType device_type = 32 [ default = ANDROID ];
108
109  // Fields corresponding to screenlock type/features and hardware features
110  // should be numbered in the 400 range.
111
112  // Is this device using  a secure screenlock (e.g., pattern or pin unlock)
113  optional bool using_secure_screenlock = 400 [ default = false ];
114
115  // Is auto-unlocking the screenlock (e.g., when at "home") supported?
116  optional bool auto_unlock_screenlock_supported = 401 [ default = false ];
117
118  // Is auto-unlocking the screenlock (e.g., when at "home") enabled?
119  optional bool auto_unlock_screenlock_enabled = 402 [ default = false ];
120
121  // Does the device have a Bluetooth (classic) radio?
122  optional bool bluetooth_radio_supported = 403 [ default = false ];
123
124  // Is the Bluetooth (classic) radio on?
125  optional bool bluetooth_radio_enabled = 404 [ default = false ];
126
127  // Does the device hardware support a mobile data connection?
128  optional bool mobile_data_supported = 405 [ default = false ];
129
130  // Does the device support tethering?
131  optional bool tethering_supported = 406 [ default = false ];
132
133  // Does the device have a BLE radio?
134  optional bool ble_radio_supported = 407 [ default = false ];
135
136  // Is the device a "Pixel Experience" Android device?
137  optional bool pixel_experience = 408 [ default = false ];
138
139  // Is the device running in the ARC++ container on a chromebook?
140  optional bool arc_plus_plus = 409 [ default = false ];
141
142  // Is the value set in |using_secure_screenlock| reliable? On some Android
143  // devices, the platform API to get the screenlock state is not trustworthy.
144  // See b/32212161.
145  optional bool is_screenlock_state_flaky = 410 [ default = false ];
146
147  // A list of multi-device software features supported by the device.
148  repeated SoftwareFeature supported_software_features = 411;
149
150  // A list of multi-device software features currently enabled (active) on the
151  // device.
152  repeated SoftwareFeature enabled_software_features = 412;
153
154  // The enrollment session id this is sent with
155  optional bytes enrollment_session_id = 1000;
156
157  // A copy of the user's OAuth token
158  optional string oauth_token = 1001;
159}
160
161// This enum is used by iOS devices as values for device_display_diagonal_mils
162// in GcmDeviceInfo. There is no good way to calculate it on those devices.
163enum AppleDeviceDiagonalMils {
164  // This is the mils diagonal on an iPhone 5.
165  APPLE_PHONE = 4000;
166  // This is the mils diagonal on an iPad mini.
167  APPLE_PAD = 7900;
168}
169
170// This should be kept in sync with DeviceType in:
171// java/com/google/security/cryptauth/backend/services/common/common_enums.proto
172enum DeviceType {
173  UNKNOWN = 0;
174  ANDROID = 1;
175  CHROME = 2;
176  IOS = 3;
177  BROWSER = 4;
178  OSX = 5;
179}
180
181// MultiDevice features which may be supported and enabled on a device.
182enum SoftwareFeature {
183  UNKNOWN_FEATURE = 0;
184  BETTER_TOGETHER_HOST = 1;
185  BETTER_TOGETHER_CLIENT = 2;
186  EASY_UNLOCK_HOST = 3;
187  EASY_UNLOCK_CLIENT = 4;
188  MAGIC_TETHER_HOST = 5;
189  MAGIC_TETHER_CLIENT = 6;
190  SMS_CONNECT_HOST = 7;
191  SMS_CONNECT_CLIENT = 8;
192}
193
194// A list of "reasons" that can be provided for calling server-side APIs.
195// This is particularly important for calls that can be triggered by different
196// kinds of events. Please try to keep reasons as generic as possible, so that
197// codes can be re-used by various callers in a sensible fashion.
198enum InvocationReason {
199  REASON_UNKNOWN = 0;
200  // First run of the software package invoking this call
201  REASON_INITIALIZATION = 1;
202  // Ordinary periodic actions (e.g. monthly master key rotation)
203  REASON_PERIODIC = 2;
204  // Slow-cycle periodic action (e.g. yearly keypair rotation???)
205  REASON_SLOW_PERIODIC = 3;
206  // Fast-cycle periodic action (e.g. daily sync for Smart Lock users)
207  REASON_FAST_PERIODIC = 4;
208  // Expired state (e.g. expired credentials, or cached entries) was detected
209  REASON_EXPIRATION = 5;
210  // An unexpected protocol failure occurred (so attempting to repair state)
211  REASON_FAILURE_RECOVERY = 6;
212  // A new account has been added to the device
213  REASON_NEW_ACCOUNT = 7;
214  // An existing account on the device has been changed
215  REASON_CHANGED_ACCOUNT = 8;
216  // The user toggled the state of a feature (e.g. Smart Lock enabled via BT)
217  REASON_FEATURE_TOGGLED = 9;
218  // A "push" from the server caused this action (e.g. a sync tickle)
219  REASON_SERVER_INITIATED = 10;
220  // A local address change triggered this (e.g. GCM registration id changed)
221  REASON_ADDRESS_CHANGE = 11;
222  // A software update has triggered this
223  REASON_SOFTWARE_UPDATE = 12;
224  // A manual action by the user triggered this (e.g. commands sent via adb)
225  REASON_MANUAL = 13;
226  // A custom key has been invalidated on the device (e.g. screen lock is
227  // disabled).
228  REASON_CUSTOM_KEY_INVALIDATION = 14;
229  // Periodic action triggered by auth_proximity
230  REASON_PROXIMITY_PERIODIC = 15;
231}
232
233enum Type {
234  ENROLLMENT = 0;
235  TICKLE = 1;
236  TX_REQUEST = 2;
237  TX_REPLY = 3;
238  TX_SYNC_REQUEST = 4;
239  TX_SYNC_RESPONSE = 5;
240  TX_PING = 6;
241  DEVICE_INFO_UPDATE = 7;
242  TX_CANCEL_REQUEST = 8;
243
244  // DEPRECATED (can be re-used after Aug 2015)
245  PROXIMITYAUTH_PAIRING = 10;
246
247  // The kind of identity assertion generated by a "GCM V1" device (i.e.,
248  // an Android phone that has registered with us a public and a symmetric
249  // key)
250  GCMV1_IDENTITY_ASSERTION = 11;
251
252  // Device-to-device communications are protected by an unauthenticated
253  // Diffie-Hellman exchange. The InitiatorHello message is simply the
254  // initiator's public DH key, and is not encoded as a SecureMessage, so
255  // it doesn't have a tag.
256  // The ResponderHello message (which is sent by the responder
257  // to the initiator), on the other hand, carries a payload that is protected
258  // by the derived shared key. It also contains the responder's
259  // public DH key. ResponderHelloAndPayload messages have the
260  // DEVICE_TO_DEVICE_RESPONDER_HELLO tag.
261  DEVICE_TO_DEVICE_RESPONDER_HELLO_PAYLOAD = 12;
262
263  // Device-to-device communications are protected by an unauthenticated
264  // Diffie-Hellman exchange. Once the initiator and responder
265  // agree on a shared key (through Diffie-Hellman), they will use messages
266  // tagged with DEVICE_TO_DEVICE_MESSAGE to exchange data.
267  DEVICE_TO_DEVICE_MESSAGE = 13;
268
269  // Notification to let a device know it should contact a nearby device.
270  DEVICE_PROXIMITY_CALLBACK = 14;
271
272  // Device-to-device communications are protected by an unauthenticated
273  // Diffie-Hellman exchange. During device-to-device authentication, the first
274  // message from initiator (the challenge) is signed and put into the payload
275  // of the message sent back to the initiator.
276  UNLOCK_KEY_SIGNED_CHALLENGE = 15;
277
278  // Specialty (corp only) features
279  LOGIN_NOTIFICATION = 101;
280}
281
282message GcmMetadata {
283  required Type type = 1;
284  optional int32 version = 2 [default = 0];
285}
286
287message Tickle {
288  // Time after which this tickle should expire
289  optional fixed64 expiry_time = 1;
290}
291
292message LoginNotificationInfo {
293  // Time at which the server received the login notification request.
294  optional fixed64 creation_time = 2;
295
296  // Must correspond to user_id in LoginNotificationRequest, if set.
297  optional string email = 3;
298
299  // Host where the user's credentials were used to login, if meaningful.
300  optional string host = 4;
301
302  // Location from where the user's credentials were used, if meaningful.
303  optional string source = 5;
304
305  // Type of login, e.g. ssh, gnome-screensaver, or web.
306  optional string event_type = 6;
307}
308