1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/toolkit/identity/nsIIdentityCryptoService.idl Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,106 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this file,
1.6 + * You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +#include "nsISupports.idl"
1.9 +
1.10 +interface nsIURI;
1.11 +interface nsIIdentityKeyGenCallback;
1.12 +interface nsIIdentitySignCallback;
1.13 +
1.14 +/* Naming and calling conventions:
1.15 + *
1.16 + * A"hex" prefix means "hex-encoded string representation of a byte sequence"
1.17 + * e.g. "ae34bcdf123"
1.18 + *
1.19 + * A "base64url" prefix means "base-64-URL-encoded string repressentation of a
1.20 + * byte sequence.
1.21 + * e.g. "eyJhbGciOiJSUzI1NiJ9"
1.22 + * http://en.wikipedia.org/wiki/Base64#Variants_summary_table
1.23 + * we use the no-padding approach to base64-url-encoding
1.24 + *
1.25 + * Callbacks take an "in nsresult rv" argument that indicates whether the async
1.26 + * operation succeeded. On success, rv will be a success code
1.27 + * (NS_SUCCEEDED(rv) / Components.isSuccessCode(rv)) and the remaining
1.28 + * arguments are as defined in the documentation for the callback. When the
1.29 + * operation fails, rv will be a failure code (NS_FAILED(rv) /
1.30 + * !Components.isSuccessCode(rv)) and the values of the remaining arguments will
1.31 + * be unspecified.
1.32 + *
1.33 + * Key Types:
1.34 + *
1.35 + * "RS256": RSA + SHA-256.
1.36 + *
1.37 + * "DS160": DSA with SHA-1. A 1024-bit prime and a 160-bit subprime with SHA-1.
1.38 + *
1.39 + * we use these abbreviated algorithm names as per the JWA spec
1.40 + * http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-02
1.41 + */
1.42 +
1.43 +// "@mozilla.org/identity/crypto-service;1"
1.44 +[scriptable, builtinclass, uuid(f087e6bc-dd33-4f6c-a106-dd786e052ee9)]
1.45 +interface nsIIdentityCryptoService : nsISupports
1.46 +{
1.47 + void generateKeyPair(in AUTF8String algorithm,
1.48 + in nsIIdentityKeyGenCallback callback);
1.49 +
1.50 + ACString base64UrlEncode(in AUTF8String toEncode);
1.51 +};
1.52 +
1.53 +/**
1.54 + * This interface provides a keypair and signing interface for Identity functionality
1.55 + */
1.56 +[scriptable, uuid(73962dc7-8ee7-4346-a12b-b039e1d9b54d)]
1.57 +interface nsIIdentityKeyPair : nsISupports
1.58 +{
1.59 + readonly attribute AUTF8String keyType;
1.60 +
1.61 + // RSA properties, only accessible when keyType == "RS256"
1.62 +
1.63 + readonly attribute AUTF8String hexRSAPublicKeyExponent;
1.64 + readonly attribute AUTF8String hexRSAPublicKeyModulus;
1.65 +
1.66 + // DSA properties, only accessible when keyType == "DS128"
1.67 + readonly attribute AUTF8String hexDSAPrime; // p
1.68 + readonly attribute AUTF8String hexDSASubPrime; // q
1.69 + readonly attribute AUTF8String hexDSAGenerator; // g
1.70 + readonly attribute AUTF8String hexDSAPublicValue; // y
1.71 +
1.72 + void sign(in AUTF8String aText,
1.73 + in nsIIdentitySignCallback callback);
1.74 +
1.75 + // XXX implement verification bug 769856
1.76 + // AUTF8String verify(in AUTF8String aSignature, in AUTF8String encodedPublicKey);
1.77 +
1.78 +};
1.79 +
1.80 +/**
1.81 + * This interface provides a JavaScript callback object used to collect the
1.82 + * nsIIdentityServeKeyPair when the keygen operation is complete
1.83 + *
1.84 + * though there is discussion as to whether we need the nsresult,
1.85 + * we keep it so we can track deeper crypto errors.
1.86 + */
1.87 +[scriptable, function, uuid(90f24ca2-2b05-4ca9-8aec-89d38e2f905a)]
1.88 +interface nsIIdentityKeyGenCallback : nsISupports
1.89 +{
1.90 + void generateKeyPairFinished(in nsresult rv,
1.91 + in nsIIdentityKeyPair keyPair);
1.92 +};
1.93 +
1.94 +/**
1.95 + * This interface provides a JavaScript callback object used to collect the
1.96 + * AUTF8String signature
1.97 + */
1.98 +[scriptable, function, uuid(2d3e5036-374b-4b47-a430-1196b67b890f)]
1.99 +interface nsIIdentitySignCallback : nsISupports
1.100 +{
1.101 + /** On success, base64urlSignature is the base-64-URL-encoded signature
1.102 + *
1.103 + * For RS256 signatures, XXX bug 769858
1.104 + *
1.105 + * For DSA128 signatures, the signature is the r value concatenated with the
1.106 + * s value, each component padded with leading zeroes as necessary.
1.107 + */
1.108 + void signFinished(in nsresult rv, in ACString base64urlSignature);
1.109 +};
