author Wes Kocher <>
Wed, 08 Oct 2014 16:49:26 -0700
changeset 209460 f0bb13ef0ee488d4ece70467e4e819cb7506f5e3
parent 169698 953fda48369a77edcf4555611c560637e991893b
child 340989 ea1edf93612a28f631696ff5eb2ef05e8a55e7f9
permissions -rw-r--r--
Merge b2g-inbound to m-c a=merge

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
 * You can obtain one at */

#include "nsISupports.idl"

interface nsIURI;
interface nsIIdentityKeyGenCallback;
interface nsIIdentitySignCallback;

/* Naming and calling conventions:
 * A"hex" prefix means "hex-encoded string representation of a byte sequence"
 * e.g. "ae34bcdf123"
 * A "base64url" prefix means "base-64-URL-encoded string repressentation of a
 * byte sequence.
 * e.g. "eyJhbGciOiJSUzI1NiJ9"
 * we use the no-padding approach to base64-url-encoding
 * Callbacks take an "in nsresult rv" argument that indicates whether the async
 * operation succeeded. On success, rv will be a success code
 * (NS_SUCCEEDED(rv) / Components.isSuccessCode(rv)) and the remaining
 * arguments are as defined in the documentation for the callback. When the
 * operation fails, rv will be a failure code (NS_FAILED(rv) /
 * !Components.isSuccessCode(rv)) and the values of the remaining arguments will
 * be unspecified.
 * Key Types:
 * "RS256": RSA + SHA-256.
 * "DS160": DSA with SHA-1. A 1024-bit prime and a 160-bit subprime with SHA-1.
 * we use these abbreviated algorithm names as per the JWA spec

// ";1"
[scriptable, builtinclass, uuid(f087e6bc-dd33-4f6c-a106-dd786e052ee9)]
interface nsIIdentityCryptoService : nsISupports
  void generateKeyPair(in AUTF8String algorithm,
                       in nsIIdentityKeyGenCallback callback);

  ACString base64UrlEncode(in AUTF8String toEncode);

 * This interface provides a keypair and signing interface for Identity functionality
[scriptable, uuid(73962dc7-8ee7-4346-a12b-b039e1d9b54d)]
interface nsIIdentityKeyPair : nsISupports
  readonly attribute AUTF8String keyType;

  // RSA properties, only accessible when keyType == "RS256"

  readonly attribute AUTF8String hexRSAPublicKeyExponent;
  readonly attribute AUTF8String hexRSAPublicKeyModulus;

  // DSA properties, only accessible when keyType == "DS128"
  readonly attribute AUTF8String hexDSAPrime;       // p
  readonly attribute AUTF8String hexDSASubPrime;    // q
  readonly attribute AUTF8String hexDSAGenerator;   // g
  readonly attribute AUTF8String hexDSAPublicValue; // y

  void sign(in AUTF8String aText,
            in nsIIdentitySignCallback callback);

  // XXX implement verification bug 769856
  // AUTF8String verify(in AUTF8String aSignature, in AUTF8String encodedPublicKey);


 * This interface provides a JavaScript callback object used to collect the
 * nsIIdentityServeKeyPair when the keygen operation is complete
 * though there is discussion as to whether we need the nsresult,
 * we keep it so we can track deeper crypto errors.
[scriptable, function, uuid(90f24ca2-2b05-4ca9-8aec-89d38e2f905a)]
interface nsIIdentityKeyGenCallback : nsISupports
  void generateKeyPairFinished(in nsresult rv,
                               in nsIIdentityKeyPair keyPair);

 * This interface provides a JavaScript callback object used to collect the
 * AUTF8String signature
[scriptable, function, uuid(2d3e5036-374b-4b47-a430-1196b67b890f)]
interface nsIIdentitySignCallback : nsISupports
  /** On success, base64urlSignature is the base-64-URL-encoded signature
   * For RS256 signatures, XXX bug 769858
   * For DSA128 signatures, the signature is the r value concatenated with the
   * s value, each component padded with leading zeroes as necessary.
  void signFinished(in nsresult rv, in ACString base64urlSignature);