| // Copyright 2014 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| // <code>chrome.easyUnlockPrivate</code> API that provides hooks to Chrome to |
| // be used by Easy Unlock component app. |
| [nodoc] namespace easyUnlockPrivate { |
| // Signature algorithms supported by the crypto library methods used by |
| // Easy Unlock. |
| enum SignatureType { |
| HMAC_SHA256, |
| ECDSA_P256_SHA256 |
| }; |
| |
| // Encryption algorithms supported by the crypto library methods used by |
| // Easy Unlock. |
| enum EncryptionType { |
| AES_256_CBC |
| }; |
| |
| // Available states for the Easy Unlock app. |
| enum State { |
| // Screen is either not locked, or the Easy Unlock is not enabled. |
| INACTIVE, |
| // The Bluetooth is not enabled. |
| NO_BLUETOOTH, |
| // Bluetooth is being activated. |
| BLUETOOTH_CONNECTING, |
| // There are no phones eligible to unlock the device. |
| NO_PHONE, |
| // A phone eligible to unlock the device is detected, but can't be |
| // authenticated. |
| PHONE_NOT_AUTHENTICATED, |
| // A phone eligible to unlock the device is detected, but it's locked and |
| // thus unable to unlock the device. |
| PHONE_LOCKED, |
| // A phone eligible to unlock the device is detected, but it is not allowed |
| // to unlock the device because it doesn't have lock screen enabled. |
| PHONE_UNLOCKABLE, |
| // A phone eligible to unlock the device is detected, but it is not allowed |
| // to unlock the device because it does not report its lock screen state. |
| PHONE_UNSUPPORTED, |
| // A phone eligible to unlock the device is detected, but its received |
| // signal strength is too low, i.e. the phone is roughly more than 30 feet |
| // away, and therefore is not allowed to unlock the device. |
| RSSI_TOO_LOW, |
| // A phone eligible to unlock the device is found, but the local device's |
| // transmission power is too high, indicating that the phone is (probably) |
| // more than 1 foot away, and therefore is not allowed to unlock the device. |
| TX_POWER_TOO_HIGH, |
| // The devie can be unlocked using Easy Unlock. |
| AUTHENTICATED |
| }; |
| |
| // Type of a permit. All lower case to match permit.PermitRecord.Type. |
| enum PermitType {access, license}; |
| |
| // Options that can be passed to |unwrapSecureMessage| method. |
| dictionary UnwrapSecureMessageOptions { |
| // The data associated with the message. For the message to be succesfully |
| // verified, the message should have been created with the same associated |
| // data. |
| ArrayBuffer? associatedData; |
| |
| // The encryption algorithm that should be used to decrypt the message. |
| // Should not be set for a cleartext message. |
| EncryptionType? encryptType; |
| |
| // The algorithm to be used to verify signature contained in the message. |
| // Defaults to |HMAC_SHA256|. |ECDSA_P256_SHA256| can currently be used |
| // only with cleartext messages. |
| SignatureType? signType; |
| }; |
| |
| dictionary CreateSecureMessageOptions { |
| // Data associated with the message. The data will not be sent with the |
| // message, but the message recepient will use the same data on its side |
| // to verify the message. |
| ArrayBuffer? associatedData; |
| |
| // Metadata to be added to the message header. |
| ArrayBuffer? publicMetadata; |
| |
| // Verification key id added to the message header. Should be set if the |
| // message is signed using |ECDSA_P256_SHA256|. Used by the message |
| // recepient to determine which key should be used to verify the message |
| // signature. |
| ArrayBuffer? verificationKeyId; |
| |
| // Decryption key id added to the message header. Used by the message |
| // recepient to determine which key should be used to decrypt the message. |
| ArrayBuffer? decryptionKeyId; |
| |
| // The encryption algorithm that should be used to encrypt the message. |
| // Should not be set for a cleartext message. |
| EncryptionType? encryptType; |
| |
| // The algorithm to be used to sign the message. |
| // Defaults to |HMAC_SHA256|. |ECDSA_P256_SHA256| can currently be used |
| // only with cleartext messages. |
| SignatureType? signType; |
| }; |
| |
| // A permit record contains the credentials used to request or grant |
| // authorization of a permit. |
| dictionary PermitRecord { |
| // ID of the permit, which identifies the service/application that these |
| // permit records are used in. |
| DOMString permitId; |
| |
| // An identifier for this record that should be unique among all other |
| // records of the same permit. |
| DOMString id; |
| |
| // Type of the record. |
| PermitType type; |
| |
| // Websafe base64 encoded payload data of the record. |
| DOMString data; |
| }; |
| |
| // Device information that can be authenticated for Easy unlock. |
| dictionary Device { |
| // The Bluetooth address of the device. |
| DOMString bluetoothAddress; |
| |
| // The name of the device. |
| DOMString? name; |
| |
| // The permit record of the device. |
| PermitRecord? permitRecord; |
| |
| // Websafe base64 encoded persistent symmetric key. |
| DOMString? psk; |
| }; |
| |
| // The information about a user associated with Easy unlock service. |
| dictionary UserInfo { |
| // The user id. |
| DOMString userId; |
| |
| // Whether the user is logged in. If not logged in, the app is running on |
| // the signin screen. |
| boolean loggedIn; |
| |
| // Whether all data needed to use Easy unlock service has been loaded for |
| // the user. |
| boolean dataReady; |
| }; |
| |
| // Callback for crypto methods that return a single array buffer. |
| callback DataCallback = void(optional ArrayBuffer data); |
| |
| // An empty callback used purely for signalling success vs. failure. |
| callback EmptyCallback = void(); |
| |
| // Callback for the getStrings() method. |
| callback GetStringsCallback = void(object strings); |
| |
| // Callback for method that generates an encryption key pair. |
| callback KeyPairCallback = void(optional ArrayBuffer public_key, |
| optional ArrayBuffer private_key); |
| |
| // Callback for the getPermitAccess() method. |
| callback GetPermitAccessCallback = void(optional PermitRecord permitAccess); |
| |
| // Callback for the getRemoteDevices() method. |
| callback GetRemoteDevicesCallback = void(Device[] devices); |
| |
| // Callback for the |getUserInfo()| method. Note that the callback argument is |
| // a list for future use (on signin screen there may be more than one user |
| // associated with the easy unlock service). Currently the method returns at |
| // most one user. |
| callback GetUserInfoCallback = void(UserInfo[] users); |
| |
| interface Functions { |
| // Gets localized strings required to render the API. |
| // |
| // |callback| : Called with a dictionary mapping names to resource strings. |
| // TODO(isherman): This is essentially copied from identity_private.idl. |
| // Perhaps this should be extracted to a common API instead? |
| static void getStrings(GetStringsCallback callback); |
| |
| // Generates a ECDSA key pair for P256 curve. |
| // Public key will be in format recognized by secure wire transport protocol |
| // used by Easy Unlock app. Otherwise, the exact format for both key should |
| // should be considered obfuscated to the app. The app should not use them |
| // directly, but through this API. |
| // |callback|: Callback with the generated keys. On failure, none of the |
| // keys will be set. |
| static void generateEcP256KeyPair(KeyPairCallback callback); |
| |
| // Given a private key and a public ECDSA key from different asymetric key |
| // pairs, it generates a symetric encryption key using EC Diffie-Hellman |
| // scheme. |
| // |privateKey|: A private key generated by the app using |
| // |generateEcP256KeyPair|. |
| // |publicKey|: A public key that should be in the same format as the |
| // public key generated by |generateEcP256KeyPair|. Generally not the |
| // one paired with |private_key|. |
| // |callback|: Function returning the generated secret symetric key. |
| // On failure, the returned value will not be set. |
| static void performECDHKeyAgreement(ArrayBuffer privateKey, |
| ArrayBuffer publicKey, |
| DataCallback callback); |
| |
| // Creates a secure, signed message in format used by Easy Unlock app to |
| // establish secure communication channel over unsecure connection. |
| // |payload|: The payload the create message should carry. |
| // |key|: The key used to sign the message content. If encryption algorithm |
| // is set in |options| the same key will be used to encrypt the message. |
| // |options|: Additional (optional) parameters used to create the message. |
| // |callback|: Function returning the created message bytes. On failure, |
| // the returned value will not be set. |
| static void createSecureMessage( |
| ArrayBuffer payload, |
| ArrayBuffer key, |
| CreateSecureMessageOptions options, |
| DataCallback callback); |
| |
| // Authenticates and, if needed, decrypts a secure message. The message is |
| // in the same format as the one created by |createSecureMessage|. |
| // |secureMessage|: The message to be unwrapped. |
| // |key|: Key to be used to authenticate the message sender. If encryption |
| // algorithm is set in |options|, the same key will be used to decrypt |
| // the message. |
| // |options|: Additional (optional) parameters used to unwrap the message. |
| // |callback|: Function returning an array buffer containing cleartext |
| // message header and body. They are returned in a single buffer in |
| // format used inside the message. If the massage authentication or |
| // decryption fails, the returned value will not be set. |
| static void unwrapSecureMessage( |
| ArrayBuffer secureMessage, |
| ArrayBuffer key, |
| UnwrapSecureMessageOptions options, |
| DataCallback callback); |
| |
| // Connects to the SDP service on a device, given just the device's |
| // Bluetooth address. This function is useful as a faster alternative to |
| // Bluetooth discovery, when you already know the remote device's Bluetooth |
| // address. A successful call to this function has the side-effect of |
| // registering the device with the Bluetooth daemon, making it available for |
| // future outgoing connections. |
| // |deviceAddress|: The Bluetooth address of the device to connect to. |
| // |callback|: Called to indicate success or failure. |
| static void seekBluetoothDeviceByAddress(DOMString deviceAddress, |
| optional EmptyCallback callback); |
| |
| // Connects the socket to a remote Bluetooth device over an insecure |
| // connection, i.e. a connection that requests no bonding and no |
| // man-in-the-middle protection. Other than the reduced security setting, |
| // behaves identically to the chrome.bluetoothSocket.connect() function. |
| // |socketId|: The socket identifier, as issued by the |
| // chrome.bluetoothSocket API. |
| // |deviceAddress|: The Bluetooth address of the device to connect to. |
| // |uuid|: The UUID of the service to connect to. |
| // |callback|: Called when the connect attempt is complete. |
| static void connectToBluetoothServiceInsecurely(long socketId, |
| DOMString deviceAddress, |
| DOMString uuid, |
| EmptyCallback callback); |
| |
| // Updates the screenlock state to reflect the Easy Unlock app state. |
| static void updateScreenlockState(State state, |
| optional EmptyCallback callback); |
| |
| // Saves the permit record for the local device. |
| // |permitAccess|: The permit record to be saved. |
| // |callback|: Called to indicate success or failure. |
| static void setPermitAccess(PermitRecord permitAccess, |
| optional EmptyCallback callback); |
| |
| // Gets the permit record for the local device. |
| static void getPermitAccess(GetPermitAccessCallback callback); |
| |
| // Clears the permit record for the local device. |
| static void clearPermitAccess(optional EmptyCallback callback); |
| |
| // Saves the remote device list. |
| // |devices|: The list of remote devices to be saved. |
| // |callback|: Called to indicate success or failure. |
| static void setRemoteDevices(Device[] devices, |
| optional EmptyCallback callback); |
| |
| // Gets the remote device list. |
| static void getRemoteDevices(GetRemoteDevicesCallback callback); |
| |
| // Gets the sign-in challenge for the current user. |
| static void getSignInChallenge(DataCallback callback); |
| |
| // Tries to sign-in the current user with a secret obtained by decrypting |
| // the sign-in challenge. Check chrome.runtime.lastError for failures. Upon |
| // success, the user session will be started. |
| static void trySignInSecret(ArrayBuffer signInSecret, |
| EmptyCallback callback); |
| |
| // Retrieves information about the user associated with the Easy unlock |
| // service. |
| static void getUserInfo(GetUserInfoCallback callback); |
| |
| // Gets the user's profile image as a bitmap. |
| static void getUserImage(DataCallback callback); |
| }; |
| |
| interface Events { |
| // Event fired when the data for the user currently associated with |
| // Easy unlock service is updated. |
| // |userInfo| The updated user information. |
| static void onUserInfoUpdated(UserInfo userInfo); |
| }; |
| }; |