1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROMEOS_CRYPTOHOME_ASYNC_METHOD_CALLER_H_ 6 #define CHROMEOS_CRYPTOHOME_ASYNC_METHOD_CALLER_H_ 7 8 #include <string> 9 10 #include "base/basictypes.h" 11 #include "base/callback_forward.h" 12 #include "chromeos/attestation/attestation_constants.h" 13 #include "chromeos/chromeos_export.h" 14 #include "chromeos/dbus/cryptohome_client.h" 15 #include "third_party/cros_system_api/dbus/service_constants.h" 16 17 namespace cryptohome { 18 19 // Note: This file is placed in ::cryptohome instead of ::chromeos::cryptohome 20 // since there is already a namespace ::cryptohome which holds the error code 21 // enum (MountError) and referencing ::chromeos::cryptohome and ::cryptohome 22 // within the same code is confusing. 23 24 // Flags for the AsyncMount method. 25 enum MountFlags { 26 MOUNT_FLAGS_NONE = 0, // Used to explicitly denote that no flags are 27 // set. 28 CREATE_IF_MISSING = 1, // Create a cryptohome if it does not exist yet. 29 ENSURE_EPHEMERAL = 1 << 1, // Ensure that the mount is ephemeral. 30 }; 31 32 // This class manages calls to Cryptohome service's 'async' methods. 33 class CHROMEOS_EXPORT AsyncMethodCaller { 34 public: 35 // A callback type which is called back on the UI thread when the results of 36 // method calls are ready. 37 typedef base::Callback<void(bool success, MountError return_code)> Callback; 38 typedef base::Callback<void(bool success, const std::string& data)> 39 DataCallback; 40 41 virtual ~AsyncMethodCaller() {} 42 43 // Asks cryptohomed to asynchronously try to find the cryptohome for 44 // |user_email| and then use |passhash| to unlock the key. 45 // |callback| will be called with status info on completion. 46 virtual void AsyncCheckKey(const std::string& user_email, 47 const std::string& passhash, 48 Callback callback) = 0; 49 50 // Asks cryptohomed to asynchronously try to find the cryptohome for 51 // |user_email| and then change from using |old_hash| to lock the 52 // key to using |new_hash|. 53 // |callback| will be called with status info on completion. 54 virtual void AsyncMigrateKey(const std::string& user_email, 55 const std::string& old_hash, 56 const std::string& new_hash, 57 Callback callback) = 0; 58 59 // Asks cryptohomed to asynchronously try to find the cryptohome for 60 // |user_email| and then mount it using |passhash| to unlock the key. 61 // The |flags| are a combination of |MountFlags|: 62 // * CREATE_IF_MISSING Controls whether or not cryptohomed is asked to create 63 // a new cryptohome if one does not exist yet for 64 // |user_email|. 65 // * ENSURE_EPHEMERAL If |true|, the mounted cryptohome will be backed by 66 // tmpfs. If |false|, the ephemeral users policy decides 67 // whether tmpfs or an encrypted directory is used as the 68 // backend. 69 // |callback| will be called with status info on completion. 70 // If the |CREATE_IF_MISSING| flag is not given and no cryptohome exists 71 // for |user_email|, the expected result is 72 // callback.Run(false, kCryptohomeMountErrorUserDoesNotExist). Otherwise, 73 // the normal range of return codes is expected. 74 virtual void AsyncMount(const std::string& user_email, 75 const std::string& passhash, 76 int flags, 77 Callback callback) = 0; 78 79 // Asks cryptohomed to asynchronously try to add another |new_passhash| for 80 // |user_email| using |passhash| to unlock the key. 81 // |callback| will be called with status info on completion. 82 virtual void AsyncAddKey(const std::string& user_email, 83 const std::string& passhash, 84 const std::string& new_passhash, 85 Callback callback) = 0; 86 87 // Asks cryptohomed to asynchronously to mount a tmpfs for guest mode. 88 // |callback| will be called with status info on completion. 89 virtual void AsyncMountGuest(Callback callback) = 0; 90 91 // Asks cryptohomed to asynchrounously try to find the cryptohome for 92 // |public_mount_id| and then mount it using a passhash derived from 93 // |public_mount_id| and a secret. See AsyncMount for possible values for 94 // |flags|. 95 virtual void AsyncMountPublic(const std::string& public_mount_id, 96 int flags, 97 Callback callback) = 0; 98 99 // Asks cryptohomed to asynchronously try to find the cryptohome for 100 // |user_email| and then nuke it. 101 virtual void AsyncRemove(const std::string& user_email, 102 Callback callback) = 0; 103 104 // Asks cryptohomed to asynchronously create an attestation enrollment 105 // request. On success the data sent to |callback| is a request to be sent 106 // to the Privacy CA. 107 virtual void AsyncTpmAttestationCreateEnrollRequest( 108 const DataCallback& callback) = 0; 109 110 // Asks cryptohomed to asynchronously finish an attestation enrollment. 111 // |pca_response| is the response to the enrollment request emitted by the 112 // Privacy CA. 113 virtual void AsyncTpmAttestationEnroll(const std::string& pca_response, 114 const Callback& callback) = 0; 115 116 // Asks cryptohomed to asynchronously create an attestation certificate 117 // request according to |certificate_profile|. Some profiles require that the 118 // |user_id| of the currently active user and an identifier of the 119 // |request_origin| be provided. On success the data sent to |callback| is a 120 // request to be sent to the Privacy CA. The |request_origin| may be sent to 121 // the Privacy CA but the |user_id| will never be sent. 122 virtual void AsyncTpmAttestationCreateCertRequest( 123 chromeos::attestation::AttestationCertificateProfile certificate_profile, 124 const std::string& user_id, 125 const std::string& request_origin, 126 const DataCallback& callback) = 0; 127 128 // Asks cryptohomed to asynchronously finish an attestation certificate 129 // request. On success the data sent to |callback| is a certificate chain 130 // in PEM format. |pca_response| is the response to the certificate request 131 // emitted by the Privacy CA. |key_type| determines whether the certified key 132 // is to be associated with the current user. |key_name| is a name for the 133 // key. If |key_type| is KEY_USER, a |user_id| must be provided. Otherwise 134 // |user_id| is ignored. For normal GAIA users the |user_id| is a canonical 135 // email address. 136 virtual void AsyncTpmAttestationFinishCertRequest( 137 const std::string& pca_response, 138 chromeos::attestation::AttestationKeyType key_type, 139 const std::string& user_id, 140 const std::string& key_name, 141 const DataCallback& callback) = 0; 142 143 // Asks cryptohomed to asynchronously register the attestation key specified 144 // by |key_type| and |key_name|. If |key_type| is KEY_USER, a |user_id| must 145 // be provided. Otherwise |user_id| is ignored. For normal GAIA users the 146 // |user_id| is a canonical email address. 147 virtual void TpmAttestationRegisterKey( 148 chromeos::attestation::AttestationKeyType key_type, 149 const std::string& user_id, 150 const std::string& key_name, 151 const Callback& callback) = 0; 152 153 // Asks cryptohomed to asynchronously sign an enterprise challenge with the 154 // key specified by |key_type| and |key_name|. The |domain| and |device_id| 155 // parameters will be included in the challenge response. |challenge| must be 156 // a valid enterprise challenge. On success, the data sent to |callback| is 157 // the challenge response. If |key_type| is KEY_USER, a |user_id| must be 158 // provided. Otherwise |user_id| is ignored. For normal GAIA users the 159 // |user_id| is a canonical email address. 160 virtual void TpmAttestationSignEnterpriseChallenge( 161 chromeos::attestation::AttestationKeyType key_type, 162 const std::string& user_id, 163 const std::string& key_name, 164 const std::string& domain, 165 const std::string& device_id, 166 chromeos::attestation::AttestationChallengeOptions options, 167 const std::string& challenge, 168 const DataCallback& callback) = 0; 169 170 // Asks cryptohomed to asynchronously sign a simple challenge with the key 171 // specified by |key_type| and |key_name|. |challenge| can be any arbitrary 172 // set of bytes. On success, the data sent to |callback| is the challenge 173 // response. If |key_type| is KEY_USER, a |user_id| must be provided. 174 // Otherwise |user_id| is ignored. For normal GAIA users the |user_id| is a 175 // canonical email address. 176 virtual void TpmAttestationSignSimpleChallenge( 177 chromeos::attestation::AttestationKeyType key_type, 178 const std::string& user_id, 179 const std::string& key_name, 180 const std::string& challenge, 181 const DataCallback& callback) = 0; 182 183 // Asks cryptohome to asynchronously retrieve a string associated with given 184 // |user| that would be used in mount path instead of |user|. 185 // On success the data is sent to |callback|. 186 virtual void AsyncGetSanitizedUsername( 187 const std::string& user, 188 const DataCallback& callback) = 0; 189 190 // Creates the global AsyncMethodCaller instance. 191 static void Initialize(); 192 193 // Similar to Initialize(), but can inject an alternative 194 // AsyncMethodCaller such as MockAsyncMethodCaller for testing. 195 // The injected object will be owned by the internal pointer and deleted 196 // by Shutdown(). 197 static void InitializeForTesting(AsyncMethodCaller* async_method_caller); 198 199 // Destroys the global AsyncMethodCaller instance if it exists. 200 static void Shutdown(); 201 202 // Returns a pointer to the global AsyncMethodCaller instance. 203 // Initialize() should already have been called. 204 static AsyncMethodCaller* GetInstance(); 205 }; 206 207 } // namespace cryptohome 208 209 #endif // CHROMEOS_CRYPTOHOME_ASYNC_METHOD_CALLER_H_ 210
