blob: 81c659ff5d8acbd79a062d6fd576f9381cb8d050 [file] [log] [blame]
// Copyright 2019 The Fuchsia Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
library fuchsia.castauth;
/// Input hash to be signed by Cast key.
/// It must be ASN1-encoded SHA1 or SHA256 hash, with sizes 35 or 51 bytes.
union Asn1EncodedHash {
1: array<byte>:35 sha1;
2: array<byte>:51 sha256;
};
/// Error codes for CastKeySigner operations.
enum ErrorCode {
/// Key/cert not found in storage.
FILE_NOT_FOUND = 1;
/// Error occurred during signing operation.
CRYPTO_ERROR = 2;
};
/// This FIDL interface is used to sign with hardware Cast key.
/// It is intended for short-term use only and will not be supported on all
/// devices. It will eventually be replaced by an attestation service.
[Discoverable]
protocol CastKeySigner {
/// Use Cast key to sign a hash value.
///
/// The input is hash value.
/// The return value is the error code or the signature if the operation
/// succeeds. The signature algorithm is RSA-2048-PKCS1.
SignHash(Asn1EncodedHash hash) -> (array<byte>:256 signature) error ErrorCode;
/// Get the Cast certificate chain.
///
/// The return value is the error code or the certificate chain if
/// the operation succeeds. The chain contains Cast key cert,
/// one or more intermediate CA certs and root CA cert.
GetCertificateChain() -> (vector<bytes:2048>:16 cert_chain) error ErrorCode;
};