chrome/services/keymaster/public/mojom/cert_store.mojom - chromium/src - Git at Google

 // Copyright 2019 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 // Next MinVersion: 1

 // This file defines the mojo interface between arc-keymaster and Chrome for the
 // keys hardware-backed and accessible by Chrome.

 module arc.keymaster.mojom;

 // Enumerates the crypto algorithms supported by Host.
 [Extensible]
 enum Algorithm {
   kRsaPkcs1,
 };

 // Enumerates the digests supported by Host.
 [Extensible]
 enum Digest {
   kSha1,
   kSha256,
   kSha384,
   kSha512,
 };

 // Enumerates the result codes of signature operation.
 [Extensible]
 enum SignatureResult {
   kOk,
   // Failed with net or internal error on chrome side.
   kFailed,
   kUnsupportedAlgorithm,
 };

 // The possible chaps slots relevant for arc-keymaster. Note this does NOT map
 // to the PKCS#11 CK_SLOT_ID, but rather to an abstract representation of the
 // value. The corresponding CK_SLOT_ID must be queried from cryptohome.
 [Extensible]
 enum ChapsSlot {
   // The key is stored in the user slot.
   [Default] kUser,
   // The key is stored in the system slot.
   kSystem,
 };

 // Metadata to uniquely identify a chaps key.
 struct ChapsKeyData {
   // Maps to the CKA_LABEL of the CKO_PRIVATE_KEY in PKCS#11.
   string label;
   // Maps to the CKA_ID of the CKO_PRIVATE_KEY in PKCS#11.
   string id;
   // The slot where this key is stored. Does NOT map to the PKCS#11 CK_SLOT_ID.
   [MinVersion=1] ChapsSlot slot;
 };

 // Union of Chrome OS keys from different sources.
 union KeyData {
   ChapsKeyData chaps_key_data;
 };

 // Describes a placeholder for a Chrome OS key along with metadata about the
 // original key.
 struct ChromeOsKey {
   string base64_subject_public_key_info;
   KeyData key_data;
 };

 // Interface exposed by Chrome.
 // Next method ID: 1
 interface CertStoreHost {
   // Returns an interface to SecurityTokenOperation.
   GetSecurityTokenOperation@0(
       pending_receiver<SecurityTokenOperation> operation) => ();
 };

 // Interface exposed by arc-keymaster daemon.
 // Next method ID: 2
 interface CertStoreInstance {
   // Establishes full-duplex communication with the host.
   Init@0(pending_remote<CertStoreHost> host_remote) => ();

   // Updates info about the latest set of keys owned by Chrome OS.
   UpdatePlaceholderKeys@1(array<ChromeOsKey> keys) => (bool success);
 };

 // Implemented in Chrome.
 // Next method ID: 1
 interface SecurityTokenOperation {
   // Signs input |data| pre-hashed with the given |digest|.
   // Retrieves a |signature| signed by a certificate identified by
   // |subject_public_key_info| by |algorithm| (currently, only RSA is
   // supported).
   // In case of any error, |signature| is null.
   SignDigest@0(string subject_public_key_info, Algorithm algorithm,
        Digest digest, array<uint8> data) => (SignatureResult result,
            array<uint8>? signature);
 };
	// Copyright 2019 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	// Next MinVersion: 1

	// This file defines the mojo interface between arc-keymaster and Chrome for the
	// keys hardware-backed and accessible by Chrome.

	module arc.keymaster.mojom;

	// Enumerates the crypto algorithms supported by Host.
	[Extensible]
	enum Algorithm {
	kRsaPkcs1,
	};

	// Enumerates the digests supported by Host.
	[Extensible]
	enum Digest {
	kSha1,
	kSha256,
	kSha384,
	kSha512,
	};

	// Enumerates the result codes of signature operation.
	[Extensible]
	enum SignatureResult {
	kOk,
	// Failed with net or internal error on chrome side.
	kFailed,
	kUnsupportedAlgorithm,
	};

	// The possible chaps slots relevant for arc-keymaster. Note this does NOT map
	// to the PKCS#11 CK_SLOT_ID, but rather to an abstract representation of the
	// value. The corresponding CK_SLOT_ID must be queried from cryptohome.
	[Extensible]
	enum ChapsSlot {
	// The key is stored in the user slot.
	[Default] kUser,
	// The key is stored in the system slot.
	kSystem,
	};

	// Metadata to uniquely identify a chaps key.
	struct ChapsKeyData {
	// Maps to the CKA_LABEL of the CKO_PRIVATE_KEY in PKCS#11.
	string label;
	// Maps to the CKA_ID of the CKO_PRIVATE_KEY in PKCS#11.
	string id;
	// The slot where this key is stored. Does NOT map to the PKCS#11 CK_SLOT_ID.
	[MinVersion=1] ChapsSlot slot;
	};

	// Union of Chrome OS keys from different sources.
	union KeyData {
	ChapsKeyData chaps_key_data;
	};

	// Describes a placeholder for a Chrome OS key along with metadata about the
	// original key.
	struct ChromeOsKey {
	string base64_subject_public_key_info;
	KeyData key_data;
	};

	// Interface exposed by Chrome.
	// Next method ID: 1
	interface CertStoreHost {
	// Returns an interface to SecurityTokenOperation.
	GetSecurityTokenOperation@0(
	pending_receiver<SecurityTokenOperation> operation) => ();
	};

	// Interface exposed by arc-keymaster daemon.
	// Next method ID: 2
	interface CertStoreInstance {
	// Establishes full-duplex communication with the host.
	Init@0(pending_remote<CertStoreHost> host_remote) => ();

	// Updates info about the latest set of keys owned by Chrome OS.
	UpdatePlaceholderKeys@1(array<ChromeOsKey> keys) => (bool success);
	};

	// Implemented in Chrome.
	// Next method ID: 1
	interface SecurityTokenOperation {
	// Signs input \|data\| pre-hashed with the given \|digest\|.
	// Retrieves a \|signature\| signed by a certificate identified by
	// \|subject_public_key_info\| by \|algorithm\| (currently, only RSA is
	// supported).
	// In case of any error, \|signature\| is null.
	SignDigest@0(string subject_public_key_info, Algorithm algorithm,
	Digest digest, array<uint8> data) => (SignatureResult result,
	array<uint8>? signature);
	};