| blob | d4ec948bc35c1ac7e1c6f717fbbd17d5771ca67d |
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* This Source Code Form is subject to the terms of the Mozilla Public
3 * License, v. 2.0. If a copy of the MPL was not distributed with this
4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6 #include "nsISupports.idl"
10 /**
11 * This interface provides encryption and decryption operations for data at
12 * rest. The key used to encrypt and decrypt the data is stored in the OS
13 * key store.
14 *
15 * NB: To first authenticate the user to the system, use
16 * nsIOSReauthenticator.
17 *
18 * Usage:
19 *
20 * // obtain the singleton OSKeyStore instance
21 * const oskeystore = Cc["@mozilla.org/security/oskeystore;1"].getService(Ci.nsIOSKeyStore);
22 *
23 * const PASSWORD_LABEL = "mylabel1";
24 *
25 * // Check if there's a secret for your label already.
26 * if (!await oskeystore.asyncSecretAvailable(PASSWORD_LABEL)) {
27 * // Fail or generate a new secret for your label.
28 * // If you want to generate a new secret, do.
29 * // Hold onto `recoveryPhrase` to present to the user.
30 * let recoveryPhrase = await oskeystore.asyncGenerateSecret(PASSWORD_LABEL);
31 * }
32 *
33 * // Assuming there's a secret with your label. Encrypt/Decrypt as follows.
34 * let encryptedPasswordBytes = await oskeystore.asyncEncryptBytes(PASSWORD_LABEL, passwordBytes);
35 * let newPasswordBytes = await oskeystore.asyncDecryptBytes(PASSWORD_LABEL, encryptedPasswordBytes);
36 *
37 * // Delete the secret from the key store.
38 * await oskeystore.asyncDeleteSecret(PASSWORD_LABEL);
39 *
40 * // Recover a secret from a recovery code.
41 * await oskeystore.asyncRecoverSecret(PASSWORD_LABEL, recoveryPhrase);
42 */
44 /**
45 * Generate a new secret and store it in the OS key store with the given label.
46 * The caller should make sure that no other secrets with the same label are
47 * present before calling this function.
48 * This invalidates all previous ciphertexts created with the key
49 * corresponding to the given label.
50 *
51 * @param label The label to use for the secret.
52 * @return Promise that resolves to the recoveryPhrase string used to generate
53 * the secret.
54 */
58 /**
59 * Check whether a secret for a given label exists.
60 *
61 * @param label The label to lookup.
62 * @return Promise that resolves to a bool (whether a secret with label is
63 * known or not) or an error.
64 */
68 /**
69 * Set a secret from a given recovery phrase.
70 * This might not be implemented on all platforms.
71 * This invalidates all previous ciphertexts.
72 *
73 * @param label The label to use for the secret.
74 * @param recoveryPhrase The recovery phrase that's used to generate the secret.
75 * @return Promise that resolves to undefined or an error.
76 */
80 /**
81 * Delete secret with a given label. If there is no secret with the given
82 * label, no action is taken.
83 *
84 * @param label The label of the secret to delete.
85 * @return Promise that resolves to undefined or an error.
86 */
91 /**
92 * Encrypt the given data and then return the result as a base64-encoded
93 * string.
94 *
95 * @param label The label of the key to use to encrypt.
96 * @param inBytes The bytes to encrypt.
97 * @return Promise resolving to the encrypted text, encoded as Base64, or an
98 * error.
99 */
103 /**
104 * Decode and then decrypt the given base64-encoded string.
105 *
106 * @param label The label of the key to use to decrypt.
107 * @param encryptedBase64Text Encrypted input text, encoded as Base64.
108 * @return Promise resolving to the plaintext bytes or an error.
109 */
113 /**
114 * Retrieve the recovery phrase from the key store.
115 *
116 * @param aLabel The label of the secret to retrieve.
117 * @return Promise resolving to the recovery phrase or an error.
118 */
121 };