Home | History | Annotate | Download | only in platform_keys 
      1 // Copyright 2014 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_H_
      6 #define CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_H_
      7 
      8 #include <string>
      9 #include <vector>
     10 
     11 #include "base/callback_forward.h"
     12 #include "base/macros.h"
     13 #include "base/memory/ref_counted.h"
     14 #include "base/memory/scoped_ptr.h"
     15 
     16 namespace content {
     17 class BrowserContext;
     18 }
     19 
     20 namespace net {
     21 class X509Certificate;
     22 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
     23 }
     24 
     25 namespace chromeos {
     26 
     27 namespace platform_keys {
     28 
     29 // A token is a store for keys or certs and can provide cryptographic
     30 // operations.
     31 // ChromeOS provides itself a user token and conditionally a system wide token,
     32 // thus these tokens use static identifiers. The platform keys API is designed
     33 // to support arbitrary other tokens in the future, which could then use
     34 // run-time generated IDs.
     35 extern const char kTokenIdUser[];
     36 extern const char kTokenIdSystem[];
     37 
     38 // Supported hash algorithms.
     39 enum HashAlgorithm {
     40   HASH_ALGORITHM_SHA1,
     41   HASH_ALGORITHM_SHA256,
     42   HASH_ALGORITHM_SHA384,
     43   HASH_ALGORITHM_SHA512
     44 };
     45 
     46 namespace subtle {
     47 // Functions of this namespace shouldn't be called directly from the context of
     48 // an extension. Instead use PlatformKeysService which enforces restrictions
     49 // upon extensions.
     50 
     51 typedef base::Callback<void(const std::string& public_key_spki_der,
     52                             const std::string& error_message)>
     53     GenerateKeyCallback;
     54 
     55 // Generates a RSA key pair with |modulus_length_bits|. |token_id| is currently
     56 // ignored, instead the user token associated with |browser_context| is always
     57 // used. |callback| will be invoked with the resulting public key or an error.
     58 void GenerateRSAKey(const std::string& token_id,
     59                     unsigned int modulus_length_bits,
     60                     const GenerateKeyCallback& callback,
     61                     content::BrowserContext* browser_context);
     62 
     63 typedef base::Callback<void(const std::string& signature,
     64                             const std::string& error_message)> SignCallback;
     65 
     66 // Digests |data| with |hash_algorithm| and afterwards signs the digest with the
     67 // private key matching |public_key|, if that key is stored in the given token.
     68 // |token_id| is currently ignored, instead the user token associated with
     69 // |browser_context| is always used. |public_key| must be the DER encoding of a
     70 // SubjectPublicKeyInfo. |callback| will be invoked with the signature or an
     71 // error message.
     72 // Currently supports RSA keys only.
     73 void Sign(const std::string& token_id,
     74           const std::string& public_key,
     75           HashAlgorithm hash_algorithm,
     76           const std::string& data,
     77           const SignCallback& callback,
     78           content::BrowserContext* browser_context);
     79 
     80 }  // namespace subtle
     81 
     82 // If the list of certificates could be successfully retrieved, |certs| will
     83 // contain the list of available certificates (maybe empty) and |error_message|
     84 // will be empty. If an error occurred, |certs| will be empty and
     85 // |error_message| contain an error message.
     86 typedef base::Callback<void(scoped_ptr<net::CertificateList> certs,
     87                             const std::string& error_message)>
     88     GetCertificatesCallback;
     89 
     90 // Returns the list of all certificates with stored private key available from
     91 // the given token. |token_id| is currently ignored, instead the user token
     92 // associated with |browser_context| is always used. |callback| will be invoked
     93 // with the list of available certificates or an error message.
     94 void GetCertificates(const std::string& token_id,
     95                      const GetCertificatesCallback& callback,
     96                      content::BrowserContext* browser_context);
     97 
     98 // If an error occurred during import, |error_message| will be set to an error
     99 // message.
    100 typedef base::Callback<void(const std::string& error_message)>
    101     ImportCertificateCallback;
    102 
    103 // Imports |certificate| to the given token if the certified key is already
    104 // stored in this token. Any intermediate of |certificate| will be ignored.
    105 // |token_id| is currently ignored, instead the user token associated with
    106 // |browser_context| is always used. |callback| will be invoked when the import
    107 // is finished, possibly with an error message.
    108 void ImportCertificate(const std::string& token_id,
    109                        scoped_refptr<net::X509Certificate> certificate,
    110                        const ImportCertificateCallback& callback,
    111                        content::BrowserContext* browser_context);
    112 
    113 // If an error occurred during removal, |error_message| will be set to an error
    114 // message.
    115 typedef base::Callback<void(const std::string& error_message)>
    116     RemoveCertificateCallback;
    117 
    118 // Removes |certificate| from the given token if present. Any intermediate of
    119 // |certificate| will be ignored. |token_id| is currently ignored, instead the
    120 // user token associated with |browser_context| is always used. |callback| will
    121 // be invoked when the removal is finished, possibly with an error message.
    122 void RemoveCertificate(const std::string& token_id,
    123                        scoped_refptr<net::X509Certificate> certificate,
    124                        const RemoveCertificateCallback& callback,
    125                        content::BrowserContext* browser_context);
    126 
    127 // If the list of available tokens could be successfully retrieved, |token_ids|
    128 // will contain the token ids. If an error occurs, |token_ids| will be NULL and
    129 // |error_message| will be set to an error message.
    130 typedef base::Callback<void(scoped_ptr<std::vector<std::string> > token_ids,
    131                             const std::string& error_message)>
    132     GetTokensCallback;
    133 
    134 // Gets the list of available tokens. |callback| will be invoked when the list
    135 // of available tokens is determined, possibly with an error message.
    136 // Must be called and calls |callback| on the UI thread.
    137 void GetTokens(const GetTokensCallback& callback,
    138                content::BrowserContext* browser_context);
    139 
    140 }  // namespace platform_keys
    141 
    142 }  // namespace chromeos
    143 
    144 #endif  // CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_H_
    145