1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_CROS_CRYPTOHOME_LIBRARY_H_ 6 #define CHROME_BROWSER_CHROMEOS_CROS_CRYPTOHOME_LIBRARY_H_ 7 #pragma once 8 9 #include <string> 10 11 #include "base/memory/singleton.h" 12 #include "chrome/browser/chromeos/cros/cros_library.h" 13 #include "third_party/cros/chromeos_cryptohome.h" 14 15 namespace chromeos { 16 17 // This interface defines the interaction with the ChromeOS cryptohome library 18 // APIs. 19 class CryptohomeLibrary { 20 public: 21 class Delegate { 22 public: 23 // This will be called back on the UI thread. Consult |return_code| for 24 // further information beyond mere success or failure. 25 virtual void OnComplete(bool success, int return_code) = 0; 26 }; 27 28 CryptohomeLibrary(); 29 virtual ~CryptohomeLibrary(); 30 31 // Asks cryptohomed to try to find the cryptohome for |user_email| and then 32 // use |passhash| to unlock the key. 33 virtual bool CheckKey(const std::string& user_email, 34 const std::string& passhash) = 0; 35 36 // Asks cryptohomed to asynchronously try to find the cryptohome for 37 // |user_email| and then use |passhash| to unlock the key. 38 // Returns true if the attempt is successfully initiated. 39 // d->OnComplete() will be called with status info on completion. 40 virtual bool AsyncCheckKey(const std::string& user_email, 41 const std::string& passhash, 42 Delegate* callback) = 0; 43 44 // Asks cryptohomed to try to find the cryptohome for |user_email| and then 45 // change from using |old_hash| to lock the key to using |new_hash|. 46 virtual bool MigrateKey(const std::string& user_email, 47 const std::string& old_hash, 48 const std::string& new_hash) = 0; 49 50 // Asks cryptohomed to asynchronously try to find the cryptohome for 51 // |user_email| and then change from using |old_hash| to lock the 52 // key to using |new_hash|. 53 // Returns true if the attempt is successfully initiated. 54 // d->OnComplete() will be called with status info on completion. 55 virtual bool AsyncMigrateKey(const std::string& user_email, 56 const std::string& old_hash, 57 const std::string& new_hash, 58 Delegate* callback) = 0; 59 60 // Asks cryptohomed to try to find the cryptohome for |user_email| and then 61 // mount it using |passhash| to unlock the key. 62 virtual bool Mount(const std::string& user_email, 63 const std::string& passhash, 64 int* error_code) = 0; 65 66 // Asks cryptohomed to asynchronously try to find the cryptohome for 67 // |user_email| and then mount it using |passhash| to unlock the key. 68 // |create_if_missing| controls whether or not we ask cryptohomed to 69 // create a new home dir if one does not yet exist for |user_email|. 70 // Returns true if the attempt is successfully initiated. 71 // d->OnComplete() will be called with status info on completion. 72 // If |create_if_missing| is false, and no cryptohome exists for |user_email|, 73 // we'll get d->OnComplete(false, kCryptohomeMountErrorUserDoesNotExist). 74 // Otherwise, we expect the normal range of return codes. 75 virtual bool AsyncMount(const std::string& user_email, 76 const std::string& passhash, 77 const bool create_if_missing, 78 Delegate* callback) = 0; 79 80 // Asks cryptohomed to mount a tmpfs for BWSI mode. 81 virtual bool MountForBwsi(int* error_code) = 0; 82 83 // Asks cryptohomed to asynchronously to mount a tmpfs for BWSI mode. 84 // Returns true if the attempt is successfully initiated. 85 // d->OnComplete() will be called with status info on completion. 86 virtual bool AsyncMountForBwsi(Delegate* callback) = 0; 87 88 // Asks cryptohomed to unmount the currently mounted cryptohome. 89 // Returns false if the cryptohome could not be unmounted, true otherwise. 90 virtual bool Unmount() = 0; 91 92 // Asks cryptohomed to try to find the cryptohome for |user_email| and then 93 // nuke it. 94 virtual bool Remove(const std::string& user_email) = 0; 95 96 // Asks cryptohomed to asynchronously try to find the cryptohome for 97 // |user_email| and then nuke it. 98 virtual bool AsyncRemove(const std::string& user_email, 99 Delegate* callback) = 0; 100 101 // Asks cryptohomed if a drive is currently mounted. 102 virtual bool IsMounted() = 0; 103 104 // Asks cryptohomed for the system salt. 105 virtual CryptohomeBlob GetSystemSalt() = 0; 106 107 // Checks free disk space and if it falls below some minimum 108 // (cryptohome::kMinFreeSpace), performs cleanup. 109 virtual bool AsyncDoAutomaticFreeDiskSpaceControl(Delegate* callback) = 0; 110 111 // Wrappers of the functions for working with Tpm. 112 113 // Returns whether Tpm is ready. 114 virtual bool TpmIsReady() = 0; 115 116 // Returns whether Tpm is presented and enabled. 117 virtual bool TpmIsEnabled() = 0; 118 119 // Returns whether device has already been owned. 120 virtual bool TpmIsOwned() = 0; 121 122 // Returns whether device is being owned (Tpm password is generating). 123 virtual bool TpmIsBeingOwned() = 0; 124 125 // Returns Tpm password (if password was cleared empty one is returned). 126 // Return value is true if password was successfully acquired. 127 virtual bool TpmGetPassword(std::string* password) = 0; 128 129 // Attempts to start owning (if device isn't owned and isn't being owned). 130 virtual void TpmCanAttemptOwnership() = 0; 131 132 // Clears Tpm password. Password should be cleared after it was generated and 133 // shown to user. 134 virtual void TpmClearStoredPassword() = 0; 135 136 virtual bool InstallAttributesGet(const std::string& name, 137 std::string* value) = 0; 138 virtual bool InstallAttributesSet(const std::string& name, 139 const std::string& value) = 0; 140 virtual int InstallAttributesCount() = 0; 141 virtual bool InstallAttributesFinalize() = 0; 142 virtual bool InstallAttributesIsReady() = 0; 143 virtual bool InstallAttributesIsSecure() = 0; 144 virtual bool InstallAttributesIsInvalid() = 0; 145 virtual bool InstallAttributesIsFirstInstall() = 0; 146 147 // Get the PKCS#11 token info from the TPM. This is different from 148 // the TpmGetPassword because it's getting the PKCS#11 user PIN and 149 // not the TPM password. 150 virtual void Pkcs11GetTpmTokenInfo(std::string* label, 151 std::string* user_pin) = 0; 152 153 // Gets the status of the TPM. This is different from TpmIsReady 154 // because it's getting the staus of the PKCS#11 initialization of 155 // the TPM token, not the TPM itself. 156 virtual bool Pkcs11IsTpmTokenReady() = 0; 157 158 // Factory function, creates a new instance and returns ownership. 159 // For normal usage, access the singleton via CrosLibrary::Get(). 160 static CryptohomeLibrary* GetImpl(bool stub); 161 }; 162 163 } // namespace chromeos 164 165 #endif // CHROME_BROWSER_CHROMEOS_CROS_CRYPTOHOME_LIBRARY_H_ 166
