1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROMEOS_CRYPTOHOME_CRYPTOHOME_PARAMETERS_H_ 6 #define CHROMEOS_CRYPTOHOME_CRYPTOHOME_PARAMETERS_H_ 7 8 #include <string> 9 #include <vector> 10 11 #include "base/basictypes.h" 12 #include "base/memory/scoped_ptr.h" 13 #include "chromeos/chromeos_export.h" 14 15 namespace cryptohome { 16 17 enum AuthKeyPrivileges { 18 PRIV_MOUNT = 1 << 0, // Can mount with this key. 19 PRIV_ADD = 1 << 1, // Can add new keys. 20 PRIV_REMOVE = 1 << 2, // Can remove other keys. 21 PRIV_MIGRATE = 1 << 3, // Destroy all keys and replace with new. 22 PRIV_AUTHORIZED_UPDATE = 1 << 4, // Key can be updated in place. 23 PRIV_DEFAULT = PRIV_MOUNT | PRIV_ADD | PRIV_REMOVE | PRIV_MIGRATE 24 }; 25 26 // Identification of the user calling cryptohome method. 27 struct CHROMEOS_EXPORT Identification { 28 explicit Identification(const std::string& user_id); 29 30 bool operator==(const Identification& other) const; 31 32 std::string user_id; 33 }; 34 35 // Definition of the key (e.g. password) for the cryptohome. 36 // It contains authorization data along with extra parameters like permissions 37 // associated with this key. 38 struct CHROMEOS_EXPORT KeyDefinition { 39 enum Type { 40 TYPE_PASSWORD = 0 41 }; 42 43 struct AuthorizationData { 44 enum Type { 45 TYPE_HMACSHA256 = 0, 46 TYPE_AES256CBC_HMACSHA256 47 }; 48 49 struct Secret { 50 Secret(); 51 Secret(bool encrypt, 52 bool sign, 53 const std::string& symmetric_key, 54 const std::string& public_key, 55 bool wrapped); 56 57 bool operator==(const Secret& other) const; 58 59 bool encrypt; 60 bool sign; 61 std::string symmetric_key; 62 std::string public_key; 63 bool wrapped; 64 }; 65 66 AuthorizationData(); 67 AuthorizationData(bool encrypt, 68 bool sign, 69 const std::string& symmetric_key); 70 ~AuthorizationData(); 71 72 bool operator==(const AuthorizationData& other) const; 73 74 Type type; 75 std::vector<Secret> secrets; 76 }; 77 78 // This struct holds metadata that will be stored alongside the key. Each 79 // |ProviderData| entry must have a |name| and may hold either a |number| or a 80 // sequence of |bytes|. The metadata is entirely opaque to cryptohome. It is 81 // stored with the key and returned when requested but is never interpreted by 82 // cryptohome in any way. The metadata can be used to store information such 83 // as the hashing algorithm and the salt used to create the key. 84 struct ProviderData { 85 ProviderData(); 86 explicit ProviderData(const std::string& name); 87 explicit ProviderData(const ProviderData& other); 88 ProviderData(const std::string& name, int64 number); 89 ProviderData(const std::string& name, const std::string& bytes); 90 void operator=(const ProviderData& other); 91 ~ProviderData(); 92 93 bool operator==(const ProviderData& other) const; 94 95 std::string name; 96 scoped_ptr<int64> number; 97 scoped_ptr<std::string> bytes; 98 }; 99 100 KeyDefinition(); 101 KeyDefinition(const std::string& secret, 102 const std::string& label, 103 int privileges); 104 ~KeyDefinition(); 105 106 bool operator==(const KeyDefinition& other) const; 107 108 Type type; 109 std::string label; 110 // Privileges associated with key. Combination of |AuthKeyPrivileges| values. 111 int privileges; 112 int revision; 113 std::string secret; 114 115 std::vector<AuthorizationData> authorization_data; 116 std::vector<ProviderData> provider_data; 117 }; 118 119 // Authorization attempt data for user. 120 struct CHROMEOS_EXPORT Authorization { 121 Authorization(const std::string& key, const std::string& label); 122 explicit Authorization(const KeyDefinition& key); 123 124 bool operator==(const Authorization& other) const; 125 126 std::string key; 127 std::string label; 128 }; 129 130 // Parameters for Mount call. 131 class CHROMEOS_EXPORT MountParameters { 132 public: 133 explicit MountParameters(bool ephemeral); 134 ~MountParameters(); 135 136 bool operator==(const MountParameters& other) const; 137 138 // If |true|, the mounted home dir will be backed by tmpfs. If |false|, the 139 // ephemeral users policy decides whether tmpfs or an encrypted directory is 140 // used as the backend. 141 bool ephemeral; 142 143 // If not empty, home dir will be created with these keys if it exist. 144 std::vector<KeyDefinition> create_keys; 145 }; 146 147 } // namespace cryptohome 148 149 #endif // CHROMEOS_CRYPTOHOME_CRYPTOHOME_PARAMETERS_H_ 150