// Copyright 2023 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Keep in sync with
// http://google3/google/internal/location/nearby/presence/v1/resources.proto
// Messages not used in Chrome have been omitted. Last copied at cl/428736503.
syntax = "proto3";
package ash.nearby.proto;
option optimize_for = LITE_RUNTIME;
import "chromeos/ash/components/nearby/common/proto/timestamp.proto";
// An enum type how trust is specified.
enum TrustType {
TRUST_TYPE_UNSPECIFIED = 0;
// The same user itself.
TRUST_TYPE_PRIVATE = 1;
// The user selects the contact from its contact list.
TRUST_TYPE_TRUSTED = 2;
}
enum IdentityType {
IDENTITY_TYPE_UNSPECIFIED = 0;
IDENTITY_TYPE_PRIVATE_GROUP = 1;
IDENTITY_TYPE_CONTACTS_GROUP = 2;
}
enum CredentialType {
CREDENTIAL_TYPE_UNKNOWN = 0;
CREDENTIAL_TYPE_DEVICE = 1;
CREDENTIAL_TYPE_GAIA = 2;
}
// The shared credential is derived from local credential, and distributed to
// remote devices based on the trust token for identity decryption and
// authentication.
// NEXT_ID=18
message SharedCredential {
// The randomly generated unique id of the shared credential.
int64 id = 1;
// 32 bytes of secure random bytes used to derive any symmetric keys needed.
bytes key_seed = 2;
// The time in millis from epoch when this credential becomes effective.
int64 start_time_millis = 3;
// The time in millis from epoch when this credential expires.
int64 end_time_millis = 4;
// The encrypted Metadata in bytes. Encrypted by the v0
// metadata_encryption_key.
bytes encrypted_metadata_bytes_v0 = 5;
// The tag for verifying metadata_encryption_key for a v0 advertisement.
bytes metadata_encryption_key_tag_v0 = 6;
// The public key is used to create a secure connection with the device.
bytes connection_signature_verification_key = 7;
// The public key is used to verify Advertisement Signature in BT5.0 (v1)
// specs.
bytes advertisement_signature_verification_key = 8;
// The trust type assigned to the credential. The credential is only
// accessible to contacts assigned with the same token. This field is only
// visible to the generating device and the server for distribution/provision
// purposes. Tokens are abstracted (with unnecessary details being removed)
// when returned to downloading devices.
IdentityType identity_type = 9;
// The version number of this SharedCredential, matches the corresponding
// protocol version.
bytes version = 10;
// The type assigned to the credential. The CredentialType is used to
// determine whether a device identity credential or account based identity
// credential is used for decryption.
CredentialType credential_type = 11;
// The encrypted Metadata in bytes. Encrypted by the v1
// metadata_encryption_key.
bytes encrypted_metadata_bytes_v1 = 12;
// The tag for verifying metadata_encryption_key for an unsigned V1 adv.
bytes identity_token_short_salt_adv_hmac_key_v1 = 13;
// The dusi of the device, for debugging purpose only.
// The server will fill this field ONLY IF the device group is in the debug
// group by the experiment flag: nearby_presence_chime_debug
string dusi = 14;
// Signature algorithm version. Used to determine which algorithm to use to
// verify incoming signatures.
string signature_version = 15;
// The HMAC of the plaintext identity token included (in encrypted form) in an
// unsigned, extended salt, V1 advertisement.
bytes identity_token_extended_salt_adv_hmac_key_v1 = 16;
// The HMAC of the plaintext identity token included (in encrypted form) in a
// signed V1 advertisement.
bytes identity_token_signed_adv_hmac_key_v1 = 17;
}
// A PublicCertificate contains a secret key used when recognizing another
// user's BLE advertisement and a public key used when establishing an encrypted
// connection.
//
// How a Certificate is distributed is determined by who is on a user's contact
// list. For example, if Will adds Ryan to his contact list, Ryan will have a
// ShareTarget with Will's Certificate attached to it.
// NextId=11
message PublicCertificate {
// The secret (symmetric) identifier used when identifying the ShareTarget's
// BLE advertisement.
bytes secret_id = 1;
// The secret (symmetric) key is used to decrypt the name field of the
// ShareTarget's BLE advertisement.
bytes secret_key = 2;
// The public key is used to create a secure connection with the ShareTarget.
bytes public_key = 3;
// The time that certificate validity begins.
Timestamp start_time = 4;
// The time that certificate validity ends.
Timestamp end_time = 5;
// The encrypted metadata in bytes, contains personal information of the
// device/user who created this certificate. Needs to be decrypted into bytes,
// and converted back to EncryptedMetadata object to access fields.
// Definition of this object see:
// location/nearby/presence/proto/contact_certificates.proto
bytes encrypted_metadata_bytes = 6;
// The tag for verifying metadata_encryption_key.
bytes metadata_encryption_key_tag = 7;
// The trust type, see the comments in the enum TrustType.
TrustType trust_type = 8;
}
// A member of a contact list. This is not inlined on the recommendation of
// http://go/apidosdonts##19-make-repeated-fields-messages-not-scalar-types
// NextId=3
message Contact {
// NextId=4
message Identifier {
oneof identifier {
string phone_number = 1;
string account_name = 2;
}
}
// Required. The identifier of a contact can be an obfuscated gaia id, a phone
// number, or an email account name.
Identifier identifier = 1;
// The trust type, see the comments in the enum TrustType.
TrustType trust_type = 2;
}
// A contact record from People backend.
// NextId=7
message ContactRecord {
// The type of the ContactRecord.
enum Type {
// The source of the contact is unknown.
UNKNOWN = 0;
// The source of the contact is from google (i.e. google.com/contacts).
GOOGLE_CONTACT = 1;
// The source of the contact is from a device.
DEVICE_CONTACT = 2;
}
// The stable id of this contact record.
string id = 1;
// The contact record's name.
string person_name = 2;
// The URL of an image displayed to the user when selecting a share
// target.
string image_url = 3;
// A list of phone numbers and emails under this contact record.
repeated Contact.Identifier identifiers = 4;
// The type of the ContactRecord.
Type type = 5;
}
// Consists of editable data inside of a device.
// NextId=5
message Device {
// Required. The resource name of this contact Device. This is of the format
// 'users/<user-id>/devices/<device-id>'.
// The special prefix 'users/me' uses the
// identity of the requester.
string name = 1;
// The device name to show members of this contact. Ex: "Joe's Pixel"
string display_name = 2;
// Users that this user has added to indicate that they may see this
// user as a ShareTarget when this user is nearby.
repeated Contact contacts = 3;
// The public certificates generated and uploaded from local device, to be
// shared with contacts.
repeated PublicCertificate public_certificates = 4;
}