chrome-types 0.1.154 → 0.1.155

package/_all.d.ts

@@ -14,8 +14,8 @@
  * limitations under the License.
  */
 
-// Generated on Tue Dec 13 2022 22:30:27 GMT+0000 (Coordinated Universal Time)
-// Built at b5f497b891fee3e82a12b18530e5f27a78db9399
+// Generated on Thu Dec 15 2022 22:27:57 GMT+0000 (Coordinated Universal Time)
+// Built at 87da37160ce98a019c47f8eb44f91ec49b750236
 
 // Includes all types, including MV2 + Platform Apps APIs.
 
@@ -12478,6 +12478,52 @@ declare namespace chrome {
       softwareBackedSubtleCrypto: SubtleCrypto;
     }
 
+    /**
+     * Whether to use the Enterprise User Key or the Enterprise Machine Key.
+     *
+     * @since Pending
+     */
+    export type Scope = "USER" | "MACHINE";
+
+    /**
+     * Type of key to generate.
+     *
+     * @since Pending
+     */
+    export type Algorithm = "RSA" | "ECDSA";
+
+    /**
+     * @since Pending
+     */
+    export interface RegisterKeyOptions {
+
+      /**
+       * Which algorithm the registered key should use.
+       */
+      algorithm: Algorithm;
+    }
+
+    /**
+     * @since Pending
+     */
+    export interface ChallengeKeyOptions {
+
+      /**
+       * A challenge as emitted by the Verified Access Web API.
+       */
+      challenge: ArrayBuffer;
+
+      /**
+       * If present, registers the challenged key with the specified `scope`'s token. The key can then be associated with a certificate and used like any other signing key. Subsequent calls to this function will then generate a new Enterprise Key in the specified `scope`.
+       */
+      registerKey?: RegisterKeyOptions;
+
+      /**
+       * Which Enterprise Key to challenge.
+       */
+      scope: Scope;
+    }
+
     /**
      * Returns the available Tokens. In a regular user's session the list will always contain the user's token with `id` `"user"`. If a system-wide TPM token is available, the returned list will also contain the system-wide token with `id` `"system"`. The system-wide token will be the same for all sessions on this device (device in the sense of e.g. a Chromebook).
      *
@@ -12543,12 +12589,36 @@ declare namespace chrome {
       callback?: () => void,
     ): void;
 
+    /**
+     * Similar to `challengeMachineKey` and `challengeUserKey`, but allows specifying the algorithm of a registered key. Challenges a hardware-backed Enterprise Machine Key and emits the response as part of a remote attestation protocol. Only useful on Chrome OS and in conjunction with the Verified Access Web API which both issues challenges and verifies responses.
+     *
+     * A successful verification by the Verified Access Web API is a strong signal that the current device is a legitimate Chrome OS device, the current device is managed by the domain specified during verification, the current signed-in user is managed by the domain specified during verification, and the current device state complies with enterprise device policy. For example, a policy may specify that the device must not be in developer mode. Any device identity emitted by the verification is tightly bound to the hardware of the current device. If `"user"` Scope is specified, the identity is also tighly bound to the current signed-in user.
+     *
+     * This function is highly restricted and will fail if the current device is not managed, the current user is not managed, or if this operation has not explicitly been enabled for the caller by enterprise device policy. The challenged key does not reside in the `"system"` or `"user"` token and is not accessible by any other API.
+     *
+     * @param options Object containing the fields defined in {@link ChallengeKeyOptions}.
+     * @param callback Called back with the challenge response.
+     * @since Pending
+     */
+    export function challengeKey(
+
+      options: ChallengeKeyOptions,
+
+      /**
+       * @param response The challenge response.
+       */
+      callback: (
+        response: ArrayBuffer,
+      ) => void,
+    ): void;
+
     /**
      * Challenges a hardware-backed Enterprise Machine Key and emits the response as part of a remote attestation protocol. Only useful on Chrome OS and in conjunction with the Verified Access Web API which both issues challenges and verifies responses. A successful verification by the Verified Access Web API is a strong signal of all of the following: \* The current device is a legitimate Chrome OS device. \* The current device is managed by the domain specified during verification. \* The current signed-in user is managed by the domain specified during verification. \* The current device state complies with enterprise device policy. For example, a policy may specify that the device must not be in developer mode. \* Any device identity emitted by the verification is tightly bound to the hardware of the current device. This function is highly restricted and will fail if the current device is not managed, the current user is not managed, or if this operation has not explicitly been enabled for the caller by enterprise device policy. The Enterprise Machine Key does not reside in the `"system"` token and is not accessible by any other API.
      *
      * @param challenge A challenge as emitted by the Verified Access Web API.
      * @param registerKey If set, the current Enterprise Machine Key is registered with the `"system"` token and relinquishes the Enterprise Machine Key role. The key can then be associated with a certificate and used like any other signing key. This key is 2048-bit RSA. Subsequent calls to this function will then generate a new Enterprise Machine Key.
      * @param callback Called back with the challenge response.
+     * @deprecated Use {@link challengeKey} instead.
      * @since Chrome 50
      */
     export function challengeMachineKey(
@@ -12573,6 +12643,7 @@ declare namespace chrome {
      *
      * @param challenge A challenge as emitted by the Verified Access Web API.
      * @param callback Called back with the challenge response.
+     * @deprecated Use {@link challengeKey} instead.
      * @since Chrome 50
      */
     export function challengeMachineKey(
@@ -12593,6 +12664,7 @@ declare namespace chrome {
      * @param challenge A challenge as emitted by the Verified Access Web API.
      * @param registerKey If set, the current Enterprise User Key is registered with the `"user"` token and relinquishes the Enterprise User Key role. The key can then be associated with a certificate and used like any other signing key. This key is 2048-bit RSA. Subsequent calls to this function will then generate a new Enterprise User Key.
      * @param callback Called back with the challenge response.
+     * @deprecated Use {@link challengeKey} instead.
      * @since Chrome 50
      */
     export function challengeUserKey(

package/index.d.ts

@@ -14,8 +14,8 @@
  * limitations under the License.
  */
 
-// Generated on Tue Dec 13 2022 22:30:21 GMT+0000 (Coordinated Universal Time)
-// Built at b5f497b891fee3e82a12b18530e5f27a78db9399
+// Generated on Thu Dec 15 2022 22:27:52 GMT+0000 (Coordinated Universal Time)
+// Built at 87da37160ce98a019c47f8eb44f91ec49b750236
 
 // Includes MV3+ APIs only.
 
@@ -8664,6 +8664,52 @@ declare namespace chrome {
       softwareBackedSubtleCrypto: SubtleCrypto;
     }
 
+    /**
+     * Whether to use the Enterprise User Key or the Enterprise Machine Key.
+     *
+     * @since Pending
+     */
+    export type Scope = "USER" | "MACHINE";
+
+    /**
+     * Type of key to generate.
+     *
+     * @since Pending
+     */
+    export type Algorithm = "RSA" | "ECDSA";
+
+    /**
+     * @since Pending
+     */
+    export interface RegisterKeyOptions {
+
+      /**
+       * Which algorithm the registered key should use.
+       */
+      algorithm: Algorithm;
+    }
+
+    /**
+     * @since Pending
+     */
+    export interface ChallengeKeyOptions {
+
+      /**
+       * A challenge as emitted by the Verified Access Web API.
+       */
+      challenge: ArrayBuffer;
+
+      /**
+       * If present, registers the challenged key with the specified `scope`'s token. The key can then be associated with a certificate and used like any other signing key. Subsequent calls to this function will then generate a new Enterprise Key in the specified `scope`.
+       */
+      registerKey?: RegisterKeyOptions;
+
+      /**
+       * Which Enterprise Key to challenge.
+       */
+      scope: Scope;
+    }
+
     /**
      * Returns the available Tokens. In a regular user's session the list will always contain the user's token with `id` `"user"`. If a system-wide TPM token is available, the returned list will also contain the system-wide token with `id` `"system"`. The system-wide token will be the same for all sessions on this device (device in the sense of e.g. a Chromebook).
      *
@@ -8729,12 +8775,36 @@ declare namespace chrome {
       callback?: () => void,
     ): void;
 
+    /**
+     * Similar to `challengeMachineKey` and `challengeUserKey`, but allows specifying the algorithm of a registered key. Challenges a hardware-backed Enterprise Machine Key and emits the response as part of a remote attestation protocol. Only useful on Chrome OS and in conjunction with the Verified Access Web API which both issues challenges and verifies responses.
+     *
+     * A successful verification by the Verified Access Web API is a strong signal that the current device is a legitimate Chrome OS device, the current device is managed by the domain specified during verification, the current signed-in user is managed by the domain specified during verification, and the current device state complies with enterprise device policy. For example, a policy may specify that the device must not be in developer mode. Any device identity emitted by the verification is tightly bound to the hardware of the current device. If `"user"` Scope is specified, the identity is also tighly bound to the current signed-in user.
+     *
+     * This function is highly restricted and will fail if the current device is not managed, the current user is not managed, or if this operation has not explicitly been enabled for the caller by enterprise device policy. The challenged key does not reside in the `"system"` or `"user"` token and is not accessible by any other API.
+     *
+     * @param options Object containing the fields defined in {@link ChallengeKeyOptions}.
+     * @param callback Called back with the challenge response.
+     * @since Pending
+     */
+    export function challengeKey(
+
+      options: ChallengeKeyOptions,
+
+      /**
+       * @param response The challenge response.
+       */
+      callback: (
+        response: ArrayBuffer,
+      ) => void,
+    ): void;
+
     /**
      * Challenges a hardware-backed Enterprise Machine Key and emits the response as part of a remote attestation protocol. Only useful on Chrome OS and in conjunction with the Verified Access Web API which both issues challenges and verifies responses. A successful verification by the Verified Access Web API is a strong signal of all of the following: \* The current device is a legitimate Chrome OS device. \* The current device is managed by the domain specified during verification. \* The current signed-in user is managed by the domain specified during verification. \* The current device state complies with enterprise device policy. For example, a policy may specify that the device must not be in developer mode. \* Any device identity emitted by the verification is tightly bound to the hardware of the current device. This function is highly restricted and will fail if the current device is not managed, the current user is not managed, or if this operation has not explicitly been enabled for the caller by enterprise device policy. The Enterprise Machine Key does not reside in the `"system"` token and is not accessible by any other API.
      *
      * @param challenge A challenge as emitted by the Verified Access Web API.
      * @param registerKey If set, the current Enterprise Machine Key is registered with the `"system"` token and relinquishes the Enterprise Machine Key role. The key can then be associated with a certificate and used like any other signing key. This key is 2048-bit RSA. Subsequent calls to this function will then generate a new Enterprise Machine Key.
      * @param callback Called back with the challenge response.
+     * @deprecated Use {@link challengeKey} instead.
      * @since Chrome 50
      */
     export function challengeMachineKey(
@@ -8759,6 +8829,7 @@ declare namespace chrome {
      *
      * @param challenge A challenge as emitted by the Verified Access Web API.
      * @param callback Called back with the challenge response.
+     * @deprecated Use {@link challengeKey} instead.
      * @since Chrome 50
      */
     export function challengeMachineKey(
@@ -8779,6 +8850,7 @@ declare namespace chrome {
      * @param challenge A challenge as emitted by the Verified Access Web API.
      * @param registerKey If set, the current Enterprise User Key is registered with the `"user"` token and relinquishes the Enterprise User Key role. The key can then be associated with a certificate and used like any other signing key. This key is 2048-bit RSA. Subsequent calls to this function will then generate a new Enterprise User Key.
      * @param callback Called back with the challenge response.
+     * @deprecated Use {@link challengeKey} instead.
      * @since Chrome 50
      */
     export function challengeUserKey(

package/package.json

@@ -5,7 +5,7 @@
   "type": "module",
   "name": "chrome-types",
   "config": {
-    "build-hash": "587bd55b764a59f1"
+    "build-hash": "38d87769780ab1a4"
   },
   "repository": {
     "type": "git",
@@ -16,5 +16,5 @@
     "url": "https://github.com/GoogleChrome/chrome-types/issues"
   },
   "homepage": "https://github.com/GoogleChrome/chrome-types",
-  "version": "0.1.154"
+  "version": "0.1.155"
 }