pjs/services/crypto/IWeaveCrypto.idl

225 строки
7.8 KiB
Plaintext

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Weave code.
*
* The Initial Developer of the Original Code is
* Mozilla Corporation
* Portions created by the Initial Developer are Copyright (C) 2007
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Dan Mills <thunder@mozilla.com> (original author)
* Honza Bambas <honzab@allpeers.com>
* Justin Dolske <dolske@mozilla.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "nsISupports.idl"
[scriptable, uuid(f4463043-315e-41f3-b779-82e900e6fffa)]
interface IWeaveCrypto : nsISupports
{
/**
* Shortcuts for some algorithm SEC OIDs. Full list available here:
* http://lxr.mozilla.org/seamonkey/source/security/nss/lib/util/secoidt.h
*/
const unsigned long DES_EDE3_CBC = 156;
const unsigned long AES_128_CBC = 184;
const unsigned long AES_192_CBC = 186;
const unsigned long AES_256_CBC = 188;
/**
* One of the above constants. Used as the mechanism for encrypting bulk
* data and wrapping keys.
*
* Default is AES_256_CBC.
*/
attribute unsigned long algorithm;
/**
* The size of the RSA key to create with generateKeypair().
*
* Default is 2048.
*/
attribute unsigned long keypairBits;
/**
* Encrypt data using a symmetric key.
* The algorithm attribute specifies how the encryption is performed.
*
* @param clearText
* The data to be encrypted (not base64 encoded).
* @param symmetricKey
* A base64-encoded symmetric key (eg, one from generateRandomKey).
* @param iv
* A base64-encoded initialization vector
* @returns Encrypted data, base64 encoded
*/
ACString encrypt(in AUTF8String clearText,
in ACString symmetricKey, in ACString iv);
/**
* Encrypt data using a symmetric key.
* The algorithm attribute specifies how the encryption is performed.
*
* @param cipherText
* The base64-encoded data to be decrypted
* @param symmetricKey
* A base64-encoded symmetric key (eg, one from unwrapSymmetricKey)
* @param iv
* A base64-encoded initialization vector
* @returns Decrypted data (not base64-encoded)
*/
AUTF8String decrypt(in ACString cipherText,
in ACString symmetricKey, in ACString iv);
/**
* Generate a RSA public/private keypair.
*
* @param aPassphrase
* User's passphrase. Used with PKCS#5 to generate a symmetric key
* for wrapping the private key.
* @param aSalt
* Salt for the user's passphrase.
* @param aIV
* Random IV, used when wrapping the private key.
* @param aEncodedPublicKey
* The public key, base-64 encoded.
* @param aWrappedPrivateKey
* The public key, encrypted with the user's passphrase, and base-64 encoded.
*/
void generateKeypair(in ACString aPassphrase, in ACString aSalt, in ACString aIV,
out ACString aEncodedPublicKey, out ACString aWrappedPrivateKey);
/*
* Generate a random symmetric key.
*
* @returns The random key, base64 encoded
*/
ACString generateRandomKey();
/*
* Generate a random IV.
*
* The IV will be sized for the algorithm specified in the algorithm
* attribute of IWeaveCrypto.
*
* @returns The random IV, base64 encoded
*/
ACString generateRandomIV();
/*
* Generate random data.
*
* @param aByteCount
* The number of bytes of random data to generate.
* @returns The random bytes, base64-encoded
*/
ACString generateRandomBytes(in unsigned long aByteCount);
/**
* Encrypts a symmetric key with a user's public key.
*
* @param aSymmetricKey
* The base64 encoded string holding a symmetric key.
* @param aEncodedPublicKey
* The base64 encoded string holding a public key.
* @returns The wrapped symmetric key, base64 encoded
*
* For RSA, the unencoded public key is a PKCS#1 object.
*/
ACString wrapSymmetricKey(in ACString aSymmetricKey,
in ACString aEncodedPublicKey);
/**
* Decrypts a symmetric key with a user's private key.
*
* @param aWrappedSymmetricKey
* The base64 encoded string holding an encrypted symmetric key.
* @param aWrappedPrivateKey
* The base64 encoded string holdering an encrypted private key.
* @param aPassphrase
* The passphrase to decrypt the private key.
* @param aSalt
* The salt for the passphrase.
* @param aIV
* The random IV used when unwrapping the private key.
* @returns The unwrapped symmetric key, base64 encoded
*
* For RSA, the unencoded, decrypted key is a PKCS#1 object.
*/
ACString unwrapSymmetricKey(in ACString aWrappedSymmetricKey,
in ACString aWrappedPrivateKey,
in ACString aPassphrase,
in ACString aSalt,
in ACString aIV);
/**
* Rewrap a private key with a new user passphrase.
*
* @param aWrappedPrivateKey
* The base64 encoded string holding an encrypted private key.
* @param aPassphrase
* The passphrase to decrypt the private key.
* @param aSalt
* The salt for the passphrase.
* @param aIV
* The random IV used when unwrapping the private key.
* @param aNewPassphrase
* The new passphrase to wrap the private key with.
* @returns The (re)wrapped private key, base64 encoded
*
*/
ACString rewrapPrivateKey(in ACString aWrappedPrivateKey,
in ACString aPassphrase,
in ACString aSalt,
in ACString aIV,
in ACString aNewPassphrase);
/**
* Verify a user's passphrase against a private key.
*
* @param aWrappedPrivateKey
* The base64 encoded string holding an encrypted private key.
* @param aPassphrase
* The passphrase to decrypt the private key.
* @param aSalt
* The salt for the passphrase.
* @param aIV
* The random IV used when unwrapping the private key.
* @returns Boolean true if the passphrase decrypted the key correctly.
*
*/
boolean verifyPassphrase(in ACString aWrappedPrivateKey,
in ACString aPassphrase,
in ACString aSalt,
in ACString aIV);
};