PROTOCOLS
CastCertificateRetriever
Defined in fuchsia.castauth/cast_auth.fidl
This protocol allows accessing the Cast certificate without also granting
the capability to sign messages using the Cast key. Otherwise, the
functionality of GetCertificateChain should be identical to
CastKeySigner.
GetCertificateChain
Get the Cast certificate chain.
The return value is the error code or the certificate chain if the operation succeeds. The chain contains Cast key cert, one or more intermediate CA certs and root CA cert.
Request
<EMPTY>
Response
| Name | Type |
|---|---|
payload |
CastCertificateRetriever_GetCertificateChain_Result
|
CastKeySigner
Defined in fuchsia.castauth/cast_auth.fidl
This FIDL interface is used to sign with hardware Cast key. It is intended for short-term use only and will not be supported on all devices. It will eventually be replaced by an attestation service.
GetCertificateChain
Get the Cast certificate chain.
The return value is the error code or the certificate chain if the operation succeeds. The chain contains Cast key cert, one or more intermediate CA certs and root CA cert.
Request
<EMPTY>
Response
| Name | Type |
|---|---|
payload |
CastKeySigner_GetCertificateChain_Result
|
SignHash
Use Cast key to sign a hash value.
The input is hash value. The return value is the error code or the signature if the operation succeeds. The signature algorithm is RSA-2048-PKCS1.
Request
| Name | Type |
|---|---|
hash |
Asn1EncodedHash
|
Response
| Name | Type |
|---|---|
payload |
CastKeySigner_SignHash_Result
|
STRUCTS
CastCertificateRetriever_GetCertificateChain_Response
Defined in fuchsia.castauth/cast_auth.fidl
| Field | Type | Description | Default |
|---|---|---|---|
cert_chain |
vector<vector<uint8>:2048>:16
|
No default |
CastKeySigner_GetCertificateChain_Response
Defined in fuchsia.castauth/cast_auth.fidl
| Field | Type | Description | Default |
|---|---|---|---|
cert_chain |
vector<vector<uint8>:2048>:16
|
Added: 18
|
No default |
CastKeySigner_SignHash_Response
Defined in fuchsia.castauth/cast_auth.fidl
| Field | Type | Description | Default |
|---|---|---|---|
signature |
array<uint8, 256>
|
No default |
ENUMS
ErrorCode strict
Type: uint32
Defined in fuchsia.castauth/cast_auth.fidl
Error codes for CastKeySigner operations.
| Name | Value | Description |
|---|---|---|
FILE_NOT_FOUND |
1 |
Key/cert not found in storage. |
CRYPTO_ERROR |
2 |
Error occurred during signing operation. |
UNIONS
Asn1EncodedHash strict
Defined in fuchsia.castauth/cast_auth.fidl
Input hash to be signed by Cast key. It must be ASN1-encoded SHA1 or SHA256 hash, with sizes 35 or 51 bytes.
| Ordinal | Variant | Type | Description |
|---|---|---|---|
1 |
sha1 |
array<uint8, 35>
|
|
2 |
sha256 |
array<uint8, 51>
|
CastCertificateRetriever_GetCertificateChain_Result strict
Defined in fuchsia.castauth/cast_auth.fidl
| Ordinal | Variant | Type | Description |
|---|---|---|---|
1 |
response |
CastCertificateRetriever_GetCertificateChain_Response
|
|
2 |
err |
ErrorCode
|
CastKeySigner_GetCertificateChain_Result strict
Defined in fuchsia.castauth/cast_auth.fidl
| Ordinal | Variant | Type | Description |
|---|---|---|---|
1 |
response |
CastKeySigner_GetCertificateChain_Response
|
|
2 |
err |
ErrorCode
|
CastKeySigner_SignHash_Result strict
Defined in fuchsia.castauth/cast_auth.fidl
| Ordinal | Variant | Type | Description |
|---|---|---|---|
1 |
response |
CastKeySigner_SignHash_Response
|
|
2 |
err |
ErrorCode
|
CONSTANTS
| Name | Value | Type | Description |
|---|---|---|---|
| MAX_CERT_CHAIN_SIZE |
16
|
uint64 |
The maximum number of certificates that may be returned from
Added: 18
|
| MAX_CERT_SIZE |
2048
|
uint64 |
The maximum size a certificate may be returned from Added: 18
|