/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* ***** BEGIN LICENSE BLOCK *****
 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
 *
 * The contents of this file are subject to the Mozilla Public License Version
 * 1.1 (the "License"); you may not use this file except in compliance with
 * the License. You may obtain a copy of the License at
 * http://www.mozilla.org/MPL/
 *
 * Software distributed under the License is distributed on an "AS IS" basis,
 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 * for the specific language governing rights and limitations under the
 * License.
 *
 * The Original Code is Weave code.
 *
 * The Initial Developer of the Original Code is
 * Mozilla Corporation
 * Portions created by the Initial Developer are Copyright (C) 2007
 * the Initial Developer. All Rights Reserved.
 *
 * Contributor(s):
 *   Dan Mills <thunder@mozilla.com> (original author)
 *   Honza Bambas <honzab@allpeers.com>
 *   Justin Dolske <dolske@mozilla.com>
 *
 * Alternatively, the contents of this file may be used under the terms of
 * either the GNU General Public License Version 2 or later (the "GPL"), or
 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 * in which case the provisions of the GPL or the LGPL are applicable instead
 * of those above. If you wish to allow use of your version of this file only
 * under the terms of either the GPL or the LGPL, and not to allow others to
 * use your version of this file under the terms of the MPL, indicate your
 * decision by deleting the provisions above and replace them with the notice
 * and other provisions required by the GPL or the LGPL. If you do not delete
 * the provisions above, a recipient may use your version of this file under
 * the terms of any one of the MPL, the GPL or the LGPL.
 *
 * ***** END LICENSE BLOCK ***** */

#include "nsISupports.idl"

[scriptable, uuid(f4463043-315e-41f3-b779-82e900e6fffa)]
interface IWeaveCrypto : nsISupports
{
  /**
   * Shortcuts for some algorithm SEC OIDs.  Full list available here:
   * http://lxr.mozilla.org/seamonkey/source/security/nss/lib/util/secoidt.h
   */

  const unsigned long DES_EDE3_CBC = 156;
  const unsigned long AES_128_CBC  = 184;
  const unsigned long AES_192_CBC  = 186;
  const unsigned long AES_256_CBC  = 188;

  /**
   * One of the above constants. Used as the mechanism for encrypting bulk
   * data and wrapping keys.
   *
   * Default is AES_256_CBC.
   */
  attribute unsigned long algorithm;

  /**
   * The size of the RSA key to create with generateKeypair().
   *
   * Default is 2048.
   */
  attribute unsigned long keypairBits;

  /**
   * Encrypt data using a symmetric key.
   * The algorithm attribute specifies how the encryption is performed.
   *
   * @param   clearText
   *          The data to be encrypted (not base64 encoded).
   * @param   symmetricKey
   *          A base64-encoded symmetric key (eg, one from generateRandomKey).
   * @param   iv
   *          A base64-encoded initialization vector
   * @returns Encrypted data, base64 encoded
   */
  ACString encrypt(in AUTF8String clearText,
                   in ACString symmetricKey, in ACString iv);

  /**
   * Encrypt data using a symmetric key.
   * The algorithm attribute specifies how the encryption is performed.
   *
   * @param   cipherText
   *          The base64-encoded data to be decrypted
   * @param   symmetricKey
   *          A base64-encoded symmetric key (eg, one from unwrapSymmetricKey)
   * @param   iv
   *          A base64-encoded initialization vector
   * @returns Decrypted data (not base64-encoded)
   */
  AUTF8String decrypt(in ACString cipherText,
                   in ACString symmetricKey, in ACString iv);

  /**
   * Generate a RSA public/private keypair.
   *
   * @param aPassphrase
   *        User's passphrase. Used with PKCS#5 to generate a symmetric key
   *        for wrapping the private key.
   * @param aSalt
   *        Salt for the user's passphrase.
   * @param aIV
   *        Random IV, used when wrapping the private key.
   * @param aEncodedPublicKey
   *        The public key, base-64 encoded.
   * @param aWrappedPrivateKey
   *        The public key, encrypted with the user's passphrase, and base-64 encoded.
   */
  void generateKeypair(in ACString aPassphrase, in ACString aSalt, in ACString aIV,
                       out ACString aEncodedPublicKey, out ACString aWrappedPrivateKey);

  /*
   * Generate a random symmetric key.
   *
   * @returns The random key, base64 encoded
   */
  ACString generateRandomKey();

  /*
   * Generate a random IV.
   *
   * The IV will be sized for the algorithm specified in the algorithm
   * attribute of IWeaveCrypto.
   *
   * @returns The random IV, base64 encoded
   */
  ACString generateRandomIV();

  /*
   * Generate random data.
   *
   * @param aByteCount
   *        The number of bytes of random data to generate.
   * @returns The random bytes, base64-encoded
   */
  ACString generateRandomBytes(in unsigned long aByteCount);


  /**
   * Encrypts a symmetric key with a user's public key.
   *
   * @param aSymmetricKey
   *        The base64 encoded string holding a symmetric key.
   * @param aEncodedPublicKey
   *        The base64 encoded string holding a public key.
   * @returns The wrapped symmetric key, base64 encoded
   *
   * For RSA, the unencoded public key is a PKCS#1 object.
   */
  ACString wrapSymmetricKey(in ACString aSymmetricKey,
                            in ACString aEncodedPublicKey);

  /**
   * Decrypts a symmetric key with a user's private key.
   *
   * @param aWrappedSymmetricKey
   *        The base64 encoded string holding an encrypted symmetric key.
   * @param aWrappedPrivateKey
   *        The base64 encoded string holdering an encrypted private key.
   * @param aPassphrase
   *        The passphrase to decrypt the private key.
   * @param aSalt
   *        The salt for the passphrase.
   * @param aIV
   *        The random IV used when unwrapping the private key.
   * @returns The unwrapped symmetric key, base64 encoded
   *
   * For RSA, the unencoded, decrypted key is a PKCS#1 object.
   */
  ACString unwrapSymmetricKey(in ACString aWrappedSymmetricKey,
                              in ACString aWrappedPrivateKey,
                              in ACString aPassphrase,
                              in ACString aSalt,
                              in ACString aIV);
                              
  /**
   * Rewrap a private key with a new user passphrase.
   *
   * @param aWrappedPrivateKey
   *        The base64 encoded string holding an encrypted private key.
   * @param aPassphrase
   *        The passphrase to decrypt the private key.
   * @param aSalt
   *        The salt for the passphrase.
   * @param aIV
   *        The random IV used when unwrapping the private key.
   * @param aNewPassphrase
   *        The new passphrase to wrap the private key with.
   * @returns The (re)wrapped private key, base64 encoded
   *
   */
   ACString rewrapPrivateKey(in ACString aWrappedPrivateKey,
                             in ACString aPassphrase,
                             in ACString aSalt,
                             in ACString aIV,
                             in ACString aNewPassphrase);
                             
   /**
    * Verify a user's passphrase against a private key.
    *
    * @param aWrappedPrivateKey
    *        The base64 encoded string holding an encrypted private key.
    * @param aPassphrase
    *        The passphrase to decrypt the private key.
    * @param aSalt
    *        The salt for the passphrase.
    * @param aIV
    *        The random IV used when unwrapping the private key.
    * @returns Boolean true if the passphrase decrypted the key correctly.
    *
    */
   boolean verifyPassphrase(in ACString aWrappedPrivateKey,
                            in ACString aPassphrase,
                            in ACString aSalt,
                            in ACString aIV);
};