1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsISupports.idl"
interface nsIURI;
interface nsIIdentityKeyGenCallback;
interface nsIIdentitySignCallback;
/* Naming and calling conventions:
*
* A"hex" prefix means "hex-encoded string representation of a byte sequence"
* e.g. "ae34bcdf123"
*
* A "base64url" prefix means "base-64-URL-encoded string repressentation of a
* byte sequence.
* e.g. "eyJhbGciOiJSUzI1NiJ9"
* http://en.wikipedia.org/wiki/Base64#Variants_summary_table
* we use the padded approach to base64-url-encoding
*
* Callbacks take an "in nsresult rv" argument that indicates whether the async
* operation succeeded. On success, rv will be a success code
* (NS_SUCCEEDED(rv) / Components.isSuccessCode(rv)) and the remaining
* arguments are as defined in the documentation for the callback. When the
* operation fails, rv will be a failure code (NS_FAILED(rv) /
* !Components.isSuccessCode(rv)) and the values of the remaining arguments will
* be unspecified.
*
* Key Types:
*
* "RS256": RSA + SHA-256.
*
* "DS160": DSA with SHA-1. A 1024-bit prime and a 160-bit subprime with SHA-1.
*
* we use these abbreviated algorithm names as per the JWA spec
* http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-02
*/
// "@mozilla.org/identity/crypto-service;1"
[scriptable, builtinclass, uuid(f087e6bc-dd33-4f6c-a106-dd786e052ee9)]
interface nsIIdentityCryptoService : nsISupports
{
void generateKeyPair(in AUTF8String algorithm,
in nsIIdentityKeyGenCallback callback);
ACString base64UrlEncode(in AUTF8String toEncode);
};
/**
* This interface provides a keypair and signing interface for Identity functionality
*/
[scriptable, uuid(73962dc7-8ee7-4346-a12b-b039e1d9b54d)]
interface nsIIdentityKeyPair : nsISupports
{
readonly attribute AUTF8String keyType;
// RSA properties, only accessible when keyType == "RS256"
readonly attribute AUTF8String hexRSAPublicKeyExponent;
readonly attribute AUTF8String hexRSAPublicKeyModulus;
// DSA properties, only accessible when keyType == "DS128"
readonly attribute AUTF8String hexDSAPrime; // p
readonly attribute AUTF8String hexDSASubPrime; // q
readonly attribute AUTF8String hexDSAGenerator; // g
readonly attribute AUTF8String hexDSAPublicValue; // y
void sign(in AUTF8String aText,
in nsIIdentitySignCallback callback);
// XXX implement verification bug 769856
// AUTF8String verify(in AUTF8String aSignature, in AUTF8String encodedPublicKey);
};
/**
* This interface provides a JavaScript callback object used to collect the
* nsIIdentityServeKeyPair when the keygen operation is complete
*
* though there is discussion as to whether we need the nsresult,
* we keep it so we can track deeper crypto errors.
*/
[scriptable, function, uuid(90f24ca2-2b05-4ca9-8aec-89d38e2f905a)]
interface nsIIdentityKeyGenCallback : nsISupports
{
void generateKeyPairFinished(in nsresult rv,
in nsIIdentityKeyPair keyPair);
};
/**
* This interface provides a JavaScript callback object used to collect the
* AUTF8String signature
*/
[scriptable, function, uuid(2d3e5036-374b-4b47-a430-1196b67b890f)]
interface nsIIdentitySignCallback : nsISupports
{
/** On success, base64urlSignature is the base-64-URL-encoded signature
*
* For RS256 signatures, XXX bug 769858
*
* For DSA128 signatures, the signature is the r value concatenated with the
* s value, each component padded with leading zeroes as necessary.
*/
void signFinished(in nsresult rv, in ACString base64urlSignature);
};
|
