summaryrefslogtreecommitdiff
path: root/app/src/main/aidl/de
diff options
context:
space:
mode:
Diffstat (limited to 'app/src/main/aidl/de')
-rw-r--r--app/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl33
1 files changed, 31 insertions, 2 deletions
diff --git a/app/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl b/app/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl
index c6db965b..1f77b15f 100644
--- a/app/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl
+++ b/app/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl
@@ -1,16 +1,16 @@
// ExternalCertificateProvider.aidl
package de.blinkt.openvpn.api;
-
/*
* This is very simple interface that is specialised to have only the minimal set of crypto
* operation that are needed for OpenVPN to authenticate with an external certificate
*/
interface ExternalCertificateProvider {
/**
+ * @deprecated use {@link #getSignedDataWithExtra} instead
* Requests signing the data with RSA/ECB/PKCS1PADDING
* for RSA certficate and with NONEwithECDSA for EC certificates
- * @parm alias the parameter that
+ * @param alias user certificate identifier
*/
byte[] getSignedData(in String alias, in byte[] data);
@@ -36,4 +36,33 @@ interface ExternalCertificateProvider {
*
*/
Bundle getCertificateMetaData(in String alias);
+
+ /**
+ * Requests signing the data with RSA/ECB/nopadding, RSA/ECB/PKCS1PADDING or PKCS1PSSPADDING
+ * for RSA certficate and with NONEwithECDSA for EC certificates
+ * @param alias user certificate identifier
+ * @param data the data to be signed
+ * @param extra additional information.
+ * Should contain the following keys:
+ * <ul>
+ * <li>int key "de.blinkt.openvpn.api.RSA_PADDING_TYPE", may be set as:
+ * <ul>
+ * <li>0 - for RSA/ECB/nopadding
+ * <li>1 - for RSA/ECB/PKCS1PADDING
+ * <li>2 - for PKCS1PSSPADDING
+ * </ul>
+ * <li>string key "de.blinkt.openvpn.api.SALTLEN", may be set as:
+ * <ul>
+ * <li>"digest" - use the same salt size as the hash to sign
+ * <li>"max" - use maximum possible saltlen which is '(nbits-1)/8 - hlen - 2'. Here
+ * 'nbits' is the number of bits in the key modulus and 'hlen' is the size in octets of
+ * the hash. See: RFC 8017 sec 8.1.1 and 9.1.1.
+ * </ul>
+ * <li>boolean key "de.blinkt.openvpn.api.NEEDS_DIGEST", indicating that the data should be
+ * hashed before signing or not
+ * <li>string key "de.blinkt.openvpn.api.DIGEST", the short common digest algorithm name to
+ * use (such as SHA256, SHA224, etc.)
+ * </ul>
+ */
+ byte[] getSignedDataWithExtra(in String alias, in byte[] data, in Bundle extra);
}