1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_H_ 6 #define CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_H_ 7 8 #include <string> 9 #include <vector> 10 11 #include "base/callback_forward.h" 12 #include "base/macros.h" 13 #include "base/memory/ref_counted.h" 14 #include "base/memory/scoped_ptr.h" 15 16 namespace content { 17 class BrowserContext; 18 } 19 20 namespace net { 21 class X509Certificate; 22 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; 23 } 24 25 namespace chromeos { 26 27 namespace platform_keys { 28 29 // A token is a store for keys or certs and can provide cryptographic 30 // operations. 31 // ChromeOS provides itself a user token and conditionally a system wide token, 32 // thus these tokens use static identifiers. The platform keys API is designed 33 // to support arbitrary other tokens in the future, which could then use 34 // run-time generated IDs. 35 extern const char kTokenIdUser[]; 36 extern const char kTokenIdSystem[]; 37 38 // Supported hash algorithms. 39 enum HashAlgorithm { 40 HASH_ALGORITHM_SHA1, 41 HASH_ALGORITHM_SHA256, 42 HASH_ALGORITHM_SHA384, 43 HASH_ALGORITHM_SHA512 44 }; 45 46 namespace subtle { 47 // Functions of this namespace shouldn't be called directly from the context of 48 // an extension. Instead use PlatformKeysService which enforces restrictions 49 // upon extensions. 50 51 typedef base::Callback<void(const std::string& public_key_spki_der, 52 const std::string& error_message)> 53 GenerateKeyCallback; 54 55 // Generates a RSA key pair with |modulus_length_bits|. |token_id| is currently 56 // ignored, instead the user token associated with |browser_context| is always 57 // used. |callback| will be invoked with the resulting public key or an error. 58 void GenerateRSAKey(const std::string& token_id, 59 unsigned int modulus_length_bits, 60 const GenerateKeyCallback& callback, 61 content::BrowserContext* browser_context); 62 63 typedef base::Callback<void(const std::string& signature, 64 const std::string& error_message)> SignCallback; 65 66 // Digests |data| with |hash_algorithm| and afterwards signs the digest with the 67 // private key matching |public_key|, if that key is stored in the given token. 68 // |token_id| is currently ignored, instead the user token associated with 69 // |browser_context| is always used. |public_key| must be the DER encoding of a 70 // SubjectPublicKeyInfo. |callback| will be invoked with the signature or an 71 // error message. 72 // Currently supports RSA keys only. 73 void Sign(const std::string& token_id, 74 const std::string& public_key, 75 HashAlgorithm hash_algorithm, 76 const std::string& data, 77 const SignCallback& callback, 78 content::BrowserContext* browser_context); 79 80 } // namespace subtle 81 82 // If the list of certificates could be successfully retrieved, |certs| will 83 // contain the list of available certificates (maybe empty) and |error_message| 84 // will be empty. If an error occurred, |certs| will be empty and 85 // |error_message| contain an error message. 86 typedef base::Callback<void(scoped_ptr<net::CertificateList> certs, 87 const std::string& error_message)> 88 GetCertificatesCallback; 89 90 // Returns the list of all certificates with stored private key available from 91 // the given token. |token_id| is currently ignored, instead the user token 92 // associated with |browser_context| is always used. |callback| will be invoked 93 // with the list of available certificates or an error message. 94 void GetCertificates(const std::string& token_id, 95 const GetCertificatesCallback& callback, 96 content::BrowserContext* browser_context); 97 98 // If an error occurred during import, |error_message| will be set to an error 99 // message. 100 typedef base::Callback<void(const std::string& error_message)> 101 ImportCertificateCallback; 102 103 // Imports |certificate| to the given token if the certified key is already 104 // stored in this token. Any intermediate of |certificate| will be ignored. 105 // |token_id| is currently ignored, instead the user token associated with 106 // |browser_context| is always used. |callback| will be invoked when the import 107 // is finished, possibly with an error message. 108 void ImportCertificate(const std::string& token_id, 109 scoped_refptr<net::X509Certificate> certificate, 110 const ImportCertificateCallback& callback, 111 content::BrowserContext* browser_context); 112 113 // If an error occurred during removal, |error_message| will be set to an error 114 // message. 115 typedef base::Callback<void(const std::string& error_message)> 116 RemoveCertificateCallback; 117 118 // Removes |certificate| from the given token if present. Any intermediate of 119 // |certificate| will be ignored. |token_id| is currently ignored, instead the 120 // user token associated with |browser_context| is always used. |callback| will 121 // be invoked when the removal is finished, possibly with an error message. 122 void RemoveCertificate(const std::string& token_id, 123 scoped_refptr<net::X509Certificate> certificate, 124 const RemoveCertificateCallback& callback, 125 content::BrowserContext* browser_context); 126 127 // If the list of available tokens could be successfully retrieved, |token_ids| 128 // will contain the token ids. If an error occurs, |token_ids| will be NULL and 129 // |error_message| will be set to an error message. 130 typedef base::Callback<void(scoped_ptr<std::vector<std::string> > token_ids, 131 const std::string& error_message)> 132 GetTokensCallback; 133 134 // Gets the list of available tokens. |callback| will be invoked when the list 135 // of available tokens is determined, possibly with an error message. 136 // Must be called and calls |callback| on the UI thread. 137 void GetTokens(const GetTokensCallback& callback, 138 content::BrowserContext* browser_context); 139 140 } // namespace platform_keys 141 142 } // namespace chromeos 143 144 #endif // CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_H_ 145