fuchsia.castauth

PROTOCOLS

CastKeySigner

Defined in fuchsia.castauth/cast_auth.fidl

This FIDL interface is used to sign with hardware Cast key. It is intended for short-term use only and will not be supported on all devices. It will eventually be replaced by an attestation service.

SignHash

Use Cast key to sign a hash value.

The input is hash value. The return value is the error code or the signature if the operation succeeds. The signature algorithm is RSA-2048-PKCS1.

Request

NameType
hash Asn1EncodedHash

Response

NameType
result CastKeySigner_SignHash_Result

GetCertificateChain

Get the Cast certificate chain.

The return value is the error code or the certificate chain if the operation succeeds. The chain contains Cast key cert, one or more intermediate CA certs and root CA cert.

Request

NameType

Response

NameType
result CastKeySigner_GetCertificateChain_Result

STRUCTS

CastKeySigner_SignHash_Response

generated

NameTypeDescriptionDefault
signature uint8[256] No default

CastKeySigner_GetCertificateChain_Response

generated

NameTypeDescriptionDefault
cert_chain vector<vector>[16] No default

ENUMS

ErrorCode

Type: uint32

Defined in fuchsia.castauth/cast_auth.fidl

Error codes for CastKeySigner operations.

NameValueDescription
FILE_NOT_FOUND 1
CRYPTO_ERROR 2

UNIONS

CastKeySigner_SignHash_Result

generated

NameTypeDescription
response CastKeySigner_SignHash_Response
err ErrorCode

CastKeySigner_GetCertificateChain_Result

generated

NameTypeDescription
response CastKeySigner_GetCertificateChain_Response
err ErrorCode

Asn1EncodedHash

Defined in fuchsia.castauth/cast_auth.fidl

Input hash to be signed by Cast key. It must be ASN1-encoded SHA1 or SHA256 hash, with sizes 35 or 51 bytes.

NameTypeDescription
sha1 uint8[35]
sha256 uint8[51]