1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
|
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROMEOS_CRYPTOHOME_ASYNC_METHOD_CALLER_H_
#define CHROMEOS_CRYPTOHOME_ASYNC_METHOD_CALLER_H_
#include <string>
#include "base/callback_forward.h"
#include "chromeos/attestation/attestation_constants.h"
#include "chromeos/chromeos_export.h"
#include "chromeos/dbus/cryptohome_client.h"
#include "third_party/cros_system_api/dbus/service_constants.h"
namespace cryptohome {
class Identification;
// Note: This file is placed in ::cryptohome instead of ::chromeos::cryptohome
// since there is already a namespace ::cryptohome which holds the error code
// enum (MountError) and referencing ::chromeos::cryptohome and ::cryptohome
// within the same code is confusing.
// Flags for the AsyncMount method.
enum MountFlags {
MOUNT_FLAGS_NONE = 0, // Used to explicitly denote that no flags are
// set.
CREATE_IF_MISSING = 1, // Create a cryptohome if it does not exist yet.
ENSURE_EPHEMERAL = 1 << 1, // Ensure that the mount is ephemeral.
};
// This class manages calls to Cryptohome service's 'async' methods.
class CHROMEOS_EXPORT AsyncMethodCaller {
public:
// A callback type which is called back on the UI thread when the results of
// method calls are ready.
typedef base::Callback<void(bool success, MountError return_code)> Callback;
typedef base::Callback<void(bool success, const std::string& data)>
DataCallback;
virtual ~AsyncMethodCaller() {}
// Asks cryptohomed to asynchronously try to find the cryptohome for
// |user_id| and then use |passhash| to unlock the key.
// |callback| will be called with status info on completion.
virtual void AsyncCheckKey(const Identification& user_id,
const std::string& passhash,
Callback callback) = 0;
// Asks cryptohomed to asynchronously try to find the cryptohome for
// |user_id| and then change from using |old_hash| to lock the
// key to using |new_hash|.
// |callback| will be called with status info on completion.
virtual void AsyncMigrateKey(const Identification& user_id,
const std::string& old_hash,
const std::string& new_hash,
Callback callback) = 0;
// Asks cryptohomed to asynchronously try to find the cryptohome for
// |user_id| and then mount it using |passhash| to unlock the key.
// The |flags| are a combination of |MountFlags|:
// * CREATE_IF_MISSING Controls whether or not cryptohomed is asked to create
// a new cryptohome if one does not exist yet for
// |user_id|.
// * ENSURE_EPHEMERAL If |true|, the mounted cryptohome will be backed by
// tmpfs. If |false|, the ephemeral users policy decides
// whether tmpfs or an encrypted directory is used as the
// backend.
// |callback| will be called with status info on completion.
// If the |CREATE_IF_MISSING| flag is not given and no cryptohome exists
// for |user_id|, the expected result is
// callback.Run(false, kCryptohomeMountErrorUserDoesNotExist). Otherwise,
// the normal range of return codes is expected.
virtual void AsyncMount(const Identification& user_id,
const std::string& passhash,
int flags,
Callback callback) = 0;
// Asks cryptohomed to asynchronously try to add another |new_passhash| for
// |user_id| using |passhash| to unlock the key.
// |callback| will be called with status info on completion.
virtual void AsyncAddKey(const Identification& user_id,
const std::string& passhash,
const std::string& new_passhash,
Callback callback) = 0;
// Asks cryptohomed to asynchronously to mount a tmpfs for guest mode.
// |callback| will be called with status info on completion.
virtual void AsyncMountGuest(Callback callback) = 0;
// Asks cryptohomed to asynchrounously try to find the cryptohome for
// |public_mount_id| and then mount it using a passhash derived from
// |public_mount_id| and a secret. See AsyncMount for possible values for
// |flags|.
virtual void AsyncMountPublic(const Identification& public_mount_id,
int flags,
Callback callback) = 0;
// Asks cryptohomed to asynchronously try to find the cryptohome for
// |user_id| and then nuke it.
virtual void AsyncRemove(const Identification& user_id,
Callback callback) = 0;
// Asks cryptohomed to asynchronously create an attestation enrollment
// request. On success the data sent to |callback| is a request to be sent
// to the Privacy CA of type |pca_type|.
virtual void AsyncTpmAttestationCreateEnrollRequest(
chromeos::attestation::PrivacyCAType pca_type,
const DataCallback& callback) = 0;
// Asks cryptohomed to asynchronously finish an attestation enrollment.
// |pca_response| is the response to the enrollment request emitted by the
// Privacy CA of type |pca_type|.
virtual void AsyncTpmAttestationEnroll(
chromeos::attestation::PrivacyCAType pca_type,
const std::string& pca_response,
const Callback& callback) = 0;
// Asks cryptohomed to asynchronously create an attestation certificate
// request according to |certificate_profile|. Some profiles require that the
// |user_id| of the currently active user and an identifier of the
// |request_origin| be provided. On success the data sent to |callback| is a
// request to be sent to the Privacy CA of type |pca_type|. The
// |request_origin| may be sent to the Privacy CA but the |user_id| will never
// be sent.
virtual void AsyncTpmAttestationCreateCertRequest(
chromeos::attestation::PrivacyCAType pca_type,
chromeos::attestation::AttestationCertificateProfile certificate_profile,
const Identification& user_id,
const std::string& request_origin,
const DataCallback& callback) = 0;
// Asks cryptohomed to asynchronously finish an attestation certificate
// request. On success the data sent to |callback| is a certificate chain
// in PEM format. |pca_response| is the response to the certificate request
// emitted by the Privacy CA. |key_type| determines whether the certified key
// is to be associated with the current user. |key_name| is a name for the
// key. If |key_type| is KEY_USER, a |user_id| must be provided. Otherwise
// |user_id| is ignored. For normal GAIA users the |user_id| is
// a GaiaId-derived string (see AccountId::GetGaiaIdKey).
virtual void AsyncTpmAttestationFinishCertRequest(
const std::string& pca_response,
chromeos::attestation::AttestationKeyType key_type,
const Identification& user_id,
const std::string& key_name,
const DataCallback& callback) = 0;
// Asks cryptohomed to asynchronously register the attestation key specified
// by |key_type| and |key_name|. If |key_type| is KEY_USER, a |user_id| must
// be provided. Otherwise |user_id| is ignored. For normal GAIA users the
// |user_id| is a GaiaId-derived string (see AccountId::GetGaiaIdKey).
virtual void TpmAttestationRegisterKey(
chromeos::attestation::AttestationKeyType key_type,
const Identification& user_id,
const std::string& key_name,
const Callback& callback) = 0;
// Asks cryptohomed to asynchronously sign an enterprise challenge with the
// key specified by |key_type| and |key_name|. The |domain| and |device_id|
// parameters will be included in the challenge response. |challenge| must be
// a valid enterprise challenge. On success, the data sent to |callback| is
// the challenge response. If |key_type| is KEY_USER, a |user_id| must be
// provided. Otherwise |user_id| is ignored. For normal GAIA users the
// |user_id| is a GaiaId-derived string (see AccountId::GetGaiaIdKey).
virtual void TpmAttestationSignEnterpriseChallenge(
chromeos::attestation::AttestationKeyType key_type,
const Identification& user_id,
const std::string& key_name,
const std::string& domain,
const std::string& device_id,
chromeos::attestation::AttestationChallengeOptions options,
const std::string& challenge,
const DataCallback& callback) = 0;
// Asks cryptohomed to asynchronously sign a simple challenge with the key
// specified by |key_type| and |key_name|. |challenge| can be any arbitrary
// set of bytes. On success, the data sent to |callback| is the challenge
// response. If |key_type| is KEY_USER, a |user_id| must be provided.
// Otherwise |user_id| is ignored. For normal GAIA users the |user_id| is a
// GaiaId-derived string (see AccountId::GetGaiaIdKey).
virtual void TpmAttestationSignSimpleChallenge(
chromeos::attestation::AttestationKeyType key_type,
const Identification& user_id,
const std::string& key_name,
const std::string& challenge,
const DataCallback& callback) = 0;
// Asks cryptohome to asynchronously retrieve a string associated with given
// |user_id| that would be used in mount path instead of |user_id|.
// On success the data is sent to |callback|.
virtual void AsyncGetSanitizedUsername(const Identification& user_id,
const DataCallback& callback) = 0;
// Creates the global AsyncMethodCaller instance.
static void Initialize();
// Similar to Initialize(), but can inject an alternative
// AsyncMethodCaller such as MockAsyncMethodCaller for testing.
// The injected object will be owned by the internal pointer and deleted
// by Shutdown().
static void InitializeForTesting(AsyncMethodCaller* async_method_caller);
// Destroys the global AsyncMethodCaller instance if it exists.
static void Shutdown();
// Returns a pointer to the global AsyncMethodCaller instance.
// Initialize() should already have been called.
static AsyncMethodCaller* GetInstance();
};
} // namespace cryptohome
#endif // CHROMEOS_CRYPTOHOME_ASYNC_METHOD_CALLER_H_
|
