Home | History | Annotate | Download | only in cryptohome 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CHROMEOS_CRYPTOHOME_ASYNC_METHOD_CALLER_H_
      6 #define CHROMEOS_CRYPTOHOME_ASYNC_METHOD_CALLER_H_
      7 
      8 #include <string>
      9 
     10 #include "base/basictypes.h"
     11 #include "base/callback_forward.h"
     12 #include "chromeos/chromeos_export.h"
     13 #include "chromeos/dbus/cryptohome_client.h"
     14 #include "third_party/cros_system_api/dbus/service_constants.h"
     15 
     16 namespace cryptohome {
     17 
     18 // Note: This file is placed in ::cryptohome instead of ::chromeos::cryptohome
     19 // since there is already a namespace ::cryptohome which holds the error code
     20 // enum (MountError) and referencing ::chromeos::cryptohome and ::cryptohome
     21 // within the same code is confusing.
     22 
     23 // Flags for the AsyncMount method.
     24 enum MountFlags {
     25     MOUNT_FLAGS_NONE = 0,       // Used to explicitly denote that no flags are
     26                                 // set.
     27     CREATE_IF_MISSING = 1,      // Create a cryptohome if it does not exist yet.
     28     ENSURE_EPHEMERAL = 1 << 1,  // Ensure that the mount is ephemeral.
     29 };
     30 
     31 // This class manages calls to Cryptohome service's 'async' methods.
     32 class CHROMEOS_EXPORT AsyncMethodCaller {
     33  public:
     34   // A callback type which is called back on the UI thread when the results of
     35   // method calls are ready.
     36   typedef base::Callback<void(bool success, MountError return_code)> Callback;
     37   typedef base::Callback<void(bool success, const std::string& data)>
     38       DataCallback;
     39 
     40   virtual ~AsyncMethodCaller() {}
     41 
     42   // Asks cryptohomed to asynchronously try to find the cryptohome for
     43   // |user_email| and then use |passhash| to unlock the key.
     44   // |callback| will be called with status info on completion.
     45   virtual void AsyncCheckKey(const std::string& user_email,
     46                              const std::string& passhash,
     47                              Callback callback) = 0;
     48 
     49   // Asks cryptohomed to asynchronously try to find the cryptohome for
     50   // |user_email| and then change from using |old_hash| to lock the
     51   // key to using |new_hash|.
     52   // |callback| will be called with status info on completion.
     53   virtual void AsyncMigrateKey(const std::string& user_email,
     54                                const std::string& old_hash,
     55                                const std::string& new_hash,
     56                                Callback callback) = 0;
     57 
     58   // Asks cryptohomed to asynchronously try to find the cryptohome for
     59   // |user_email| and then mount it using |passhash| to unlock the key.
     60   // The |flags| are a combination of |MountFlags|:
     61   // * CREATE_IF_MISSING Controls whether or not cryptohomed is asked to create
     62   //                     a new cryptohome if one does not exist yet for
     63   //                     |user_email|.
     64   // * ENSURE_EPHEMERAL  If |true|, the mounted cryptohome will be backed by
     65   //                     tmpfs. If |false|, the ephemeral users policy decides
     66   //                     whether tmpfs or an encrypted directory is used as the
     67   //                     backend.
     68   // |callback| will be called with status info on completion.
     69   // If the |CREATE_IF_MISSING| flag is not given and no cryptohome exists
     70   // for |user_email|, the expected result is
     71   // callback.Run(false, kCryptohomeMountErrorUserDoesNotExist). Otherwise,
     72   // the normal range of return codes is expected.
     73   virtual void AsyncMount(const std::string& user_email,
     74                           const std::string& passhash,
     75                           int flags,
     76                           Callback callback) = 0;
     77 
     78   // Asks cryptohomed to asynchronously try to add another |new_passhash| for
     79   // |user_email| using |passhash| to unlock the key.
     80   // |callback| will be called with status info on completion.
     81   virtual void AsyncAddKey(const std::string& user_email,
     82                            const std::string& passhash,
     83                            const std::string& new_passhash,
     84                            Callback callback) = 0;
     85 
     86   // Asks cryptohomed to asynchronously to mount a tmpfs for guest mode.
     87   // |callback| will be called with status info on completion.
     88   virtual void AsyncMountGuest(Callback callback) = 0;
     89 
     90   // Asks cryptohomed to asynchrounously try to find the cryptohome for
     91   // |public_mount_id| and then mount it using a passhash derived from
     92   // |public_mount_id| and a secret. See AsyncMount for possible values for
     93   // |flags|.
     94   virtual void AsyncMountPublic(const std::string& public_mount_id,
     95                                 int flags,
     96                                 Callback callback) = 0;
     97 
     98   // Asks cryptohomed to asynchronously try to find the cryptohome for
     99   // |user_email| and then nuke it.
    100   virtual void AsyncRemove(const std::string& user_email,
    101                            Callback callback) = 0;
    102 
    103   // Asks cryptohomed to asynchronously create an attestation enrollment
    104   // request.  On success the data sent to |callback| is a request to be sent
    105   // to the Privacy CA.
    106   virtual void AsyncTpmAttestationCreateEnrollRequest(
    107       const DataCallback& callback) = 0;
    108 
    109   // Asks cryptohomed to asynchronously finish an attestation enrollment.
    110   // |pca_response| is the response to the enrollment request emitted by the
    111   // Privacy CA.
    112   virtual void AsyncTpmAttestationEnroll(const std::string& pca_response,
    113                                          const Callback& callback) = 0;
    114 
    115   // Asks cryptohomed to asynchronously create an attestation certificate
    116   // request according to |options|, which is a combination of
    117   // attestation::AttestationCertificateOptions.  On success the data sent to
    118   // |callback| is a request to be sent to the Privacy CA.
    119   virtual void AsyncTpmAttestationCreateCertRequest(
    120       int options,
    121       const DataCallback& callback) = 0;
    122 
    123   // Asks cryptohomed to asynchronously finish an attestation certificate
    124   // request.  On success the data sent to |callback| is a certificate chain
    125   // in PEM format.  |pca_response| is the response to the certificate request
    126   // emitted by the Privacy CA.  |key_type| determines whether the certified key
    127   // is to be associated with the current user.  |key_name| is a name for the
    128   // key.
    129   virtual void AsyncTpmAttestationFinishCertRequest(
    130       const std::string& pca_response,
    131       chromeos::attestation::AttestationKeyType key_type,
    132       const std::string& key_name,
    133       const DataCallback& callback) = 0;
    134 
    135   // Asks cryptohomed to asynchronously register the attestation key specified
    136   // by |key_type| and |key_name|.
    137   virtual void TpmAttestationRegisterKey(
    138       chromeos::attestation::AttestationKeyType key_type,
    139       const std::string& key_name,
    140       const Callback& callback) = 0;
    141 
    142   // Asks cryptohomed to asynchronously sign an enterprise challenge with the
    143   // key specified by |key_type| and |key_name|.  The |domain| and |device_id|
    144   // parameters will be included in the challenge response.  |challenge| must be
    145   // a valid enterprise challenge.  On success, the data sent to |callback| is
    146   // the challenge response.
    147   virtual void TpmAttestationSignEnterpriseChallenge(
    148       chromeos::attestation::AttestationKeyType key_type,
    149       const std::string& key_name,
    150       const std::string& domain,
    151       const std::string& device_id,
    152       chromeos::attestation::AttestationChallengeOptions options,
    153       const std::string& challenge,
    154       const DataCallback& callback) = 0;
    155 
    156   // Asks cryptohomed to asynchronously sign a simple challenge with the key
    157   // specified by |key_type| and |key_name|.  |challenge| can be any arbitrary
    158   // set of bytes.  On success, the data sent to |callback| is the challenge
    159   // response.
    160   virtual void TpmAttestationSignSimpleChallenge(
    161       chromeos::attestation::AttestationKeyType key_type,
    162       const std::string& key_name,
    163       const std::string& challenge,
    164       const DataCallback& callback) = 0;
    165 
    166   // Asks cryptohome to asynchronously retrieve a string associated with given
    167   // |user| that would be used in mount path instead of |user|.
    168   // On success the data is sent to |callback|.
    169   virtual void AsyncGetSanitizedUsername(
    170       const std::string& user,
    171       const DataCallback& callback) = 0;
    172 
    173   // Creates the global AsyncMethodCaller instance.
    174   static void Initialize();
    175 
    176   // Similar to Initialize(), but can inject an alternative
    177   // AsyncMethodCaller such as MockAsyncMethodCaller for testing.
    178   // The injected object will be owned by the internal pointer and deleted
    179   // by Shutdown().
    180   static void InitializeForTesting(AsyncMethodCaller* async_method_caller);
    181 
    182   // Destroys the global AsyncMethodCaller instance if it exists.
    183   static void Shutdown();
    184 
    185   // Returns a pointer to the global AsyncMethodCaller instance.
    186   // Initialize() should already have been called.
    187   static AsyncMethodCaller* GetInstance();
    188 };
    189 
    190 }  // namespace cryptohome
    191 
    192 #endif  // CHROMEOS_CRYPTOHOME_ASYNC_METHOD_CALLER_H_
    193