chromium/chrome/services/keymaster/public/mojom/cert_store.mojom

// Copyright 2019 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

// Next MinVersion: 1

// This file defines the mojo interface between arc-keymaster and Chrome for the
// keys hardware-backed and accessible by Chrome.

module arc.keymaster.mojom;

import "chrome/services/keymanagement/public/mojom/cert_store_types.mojom";

// Metadata to uniquely identify a chaps key.
struct ChapsKeyData {
  // Maps to the CKA_LABEL of the CKO_PRIVATE_KEY in PKCS#11.
  string label;
  // Maps to the CKA_ID of the CKO_PRIVATE_KEY in PKCS#11.
  string id;
  // The slot where this key is stored. Does NOT map to the PKCS#11 CK_SLOT_ID.
  [MinVersion=1] arc.keymanagement.mojom.ChapsSlot slot;
};

// Union of Chrome OS keys from different sources.
union KeyData {
  ChapsKeyData chaps_key_data;
};

// Describes a placeholder for a Chrome OS key along with metadata about the
// original key.
struct ChromeOsKey {
  string base64_subject_public_key_info;
  KeyData key_data;
};


// Interface exposed by arc-keymaster daemon.
// Next method ID: 2
// Deprecated method IDs: 0
interface CertStoreInstance {
  // Updates info about the latest set of keys owned by Chrome OS.
  UpdatePlaceholderKeys@1(array<ChromeOsKey> keys) => (bool success);
};