blob: e489961f6cf18349033774e7c6348baf048532db [file] [log] [blame]
// Copyright 2019 The Fuchsia Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@available(added=7)
library fuchsia.castauth;
/// Input hash to be signed by Cast key.
/// It must be ASN1-encoded SHA1 or SHA256 hash, with sizes 35 or 51 bytes.
type Asn1EncodedHash = strict union {
1: sha1 array<byte, 35>;
2: sha256 array<byte, 51>;
};
/// Error codes for CastKeySigner operations.
type ErrorCode = strict enum {
/// Key/cert not found in storage.
FILE_NOT_FOUND = 1;
/// Error occurred during signing operation.
CRYPTO_ERROR = 2;
};
/// This FIDL interface is used to sign with hardware Cast key.
/// It is intended for short-term use only and will not be supported on all
/// devices. It will eventually be replaced by an attestation service.
@discoverable
protocol CastKeySigner {
/// Use Cast key to sign a hash value.
///
/// The input is hash value.
/// The return value is the error code or the signature if the operation
/// succeeds. The signature algorithm is RSA-2048-PKCS1.
SignHash(struct {
hash Asn1EncodedHash;
}) -> (struct {
signature array<byte, 256>;
}) error ErrorCode;
/// Get the Cast certificate chain.
///
/// The return value is the error code or the certificate chain if
/// the operation succeeds. The chain contains Cast key cert,
/// one or more intermediate CA certs and root CA cert.
GetCertificateChain() -> (struct {
cert_chain vector<bytes:2048>:16;
}) error ErrorCode;
};