{ "iface": "futoin.auth.master", "version": "0.4", "ftn3rev": "1.9", "imports": [ "futoin.ping:1.0", "futoin.auth.types:0.4" ], "types": { "KDSParam": { "type": "string", "regex": "^[a-zA-Z0-9._/+-]{1,32}$" }, "MACSecField": { "type": "map", "fields": { "msid": "MasterSecretID", "algo": "MACAlgo", "kds": "KeyDerivationStrategy", "prm": { "type": "KDSParam", "optional": true }, "sig": "MACValue" } }, "CipherType": { "type": "GenericIdentifier", "minlen": 1, "maxlen": 32 }, "CipherMode": { "type": "string", "regex": "^[A-Z0-9][A-Z0-9_]{1,14}[A-Z0-9]$", "desc": "CBC, CTR, GCM, CFB and others" } }, "funcs": { "checkMAC": { "params": { "base": "MACBase", "sec": "MACSecField", "source": "ClientFingerprints" }, "result": "AuthInfo", "throws": [ "SecurityError" ], "seclvl": "PrivilegedOps" }, "genMAC": { "params": { "base": "MACBase", "reqsec": "MACSecField" }, "result": "MACValue", "throws": [ "SecurityError" ], "seclvl": "PrivilegedOps" }, "exposeDerivedKey": { "params": { "base": "MACBase", "sec": "MACSecField", "source": "ClientFingerprints" }, "result": { "auth": "AuthInfo", "prm": "KDSParam", "etype": "CipherType", "emode": "CipherMode", "ekey": "EncryptedKey" }, "throws": [ "SecurityError" ], "desc": "Feature to support local key cache", "seclvl": "ExceptionalOps" }, "getNewEncryptedSecret": { "params": { "type": "ExchangeKeyType", "pubkey": "ExchangeKey", "scope": { "type": "MasterScope", "default": null } }, "result": { "id": "MasterSecretID", "esecret": "EncryptedMasterSecret" }, "throws": [ "SecurityError", "NotSupportedKeyType" ], "seclvl": "ExceptionalOps" } }, "requires": [ "SecureChannel", "MessageSignature", "BinaryData" ] }