Identity/PlatformCryptoAPI

From MozillaWiki
Jump to: navigation, search

Plaform Crypto API

The approach being taken in the platform crypto API has 3 parts to it

Lowest Level API: See bug 665057

  • A Keypair generation method: nsCrypto::GenerateBrowserIDKeypair(nsIURI& aOrigin, const nsAString& aIdentifier)
    • The nsIURI and Identifier (an email address) will be used to create a key for the nsIBrowserIDKeypair object
  • The nsIBrowserIDKeypair object is a wrapper that contains the publicKey, privateKey, origin and identifier
    • An nsIBrowserIDKeypair object has a getSerializedRSAPublicKey(in AString aPublicKey) method for chrome-privileged JS to call
    • An nsIBrowserIDKeypair object has a sign(in AString aText) method to allow for a simple, safe interface for signing
      • There is no need to have access to the PrivateKey with this API

IDL

/**
 * nsIBrowserIDKeypair
 * This interface provides a keypair and signing interface for BrowserID
 */

[scriptable, uuid(73962dc7-8ee7-4346-a12b-b039e1d9b54d)]
interface nsIBrowserIDKeypair : nsISupports
{
  void getSerializedRSAPublicKey(in ACString aOutString);
  
  void getRSAPublicKeyExponent(inout octet aOutval);
  
  void getRSAPublicKeyModulus(inout AString aOutString);
  
  void getOrigin(inout nsIURI aOutOrigin);

  // Typically, this is an email address
  void getIdentifier(inout AString aOutIdentifier); 
  
  void sign(in AString aText, inout AString aOutSignature);
};

/**
 * nsIBrowserIDService
 * This service keeps a registry of nsIBrowserIDKeypair objects in memory 
 * until shutdown.
 */

[scriptable, uuid(7335490a-ead7-4b4f-a22c-80a5cb3b2aa0)]
interface nsIBrowserIDService : nsISupports
{
  [noscript] 
  void registerKeypair(in nsIBrowserIDKeypair aBIDKeypair);
  
  nsIBrowserIDKeypair getBrowserIDKeypair(in nsIURI  aOrigin, 
                                          in AString aIdentifier);
};

The next layer up

  • We will have a new JavaScript module: BrowserIDAPI.js [not named yet]
    • This JSM will provide a chrome-privileged, asynchronous interface to nsIBrowserIDKeypair and nsIBrowserIDService
    • API:
      • void BrowserIDAPI.generateKeypair(in nsIURI aOrigin, in AString aIdentifier, in function aCallback)
        • The callback function is passed in the corresponding nsIBrowserIDKeypair, which can be used to getSerializedRSAPublicKey()
      • void BrowserIDAPI.getKeypair(in nsIURI aOrigin, in AString aIdentifier, in function aCallback)
        • The callback function is passed in the corresponding nsIBrowserIDKeypair, which can be used to create a signature

From content

  • The above APIs will be consumed by the code that produces the window.navigator.id API methods.
    • Let's fill in the working details here