• file
• revisions
• annotate
• diff
• comparison
• raw

toolkit/identity/nsIIdentityCryptoService.idl@129ffea94266 (annotated)

toolkit/identity/nsIIdentityCryptoService.idl

Sat, 03 Jan 2015 20:18:00 +0100

author

Michael Schloh von Bennewitz <michael@schloh.com>

date

Sat, 03 Jan 2015 20:18:00 +0100

branch

TOR_BUG_3246

changeset 7

129ffea94266

permissions

-rw-r--r--

Conditionally enable double key logic according to:
private browsing mode or privacy.thirdparty.isolate preference and
implement in GetCookieStringCommon and FindCookie where it counts...
With some reservations of how to convince FindCookie users to test
condition and pass a nullptr when disabling double key logic.

michael@0	1	/* This Source Code Form is subject to the terms of the Mozilla Public
michael@0	2	* License, v. 2.0. If a copy of the MPL was not distributed with this file,
michael@0	3	* You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0	4
michael@0	5	#include "nsISupports.idl"
michael@0	6
michael@0	7	interface nsIURI;
michael@0	8	interface nsIIdentityKeyGenCallback;
michael@0	9	interface nsIIdentitySignCallback;
michael@0	10
michael@0	11	/* Naming and calling conventions:
michael@0	12	*
michael@0	13	* A"hex" prefix means "hex-encoded string representation of a byte sequence"
michael@0	14	* e.g. "ae34bcdf123"
michael@0	15	*
michael@0	16	* A "base64url" prefix means "base-64-URL-encoded string repressentation of a
michael@0	17	* byte sequence.
michael@0	18	* e.g. "eyJhbGciOiJSUzI1NiJ9"
michael@0	19	* http://en.wikipedia.org/wiki/Base64#Variants_summary_table
michael@0	20	* we use the no-padding approach to base64-url-encoding
michael@0	21	*
michael@0	22	* Callbacks take an "in nsresult rv" argument that indicates whether the async
michael@0	23	* operation succeeded. On success, rv will be a success code
michael@0	24	* (NS_SUCCEEDED(rv) / Components.isSuccessCode(rv)) and the remaining
michael@0	25	* arguments are as defined in the documentation for the callback. When the
michael@0	26	* operation fails, rv will be a failure code (NS_FAILED(rv) /
michael@0	27	* !Components.isSuccessCode(rv)) and the values of the remaining arguments will
michael@0	28	* be unspecified.
michael@0	29	*
michael@0	30	* Key Types:
michael@0	31	*
michael@0	32	* "RS256": RSA + SHA-256.
michael@0	33	*
michael@0	34	* "DS160": DSA with SHA-1. A 1024-bit prime and a 160-bit subprime with SHA-1.
michael@0	35	*
michael@0	36	* we use these abbreviated algorithm names as per the JWA spec
michael@0	37	* http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-02
michael@0	38	*/
michael@0	39
michael@0	40	// "@mozilla.org/identity/crypto-service;1"
michael@0	41	[scriptable, builtinclass, uuid(f087e6bc-dd33-4f6c-a106-dd786e052ee9)]
michael@0	42	interface nsIIdentityCryptoService : nsISupports
michael@0	43	{
michael@0	44	void generateKeyPair(in AUTF8String algorithm,
michael@0	45	in nsIIdentityKeyGenCallback callback);
michael@0	46
michael@0	47	ACString base64UrlEncode(in AUTF8String toEncode);
michael@0	48	};
michael@0	49
michael@0	50	/**
michael@0	51	* This interface provides a keypair and signing interface for Identity functionality
michael@0	52	*/
michael@0	53	[scriptable, uuid(73962dc7-8ee7-4346-a12b-b039e1d9b54d)]
michael@0	54	interface nsIIdentityKeyPair : nsISupports
michael@0	55	{
michael@0	56	readonly attribute AUTF8String keyType;
michael@0	57
michael@0	58	// RSA properties, only accessible when keyType == "RS256"
michael@0	59
michael@0	60	readonly attribute AUTF8String hexRSAPublicKeyExponent;
michael@0	61	readonly attribute AUTF8String hexRSAPublicKeyModulus;
michael@0	62
michael@0	63	// DSA properties, only accessible when keyType == "DS128"
michael@0	64	readonly attribute AUTF8String hexDSAPrime; // p
michael@0	65	readonly attribute AUTF8String hexDSASubPrime; // q
michael@0	66	readonly attribute AUTF8String hexDSAGenerator; // g
michael@0	67	readonly attribute AUTF8String hexDSAPublicValue; // y
michael@0	68
michael@0	69	void sign(in AUTF8String aText,
michael@0	70	in nsIIdentitySignCallback callback);
michael@0	71
michael@0	72	// XXX implement verification bug 769856
michael@0	73	// AUTF8String verify(in AUTF8String aSignature, in AUTF8String encodedPublicKey);
michael@0	74
michael@0	75	};
michael@0	76
michael@0	77	/**
michael@0	78	* This interface provides a JavaScript callback object used to collect the
michael@0	79	* nsIIdentityServeKeyPair when the keygen operation is complete
michael@0	80	*
michael@0	81	* though there is discussion as to whether we need the nsresult,
michael@0	82	* we keep it so we can track deeper crypto errors.
michael@0	83	*/
michael@0	84	[scriptable, function, uuid(90f24ca2-2b05-4ca9-8aec-89d38e2f905a)]
michael@0	85	interface nsIIdentityKeyGenCallback : nsISupports
michael@0	86	{
michael@0	87	void generateKeyPairFinished(in nsresult rv,
michael@0	88	in nsIIdentityKeyPair keyPair);
michael@0	89	};
michael@0	90
michael@0	91	/**
michael@0	92	* This interface provides a JavaScript callback object used to collect the
michael@0	93	* AUTF8String signature
michael@0	94	*/
michael@0	95	[scriptable, function, uuid(2d3e5036-374b-4b47-a430-1196b67b890f)]
michael@0	96	interface nsIIdentitySignCallback : nsISupports
michael@0	97	{
michael@0	98	/** On success, base64urlSignature is the base-64-URL-encoded signature
michael@0	99	*
michael@0	100	* For RS256 signatures, XXX bug 769858
michael@0	101	*
michael@0	102	* For DSA128 signatures, the signature is the r value concatenated with the
michael@0	103	* s value, each component padded with leading zeroes as necessary.
michael@0	104	*/
michael@0	105	void signFinished(in nsresult rv, in ACString base64urlSignature);
michael@0	106	};