1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROMEOS_DBUS_CRYPTOHOME_CLIENT_H_ 6 #define CHROMEOS_DBUS_CRYPTOHOME_CLIENT_H_ 7 8 #include <string> 9 #include <vector> 10 11 #include "base/basictypes.h" 12 #include "base/callback.h" 13 #include "chromeos/attestation/attestation_constants.h" 14 #include "chromeos/chromeos_export.h" 15 #include "chromeos/dbus/dbus_client_implementation_type.h" 16 #include "chromeos/dbus/dbus_method_call_status.h" 17 18 namespace dbus { 19 class Bus; 20 } 21 22 namespace chromeos { 23 24 // CryptohomeClient is used to communicate with the Cryptohome service. 25 // All method should be called from the origin thread (UI thread) which 26 // initializes the DBusThreadManager instance. 27 class CHROMEOS_EXPORT CryptohomeClient { 28 public: 29 // A callback to handle AsyncCallStatus signals. 30 typedef base::Callback<void(int async_id, 31 bool return_status, 32 int return_code)> 33 AsyncCallStatusHandler; 34 // A callback to handle AsyncCallStatusWithData signals. 35 typedef base::Callback<void(int async_id, 36 bool return_status, 37 const std::string& data)> 38 AsyncCallStatusWithDataHandler; 39 // A callback to handle responses of AsyncXXX methods. 40 typedef base::Callback<void(int async_id)> AsyncMethodCallback; 41 // A callback to handle responses of Pkcs11GetTpmTokenInfo method. 42 typedef base::Callback<void( 43 DBusMethodCallStatus call_status, 44 const std::string& label, 45 const std::string& user_pin)> Pkcs11GetTpmTokenInfoCallback; 46 // A callback for methods which return both a bool result and data. 47 typedef base::Callback<void(DBusMethodCallStatus call_status, 48 bool result, 49 const std::string& data)> DataMethodCallback; 50 51 virtual ~CryptohomeClient(); 52 53 // Factory function, creates a new instance and returns ownership. 54 // For normal usage, access the singleton via DBusThreadManager::Get(). 55 static CryptohomeClient* Create(DBusClientImplementationType type, 56 dbus::Bus* bus); 57 58 // Returns the sanitized |username| that the stub implementation would return. 59 static std::string GetStubSanitizedUsername(const std::string& username); 60 61 // Sets AsyncCallStatus signal handlers. 62 // |handler| is called when results for AsyncXXX methods are returned. 63 // Cryptohome service will process the calls in a first-in-first-out manner 64 // when they are made in parallel. 65 virtual void SetAsyncCallStatusHandlers( 66 const AsyncCallStatusHandler& handler, 67 const AsyncCallStatusWithDataHandler& data_handler) = 0; 68 69 // Resets AsyncCallStatus signal handlers. 70 virtual void ResetAsyncCallStatusHandlers() = 0; 71 72 // Calls IsMounted method and returns true when the call succeeds. 73 virtual void IsMounted(const BoolDBusMethodCallback& callback) = 0; 74 75 // Calls Unmount method and returns true when the call succeeds. 76 // This method blocks until the call returns. 77 virtual bool Unmount(bool* success) = 0; 78 79 // Calls AsyncCheckKey method. |callback| is called after the method call 80 // succeeds. 81 virtual void AsyncCheckKey(const std::string& username, 82 const std::string& key, 83 const AsyncMethodCallback& callback) = 0; 84 85 // Calls AsyncMigrateKey method. |callback| is called after the method call 86 // succeeds. 87 virtual void AsyncMigrateKey(const std::string& username, 88 const std::string& from_key, 89 const std::string& to_key, 90 const AsyncMethodCallback& callback) = 0; 91 92 // Calls AsyncRemove method. |callback| is called after the method call 93 // succeeds. 94 virtual void AsyncRemove(const std::string& username, 95 const AsyncMethodCallback& callback) = 0; 96 97 // Calls GetSystemSalt method. This method blocks until the call returns. 98 // The original content of |salt| is lost. 99 virtual bool GetSystemSalt(std::vector<uint8>* salt) = 0; 100 101 // Calls GetSanitizedUsername method. |callback| is called after the method 102 // call succeeds. 103 virtual void GetSanitizedUsername( 104 const std::string& username, 105 const StringDBusMethodCallback& callback) = 0; 106 107 // Same as GetSanitizedUsername() but blocks until a reply is received, and 108 // returns the sanitized username synchronously. Returns an empty string if 109 // the method call fails. 110 // This may only be called in situations where blocking the UI thread is 111 // considered acceptable (e.g. restarting the browser after a crash or after 112 // a flag change). 113 virtual std::string BlockingGetSanitizedUsername( 114 const std::string& username) = 0; 115 116 // Calls the AsyncMount method to asynchronously mount the cryptohome for 117 // |username|, using |key| to unlock it. For supported |flags|, see the 118 // documentation of AsyncMethodCaller::AsyncMount(). 119 // |callback| is called after the method call succeeds. 120 virtual void AsyncMount(const std::string& username, 121 const std::string& key, 122 int flags, 123 const AsyncMethodCallback& callback) = 0; 124 125 // Calls the AsyncAddKey method to asynchronously add another |new_key| for 126 // |username|, using |key| to unlock it first. 127 // |callback| is called after the method call succeeds. 128 virtual void AsyncAddKey(const std::string& username, 129 const std::string& key, 130 const std::string& new_key, 131 const AsyncMethodCallback& callback) = 0; 132 133 // Calls AsyncMountGuest method. |callback| is called after the method call 134 // succeeds. 135 virtual void AsyncMountGuest(const AsyncMethodCallback& callback) = 0; 136 137 // Calls the AsyncMount method to asynchronously mount the cryptohome for 138 // |public_mount_id|. For supported |flags|, see the documentation of 139 // AsyncMethodCaller::AsyncMount(). |callback| is called after the method 140 // call succeeds. 141 virtual void AsyncMountPublic(const std::string& public_mount_id, 142 int flags, 143 const AsyncMethodCallback& callback) = 0; 144 145 // Calls TpmIsReady method. 146 virtual void TpmIsReady(const BoolDBusMethodCallback& callback) = 0; 147 148 // Calls TpmIsEnabled method. 149 virtual void TpmIsEnabled(const BoolDBusMethodCallback& callback) = 0; 150 151 // Calls TpmIsEnabled method and returns true when the call succeeds. 152 // This method blocks until the call returns. 153 // TODO(hashimoto): Remove this method. crbug.com/141006 154 virtual bool CallTpmIsEnabledAndBlock(bool* enabled) = 0; 155 156 // Calls TpmGetPassword method. 157 virtual void TpmGetPassword(const StringDBusMethodCallback& callback) = 0; 158 159 // Calls TpmIsOwned method. 160 virtual void TpmIsOwned(const BoolDBusMethodCallback& callback) = 0; 161 162 // Calls TpmIsOwned method and returns true when the call succeeds. 163 // This method blocks until the call returns. 164 // TODO(hashimoto): Remove this method. crbug.com/141012 165 virtual bool CallTpmIsOwnedAndBlock(bool* owned) = 0; 166 167 // Calls TpmIsBeingOwned method. 168 virtual void TpmIsBeingOwned(const BoolDBusMethodCallback& callback) = 0; 169 170 // Calls TpmIsBeingOwned method and returns true when the call succeeds. 171 // This method blocks until the call returns. 172 // TODO(hashimoto): Remove this method. crbug.com/141011 173 virtual bool CallTpmIsBeingOwnedAndBlock(bool* owning) = 0; 174 175 // Calls TpmCanAttemptOwnership method. 176 // This method tells the service that it is OK to attempt ownership. 177 virtual void TpmCanAttemptOwnership( 178 const VoidDBusMethodCallback& callback) = 0; 179 180 // Calls TpmClearStoredPasswordMethod. 181 virtual void TpmClearStoredPassword( 182 const VoidDBusMethodCallback& callback) = 0; 183 184 // Calls TpmClearStoredPassword method and returns true when the call 185 // succeeds. This method blocks until the call returns. 186 // TODO(hashimoto): Remove this method. crbug.com/141010 187 virtual bool CallTpmClearStoredPasswordAndBlock() = 0; 188 189 // Calls Pkcs11IsTpmTokenReady method. 190 virtual void Pkcs11IsTpmTokenReady( 191 const BoolDBusMethodCallback& callback) = 0; 192 193 // Calls Pkcs11GetTpmTokenInfo method. 194 virtual void Pkcs11GetTpmTokenInfo( 195 const Pkcs11GetTpmTokenInfoCallback& callback) = 0; 196 197 // Calls InstallAttributesGet method and returns true when the call succeeds. 198 // This method blocks until the call returns. 199 // The original content of |value| is lost. 200 virtual bool InstallAttributesGet(const std::string& name, 201 std::vector<uint8>* value, 202 bool* successful) = 0; 203 204 // Calls InstallAttributesSet method and returns true when the call succeeds. 205 // This method blocks until the call returns. 206 virtual bool InstallAttributesSet(const std::string& name, 207 const std::vector<uint8>& value, 208 bool* successful) = 0; 209 210 // Calls InstallAttributesFinalize method and returns true when the call 211 // succeeds. This method blocks until the call returns. 212 virtual bool InstallAttributesFinalize(bool* successful) = 0; 213 214 // Calls InstallAttributesIsReady method. 215 virtual void InstallAttributesIsReady( 216 const BoolDBusMethodCallback& callback) = 0; 217 218 // Calls InstallAttributesIsInvalid method and returns true when the call 219 // succeeds. This method blocks until the call returns. 220 virtual bool InstallAttributesIsInvalid(bool* is_invalid) = 0; 221 222 // Calls InstallAttributesIsFirstInstall method and returns true when the call 223 // succeeds. This method blocks until the call returns. 224 virtual bool InstallAttributesIsFirstInstall(bool* is_first_install) = 0; 225 226 // Calls the TpmAttestationIsPrepared dbus method. The callback is called 227 // when the operation completes. 228 virtual void TpmAttestationIsPrepared( 229 const BoolDBusMethodCallback& callback) = 0; 230 231 // Calls the TpmAttestationIsEnrolled dbus method. The callback is called 232 // when the operation completes. 233 virtual void TpmAttestationIsEnrolled( 234 const BoolDBusMethodCallback& callback) = 0; 235 236 // Asynchronously creates an attestation enrollment request. The callback 237 // will be called when the dbus call completes. When the operation completes, 238 // the AsyncCallStatusWithDataHandler signal handler is called. The data that 239 // is sent with the signal is an enrollment request to be sent to the Privacy 240 // CA. The enrollment is completed by calling AsyncTpmAttestationEnroll. 241 virtual void AsyncTpmAttestationCreateEnrollRequest( 242 const AsyncMethodCallback& callback) = 0; 243 244 // Asynchronously finishes an attestation enrollment operation. The callback 245 // will be called when the dbus call completes. When the operation completes, 246 // the AsyncCallStatusHandler signal handler is called. |pca_response| is the 247 // response to the enrollment request emitted by the Privacy CA. 248 virtual void AsyncTpmAttestationEnroll( 249 const std::string& pca_response, 250 const AsyncMethodCallback& callback) = 0; 251 252 // Asynchronously creates an attestation certificate request according to 253 // |options|, which is a combination of AttestationCertificateOptions. 254 // |callback| will be called when the dbus call completes. When the operation 255 // completes, the AsyncCallStatusWithDataHandler signal handler is called. 256 // The data that is sent with the signal is a certificate request to be sent 257 // to the Privacy CA. The certificate request is completed by calling 258 // AsyncTpmAttestationFinishCertRequest. 259 virtual void AsyncTpmAttestationCreateCertRequest( 260 int options, 261 const AsyncMethodCallback& callback) = 0; 262 263 // Asynchronously finishes a certificate request operation. The callback will 264 // be called when the dbus call completes. When the operation completes, the 265 // AsyncCallStatusWithDataHandler signal handler is called. The data that is 266 // sent with the signal is a certificate chain in PEM format. |pca_response| 267 // is the response to the certificate request emitted by the Privacy CA. 268 // |key_type| determines whether the certified key is to be associated with 269 // the current user. |key_name| is a name for the key. 270 virtual void AsyncTpmAttestationFinishCertRequest( 271 const std::string& pca_response, 272 attestation::AttestationKeyType key_type, 273 const std::string& key_name, 274 const AsyncMethodCallback& callback) = 0; 275 276 // Checks if an attestation key already exists. If the key specified by 277 // |key_type| and |key_name| exists, then the result sent to the callback will 278 // be true. 279 virtual void TpmAttestationDoesKeyExist( 280 attestation::AttestationKeyType key_type, 281 const std::string& key_name, 282 const BoolDBusMethodCallback& callback) = 0; 283 284 // Gets the attestation certificate for the key specified by |key_type| and 285 // |key_name|. |callback| will be called when the operation completes. If 286 // the key does not exist the callback |result| parameter will be false. 287 virtual void TpmAttestationGetCertificate( 288 attestation::AttestationKeyType key_type, 289 const std::string& key_name, 290 const DataMethodCallback& callback) = 0; 291 292 // Gets the public key for the key specified by |key_type| and |key_name|. 293 // |callback| will be called when the operation completes. If the key does 294 // not exist the callback |result| parameter will be false. 295 virtual void TpmAttestationGetPublicKey( 296 attestation::AttestationKeyType key_type, 297 const std::string& key_name, 298 const DataMethodCallback& callback) = 0; 299 300 // Asynchronously registers an attestation key with the current user's 301 // PKCS #11 token. The |callback| will be called when the dbus call 302 // completes. When the operation completes, the AsyncCallStatusHandler signal 303 // handler is called. |key_type| and |key_name| specify the key to register. 304 virtual void TpmAttestationRegisterKey( 305 attestation::AttestationKeyType key_type, 306 const std::string& key_name, 307 const AsyncMethodCallback& callback) = 0; 308 309 // Asynchronously signs an enterprise challenge with the key specified by 310 // |key_type| and |key_name|. |domain| and |device_id| will be included in 311 // the challenge response. |options| control how the challenge response is 312 // generated. |challenge| must be a valid enterprise attestation challenge. 313 // The |callback| will be called when the dbus call completes. When the 314 // operation completes, the AsyncCallStatusWithDataHandler signal handler is 315 // called. 316 virtual void TpmAttestationSignEnterpriseChallenge( 317 attestation::AttestationKeyType key_type, 318 const std::string& key_name, 319 const std::string& domain, 320 const std::string& device_id, 321 attestation::AttestationChallengeOptions options, 322 const std::string& challenge, 323 const AsyncMethodCallback& callback) = 0; 324 325 // Asynchronously signs a simple challenge with the key specified by 326 // |key_type| and |key_name|. |challenge| can be any set of arbitrary bytes. 327 // A nonce will be appended to the challenge before signing; this method 328 // cannot be used to sign arbitrary data. The |callback| will be called when 329 // the dbus call completes. When the operation completes, the 330 // AsyncCallStatusWithDataHandler signal handler is called. 331 virtual void TpmAttestationSignSimpleChallenge( 332 attestation::AttestationKeyType key_type, 333 const std::string& key_name, 334 const std::string& challenge, 335 const AsyncMethodCallback& callback) = 0; 336 337 // Gets the payload associated with the key specified by |key_type| and 338 // |key_name|. The |callback| will be called when the operation completes. 339 // If the key does not exist the callback |result| parameter will be false. 340 // If no payload has been set for the key the callback |result| parameter will 341 // be true and the |data| parameter will be empty. 342 virtual void TpmAttestationGetKeyPayload( 343 attestation::AttestationKeyType key_type, 344 const std::string& key_name, 345 const DataMethodCallback& callback) = 0; 346 347 // Sets the |payload| associated with the key specified by |key_type| and 348 // |key_name|. The |callback| will be called when the operation completes. 349 // If the operation succeeds, the callback |result| parameter will be true. 350 virtual void TpmAttestationSetKeyPayload( 351 attestation::AttestationKeyType key_type, 352 const std::string& key_name, 353 const std::string& payload, 354 const BoolDBusMethodCallback& callback) = 0; 355 356 protected: 357 // Create() should be used instead. 358 CryptohomeClient(); 359 360 private: 361 DISALLOW_COPY_AND_ASSIGN(CryptohomeClient); 362 }; 363 364 } // namespace chromeos 365 366 #endif // CHROMEOS_DBUS_CRYPTOHOME_CLIENT_H_ 367
