// Copyright 2014 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef CHROMEOS_CRYPTOHOME_CRYPTOHOME_PARAMETERS_H_ #define CHROMEOS_CRYPTOHOME_CRYPTOHOME_PARAMETERS_H_ #include #include #include "base/basictypes.h" #include "base/memory/scoped_ptr.h" #include "chromeos/chromeos_export.h" namespace cryptohome { enum AuthKeyPrivileges { PRIV_MOUNT = 1 << 0, // Can mount with this key. PRIV_ADD = 1 << 1, // Can add new keys. PRIV_REMOVE = 1 << 2, // Can remove other keys. PRIV_MIGRATE = 1 << 3, // Destroy all keys and replace with new. PRIV_AUTHORIZED_UPDATE = 1 << 4, // Key can be updated in place. PRIV_DEFAULT = PRIV_MOUNT | PRIV_ADD | PRIV_REMOVE | PRIV_MIGRATE }; // Identification of the user calling cryptohome method. struct CHROMEOS_EXPORT Identification { explicit Identification(const std::string& user_id); bool operator==(const Identification& other) const; std::string user_id; }; // Definition of the key (e.g. password) for the cryptohome. // It contains authorization data along with extra parameters like permissions // associated with this key. struct CHROMEOS_EXPORT KeyDefinition { enum Type { TYPE_PASSWORD = 0 }; struct AuthorizationData { enum Type { TYPE_HMACSHA256 = 0, TYPE_AES256CBC_HMACSHA256 }; struct Secret { Secret(); Secret(bool encrypt, bool sign, const std::string& symmetric_key, const std::string& public_key, bool wrapped); bool operator==(const Secret& other) const; bool encrypt; bool sign; std::string symmetric_key; std::string public_key; bool wrapped; }; AuthorizationData(); AuthorizationData(bool encrypt, bool sign, const std::string& symmetric_key); ~AuthorizationData(); bool operator==(const AuthorizationData& other) const; Type type; std::vector secrets; }; // This struct holds metadata that will be stored alongside the key. Each // |ProviderData| entry must have a |name| and may hold either a |number| or a // sequence of |bytes|. The metadata is entirely opaque to cryptohome. It is // stored with the key and returned when requested but is never interpreted by // cryptohome in any way. The metadata can be used to store information such // as the hashing algorithm and the salt used to create the key. struct ProviderData { ProviderData(); explicit ProviderData(const std::string& name); explicit ProviderData(const ProviderData& other); ProviderData(const std::string& name, int64 number); ProviderData(const std::string& name, const std::string& bytes); void operator=(const ProviderData& other); ~ProviderData(); bool operator==(const ProviderData& other) const; std::string name; scoped_ptr number; scoped_ptr bytes; }; KeyDefinition(); KeyDefinition(const std::string& secret, const std::string& label, int privileges); ~KeyDefinition(); bool operator==(const KeyDefinition& other) const; Type type; std::string label; // Privileges associated with key. Combination of |AuthKeyPrivileges| values. int privileges; int revision; std::string secret; std::vector authorization_data; std::vector provider_data; }; // Authorization attempt data for user. struct CHROMEOS_EXPORT Authorization { Authorization(const std::string& key, const std::string& label); explicit Authorization(const KeyDefinition& key); bool operator==(const Authorization& other) const; std::string key; std::string label; }; // Parameters for Mount call. class CHROMEOS_EXPORT MountParameters { public: explicit MountParameters(bool ephemeral); ~MountParameters(); bool operator==(const MountParameters& other) const; // If |true|, the mounted home dir will be backed by tmpfs. If |false|, the // ephemeral users policy decides whether tmpfs or an encrypted directory is // used as the backend. bool ephemeral; // If not empty, home dir will be created with these keys if it exist. std::vector create_keys; }; } // namespace cryptohome #endif // CHROMEOS_CRYPTOHOME_CRYPTOHOME_PARAMETERS_H_