package securegcm

Get desktop application:
View/edit binary Protocol Buffers messages

This enum is used by iOS devices as values for device_display_diagonal_mils in GcmDeviceInfo. There is no good way to calculate it on those devices.

• APPLE_PHONE = 4000

  This is the mils diagonal on an iPhone 5.

• APPLE_PAD = 7900

  This is the mils diagonal on an iPad mini.

Type of curve

Used in: EcPoint

• ED_25519 = 1

Used by protocols between devices

• optional bytes message = 1

  the payload of the message

• optional int32 sequence_number = 2

  the sequence number of the message - must be increasing.

This should be kept in sync with DeviceType in: java/com/google/security/cryptauth/backend/services/common/common_enums.proto

Used in: GcmDeviceInfo

• UNKNOWN = 0

• ANDROID = 1

• CHROME = 2

• IOS = 3

• BROWSER = 4

• OSX = 5

A convenience proto for encoding curve points in affine representation

Used in: SpakeHandshakeMessage

• required Curve curve = 1

• required bytes x = 2

  x and y are encoded in big-endian two's complement client MUST verify (x,y) is a valid point on the specified curve

• required bytes y = 3

Message used only during enrollment Field numbers should be kept in sync with DeviceInfo in: java/com/google/security/cryptauth/backend/services/common/common.proto

• optional fixed64 android_device_id = 1

  This field's name does not match the one in DeviceInfo for legacy reasons. Consider using long_device_id and device_type instead when enrolling non-android devices.

• optional bytes gcm_registration_id = 102

  Used for device_address of DeviceInfo field 2, but for GCM capable devices.

• optional bytes apn_registration_id = 202

  Used for device_address of DeviceInfo field 2, but for iOS devices.

• optional bool notification_enabled = 203

  Does the user have notifications enabled for the given device address.

• optional string bluetooth_mac_address = 302

  Used for device_address of DeviceInfo field 2, a Bluetooth Mac address for the device (e.g., to be used with EasyUnlock)

• optional bytes device_master_key_hash = 103

  SHA-256 hash of the device master key (from the key exchange). Differs from DeviceInfo field 3, which contains the actual master key.

• required bytes user_public_key = 4

  A SecureMessage.EcP256PublicKey

• optional string device_model = 7

  device's model name (e.g., an android.os.Build.MODEL or UIDevice.model)

• optional string locale = 8

  device's locale

• optional bytes key_handle = 9

  The handle for user_public_key (and implicitly, a master key)

• optional int64 counter = 12

  The initial counter value for the device, sent by the device

• optional string device_os_version = 13

  The Operating System version on the device (e.g., an android.os.Build.DISPLAY or UIDevice.systemVersion)

• optional int64 device_os_version_code = 14

  The Operating System version number on the device (e.g., an android.os.Build.VERSION.SDK_INT)

• optional string device_os_release = 15

  The Operating System release on the device (e.g., an android.os.Build.VERSION.RELEASE)

• optional string device_os_codename = 16

  The Operating System codename on the device (e.g., an android.os.Build.VERSION.CODENAME or UIDevice.systemName)

• optional string device_software_version = 17

  The software version running on the device (e.g., Authenticator app version string)

• optional int64 device_software_version_code = 18

  The software version number running on the device (e.g., Authenticator app version code)

• optional string device_software_package = 19

  Software package information if applicable (e.g., com.google.android.apps.authenticator2)

• optional int32 device_display_diagonal_mils = 22

  Size of the display in thousandths of an inch (e.g., 7000 mils = 7 in)

• optional int32 device_authzen_version = 24

  For Authzen capable devices, their Authzen protocol version

• optional bytes long_device_id = 29

  Not all devices have device identifiers that fit in 64 bits.

• optional string device_manufacturer = 31

  The device manufacturer name (e.g., android.os.Build.MANUFACTURER)

• optional DeviceType device_type = 32

  Used to indicate which type of device this is.

• optional bool using_secure_screenlock = 400

  Is this device using a secure screenlock (e.g., pattern or pin unlock)

• optional bool auto_unlock_screenlock_supported = 401

  Is auto-unlocking the screenlock (e.g., when at "home") supported?

• optional bool auto_unlock_screenlock_enabled = 402

  Is auto-unlocking the screenlock (e.g., when at "home") enabled?

• optional bool bluetooth_radio_supported = 403

  Does the device have a Bluetooth (classic) radio?

• optional bool bluetooth_radio_enabled = 404

  Is the Bluetooth (classic) radio on?

• optional bool mobile_data_supported = 405

  Does the device hardware support a mobile data connection?

• optional bool tethering_supported = 406

  Does the device support tethering?

• optional bool ble_radio_supported = 407

  Does the device have a BLE radio?

• optional bool pixel_experience = 408

  Is the device a "Pixel Experience" Android device?

• optional bool arc_plus_plus = 409

  Is the device running in the ARC++ container on a chromebook?

• optional bool is_screenlock_state_flaky = 410

  Is the value set in |using_secure_screenlock| reliable? On some Android devices, the platform API to get the screenlock state is not trustworthy. See b/32212161.

• repeated SoftwareFeature supported_software_features = 411

  A list of multi-device software features supported by the device.

• repeated SoftwareFeature enabled_software_features = 412

  A list of multi-device software features currently enabled (active) on the device.

• optional bytes enrollment_session_id = 1000

  The enrollment session id this is sent with

• optional string oauth_token = 1001

  A copy of the user's OAuth token

• required Type type = 1

• optional int32 version = 2

sent as the first message from initiator to responder in an unauthenticated Diffie-Hellman Key Exchange

• optional securemessage.GenericPublicKey public_dh_key = 1

  The session public key to send to the responder

• optional int32 protocol_version = 2

  The protocol version

A list of "reasons" that can be provided for calling server-side APIs. This is particularly important for calls that can be triggered by different kinds of events. Please try to keep reasons as generic as possible, so that codes can be re-used by various callers in a sensible fashion.

• REASON_UNKNOWN = 0

• REASON_INITIALIZATION = 1

  First run of the software package invoking this call

• REASON_PERIODIC = 2

  Ordinary periodic actions (e.g. monthly master key rotation)

• REASON_SLOW_PERIODIC = 3

  Slow-cycle periodic action (e.g. yearly keypair rotation???)

• REASON_FAST_PERIODIC = 4

  Fast-cycle periodic action (e.g. daily sync for Smart Lock users)

• REASON_EXPIRATION = 5

  Expired state (e.g. expired credentials, or cached entries) was detected

• REASON_FAILURE_RECOVERY = 6

  An unexpected protocol failure occurred (so attempting to repair state)

• REASON_NEW_ACCOUNT = 7

  A new account has been added to the device

• REASON_CHANGED_ACCOUNT = 8

  An existing account on the device has been changed

• REASON_FEATURE_TOGGLED = 9

  The user toggled the state of a feature (e.g. Smart Lock enabled via BT)

• REASON_SERVER_INITIATED = 10

  A "push" from the server caused this action (e.g. a sync tickle)

• REASON_ADDRESS_CHANGE = 11

  A local address change triggered this (e.g. GCM registration id changed)

• REASON_SOFTWARE_UPDATE = 12

  A software update has triggered this

• REASON_MANUAL = 13

  A manual action by the user triggered this (e.g. commands sent via adb)

• REASON_CUSTOM_KEY_INVALIDATION = 14

  A custom key has been invalidated on the device (e.g. screen lock is disabled).

• REASON_PROXIMITY_PERIODIC = 15

  Periodic action triggered by auth_proximity

• optional fixed64 creation_time = 2

  Time at which the server received the login notification request.

• optional string email = 3

  Must correspond to user_id in LoginNotificationRequest, if set.

• optional string host = 4

  Host where the user's credentials were used to login, if meaningful.

• optional string source = 5

  Location from where the user's credentials were used, if meaningful.

• optional string event_type = 6

  Type of login, e.g. ssh, gnome-screensaver, or web.

sent inside the header of the first message from the responder to the initiator in an unauthenticated Diffie-Hellman Key Exchange

• optional securemessage.GenericPublicKey public_dh_key = 1

  The session public key to send to the initiator

• optional int32 protocol_version = 2

  The protocol version

MultiDevice features which may be supported and enabled on a device. See

Used in: GcmDeviceInfo

• UNKNOWN_FEATURE = 0

• BETTER_TOGETHER_HOST = 1

• BETTER_TOGETHER_CLIENT = 2

• EASY_UNLOCK_HOST = 3

• EASY_UNLOCK_CLIENT = 4

• MAGIC_TETHER_HOST = 5

• MAGIC_TETHER_CLIENT = 6

• SMS_CONNECT_HOST = 7

• SMS_CONNECT_CLIENT = 8

• optional int32 flow_number = 1

  Each flow in the protocol bumps this counter

• optional EcPoint ec_point = 2

  Some (but not all) SPAKE flows send a point on an elliptic curve

• optional bytes hash_value = 3

  Some (but not all) SPAKE flows send a hash value

• optional bytes payload = 4

  The last flow of a SPAKE protocol can send an optional payload, since the key exchange is already complete on the sender's side.

• optional fixed64 expiry_time = 1

  Time after which this tickle should expire

Used in: GcmMetadata

• ENROLLMENT = 0

• TICKLE = 1

• TX_REQUEST = 2

• TX_REPLY = 3

• TX_SYNC_REQUEST = 4

• TX_SYNC_RESPONSE = 5

• TX_PING = 6

• DEVICE_INFO_UPDATE = 7

• TX_CANCEL_REQUEST = 8

• PROXIMITYAUTH_PAIRING = 10

  DEPRECATED (can be re-used after Aug 2015)

• GCMV1_IDENTITY_ASSERTION = 11

  The kind of identity assertion generated by a "GCM V1" device (i.e., an Android phone that has registered with us a public and a symmetric key)

• DEVICE_TO_DEVICE_RESPONDER_HELLO_PAYLOAD = 12

  Device-to-device communications are protected by an unauthenticated Diffie-Hellman exchange. The InitiatorHello message is simply the initiator's public DH key, and is not encoded as a SecureMessage, so it doesn't have a tag. The ResponderHello message (which is sent by the responder to the initiator), on the other hand, carries a payload that is protected by the derived shared key. It also contains the responder's public DH key. ResponderHelloAndPayload messages have the DEVICE_TO_DEVICE_RESPONDER_HELLO tag.

• DEVICE_TO_DEVICE_MESSAGE = 13

  Device-to-device communications are protected by an unauthenticated Diffie-Hellman exchange. Once the initiator and responder agree on a shared key (through Diffie-Hellman), they will use messages tagged with DEVICE_TO_DEVICE_MESSAGE to exchange data.

• DEVICE_PROXIMITY_CALLBACK = 14

  Notification to let a device know it should contact a nearby device.

• UNLOCK_KEY_SIGNED_CHALLENGE = 15

  Device-to-device communications are protected by an unauthenticated Diffie-Hellman exchange. During device-to-device authentication, the first message from initiator (the challenge) is signed and put into the payload of the message sent back to the initiator.

• LOGIN_NOTIFICATION = 101

  Specialty (corp only) features

• optional Ukey2Alert.AlertType type = 1

• optional string error_message = 2

Used in: Ukey2Alert

• BAD_MESSAGE = 1

  Framing errors

  The message could not be deserialized

• BAD_MESSAGE_TYPE = 2

  message_type has an undefined value

• INCORRECT_MESSAGE = 3

  message_type received does not correspond to

• BAD_MESSAGE_DATA = 4

  expected type at this stage of the protocol

  Could not deserialize message_data as per

• BAD_VERSION = 100

  ClientInit and ServerInit errors

  version is invalid; server cannot find

• BAD_RANDOM = 101

  suitable version to speak with client.

  Random data is missing or of incorrect

• BAD_HANDSHAKE_CIPHER = 102

  length

  No suitable handshake ciphers were found

• BAD_NEXT_PROTOCOL = 103

  The next protocol is missing, unknown, or

• BAD_PUBLIC_KEY = 104

  unsupported

  The public key could not be parsed

• INTERNAL_ERROR = 200

  Other errors

  An internal error has occurred. error_message

• optional bytes public_key = 1

  public key matching selected handshake

• optional int32 version = 1

  highest supported version for rollback

• optional bytes random = 2

  protection

  random bytes for replay/reuse protection

• repeated Ukey2ClientInit.CipherCommitment cipher_commitments = 3

• optional string next_protocol = 4

  Next protocol that the client wants to speak.

One commitment (hash of ClientFinished containing public key) per supported cipher

Used in: Ukey2ClientInit

• optional Ukey2HandshakeCipher handshake_cipher = 1

• optional bytes commitment = 2

Used in: Ukey2ClientInit.CipherCommitment, Ukey2ServerInit

• RESERVED = 0

• P256_SHA512 = 100

  NIST P-256 used for ECDH, SHA512 used for

• CURVE25519_SHA512 = 200

  commitment

  Curve 25519 used for ECDH, SHA512 used for

• optional Ukey2Message.Type message_type = 1

  Identifies message type

• optional bytes message_data = 2

  Actual message, to be parsed according to

Used in: Ukey2Message

• UNKNOWN_DO_NOT_USE = 0

• ALERT = 1

• CLIENT_INIT = 2

• SERVER_INIT = 3

• CLIENT_FINISH = 4

• optional int32 version = 1

  highest supported version for rollback

• optional bytes random = 2

  protection

  random bytes for replay/reuse protection

• optional Ukey2HandshakeCipher handshake_cipher = 3

  Selected Cipher and corresponding public key

• optional bytes public_key = 4