1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROMEOS_DBUS_CRYPTOHOME_CLIENT_H_ 6 #define CHROMEOS_DBUS_CRYPTOHOME_CLIENT_H_ 7 8 #include <string> 9 #include <vector> 10 11 #include "base/basictypes.h" 12 #include "base/callback.h" 13 #include "chromeos/attestation/attestation_constants.h" 14 #include "chromeos/chromeos_export.h" 15 #include "chromeos/dbus/dbus_client.h" 16 #include "chromeos/dbus/dbus_method_call_status.h" 17 18 namespace cryptohome { 19 20 class AccountIdentifier; 21 class AddKeyRequest; 22 class AuthorizationRequest; 23 class BaseReply; 24 class CheckKeyRequest; 25 class FlushAndSignBootAttributesRequest; 26 class GetBootAttributeRequest; 27 class GetKeyDataRequest; 28 class MountRequest; 29 class RemoveKeyRequest; 30 class SetBootAttributeRequest; 31 class UpdateKeyRequest; 32 33 } // namespace cryptohome 34 35 namespace chromeos { 36 37 // CryptohomeClient is used to communicate with the Cryptohome service. 38 // All method should be called from the origin thread (UI thread) which 39 // initializes the DBusThreadManager instance. 40 class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { 41 public: 42 // A callback to handle AsyncCallStatus signals. 43 typedef base::Callback<void(int async_id, 44 bool return_status, 45 int return_code)> 46 AsyncCallStatusHandler; 47 // A callback to handle AsyncCallStatusWithData signals. 48 typedef base::Callback<void(int async_id, 49 bool return_status, 50 const std::string& data)> 51 AsyncCallStatusWithDataHandler; 52 // A callback to handle responses of AsyncXXX methods. 53 typedef base::Callback<void(int async_id)> AsyncMethodCallback; 54 // A callback for GetSystemSalt(). 55 typedef base::Callback<void( 56 DBusMethodCallStatus call_status, 57 const std::vector<uint8>& system_salt)> GetSystemSaltCallback; 58 // A callback for WaitForServiceToBeAvailable(). 59 typedef base::Callback<void(bool service_is_ready)> 60 WaitForServiceToBeAvailableCallback; 61 // A callback to handle responses of Pkcs11GetTpmTokenInfo method. The result 62 // of the D-Bus call is in |call_status|. On success, |label| holds the 63 // PKCS #11 token label. This is not useful in practice to identify a token 64 // but may be meaningful to a user. The |user_pin| can be used with the 65 // C_Login PKCS #11 function but is not necessary because tokens are logged in 66 // for the duration of a signed-in session. The |slot| corresponds to a 67 // CK_SLOT_ID for the PKCS #11 API and reliably identifies the token for the 68 // duration of the signed-in session. 69 typedef base::Callback<void( 70 DBusMethodCallStatus call_status, 71 const std::string& label, 72 const std::string& user_pin, 73 int slot)> Pkcs11GetTpmTokenInfoCallback; 74 // A callback for methods which return both a bool result and data. 75 typedef base::Callback<void(DBusMethodCallStatus call_status, 76 bool result, 77 const std::string& data)> DataMethodCallback; 78 79 // A callback for methods which return both a bool and a protobuf as reply. 80 typedef base::Callback< 81 void(DBusMethodCallStatus call_status, 82 bool result, 83 const cryptohome::BaseReply& reply)> ProtobufMethodCallback; 84 85 virtual ~CryptohomeClient(); 86 87 // Factory function, creates a new instance and returns ownership. 88 // For normal usage, access the singleton via DBusThreadManager::Get(). 89 static CryptohomeClient* Create(); 90 91 // Returns the sanitized |username| that the stub implementation would return. 92 static std::string GetStubSanitizedUsername(const std::string& username); 93 94 // Sets AsyncCallStatus signal handlers. 95 // |handler| is called when results for AsyncXXX methods are returned. 96 // Cryptohome service will process the calls in a first-in-first-out manner 97 // when they are made in parallel. 98 virtual void SetAsyncCallStatusHandlers( 99 const AsyncCallStatusHandler& handler, 100 const AsyncCallStatusWithDataHandler& data_handler) = 0; 101 102 // Resets AsyncCallStatus signal handlers. 103 virtual void ResetAsyncCallStatusHandlers() = 0; 104 105 // Runs the callback as soon as the service becomes available. 106 virtual void WaitForServiceToBeAvailable( 107 const WaitForServiceToBeAvailableCallback& callback) = 0; 108 109 // Calls IsMounted method and returns true when the call succeeds. 110 virtual void IsMounted(const BoolDBusMethodCallback& callback) = 0; 111 112 // Calls Unmount method and returns true when the call succeeds. 113 // This method blocks until the call returns. 114 virtual bool Unmount(bool* success) = 0; 115 116 // Calls AsyncCheckKey method. |callback| is called after the method call 117 // succeeds. 118 virtual void AsyncCheckKey(const std::string& username, 119 const std::string& key, 120 const AsyncMethodCallback& callback) = 0; 121 122 // Calls AsyncMigrateKey method. |callback| is called after the method call 123 // succeeds. 124 virtual void AsyncMigrateKey(const std::string& username, 125 const std::string& from_key, 126 const std::string& to_key, 127 const AsyncMethodCallback& callback) = 0; 128 129 // Calls AsyncRemove method. |callback| is called after the method call 130 // succeeds. 131 virtual void AsyncRemove(const std::string& username, 132 const AsyncMethodCallback& callback) = 0; 133 134 // Calls GetSystemSalt method. |callback| is called after the method call 135 // succeeds. 136 virtual void GetSystemSalt(const GetSystemSaltCallback& callback) = 0; 137 138 // Calls GetSanitizedUsername method. |callback| is called after the method 139 // call succeeds. 140 virtual void GetSanitizedUsername( 141 const std::string& username, 142 const StringDBusMethodCallback& callback) = 0; 143 144 // Same as GetSanitizedUsername() but blocks until a reply is received, and 145 // returns the sanitized username synchronously. Returns an empty string if 146 // the method call fails. 147 // This may only be called in situations where blocking the UI thread is 148 // considered acceptable (e.g. restarting the browser after a crash or after 149 // a flag change). 150 virtual std::string BlockingGetSanitizedUsername( 151 const std::string& username) = 0; 152 153 // Calls the AsyncMount method to asynchronously mount the cryptohome for 154 // |username|, using |key| to unlock it. For supported |flags|, see the 155 // documentation of AsyncMethodCaller::AsyncMount(). 156 // |callback| is called after the method call succeeds. 157 virtual void AsyncMount(const std::string& username, 158 const std::string& key, 159 int flags, 160 const AsyncMethodCallback& callback) = 0; 161 162 // Calls the AsyncAddKey method to asynchronously add another |new_key| for 163 // |username|, using |key| to unlock it first. 164 // |callback| is called after the method call succeeds. 165 virtual void AsyncAddKey(const std::string& username, 166 const std::string& key, 167 const std::string& new_key, 168 const AsyncMethodCallback& callback) = 0; 169 170 // Calls AsyncMountGuest method. |callback| is called after the method call 171 // succeeds. 172 virtual void AsyncMountGuest(const AsyncMethodCallback& callback) = 0; 173 174 // Calls the AsyncMount method to asynchronously mount the cryptohome for 175 // |public_mount_id|. For supported |flags|, see the documentation of 176 // AsyncMethodCaller::AsyncMount(). |callback| is called after the method 177 // call succeeds. 178 virtual void AsyncMountPublic(const std::string& public_mount_id, 179 int flags, 180 const AsyncMethodCallback& callback) = 0; 181 182 // Calls TpmIsReady method. 183 virtual void TpmIsReady(const BoolDBusMethodCallback& callback) = 0; 184 185 // Calls TpmIsEnabled method. 186 virtual void TpmIsEnabled(const BoolDBusMethodCallback& callback) = 0; 187 188 // Calls TpmIsEnabled method and returns true when the call succeeds. 189 // This method blocks until the call returns. 190 // TODO(hashimoto): Remove this method. crbug.com/141006 191 virtual bool CallTpmIsEnabledAndBlock(bool* enabled) = 0; 192 193 // Calls TpmGetPassword method. 194 virtual void TpmGetPassword(const StringDBusMethodCallback& callback) = 0; 195 196 // Calls TpmIsOwned method. 197 virtual void TpmIsOwned(const BoolDBusMethodCallback& callback) = 0; 198 199 // Calls TpmIsOwned method and returns true when the call succeeds. 200 // This method blocks until the call returns. 201 // TODO(hashimoto): Remove this method. crbug.com/141012 202 virtual bool CallTpmIsOwnedAndBlock(bool* owned) = 0; 203 204 // Calls TpmIsBeingOwned method. 205 virtual void TpmIsBeingOwned(const BoolDBusMethodCallback& callback) = 0; 206 207 // Calls TpmIsBeingOwned method and returns true when the call succeeds. 208 // This method blocks until the call returns. 209 // TODO(hashimoto): Remove this method. crbug.com/141011 210 virtual bool CallTpmIsBeingOwnedAndBlock(bool* owning) = 0; 211 212 // Calls TpmCanAttemptOwnership method. 213 // This method tells the service that it is OK to attempt ownership. 214 virtual void TpmCanAttemptOwnership( 215 const VoidDBusMethodCallback& callback) = 0; 216 217 // Calls TpmClearStoredPasswordMethod. 218 virtual void TpmClearStoredPassword( 219 const VoidDBusMethodCallback& callback) = 0; 220 221 // Calls TpmClearStoredPassword method and returns true when the call 222 // succeeds. This method blocks until the call returns. 223 // TODO(hashimoto): Remove this method. crbug.com/141010 224 virtual bool CallTpmClearStoredPasswordAndBlock() = 0; 225 226 // Calls Pkcs11IsTpmTokenReady method. 227 virtual void Pkcs11IsTpmTokenReady( 228 const BoolDBusMethodCallback& callback) = 0; 229 230 // Calls Pkcs11GetTpmTokenInfo method. This method is deprecated, you should 231 // use Pkcs11GetTpmTokenInfoForUser instead. On success |callback| will 232 // receive PKCS #11 token information for the token associated with the user 233 // who originally signed in (i.e. PKCS #11 slot 0). 234 virtual void Pkcs11GetTpmTokenInfo( 235 const Pkcs11GetTpmTokenInfoCallback& callback) = 0; 236 237 // Calls Pkcs11GetTpmTokenInfoForUser method. On success |callback| will 238 // receive PKCS #11 token information for the user identified by |user_email|. 239 // The |user_email| must be a canonical email address as returned by 240 // user_manager::User::email(). 241 virtual void Pkcs11GetTpmTokenInfoForUser( 242 const std::string& user_email, 243 const Pkcs11GetTpmTokenInfoCallback& callback) = 0; 244 245 // Calls InstallAttributesGet method and returns true when the call succeeds. 246 // This method blocks until the call returns. 247 // The original content of |value| is lost. 248 virtual bool InstallAttributesGet(const std::string& name, 249 std::vector<uint8>* value, 250 bool* successful) = 0; 251 252 // Calls InstallAttributesSet method and returns true when the call succeeds. 253 // This method blocks until the call returns. 254 virtual bool InstallAttributesSet(const std::string& name, 255 const std::vector<uint8>& value, 256 bool* successful) = 0; 257 258 // Calls InstallAttributesFinalize method and returns true when the call 259 // succeeds. This method blocks until the call returns. 260 virtual bool InstallAttributesFinalize(bool* successful) = 0; 261 262 // Calls InstallAttributesIsReady method. 263 virtual void InstallAttributesIsReady( 264 const BoolDBusMethodCallback& callback) = 0; 265 266 // Calls InstallAttributesIsInvalid method and returns true when the call 267 // succeeds. This method blocks until the call returns. 268 virtual bool InstallAttributesIsInvalid(bool* is_invalid) = 0; 269 270 // Calls InstallAttributesIsFirstInstall method and returns true when the call 271 // succeeds. This method blocks until the call returns. 272 virtual bool InstallAttributesIsFirstInstall(bool* is_first_install) = 0; 273 274 // Calls the TpmAttestationIsPrepared dbus method. The callback is called 275 // when the operation completes. 276 virtual void TpmAttestationIsPrepared( 277 const BoolDBusMethodCallback& callback) = 0; 278 279 // Calls the TpmAttestationIsEnrolled dbus method. The callback is called 280 // when the operation completes. 281 virtual void TpmAttestationIsEnrolled( 282 const BoolDBusMethodCallback& callback) = 0; 283 284 // Asynchronously creates an attestation enrollment request. The callback 285 // will be called when the dbus call completes. When the operation completes, 286 // the AsyncCallStatusWithDataHandler signal handler is called. The data that 287 // is sent with the signal is an enrollment request to be sent to the Privacy 288 // CA of type |pca_type|. The enrollment is completed by calling 289 // AsyncTpmAttestationEnroll. 290 virtual void AsyncTpmAttestationCreateEnrollRequest( 291 chromeos::attestation::PrivacyCAType pca_type, 292 const AsyncMethodCallback& callback) = 0; 293 294 // Asynchronously finishes an attestation enrollment operation. The callback 295 // will be called when the dbus call completes. When the operation completes, 296 // the AsyncCallStatusHandler signal handler is called. |pca_response| is the 297 // response to the enrollment request emitted by the Privacy CA of type 298 // |pca_type|. 299 virtual void AsyncTpmAttestationEnroll( 300 chromeos::attestation::PrivacyCAType pca_type, 301 const std::string& pca_response, 302 const AsyncMethodCallback& callback) = 0; 303 304 // Asynchronously creates an attestation certificate request according to 305 // |certificate_profile|. Some profiles require that the |user_id| of the 306 // currently active user and an identifier of the |request_origin| be 307 // provided. |callback| will be called when the dbus call completes. When 308 // the operation completes, the AsyncCallStatusWithDataHandler signal handler 309 // is called. The data that is sent with the signal is a certificate request 310 // to be sent to the Privacy CA of type |pca_type|. The certificate request 311 // is completed by calling AsyncTpmAttestationFinishCertRequest. The 312 // |user_id| will not be included in the certificate request for the Privacy 313 // CA. 314 virtual void AsyncTpmAttestationCreateCertRequest( 315 chromeos::attestation::PrivacyCAType pca_type, 316 attestation::AttestationCertificateProfile certificate_profile, 317 const std::string& user_id, 318 const std::string& request_origin, 319 const AsyncMethodCallback& callback) = 0; 320 321 // Asynchronously finishes a certificate request operation. The callback will 322 // be called when the dbus call completes. When the operation completes, the 323 // AsyncCallStatusWithDataHandler signal handler is called. The data that is 324 // sent with the signal is a certificate chain in PEM format. |pca_response| 325 // is the response to the certificate request emitted by the Privacy CA. 326 // |key_type| determines whether the certified key is to be associated with 327 // the current user. |key_name| is a name for the key. If |key_type| is 328 // KEY_USER, a |user_id| must be provided. Otherwise |user_id| is ignored. 329 // For normal GAIA users the |user_id| is a canonical email address. 330 virtual void AsyncTpmAttestationFinishCertRequest( 331 const std::string& pca_response, 332 attestation::AttestationKeyType key_type, 333 const std::string& user_id, 334 const std::string& key_name, 335 const AsyncMethodCallback& callback) = 0; 336 337 // Checks if an attestation key already exists. If the key specified by 338 // |key_type| and |key_name| exists, then the result sent to the callback will 339 // be true. If |key_type| is KEY_USER, a |user_id| must be provided. 340 // Otherwise |user_id| is ignored. For normal GAIA users the |user_id| is a 341 // canonical email address. 342 virtual void TpmAttestationDoesKeyExist( 343 attestation::AttestationKeyType key_type, 344 const std::string& user_id, 345 const std::string& key_name, 346 const BoolDBusMethodCallback& callback) = 0; 347 348 // Gets the attestation certificate for the key specified by |key_type| and 349 // |key_name|. |callback| will be called when the operation completes. If 350 // the key does not exist the callback |result| parameter will be false. If 351 // |key_type| is KEY_USER, a |user_id| must be provided. Otherwise |user_id| 352 // is ignored. For normal GAIA users the |user_id| is a canonical email 353 // address. 354 virtual void TpmAttestationGetCertificate( 355 attestation::AttestationKeyType key_type, 356 const std::string& user_id, 357 const std::string& key_name, 358 const DataMethodCallback& callback) = 0; 359 360 // Gets the public key for the key specified by |key_type| and |key_name|. 361 // |callback| will be called when the operation completes. If the key does 362 // not exist the callback |result| parameter will be false. If |key_type| is 363 // KEY_USER, a |user_id| must be provided. Otherwise |user_id| is ignored. 364 // For normal GAIA users the |user_id| is a canonical email address. 365 virtual void TpmAttestationGetPublicKey( 366 attestation::AttestationKeyType key_type, 367 const std::string& user_id, 368 const std::string& key_name, 369 const DataMethodCallback& callback) = 0; 370 371 // Asynchronously registers an attestation key with the current user's 372 // PKCS #11 token. The |callback| will be called when the dbus call 373 // completes. When the operation completes, the AsyncCallStatusHandler signal 374 // handler is called. |key_type| and |key_name| specify the key to register. 375 // If |key_type| is KEY_USER, a |user_id| must be provided. Otherwise 376 // |user_id| is ignored. For normal GAIA users the |user_id| is a canonical 377 // email address. 378 virtual void TpmAttestationRegisterKey( 379 attestation::AttestationKeyType key_type, 380 const std::string& user_id, 381 const std::string& key_name, 382 const AsyncMethodCallback& callback) = 0; 383 384 // Asynchronously signs an enterprise challenge with the key specified by 385 // |key_type| and |key_name|. |domain| and |device_id| will be included in 386 // the challenge response. |options| control how the challenge response is 387 // generated. |challenge| must be a valid enterprise attestation challenge. 388 // The |callback| will be called when the dbus call completes. When the 389 // operation completes, the AsyncCallStatusWithDataHandler signal handler is 390 // called. If |key_type| is KEY_USER, a |user_id| must be provided. 391 // Otherwise |user_id| is ignored. For normal GAIA users the |user_id| is a 392 // canonical email address. 393 virtual void TpmAttestationSignEnterpriseChallenge( 394 attestation::AttestationKeyType key_type, 395 const std::string& user_id, 396 const std::string& key_name, 397 const std::string& domain, 398 const std::string& device_id, 399 attestation::AttestationChallengeOptions options, 400 const std::string& challenge, 401 const AsyncMethodCallback& callback) = 0; 402 403 // Asynchronously signs a simple challenge with the key specified by 404 // |key_type| and |key_name|. |challenge| can be any set of arbitrary bytes. 405 // A nonce will be appended to the challenge before signing; this method 406 // cannot be used to sign arbitrary data. The |callback| will be called when 407 // the dbus call completes. When the operation completes, the 408 // AsyncCallStatusWithDataHandler signal handler is called. If |key_type| is 409 // KEY_USER, a |user_id| must be provided. Otherwise |user_id| is ignored. 410 // For normal GAIA users the |user_id| is a canonical email address. 411 virtual void TpmAttestationSignSimpleChallenge( 412 attestation::AttestationKeyType key_type, 413 const std::string& user_id, 414 const std::string& key_name, 415 const std::string& challenge, 416 const AsyncMethodCallback& callback) = 0; 417 418 // Gets the payload associated with the key specified by |key_type| and 419 // |key_name|. The |callback| will be called when the operation completes. 420 // If the key does not exist the callback |result| parameter will be false. 421 // If no payload has been set for the key the callback |result| parameter will 422 // be true and the |data| parameter will be empty. If |key_type| is 423 // KEY_USER, a |user_id| must be provided. Otherwise |user_id| is ignored. 424 // For normal GAIA users the |user_id| is a canonical email address. 425 virtual void TpmAttestationGetKeyPayload( 426 attestation::AttestationKeyType key_type, 427 const std::string& user_id, 428 const std::string& key_name, 429 const DataMethodCallback& callback) = 0; 430 431 // Sets the |payload| associated with the key specified by |key_type| and 432 // |key_name|. The |callback| will be called when the operation completes. 433 // If the operation succeeds, the callback |result| parameter will be true. 434 // If |key_type| is KEY_USER, a |user_id| must be provided. Otherwise 435 // |user_id| is ignored. For normal GAIA users the |user_id| is a canonical 436 // email address. 437 virtual void TpmAttestationSetKeyPayload( 438 attestation::AttestationKeyType key_type, 439 const std::string& user_id, 440 const std::string& key_name, 441 const std::string& payload, 442 const BoolDBusMethodCallback& callback) = 0; 443 444 // Deletes certified keys as specified by |key_type| and |key_prefix|. The 445 // |callback| will be called when the operation completes. If the operation 446 // succeeds, the callback |result| parameter will be true. If |key_type| is 447 // KEY_USER, a |user_id| must be provided. Otherwise |user_id| is ignored. 448 // For normal GAIA users the |user_id| is a canonical email address. All keys 449 // where the key name has a prefix matching |key_prefix| will be deleted. All 450 // meta-data associated with the key, including certificates, will also be 451 // deleted. 452 virtual void TpmAttestationDeleteKeys( 453 attestation::AttestationKeyType key_type, 454 const std::string& user_id, 455 const std::string& key_prefix, 456 const BoolDBusMethodCallback& callback) = 0; 457 458 // Asynchronously calls the GetKeyDataEx method. |callback| will be invoked 459 // with the reply protobuf. 460 // GetKeyDataEx returns information about the key specified in |request|. At 461 // present, this does not include any secret information and the call should 462 // not be authenticated (|auth| should be empty). 463 virtual void GetKeyDataEx( 464 const cryptohome::AccountIdentifier& id, 465 const cryptohome::AuthorizationRequest& auth, 466 const cryptohome::GetKeyDataRequest& request, 467 const ProtobufMethodCallback& callback) = 0; 468 469 // Asynchronously calls CheckKeyEx method. |callback| is called after method 470 // call, and with reply protobuf. 471 // CheckKeyEx just checks if authorization information is valid. 472 virtual void CheckKeyEx( 473 const cryptohome::AccountIdentifier& id, 474 const cryptohome::AuthorizationRequest& auth, 475 const cryptohome::CheckKeyRequest& request, 476 const ProtobufMethodCallback& callback) = 0; 477 478 // Asynchronously calls MountEx method. |callback| is called after method 479 // call, and with reply protobuf. 480 // MountEx attempts to mount home dir using given authorization, and can 481 // create new home dir if necessary values are specified in |request|. 482 virtual void MountEx( 483 const cryptohome::AccountIdentifier& id, 484 const cryptohome::AuthorizationRequest& auth, 485 const cryptohome::MountRequest& request, 486 const ProtobufMethodCallback& callback) = 0; 487 488 // Asynchronously calls AddKeyEx method. |callback| is called after method 489 // call, and with reply protobuf. 490 // AddKeyEx adds another key to the given key set. |request| also defines 491 // behavior in case when key with specified label already exist. 492 virtual void AddKeyEx( 493 const cryptohome::AccountIdentifier& id, 494 const cryptohome::AuthorizationRequest& auth, 495 const cryptohome::AddKeyRequest& request, 496 const ProtobufMethodCallback& callback) = 0; 497 498 // Asynchronously calls UpdateKeyEx method. |callback| is called after method 499 // call, and with reply protobuf. Reply will contain MountReply extension. 500 // UpdateKeyEx replaces key used for authorization, without affecting any 501 // other keys. If specified at home dir creation time, new key may have 502 // to be signed and/or encrypted. 503 virtual void UpdateKeyEx( 504 const cryptohome::AccountIdentifier& id, 505 const cryptohome::AuthorizationRequest& auth, 506 const cryptohome::UpdateKeyRequest& request, 507 const ProtobufMethodCallback& callback) = 0; 508 509 // Asynchronously calls RemoveKeyEx method. |callback| is called after method 510 // call, and with reply protobuf. 511 // RemoveKeyEx removes key from the given key set. 512 virtual void RemoveKeyEx(const cryptohome::AccountIdentifier& id, 513 const cryptohome::AuthorizationRequest& auth, 514 const cryptohome::RemoveKeyRequest& request, 515 const ProtobufMethodCallback& callback) = 0; 516 517 // Asynchronously calls GetBootAttribute method. |callback| is called after 518 // method call, and with reply protobuf. 519 // GetBootAttribute gets the value of the specified boot attribute. 520 virtual void GetBootAttribute( 521 const cryptohome::GetBootAttributeRequest& request, 522 const ProtobufMethodCallback& callback) = 0; 523 524 // Asynchronously calls SetBootAttribute method. |callback| is called after 525 // method call, and with reply protobuf. 526 // SetBootAttribute sets the value of the specified boot attribute. The value 527 // won't be available unitl FlushAndSignBootAttributes() is called. 528 virtual void SetBootAttribute( 529 const cryptohome::SetBootAttributeRequest& request, 530 const ProtobufMethodCallback& callback) = 0; 531 532 // Asynchronously calls FlushAndSignBootAttributes method. |callback| is 533 // called after method call, and with reply protobuf. 534 // FlushAndSignBootAttributes makes all pending boot attribute settings 535 // available, and have them signed by a special TPM key. This method always 536 // fails after any user, publuc, or guest session starts. 537 virtual void FlushAndSignBootAttributes( 538 const cryptohome::FlushAndSignBootAttributesRequest& request, 539 const ProtobufMethodCallback& callback) = 0; 540 541 protected: 542 // Create() should be used instead. 543 CryptohomeClient(); 544 545 private: 546 DISALLOW_COPY_AND_ASSIGN(CryptohomeClient); 547 }; 548 549 } // namespace chromeos 550 551 #endif // CHROMEOS_DBUS_CRYPTOHOME_CLIENT_H_ 552