diff options
Diffstat (limited to 'chromium/components/arc/mojom/cert_store.mojom')
-rw-r--r-- | chromium/components/arc/mojom/cert_store.mojom | 126 |
1 files changed, 126 insertions, 0 deletions
diff --git a/chromium/components/arc/mojom/cert_store.mojom b/chromium/components/arc/mojom/cert_store.mojom new file mode 100644 index 00000000000..eabf6b13731 --- /dev/null +++ b/chromium/components/arc/mojom/cert_store.mojom @@ -0,0 +1,126 @@ +// Copyright 2017 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Next MinVersion: 2 + +// +// CertStoreHost is modeled after Android keymaster interface +// hardware/libhardware/include/hardware/keymaster2.h +// +// and must follow the concept if extended in the future. +// Please keep names in sync as far as it is possible. +// +// Enums/structures are modeled after structures from +// hardware/libhardware/include/hardware/keymaster_defs.h +// + +module arc.mojom; + +// Describes a keymaster operation result. +[Extensible] +enum KeymasterError { + ERROR_OK = 0, + ERROR_INVALID_OPERATION_HANDLE = -28, + ERROR_INVALID_KEY_BLOB = -33, + ERROR_UNIMPLEMENTED = -100, + ERROR_UNKNOWN_ERROR = -1000, +}; + +// Enumerates the crypto algorithms supported by Host. +[Extensible] +enum Algorithm { + ALGORITHM_RSA = 1, + ALGORITHM_EC = 3, +}; + +// Enumerates the digests supported by Host. +[Extensible] +enum Digest { + DIGEST_NONE = 0, + DIGEST_SHA1 = 2, + DIGEST_SHA_2_224 = 3, + DIGEST_SHA_2_256 = 4, + DIGEST_SHA_2_384 = 5, + DIGEST_SHA_2_512 = 6, +}; + +// Enumerates the paddings supported by Host. +[Extensible] +enum Padding { + PAD_NONE = 1, + PAD_RSA_PKCS1_1_5_SIGN = 5, +}; + +// Describes a parameter of client certificate provided by Host. +union KeyParam { + Algorithm algorithm; + Digest digest; + Padding padding; +}; + +// Describes a client certificate provided by Host. +// Does not correspond to keymaster type. +struct Certificate { + // Nickname/alias of the certificate. + string alias; + + // PEM-encoded client certificate. + string cert; +}; + +// Next method ID: 6 +// The interface is modeled after keymaster interface and must follow the format +// if extended in the future. +interface CertStoreHost { + // The helper method, which does not correspond to keymaster interface. + // It returns a list of Chrome OS corporate usage client certificates if + // any Android app is whitelisted to use them, otherwise returns an + // empty list. + ListCertificates@0() => (array<Certificate> certs); + + // Retrieves key characteristics for the specified key with alias. + // params is null if any error occurred during retrieval. + GetKeyCharacteristics@1(string alias) + => (KeymasterError error, array<KeyParam>? params); + + // Begins the operation using the specified key with alias and operation + // parameters (such as algorithm, digest, padding). + // If all is well, returns ERROR_OK and creates an operation handle which + // must be passed to subsequent calls to Update(), Finish() or Abort(). + // Currently only signature operations are supported. + Begin@2(string alias, array<KeyParam> params) + => (KeymasterError error, uint64 operation_handle); + + // Provides data to an ongoing cryptographic operation begun with Begin(). + // Returns an amount of data consumed by Update(). + Update@3(uint64 operation_handle, array<uint8> data) + => (KeymasterError error, uint32 input_consumed); + + // Finalizes a cryptographic operation begun with Begin() and invalidates + // operation handle. Retrieves the result (signature). In case of any error, + // signed_data is null. + Finish@4(uint64 operation_handle) + => (KeymasterError error, array<uint8>? signed_data); + + // Aborts a cryptographic operation begun with Begin(), freeing all internal + // resources and invalidating operation handle. + Abort@5(uint64 operation_handle) => (KeymasterError error); +}; + +// Next method ID: 4 +interface CertStoreInstance { + // DEPRECATED: Please use Init@3 instead. + InitDeprecated@0(CertStoreHost host_ptr); + + // Establishes full-duplex communication with the host. + [MinVersion=1] Init@3(CertStoreHost host_ptr) => (); + + // Informs the key permissions are changed: only listed packages are allowed + // to use exposed certificates. + OnKeyPermissionsChanged@1(array<string> permissions); + + // Informs the certificates are changed (added, removed or updated): + // CertStoreInstance must call ListCertficates to update its database. + OnCertificatesChanged@2(); +}; |