| // Copyright 2019 The Fuchsia Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| @available(added=7) |
| library fuchsia.castauth; |
| |
| /// Input hash to be signed by Cast key. |
| /// It must be ASN1-encoded SHA1 or SHA256 hash, with sizes 35 or 51 bytes. |
| type Asn1EncodedHash = strict union { |
| 1: sha1 array<byte, 35>; |
| 2: sha256 array<byte, 51>; |
| }; |
| |
| /// Error codes for CastKeySigner operations. |
| type ErrorCode = strict enum { |
| /// Key/cert not found in storage. |
| FILE_NOT_FOUND = 1; |
| /// Error occurred during signing operation. |
| CRYPTO_ERROR = 2; |
| }; |
| |
| /// This FIDL interface is used to sign with hardware Cast key. |
| /// It is intended for short-term use only and will not be supported on all |
| /// devices. It will eventually be replaced by an attestation service. |
| @discoverable |
| protocol CastKeySigner { |
| /// Use Cast key to sign a hash value. |
| /// |
| /// The input is hash value. |
| /// The return value is the error code or the signature if the operation |
| /// succeeds. The signature algorithm is RSA-2048-PKCS1. |
| SignHash(struct { |
| hash Asn1EncodedHash; |
| }) -> (struct { |
| signature array<byte, 256>; |
| }) error ErrorCode; |
| |
| /// Get the Cast certificate chain. |
| /// |
| /// The return value is the error code or the certificate chain if |
| /// the operation succeeds. The chain contains Cast key cert, |
| /// one or more intermediate CA certs and root CA cert. |
| GetCertificateChain() -> (struct { |
| cert_chain vector<bytes:2048>:16; |
| }) error ErrorCode; |
| }; |