summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/nsICryptoHMAC.idl
blob: 671d97c3117a2de7c99ce0b353b61dff661e0f62 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "nsISupports.idl"
interface nsIInputStream;
interface nsIKeyObject;

/**
 * nsICryptoHMAC
 * This interface provides HMAC signature algorithms.
 */

[scriptable, uuid(8FEB4C7C-1641-4a7b-BC6D-1964E2099497)]
interface nsICryptoHMAC : nsISupports
{
    /**
     * Hashing Algorithms. These values are to be used by the |init| method to
     * indicate which hashing function to use. These values map onto the values
     * defined in mozilla/security/nss/lib/softoken/pkcs11t.h and are switched
     * to a CKM_*_HMAC constant.
     */
    // 1 used to mean MD2.
    const short MD5    = 2;
    const short SHA1   = 3;
    const short SHA256 = 4;
    const short SHA384 = 5;
    const short SHA512 = 6;

    /**
     * Initialize the hashing object. This method may be
     * called multiple times with different algorithm types.
     *
     * @param aAlgorithm the algorithm type to be used.
     *        This value must be one of the above valid
     *        algorithm types.
     *
     * @param aKeyObject
     *        Object holding a key. To create the key object use for instance:
     *        var keyObject = Components.classes["@mozilla.org/security/keyobjectfactory;1"]
     *            .getService(Components.interfaces.nsIKeyObjectFactory)
     *              .keyFromString(Components.interfaces.nsIKeyObject.HMAC, rawKeyData);
     *
     * WARNING: This approach is not FIPS compliant.
     *
     * @throws NS_ERROR_INVALID_ARG if an unsupported algorithm
     *        type is passed.
     *
     * NOTE: This method must be called before any other method on this
     *       interface is called.
     */
    [must_use]
    void init(in unsigned long aAlgorithm, in nsIKeyObject aKeyObject);

    /**
     * @param aData a buffer to calculate the hash over
     *
     * @param aLen the length of the buffer |aData|
     *
     * @throws NS_ERROR_NOT_INITIALIZED If |init| has not been called.
     */
    [must_use]
    void update([const, array, size_is(aLen)] in octet aData, in unsigned long aLen);

    /**
     * Calculates and updates a new hash based on a given data stream.
     *
     * @param aStream an input stream to read from.
     *
     * @param aLen How much to read from the given |aStream|. Passing UINT32_MAX
     *        indicates that all data available will be used to update the hash.
     *
     * @throws NS_ERROR_NOT_INITIALIZED If |init| has not been called.
     *
     * @throws NS_ERROR_NOT_AVAILABLE If the requested amount of data to be
     *         calculated into the hash is not available.
     *
     */
    [must_use]
    void updateFromStream(in nsIInputStream aStream, in unsigned long aLen);

    /**
     * Completes this HMAC object and produces the actual HMAC digest data.
     *
     * @param aASCII If true then the returned value is a base64 encoded string.
     *        If false, then the returned value is binary data.
     *
     * @return a hash of the data that was read by this object.  This can
     *         be either binary data or base 64 encoded.
     *
     * @throws NS_ERROR_NOT_INITIALIZED If |init| has not been called.
     *
     * NOTE: This method may be called any time after |init|
     *       is called.  This call resets the object to its
     *       pre-init state.
     */
    [must_use]
    ACString finish(in boolean aASCII);

    /**
     * Reinitialize HMAC context to be reused with the same settings (the key
     * and hash algorithm) but on a different set of data.
     */
    [must_use]
    void reset();
};