michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this file, michael@0: * You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #include "nsISupports.idl" michael@0: michael@0: interface nsIURI; michael@0: interface nsIIdentityKeyGenCallback; michael@0: interface nsIIdentitySignCallback; michael@0: michael@0: /* Naming and calling conventions: michael@0: * michael@0: * A"hex" prefix means "hex-encoded string representation of a byte sequence" michael@0: * e.g. "ae34bcdf123" michael@0: * michael@0: * A "base64url" prefix means "base-64-URL-encoded string repressentation of a michael@0: * byte sequence. michael@0: * e.g. "eyJhbGciOiJSUzI1NiJ9" michael@0: * http://en.wikipedia.org/wiki/Base64#Variants_summary_table michael@0: * we use the no-padding approach to base64-url-encoding michael@0: * michael@0: * Callbacks take an "in nsresult rv" argument that indicates whether the async michael@0: * operation succeeded. On success, rv will be a success code michael@0: * (NS_SUCCEEDED(rv) / Components.isSuccessCode(rv)) and the remaining michael@0: * arguments are as defined in the documentation for the callback. When the michael@0: * operation fails, rv will be a failure code (NS_FAILED(rv) / michael@0: * !Components.isSuccessCode(rv)) and the values of the remaining arguments will michael@0: * be unspecified. michael@0: * michael@0: * Key Types: michael@0: * michael@0: * "RS256": RSA + SHA-256. michael@0: * michael@0: * "DS160": DSA with SHA-1. A 1024-bit prime and a 160-bit subprime with SHA-1. michael@0: * michael@0: * we use these abbreviated algorithm names as per the JWA spec michael@0: * http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-02 michael@0: */ michael@0: michael@0: // "@mozilla.org/identity/crypto-service;1" michael@0: [scriptable, builtinclass, uuid(f087e6bc-dd33-4f6c-a106-dd786e052ee9)] michael@0: interface nsIIdentityCryptoService : nsISupports michael@0: { michael@0: void generateKeyPair(in AUTF8String algorithm, michael@0: in nsIIdentityKeyGenCallback callback); michael@0: michael@0: ACString base64UrlEncode(in AUTF8String toEncode); michael@0: }; michael@0: michael@0: /** michael@0: * This interface provides a keypair and signing interface for Identity functionality michael@0: */ michael@0: [scriptable, uuid(73962dc7-8ee7-4346-a12b-b039e1d9b54d)] michael@0: interface nsIIdentityKeyPair : nsISupports michael@0: { michael@0: readonly attribute AUTF8String keyType; michael@0: michael@0: // RSA properties, only accessible when keyType == "RS256" michael@0: michael@0: readonly attribute AUTF8String hexRSAPublicKeyExponent; michael@0: readonly attribute AUTF8String hexRSAPublicKeyModulus; michael@0: michael@0: // DSA properties, only accessible when keyType == "DS128" michael@0: readonly attribute AUTF8String hexDSAPrime; // p michael@0: readonly attribute AUTF8String hexDSASubPrime; // q michael@0: readonly attribute AUTF8String hexDSAGenerator; // g michael@0: readonly attribute AUTF8String hexDSAPublicValue; // y michael@0: michael@0: void sign(in AUTF8String aText, michael@0: in nsIIdentitySignCallback callback); michael@0: michael@0: // XXX implement verification bug 769856 michael@0: // AUTF8String verify(in AUTF8String aSignature, in AUTF8String encodedPublicKey); michael@0: michael@0: }; michael@0: michael@0: /** michael@0: * This interface provides a JavaScript callback object used to collect the michael@0: * nsIIdentityServeKeyPair when the keygen operation is complete michael@0: * michael@0: * though there is discussion as to whether we need the nsresult, michael@0: * we keep it so we can track deeper crypto errors. michael@0: */ michael@0: [scriptable, function, uuid(90f24ca2-2b05-4ca9-8aec-89d38e2f905a)] michael@0: interface nsIIdentityKeyGenCallback : nsISupports michael@0: { michael@0: void generateKeyPairFinished(in nsresult rv, michael@0: in nsIIdentityKeyPair keyPair); michael@0: }; michael@0: michael@0: /** michael@0: * This interface provides a JavaScript callback object used to collect the michael@0: * AUTF8String signature michael@0: */ michael@0: [scriptable, function, uuid(2d3e5036-374b-4b47-a430-1196b67b890f)] michael@0: interface nsIIdentitySignCallback : nsISupports michael@0: { michael@0: /** On success, base64urlSignature is the base-64-URL-encoded signature michael@0: * michael@0: * For RS256 signatures, XXX bug 769858 michael@0: * michael@0: * For DSA128 signatures, the signature is the r value concatenated with the michael@0: * s value, each component padded with leading zeroes as necessary. michael@0: */ michael@0: void signFinished(in nsresult rv, in ACString base64urlSignature); michael@0: };