564
edits
DOMCryptInternalAPI: Difference between revisions
Jump to navigation
Jump to search
no edit summary
(Created page with "{{FeatureStatus |Feature name=DOMCryptInternalAPI |Feature stage=Draft |Feature status=In progress |Feature version=N/A |Feature health=OK }} {{FeatureTeam |Feature product manag...") |
No edit summary |
||
| Line 22: | Line 22: | ||
{{FeaturePageBody | {{FeaturePageBody | ||
|Feature open issues and risks=This API should obey private browsing mode, but also integrate well with PSM/NSS, in which case the keystore does not know about Private Browsing. We may need to tie the key storage to Places or something new. | |Feature open issues and risks=This API should obey private browsing mode, but also integrate well with PSM/NSS, in which case the keystore does not know about Private Browsing. We may need to tie the key storage to Places or something new. | ||
|Feature overview=DOMCryptInternalAPI is the PSM code that will generate keypairs, sign, verify, hash, hmac, encrypt and decrypt data. The scriptable interface will reside outside of PSM, consuming this API and providing a simpler abstraction for DOMCrypt, a WebAPI currently being standardized by the W3C via the Web Cryptography Working Group. This API will also be useful to extension developers and the AddonSDK | |Feature overview=DOMCryptInternalAPI is the PSM code that will generate keypairs, sign, verify, hash, hmac, encrypt and decrypt data. The scriptable interface will reside outside of PSM, consuming this API and providing a simpler abstraction for DOMCrypt, a WebAPI currently being standardized by the W3C via the Web Cryptography Working Group: http://www.w3.org/2012/webcrypto/. This API will also be useful to extension developers and the AddonSDK | ||
|Feature users and use cases=* DOMCrypt's DOM bindings ( W3C Web Crypto WG ) will consume this API for all crypto-related functionality | |Feature users and use cases=* DOMCrypt's DOM bindings ( W3C Web Crypto WG ) will consume this API for all crypto-related functionality | ||
* Extension developers can use this API for any number of signature, hashing, hmac, encrypt and decrypt operations. The API is intended to be relatively easy to use and high-level, only allowing configuration of algorithm and key bits properties | * Extension developers can use this API for any number of signature, hashing, hmac, encrypt and decrypt operations. The API is intended to be relatively easy to use and high-level, only allowing configuration of algorithm and key bits properties | ||
| Line 29: | Line 29: | ||
* For example: NGOs, human rights organizations and business can use this API to build extensions that improve application security, provide psuedo-anonymity and browser-based encrypted messaging or business transactions. | * For example: NGOs, human rights organizations and business can use this API to build extensions that improve application security, provide psuedo-anonymity and browser-based encrypted messaging or business transactions. | ||
|Feature non-goals=* Exposing low-level crypto primitives that can potentially backfire on programmers without deep cryptography understanding | |Feature non-goals=* Exposing low-level crypto primitives that can potentially backfire on programmers without deep cryptography understanding | ||
|Feature functional spec=This API will need to support the DOM API designed by the W3C Web Crypto WG. The latest - and soon changing spec is here: https://wiki.mozilla.org/Privacy/Features/DOMCryptAPISpec/Latest | |||
== IDL == | |||
<pre> | |||
interface nsIDOMCryptAPIKeyPair : nsISupports | |||
{ | |||
readonly attribute AUTF8String publicKey; | |||
readonly attribute AUTF8String wrappedPrivateKey; | |||
readonly attribute AUTF8String keyID; | |||
}; | |||
interface nsIDOMCryptAPIKeyGenCallback : nsISupports | |||
{ | |||
void keyPairGenFinished(in nsIDOMCryptAPIPublicKey aKeyPair); | |||
}; | |||
interface nsIDOMCryptAPIPKEncryptCallback : nsISupports | |||
{ | |||
void encryptFinished(in jsval aCryptoBytes); | |||
}; | |||
interface nsIDOMCryptAPIPKDecryptCallback : nsISupports | |||
{ | |||
void decryptFinished(in jsval aClearBytes); | |||
}; | |||
interface nsIDOMCryptAPISignatureCallback : nsISupports | |||
{ | |||
void signatureFinished(in jsval aSignature); | |||
}; | |||
interface nsIDOMCryptAPIVerifyCallback : nsISupports | |||
{ | |||
void verifyFinished(in boolean aVerified); | |||
}; | |||
interface nsIDOMCryptAPI : nsISupports | |||
{ | |||
void PKGenerateKeyPair(in unsigned long aKeySizeInBits, | |||
in unsigned long aAlgorithm, | |||
in nsIDOMCryptAPIKeyGenCallback aCallback); | |||
void PKEncrypt(in nsIDOMCryptAPIKeyPair aKeyPair, | |||
in jsval aClearBytes, | |||
in nsIDOMCryptAPIPKEncryptCallback aCallback); | |||
void PKDecrypt(in AUTF8String aKeyID, | |||
in jsval aEncryptedBytes, | |||
in nsIDOMCryptAPIPKDecryptCallback aCallback); | |||
const unsigned long ALGORITHM_RSA = 0; | |||
void SigGenerateKeyPair(in unsigned long aKeySizeInBits, | |||
in unsigned long aAlgorithm, | |||
in nsIDOMCryptAPIKeyGenCallback aCallback); | |||
void Sign(in nsIDOMCryptAPIKeyPair aKeyPair, | |||
in AString aPlaintext, | |||
in nsIDOMCryptAPISignatureCallback aCallback); | |||
void Verify(in nsIDOMCryptAPIKeyPair aKeyPair, | |||
in jsval aClearBytes, | |||
in jsval aSignature, | |||
in nsIDOMCryptAPIVerifyCallback aCallback); | |||
}; | |||
</pre> | |||
* The Hash and HMAC WebIDL from https://wiki.mozilla.org/Privacy/Features/DOMCryptAPISpec/Latest | |||
** Still need to spend some time on how these should be specified inside this internal API | |||
<pre> | |||
[Constructor(DOMString algorithm)] | |||
interface CryptoHash { | |||
void append(ArrayBuffer data); | |||
ArrayBuffer finish(); | |||
}; | |||
[Constructor(DOMString algorithm, ArrayBuffer key)] | |||
interface CryptoHmac { | |||
void append(ArrayBuffer data); | |||
ArrayBuffer finish(); | |||
}; | |||
</pre> | |||
* There is also the need for a symmetric encryption API, perhaps based on DHKE to specify | |||
}} | }} | ||
{{FeatureInfo | {{FeatureInfo | ||