• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef CHROME_BROWSER_CHROMEOS_CROS_CRYPTOHOME_LIBRARY_H_
6 #define CHROME_BROWSER_CHROMEOS_CROS_CRYPTOHOME_LIBRARY_H_
7 #pragma once
8 
9 #include <string>
10 
11 #include "base/memory/singleton.h"
12 #include "chrome/browser/chromeos/cros/cros_library.h"
13 #include "third_party/cros/chromeos_cryptohome.h"
14 
15 namespace chromeos {
16 
17 // This interface defines the interaction with the ChromeOS cryptohome library
18 // APIs.
19 class CryptohomeLibrary {
20  public:
21   class Delegate {
22    public:
23     // This will be called back on the UI thread.  Consult |return_code| for
24     // further information beyond mere success or failure.
25     virtual void OnComplete(bool success, int return_code) = 0;
26   };
27 
28   CryptohomeLibrary();
29   virtual ~CryptohomeLibrary();
30 
31   // Asks cryptohomed to try to find the cryptohome for |user_email| and then
32   // use |passhash| to unlock the key.
33   virtual bool CheckKey(const std::string& user_email,
34                         const std::string& passhash) = 0;
35 
36   // Asks cryptohomed to asynchronously try to find the cryptohome for
37   // |user_email| and then use |passhash| to unlock the key.
38   // Returns true if the attempt is successfully initiated.
39   // d->OnComplete() will be called with status info on completion.
40   virtual bool AsyncCheckKey(const std::string& user_email,
41                              const std::string& passhash,
42                              Delegate* callback) = 0;
43 
44   // Asks cryptohomed to try to find the cryptohome for |user_email| and then
45   // change from using |old_hash| to lock the key to using |new_hash|.
46   virtual bool MigrateKey(const std::string& user_email,
47                           const std::string& old_hash,
48                           const std::string& new_hash) = 0;
49 
50   // Asks cryptohomed to asynchronously try to find the cryptohome for
51   // |user_email| and then change from using |old_hash| to lock the
52   // key to using |new_hash|.
53   // Returns true if the attempt is successfully initiated.
54   // d->OnComplete() will be called with status info on completion.
55   virtual bool AsyncMigrateKey(const std::string& user_email,
56                                const std::string& old_hash,
57                                const std::string& new_hash,
58                                Delegate* callback) = 0;
59 
60   // Asks cryptohomed to try to find the cryptohome for |user_email| and then
61   // mount it using |passhash| to unlock the key.
62   virtual bool Mount(const std::string& user_email,
63                      const std::string& passhash,
64                      int* error_code) = 0;
65 
66   // Asks cryptohomed to asynchronously try to find the cryptohome for
67   // |user_email| and then mount it using |passhash| to unlock the key.
68   // |create_if_missing| controls whether or not we ask cryptohomed to
69   // create a new home dir if one does not yet exist for |user_email|.
70   // Returns true if the attempt is successfully initiated.
71   // d->OnComplete() will be called with status info on completion.
72   // If |create_if_missing| is false, and no cryptohome exists for |user_email|,
73   // we'll get d->OnComplete(false, kCryptohomeMountErrorUserDoesNotExist).
74   // Otherwise, we expect the normal range of return codes.
75   virtual bool AsyncMount(const std::string& user_email,
76                           const std::string& passhash,
77                           const bool create_if_missing,
78                           Delegate* callback) = 0;
79 
80   // Asks cryptohomed to mount a tmpfs for BWSI mode.
81   virtual bool MountForBwsi(int* error_code) = 0;
82 
83   // Asks cryptohomed to asynchronously to mount a tmpfs for BWSI mode.
84   // Returns true if the attempt is successfully initiated.
85   // d->OnComplete() will be called with status info on completion.
86   virtual bool AsyncMountForBwsi(Delegate* callback) = 0;
87 
88   // Asks cryptohomed to unmount the currently mounted cryptohome.
89   // Returns false if the cryptohome could not be unmounted, true otherwise.
90   virtual bool Unmount() = 0;
91 
92   // Asks cryptohomed to try to find the cryptohome for |user_email| and then
93   // nuke it.
94   virtual bool Remove(const std::string& user_email) = 0;
95 
96   // Asks cryptohomed to asynchronously try to find the cryptohome for
97   // |user_email| and then nuke it.
98   virtual bool AsyncRemove(const std::string& user_email,
99                            Delegate* callback) = 0;
100 
101   // Asks cryptohomed if a drive is currently mounted.
102   virtual bool IsMounted() = 0;
103 
104   // Asks cryptohomed for the system salt.
105   virtual CryptohomeBlob GetSystemSalt() = 0;
106 
107   // Checks free disk space and if it falls below some minimum
108   // (cryptohome::kMinFreeSpace), performs cleanup.
109   virtual bool AsyncDoAutomaticFreeDiskSpaceControl(Delegate* callback) = 0;
110 
111   // Wrappers of the functions for working with Tpm.
112 
113   // Returns whether Tpm is ready.
114   virtual bool TpmIsReady() = 0;
115 
116   // Returns whether Tpm is presented and enabled.
117   virtual bool TpmIsEnabled() = 0;
118 
119   // Returns whether device has already been owned.
120   virtual bool TpmIsOwned() = 0;
121 
122   // Returns whether device is being owned (Tpm password is generating).
123   virtual bool TpmIsBeingOwned() = 0;
124 
125   // Returns Tpm password (if password was cleared empty one is returned).
126   // Return value is true if password was successfully acquired.
127   virtual bool TpmGetPassword(std::string* password) = 0;
128 
129   // Attempts to start owning (if device isn't owned and isn't being owned).
130   virtual void TpmCanAttemptOwnership() = 0;
131 
132   // Clears Tpm password. Password should be cleared after it was generated and
133   // shown to user.
134   virtual void TpmClearStoredPassword() = 0;
135 
136   virtual bool InstallAttributesGet(const std::string& name,
137                                     std::string* value) = 0;
138   virtual bool InstallAttributesSet(const std::string& name,
139                                     const std::string& value) = 0;
140   virtual int InstallAttributesCount() = 0;
141   virtual bool InstallAttributesFinalize() = 0;
142   virtual bool InstallAttributesIsReady() = 0;
143   virtual bool InstallAttributesIsSecure() = 0;
144   virtual bool InstallAttributesIsInvalid() = 0;
145   virtual bool InstallAttributesIsFirstInstall() = 0;
146 
147   // Get the PKCS#11 token info from the TPM.  This is different from
148   // the TpmGetPassword because it's getting the PKCS#11 user PIN and
149   // not the TPM password.
150   virtual void Pkcs11GetTpmTokenInfo(std::string* label,
151                                      std::string* user_pin) = 0;
152 
153   // Gets the status of the TPM.  This is different from TpmIsReady
154   // because it's getting the staus of the PKCS#11 initialization of
155   // the TPM token, not the TPM itself.
156   virtual bool Pkcs11IsTpmTokenReady() = 0;
157 
158   // Factory function, creates a new instance and returns ownership.
159   // For normal usage, access the singleton via CrosLibrary::Get().
160   static CryptohomeLibrary* GetImpl(bool stub);
161 };
162 
163 }  // namespace chromeos
164 
165 #endif  // CHROME_BROWSER_CHROMEOS_CROS_CRYPTOHOME_LIBRARY_H_
166