chromium/chromeos/ash/services/device_sync/proto/cryptauth_devicesync.proto

// Copyright 2019 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

// Contains the request and response messages used in the CryptAuth v2
// DeviceSync protocol. Specifically,
//
// -- SyncMetadata --
// * Request: The device sends its metadata to CryptAuth, some of it encrypted
//     with the the device's version of the group public key. This version of
//     the group public key is also sent in the request.
// * Response: If CryptAuth can confirm that the device is in possession of the
//     correct group public key, then CryptAuth returns metadata for the user's
//     devices in the DeviceSync group. The group public key and/or the
//     encrypted group private key might also be returned.
//
// -- ShareGroupPrivateKey --
// * Request: The device shares the group private key by encrypting it with the
//     public key of the user's other devices. These encrypted group private
//     keys are persisted by CryptAuth for the other devices to retrieve as
//     necessary.
// * Response: Trivial
//
// -- BatchNotifyGroupDevices --
// * Request: The client sends a list of the devices that it wants to tickle via
//     a GCM message.
// * Response: Trivial
//
// -- BatchGetFeatureStatuses --
// * Request: The client queries CryptAuth for the state of features on the
//     user's devices, for example, whether or not Magic Tether is enabled on
//     any of the user's phones.
// * Response: The query results.
//
// -- BatchSetFeatureStatuses --
// * Request: The client requests CryptAuth to set the state of various features
//     for the user's devices. Optionally, features can be enabled exclusively,
//     meaning enabled on one device and disabled on all others.
// * Response: Trivial
//
// -- GetDevicesActivityStatus --
// * Request: Trivial
// * Response: The state of activity for the user's devices. This includes if
//     the device is currently online and the time the device was last active.
syntax = "proto3";

package cryptauthv2;

option optimize_for = LITE_RUNTIME;

import "cryptauth_common.proto";
import "cryptauth_directive.proto";

// A common context for requests.
//
// Note: This message is encoded as query parameters for some requests. If any
// field or subfield of this proto changes, update the files
// cryptauth_proto_to_query_parameters_util.{h,cc}.
message RequestContext {
  // The group name.
  // A device can join multiple groups. Each group will be identified by a
  // unique name.
  // The device should have previously enrolled a public key with this name with
  // the server, using the Enrollment API.
  // The key material associated with the key of this name is used by other
  // devices in the group to communicate securely with this device.
  string group = 1;

  // Common metadata about this request.
  ClientMetadata client_metadata = 2;

  // Device identifier.
  string device_id = 3;

  // Used to authenticate device_id.
  string device_id_token = 4;
}

// Requests from a client to sync its metadata and receive encrypted copy of
// other metadata updated since its last sync.
message SyncMetadataRequest {
  // The context of this request.
  RequestContext context = 1;

  // Public key material intended for group use. Will either be created by the
  // device upon first joining, or will be existing group public key in its
  // possession.
  // May be discarded if device is joining an existing group that already has a
  // group key pair.
  bytes group_public_key = 3;

  // Device's metadata encrypted with the given group public key.
  bytes encrypted_metadata = 4;

  // Set to true if the device needs the group's private key.
  bool need_group_private_key = 5;

  // Used to obtain only updated metadata, since the last request.
  // If not set, all metadata will be sent.
  bytes freshness_token = 6;
}

// One device's metadata, containing an identifier for the particular device,
// along with its encrypted metadata.
message DeviceMetadataPacket {
  // Device identifier.
  string device_id = 1;

  // This device's metadata, encrypted with the group's private key.
  bytes encrypted_metadata = 2;

  // Indicates that the associated device needs the group's private key.
  bool need_group_private_key = 3;

  // The associated device's public key, to be used with
  // EncryptedGroupPrivateKey below.
  bytes device_public_key = 4;

  // A name known to the server or which was assigned by the user to the device.
  string device_name = 5;
}

// Response from server with any new devices' encrypted metadata and public key.
message SyncMetadataResponse {
  // Collection of encrypted metadata from devices that have been updated since
  // last provided refresh_token. All metadata if none was provided.
  repeated DeviceMetadataPacket encrypted_metadata = 1;

  // Public key associated with the group, used to encrypt all metadata.
  // May be different than key received in the request.
  // If not set, the server is indicating a new group key pair must be created
  // by this device.
  bytes group_public_key = 2;

  // An encrypted group private key that contains device public key used for
  // encryption. Encrypted with the public key of the device.
  EncryptedGroupPrivateKey encrypted_group_private_key = 3;

  // Updated freshness token from the server.
  // Use this value in subsequent requests, to obtain only data updated since
  // the last request.
  bytes freshness_token = 4;

  // The updated client-specific directives.
  ClientDirective client_directive = 5;
}

// Encrypted group private key, including identifiers for both sender and
// recipient devices.
message EncryptedGroupPrivateKey {
  // Identifier for device receiving group private key.
  string recipient_device_id = 1;

  // Identifier for device sending group private key.
  string sender_device_id = 2;

  // Group private key, encrypted with the public key of the recipient device.
  bytes encrypted_private_key = 3;

  // Hash of the group public key used to encrypt this device’s metadata.
  int64 group_public_key_hash = 7;
}

// Share the group's private key with another device.
message ShareGroupPrivateKeyRequest {
  // The context of this request.
  RequestContext context = 1;

  // A collection of encrypted group private keys, each identified with the
  // device public key of both the sender and the recipient.
  repeated EncryptedGroupPrivateKey encrypted_group_private_keys = 2;
}

// The server's response to sharing the group's private key.
message ShareGroupPrivateKeyResponse {}

// Allows a device, which is part of the group, notify another group device.
// This allows setup to work, e.g. by letting the other device know it needs to
// turn on the bluetooth radio.
//
// Note: This request is encoded as query parameters in a GET request. If any
// field or subfield of this proto changes, update the files
// cryptauth_proto_to_query_parameters_util.{h,cc}.
message BatchNotifyGroupDevicesRequest {
  // The context of this request.
  RequestContext context = 1;

  // Group devices to notify.
  repeated string notify_device_ids = 2;

  // Target service & feature type to specify in the notification.
  TargetService target_service = 3;
  // Feature type.
  string feature_type = 4;
}

// Response to BatchNotifyGroupDevices.
message BatchNotifyGroupDevicesResponse {}

// Requests feature enabled/disabled statuses per device in the group.
//
// Note: This request is encoded as query parameters in a GET request. If any
// field or subfield of this proto changes, update the files
// cryptauth_proto_to_query_parameters_util.{h,cc}.
message BatchGetFeatureStatusesRequest {
  // The context of this request.
  RequestContext context = 1;

  // Which devices to query.
  // Leave unset if all group devices should be queried.
  repeated string device_ids = 2;

  // Which feature types to query.
  repeated string feature_types = 3;
}

// Enabled/disabled status of a single device.
message DeviceFeatureStatus {
  // Enabled/disabled status of a named feature.
  message FeatureStatus {
    // Feature type name.
    string feature_type = 1;

    // If the feature is enabled.
    bool enabled = 2;

    // The last time the feature was set. Only set for BatchGetFeatureStatuses.
    int64 last_modified_time_millis = 3;

    // Set to true to disable all group devices other than the specified device.
    // This can only be used when enabling features. Only set for
    // BatchSetFeatureStatuses.
    bool enable_exclusively = 4;
  }

  // Device identifier.
  string device_id = 1;

  // The status of features associated with this device.
  repeated FeatureStatus feature_statuses = 2;
}

// Response to BatchGetFeatureStatuses.
message BatchGetFeatureStatusesResponse {
  // The status of all queried group devices.
  // Only the requested devices and requested features will be populated.
  repeated DeviceFeatureStatus device_feature_statuses = 1;
}

// Sets feature types enable/disable statuses per device in the group.
message BatchSetFeatureStatusesRequest {
  // The context of this request.
  RequestContext context = 1;

  // The feature statuses to set for specific devices.
  repeated DeviceFeatureStatus device_feature_statuses = 2;

  // Set to true to disable all group devices other than the specified device.
  // This can only be used with a single device and only when enabling features.
  bool enable_exclusively = 3 [deprecated = true];
}

// Response to BatchSetFeatureStatuses.
message BatchSetFeatureStatusesResponse {}

// Request for GetDevicesActivityStatus.
message GetDevicesActivityStatusRequest {
  // The context of this request.
  RequestContext context = 1;
}

// Describes the device's network reachability.
enum ConnectivityStatus {
  // Default value.
  UNKNOWN_CONNECTIVITY = 0;
  // The device appears to be unreachable.
  OFFLINE = 1;
  // The device appears to be online and reachable.
  ONLINE = 2;
}

// Copied from
// https://cs.chromium.org/chromium/src/third_party/protobuf/src/google/protobuf/timestamp.proto?rcl=b51864c7aae4372308052b9fd5c1913ceeee3884
message Timestamp {
  // Represents seconds of UTC time since Unix epoch
  // 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
  // 9999-12-31T23:59:59Z inclusive.
  int64 seconds = 1;

  // Non-negative fractions of a second at nanosecond resolution. Negative
  // second values with fractions must still have non-negative nanos values
  // that count forward in time. Must be from 0 to 999,999,999
  // inclusive.
  int32 nanos = 2;
}

// Activity status of a single device.
message DeviceActivityStatus {
  // Device identifier.
  string device_id = 1;

  // The last time this device was active as retrieved from Bond. Freshness
  // is on the order of minutes.
  int64 last_activity_time_sec = 2;

  // Online status of the device as inferred by reachability via FCM.
  ConnectivityStatus connectivity_status = 3;

  // When the device last enrolled its DeviceSync key or when its metadata was
  // last updated, the most recent of these two timestamps.
  Timestamp last_update_time = 4;
}

// Response for GetDevicesActivityStatus.
message GetDevicesActivityStatusResponse {
  // The status of all group devices.
  repeated DeviceActivityStatus device_activity_statuses = 1;
}