Home | History | Annotate | Download | only in cryptohome 
      1 // Copyright 2014 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CHROMEOS_CRYPTOHOME_CRYPTOHOME_PARAMETERS_H_
      6 #define CHROMEOS_CRYPTOHOME_CRYPTOHOME_PARAMETERS_H_
      7 
      8 #include <string>
      9 #include <vector>
     10 
     11 #include "base/basictypes.h"
     12 #include "base/memory/scoped_ptr.h"
     13 #include "chromeos/chromeos_export.h"
     14 
     15 namespace cryptohome {
     16 
     17 enum AuthKeyPrivileges {
     18   PRIV_MOUNT = 1 << 0,              // Can mount with this key.
     19   PRIV_ADD = 1 << 1,                // Can add new keys.
     20   PRIV_REMOVE = 1 << 2,             // Can remove other keys.
     21   PRIV_MIGRATE = 1 << 3,            // Destroy all keys and replace with new.
     22   PRIV_AUTHORIZED_UPDATE = 1 << 4,  // Key can be updated in place.
     23   PRIV_DEFAULT = PRIV_MOUNT | PRIV_ADD | PRIV_REMOVE | PRIV_MIGRATE
     24 };
     25 
     26 // Identification of the user calling cryptohome method.
     27 struct CHROMEOS_EXPORT Identification {
     28   explicit Identification(const std::string& user_id);
     29 
     30   bool operator==(const Identification& other) const;
     31 
     32   std::string user_id;
     33 };
     34 
     35 // Definition of the key (e.g. password) for the cryptohome.
     36 // It contains authorization data along with extra parameters like permissions
     37 // associated with this key.
     38 struct CHROMEOS_EXPORT KeyDefinition {
     39   enum Type {
     40     TYPE_PASSWORD = 0
     41   };
     42 
     43   struct AuthorizationData {
     44     enum Type {
     45       TYPE_HMACSHA256 = 0,
     46       TYPE_AES256CBC_HMACSHA256
     47     };
     48 
     49     struct Secret {
     50       Secret();
     51       Secret(bool encrypt,
     52              bool sign,
     53              const std::string& symmetric_key,
     54              const std::string& public_key,
     55              bool wrapped);
     56 
     57       bool operator==(const Secret& other) const;
     58 
     59       bool encrypt;
     60       bool sign;
     61       std::string symmetric_key;
     62       std::string public_key;
     63       bool wrapped;
     64     };
     65 
     66     AuthorizationData();
     67     AuthorizationData(bool encrypt,
     68                       bool sign,
     69                       const std::string& symmetric_key);
     70     ~AuthorizationData();
     71 
     72     bool operator==(const AuthorizationData& other) const;
     73 
     74     Type type;
     75     std::vector<Secret> secrets;
     76   };
     77 
     78   // This struct holds metadata that will be stored alongside the key. Each
     79   // |ProviderData| entry must have a |name| and may hold either a |number| or a
     80   // sequence of |bytes|. The metadata is entirely opaque to cryptohome. It is
     81   // stored with the key and returned when requested but is never interpreted by
     82   // cryptohome in any way. The metadata can be used to store information such
     83   // as the hashing algorithm and the salt used to create the key.
     84   struct ProviderData {
     85     ProviderData();
     86     explicit ProviderData(const std::string& name);
     87     explicit ProviderData(const ProviderData& other);
     88     ProviderData(const std::string& name, int64 number);
     89     ProviderData(const std::string& name, const std::string& bytes);
     90     void operator=(const ProviderData& other);
     91     ~ProviderData();
     92 
     93     bool operator==(const ProviderData& other) const;
     94 
     95     std::string name;
     96     scoped_ptr<int64> number;
     97     scoped_ptr<std::string> bytes;
     98   };
     99 
    100   KeyDefinition();
    101   KeyDefinition(const std::string& secret,
    102                 const std::string& label,
    103                 int privileges);
    104   ~KeyDefinition();
    105 
    106   bool operator==(const KeyDefinition& other) const;
    107 
    108   Type type;
    109   std::string label;
    110   // Privileges associated with key. Combination of |AuthKeyPrivileges| values.
    111   int privileges;
    112   int revision;
    113   std::string secret;
    114 
    115   std::vector<AuthorizationData> authorization_data;
    116   std::vector<ProviderData> provider_data;
    117 };
    118 
    119 // Authorization attempt data for user.
    120 struct CHROMEOS_EXPORT Authorization {
    121   Authorization(const std::string& key, const std::string& label);
    122   explicit Authorization(const KeyDefinition& key);
    123 
    124   bool operator==(const Authorization& other) const;
    125 
    126   std::string key;
    127   std::string label;
    128 };
    129 
    130 // Parameters for Mount call.
    131 class CHROMEOS_EXPORT MountParameters {
    132  public:
    133   explicit MountParameters(bool ephemeral);
    134   ~MountParameters();
    135 
    136   bool operator==(const MountParameters& other) const;
    137 
    138   // If |true|, the mounted home dir will be backed by tmpfs. If |false|, the
    139   // ephemeral users policy decides whether tmpfs or an encrypted directory is
    140   // used as the backend.
    141   bool ephemeral;
    142 
    143   // If not empty, home dir will be created with these keys if it exist.
    144   std::vector<KeyDefinition> create_keys;
    145 };
    146 
    147 }  // namespace cryptohome
    148 
    149 #endif  // CHROMEOS_CRYPTOHOME_CRYPTOHOME_PARAMETERS_H_
    150