summaryrefslogtreecommitdiff
path: root/chromium/components/arc/mojom/cert_store.mojom
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/components/arc/mojom/cert_store.mojom')
-rw-r--r--chromium/components/arc/mojom/cert_store.mojom126
1 files changed, 126 insertions, 0 deletions
diff --git a/chromium/components/arc/mojom/cert_store.mojom b/chromium/components/arc/mojom/cert_store.mojom
new file mode 100644
index 00000000000..eabf6b13731
--- /dev/null
+++ b/chromium/components/arc/mojom/cert_store.mojom
@@ -0,0 +1,126 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Next MinVersion: 2
+
+//
+// CertStoreHost is modeled after Android keymaster interface
+// hardware/libhardware/include/hardware/keymaster2.h
+//
+// and must follow the concept if extended in the future.
+// Please keep names in sync as far as it is possible.
+//
+// Enums/structures are modeled after structures from
+// hardware/libhardware/include/hardware/keymaster_defs.h
+//
+
+module arc.mojom;
+
+// Describes a keymaster operation result.
+[Extensible]
+enum KeymasterError {
+ ERROR_OK = 0,
+ ERROR_INVALID_OPERATION_HANDLE = -28,
+ ERROR_INVALID_KEY_BLOB = -33,
+ ERROR_UNIMPLEMENTED = -100,
+ ERROR_UNKNOWN_ERROR = -1000,
+};
+
+// Enumerates the crypto algorithms supported by Host.
+[Extensible]
+enum Algorithm {
+ ALGORITHM_RSA = 1,
+ ALGORITHM_EC = 3,
+};
+
+// Enumerates the digests supported by Host.
+[Extensible]
+enum Digest {
+ DIGEST_NONE = 0,
+ DIGEST_SHA1 = 2,
+ DIGEST_SHA_2_224 = 3,
+ DIGEST_SHA_2_256 = 4,
+ DIGEST_SHA_2_384 = 5,
+ DIGEST_SHA_2_512 = 6,
+};
+
+// Enumerates the paddings supported by Host.
+[Extensible]
+enum Padding {
+ PAD_NONE = 1,
+ PAD_RSA_PKCS1_1_5_SIGN = 5,
+};
+
+// Describes a parameter of client certificate provided by Host.
+union KeyParam {
+ Algorithm algorithm;
+ Digest digest;
+ Padding padding;
+};
+
+// Describes a client certificate provided by Host.
+// Does not correspond to keymaster type.
+struct Certificate {
+ // Nickname/alias of the certificate.
+ string alias;
+
+ // PEM-encoded client certificate.
+ string cert;
+};
+
+// Next method ID: 6
+// The interface is modeled after keymaster interface and must follow the format
+// if extended in the future.
+interface CertStoreHost {
+ // The helper method, which does not correspond to keymaster interface.
+ // It returns a list of Chrome OS corporate usage client certificates if
+ // any Android app is whitelisted to use them, otherwise returns an
+ // empty list.
+ ListCertificates@0() => (array<Certificate> certs);
+
+ // Retrieves key characteristics for the specified key with alias.
+ // params is null if any error occurred during retrieval.
+ GetKeyCharacteristics@1(string alias)
+ => (KeymasterError error, array<KeyParam>? params);
+
+ // Begins the operation using the specified key with alias and operation
+ // parameters (such as algorithm, digest, padding).
+ // If all is well, returns ERROR_OK and creates an operation handle which
+ // must be passed to subsequent calls to Update(), Finish() or Abort().
+ // Currently only signature operations are supported.
+ Begin@2(string alias, array<KeyParam> params)
+ => (KeymasterError error, uint64 operation_handle);
+
+ // Provides data to an ongoing cryptographic operation begun with Begin().
+ // Returns an amount of data consumed by Update().
+ Update@3(uint64 operation_handle, array<uint8> data)
+ => (KeymasterError error, uint32 input_consumed);
+
+ // Finalizes a cryptographic operation begun with Begin() and invalidates
+ // operation handle. Retrieves the result (signature). In case of any error,
+ // signed_data is null.
+ Finish@4(uint64 operation_handle)
+ => (KeymasterError error, array<uint8>? signed_data);
+
+ // Aborts a cryptographic operation begun with Begin(), freeing all internal
+ // resources and invalidating operation handle.
+ Abort@5(uint64 operation_handle) => (KeymasterError error);
+};
+
+// Next method ID: 4
+interface CertStoreInstance {
+ // DEPRECATED: Please use Init@3 instead.
+ InitDeprecated@0(CertStoreHost host_ptr);
+
+ // Establishes full-duplex communication with the host.
+ [MinVersion=1] Init@3(CertStoreHost host_ptr) => ();
+
+ // Informs the key permissions are changed: only listed packages are allowed
+ // to use exposed certificates.
+ OnKeyPermissionsChanged@1(array<string> permissions);
+
+ // Informs the certificates are changed (added, removed or updated):
+ // CertStoreInstance must call ListCertficates to update its database.
+ OnCertificatesChanged@2();
+};
View Lorry Controller Status