The Tor Browser / file revision

 /* This Source Code Form is subject to the terms of the Mozilla Public

  * License, v. 2.0. If a copy of the MPL was not distributed with this file,

  * You can obtain one at http://mozilla.org/MPL/2.0/. */

 #include "nsISupports.idl"

 interface nsIURI;

 interface nsIIdentityKeyGenCallback;

 interface nsIIdentitySignCallback;

 /* Naming and calling conventions:

  *

  * A"hex" prefix means "hex-encoded string representation of a byte sequence"

  * e.g. "ae34bcdf123"

  *

  * A "base64url" prefix means "base-64-URL-encoded string repressentation of a

  * byte sequence.

  * e.g. "eyJhbGciOiJSUzI1NiJ9"

  * http://en.wikipedia.org/wiki/Base64#Variants_summary_table

  * we use the no-padding approach to base64-url-encoding

  *

  * Callbacks take an "in nsresult rv" argument that indicates whether the async

  * operation succeeded. On success, rv will be a success code

  * (NS_SUCCEEDED(rv) / Components.isSuccessCode(rv)) and the remaining

  * arguments are as defined in the documentation for the callback. When the

  * operation fails, rv will be a failure code (NS_FAILED(rv) /

  * !Components.isSuccessCode(rv)) and the values of the remaining arguments will

  * be unspecified.

  *

  * Key Types:

  *

  * "RS256": RSA + SHA-256.

  *

  * "DS160": DSA with SHA-1. A 1024-bit prime and a 160-bit subprime with SHA-1.

  *

  * we use these abbreviated algorithm names as per the JWA spec

  * http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-02

  */

 // "@mozilla.org/identity/crypto-service;1"

 [scriptable, builtinclass, uuid(f087e6bc-dd33-4f6c-a106-dd786e052ee9)]

 interface nsIIdentityCryptoService : nsISupports

 {

   void generateKeyPair(in AUTF8String algorithm,

                        in nsIIdentityKeyGenCallback callback);

   ACString base64UrlEncode(in AUTF8String toEncode);

 };

 /**

  * This interface provides a keypair and signing interface for Identity functionality

  */

 [scriptable, uuid(73962dc7-8ee7-4346-a12b-b039e1d9b54d)]

 interface nsIIdentityKeyPair : nsISupports

 {

   readonly attribute AUTF8String keyType;

   // RSA properties, only accessible when keyType == "RS256"

   readonly attribute AUTF8String hexRSAPublicKeyExponent;

   readonly attribute AUTF8String hexRSAPublicKeyModulus;

   // DSA properties, only accessible when keyType == "DS128"

   readonly attribute AUTF8String hexDSAPrime;       // p

   readonly attribute AUTF8String hexDSASubPrime;    // q

   readonly attribute AUTF8String hexDSAGenerator;   // g

   readonly attribute AUTF8String hexDSAPublicValue; // y

   void sign(in AUTF8String aText,

             in nsIIdentitySignCallback callback);

   // XXX implement verification bug 769856

   // AUTF8String verify(in AUTF8String aSignature, in AUTF8String encodedPublicKey);

 };

 /**

  * This interface provides a JavaScript callback object used to collect the

  * nsIIdentityServeKeyPair when the keygen operation is complete

  *

  * though there is discussion as to whether we need the nsresult,

  * we keep it so we can track deeper crypto errors.

  */

 [scriptable, function, uuid(90f24ca2-2b05-4ca9-8aec-89d38e2f905a)]

 interface nsIIdentityKeyGenCallback : nsISupports

 {

   void generateKeyPairFinished(in nsresult rv,

                                in nsIIdentityKeyPair keyPair);

 };

 /**

  * This interface provides a JavaScript callback object used to collect the

  * AUTF8String signature

  */

 [scriptable, function, uuid(2d3e5036-374b-4b47-a430-1196b67b890f)]

 interface nsIIdentitySignCallback : nsISupports

 {

   /** On success, base64urlSignature is the base-64-URL-encoded signature

    *

    * For RS256 signatures, XXX bug 769858

    *

    * For DSA128 signatures, the signature is the r value concatenated with the

    * s value, each component padded with leading zeroes as necessary.

    */

   void signFinished(in nsresult rv, in ACString base64urlSignature);

 };