fuchsia.castauth

Added: 7

PROTOCOLS

CastCertificateRetriever

Defined in fuchsia.castauth/cast_auth.fidl

This protocol allows accessing the Cast certificate without also granting the capability to sign messages using the Cast key. Otherwise, the functionality of GetCertificateChain should be identical to CastKeySigner.

Added: 18

GetCertificateChain

Get the Cast certificate chain.

The return value is the error code or the certificate chain if the operation succeeds. The chain contains Cast key cert, one or more intermediate CA certs and root CA cert.

Request

<EMPTY>

Response

NameType
payload CastCertificateRetriever_GetCertificateChain_Result

CastKeySigner

Defined in fuchsia.castauth/cast_auth.fidl

This FIDL interface is used to sign with hardware Cast key. It is intended for short-term use only and will not be supported on all devices. It will eventually be replaced by an attestation service.

GetCertificateChain

Get the Cast certificate chain.

The return value is the error code or the certificate chain if the operation succeeds. The chain contains Cast key cert, one or more intermediate CA certs and root CA cert.

Added: 18

Request

<EMPTY>

Response

NameType
payload CastKeySigner_GetCertificateChain_Result

SignHash

Use Cast key to sign a hash value.

The input is hash value. The return value is the error code or the signature if the operation succeeds. The signature algorithm is RSA-2048-PKCS1.

Request

NameType
hash Asn1EncodedHash

Response

NameType
payload CastKeySigner_SignHash_Result

STRUCTS

CastCertificateRetriever_GetCertificateChain_Response

Defined in fuchsia.castauth/cast_auth.fidl

FieldTypeDescriptionDefault
cert_chain vector<vector<uint8>>[16] No default

CastKeySigner_GetCertificateChain_Response

Defined in fuchsia.castauth/cast_auth.fidl

FieldTypeDescriptionDefault
cert_chain vector<vector<uint8>>[16] No default

CastKeySigner_SignHash_Response

Defined in fuchsia.castauth/cast_auth.fidl

FieldTypeDescriptionDefault
signature uint8[256] No default

ENUMS

ErrorCode strict

Type: uint32

Defined in fuchsia.castauth/cast_auth.fidl

Error codes for CastKeySigner operations.

NameValueDescription
1

Key/cert not found in storage.

2

Error occurred during signing operation.

UNIONS

Asn1EncodedHash strict

Defined in fuchsia.castauth/cast_auth.fidl

Input hash to be signed by Cast key. It must be ASN1-encoded SHA1 or SHA256 hash, with sizes 35 or 51 bytes.

OrdinalVariantTypeDescription
sha1 uint8[35]
sha256 uint8[51]

CastCertificateRetriever_GetCertificateChain_Result strict

Defined in fuchsia.castauth/cast_auth.fidl

OrdinalVariantTypeDescription
response CastCertificateRetriever_GetCertificateChain_Response
err ErrorCode

CastKeySigner_GetCertificateChain_Result strict

Defined in fuchsia.castauth/cast_auth.fidl

OrdinalVariantTypeDescription
response CastKeySigner_GetCertificateChain_Response
err ErrorCode

CastKeySigner_SignHash_Result strict

Defined in fuchsia.castauth/cast_auth.fidl

OrdinalVariantTypeDescription
response CastKeySigner_SignHash_Response
err ErrorCode

CONSTANTS

NameValueTypeDescription
MAX_CERT_CHAIN_SIZE 16 uint64

The maximum number of certificates that may be returned from GetCertificateChain in the protocols of this library.

Added: 18
MAX_CERT_SIZE 2048 uint64

The maximum size a certificate may be returned from GetCertificateChain in the protocols of this library, in bytes.

Added: 18