1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROMEOS_CRYPTOHOME_ASYNC_METHOD_CALLER_H_ 6 #define CHROMEOS_CRYPTOHOME_ASYNC_METHOD_CALLER_H_ 7 8 #include <string> 9 10 #include "base/basictypes.h" 11 #include "base/callback_forward.h" 12 #include "chromeos/attestation/attestation_constants.h" 13 #include "chromeos/chromeos_export.h" 14 #include "chromeos/dbus/cryptohome_client.h" 15 #include "third_party/cros_system_api/dbus/service_constants.h" 16 17 namespace cryptohome { 18 19 // Note: This file is placed in ::cryptohome instead of ::chromeos::cryptohome 20 // since there is already a namespace ::cryptohome which holds the error code 21 // enum (MountError) and referencing ::chromeos::cryptohome and ::cryptohome 22 // within the same code is confusing. 23 24 // Flags for the AsyncMount method. 25 enum MountFlags { 26 MOUNT_FLAGS_NONE = 0, // Used to explicitly denote that no flags are 27 // set. 28 CREATE_IF_MISSING = 1, // Create a cryptohome if it does not exist yet. 29 ENSURE_EPHEMERAL = 1 << 1, // Ensure that the mount is ephemeral. 30 }; 31 32 // This class manages calls to Cryptohome service's 'async' methods. 33 class CHROMEOS_EXPORT AsyncMethodCaller { 34 public: 35 // A callback type which is called back on the UI thread when the results of 36 // method calls are ready. 37 typedef base::Callback<void(bool success, MountError return_code)> Callback; 38 typedef base::Callback<void(bool success, const std::string& data)> 39 DataCallback; 40 ~AsyncMethodCaller()41 virtual ~AsyncMethodCaller() {} 42 43 // Asks cryptohomed to asynchronously try to find the cryptohome for 44 // |user_email| and then use |passhash| to unlock the key. 45 // |callback| will be called with status info on completion. 46 virtual void AsyncCheckKey(const std::string& user_email, 47 const std::string& passhash, 48 Callback callback) = 0; 49 50 // Asks cryptohomed to asynchronously try to find the cryptohome for 51 // |user_email| and then change from using |old_hash| to lock the 52 // key to using |new_hash|. 53 // |callback| will be called with status info on completion. 54 virtual void AsyncMigrateKey(const std::string& user_email, 55 const std::string& old_hash, 56 const std::string& new_hash, 57 Callback callback) = 0; 58 59 // Asks cryptohomed to asynchronously try to find the cryptohome for 60 // |user_email| and then mount it using |passhash| to unlock the key. 61 // The |flags| are a combination of |MountFlags|: 62 // * CREATE_IF_MISSING Controls whether or not cryptohomed is asked to create 63 // a new cryptohome if one does not exist yet for 64 // |user_email|. 65 // * ENSURE_EPHEMERAL If |true|, the mounted cryptohome will be backed by 66 // tmpfs. If |false|, the ephemeral users policy decides 67 // whether tmpfs or an encrypted directory is used as the 68 // backend. 69 // |callback| will be called with status info on completion. 70 // If the |CREATE_IF_MISSING| flag is not given and no cryptohome exists 71 // for |user_email|, the expected result is 72 // callback.Run(false, kCryptohomeMountErrorUserDoesNotExist). Otherwise, 73 // the normal range of return codes is expected. 74 virtual void AsyncMount(const std::string& user_email, 75 const std::string& passhash, 76 int flags, 77 Callback callback) = 0; 78 79 // Asks cryptohomed to asynchronously try to add another |new_passhash| for 80 // |user_email| using |passhash| to unlock the key. 81 // |callback| will be called with status info on completion. 82 virtual void AsyncAddKey(const std::string& user_email, 83 const std::string& passhash, 84 const std::string& new_passhash, 85 Callback callback) = 0; 86 87 // Asks cryptohomed to asynchronously to mount a tmpfs for guest mode. 88 // |callback| will be called with status info on completion. 89 virtual void AsyncMountGuest(Callback callback) = 0; 90 91 // Asks cryptohomed to asynchrounously try to find the cryptohome for 92 // |public_mount_id| and then mount it using a passhash derived from 93 // |public_mount_id| and a secret. See AsyncMount for possible values for 94 // |flags|. 95 virtual void AsyncMountPublic(const std::string& public_mount_id, 96 int flags, 97 Callback callback) = 0; 98 99 // Asks cryptohomed to asynchronously try to find the cryptohome for 100 // |user_email| and then nuke it. 101 virtual void AsyncRemove(const std::string& user_email, 102 Callback callback) = 0; 103 104 // Asks cryptohomed to asynchronously create an attestation enrollment 105 // request. On success the data sent to |callback| is a request to be sent 106 // to the Privacy CA of type |pca_type|. 107 virtual void AsyncTpmAttestationCreateEnrollRequest( 108 chromeos::attestation::PrivacyCAType pca_type, 109 const DataCallback& callback) = 0; 110 111 // Asks cryptohomed to asynchronously finish an attestation enrollment. 112 // |pca_response| is the response to the enrollment request emitted by the 113 // Privacy CA of type |pca_type|. 114 virtual void AsyncTpmAttestationEnroll( 115 chromeos::attestation::PrivacyCAType pca_type, 116 const std::string& pca_response, 117 const Callback& callback) = 0; 118 119 // Asks cryptohomed to asynchronously create an attestation certificate 120 // request according to |certificate_profile|. Some profiles require that the 121 // |user_id| of the currently active user and an identifier of the 122 // |request_origin| be provided. On success the data sent to |callback| is a 123 // request to be sent to the Privacy CA of type |pca_type|. The 124 // |request_origin| may be sent to the Privacy CA but the |user_id| will never 125 // be sent. 126 virtual void AsyncTpmAttestationCreateCertRequest( 127 chromeos::attestation::PrivacyCAType pca_type, 128 chromeos::attestation::AttestationCertificateProfile certificate_profile, 129 const std::string& user_id, 130 const std::string& request_origin, 131 const DataCallback& callback) = 0; 132 133 // Asks cryptohomed to asynchronously finish an attestation certificate 134 // request. On success the data sent to |callback| is a certificate chain 135 // in PEM format. |pca_response| is the response to the certificate request 136 // emitted by the Privacy CA. |key_type| determines whether the certified key 137 // is to be associated with the current user. |key_name| is a name for the 138 // key. If |key_type| is KEY_USER, a |user_id| must be provided. Otherwise 139 // |user_id| is ignored. For normal GAIA users the |user_id| is a canonical 140 // email address. 141 virtual void AsyncTpmAttestationFinishCertRequest( 142 const std::string& pca_response, 143 chromeos::attestation::AttestationKeyType key_type, 144 const std::string& user_id, 145 const std::string& key_name, 146 const DataCallback& callback) = 0; 147 148 // Asks cryptohomed to asynchronously register the attestation key specified 149 // by |key_type| and |key_name|. If |key_type| is KEY_USER, a |user_id| must 150 // be provided. Otherwise |user_id| is ignored. For normal GAIA users the 151 // |user_id| is a canonical email address. 152 virtual void TpmAttestationRegisterKey( 153 chromeos::attestation::AttestationKeyType key_type, 154 const std::string& user_id, 155 const std::string& key_name, 156 const Callback& callback) = 0; 157 158 // Asks cryptohomed to asynchronously sign an enterprise challenge with the 159 // key specified by |key_type| and |key_name|. The |domain| and |device_id| 160 // parameters will be included in the challenge response. |challenge| must be 161 // a valid enterprise challenge. On success, the data sent to |callback| is 162 // the challenge response. If |key_type| is KEY_USER, a |user_id| must be 163 // provided. Otherwise |user_id| is ignored. For normal GAIA users the 164 // |user_id| is a canonical email address. 165 virtual void TpmAttestationSignEnterpriseChallenge( 166 chromeos::attestation::AttestationKeyType key_type, 167 const std::string& user_id, 168 const std::string& key_name, 169 const std::string& domain, 170 const std::string& device_id, 171 chromeos::attestation::AttestationChallengeOptions options, 172 const std::string& challenge, 173 const DataCallback& callback) = 0; 174 175 // Asks cryptohomed to asynchronously sign a simple challenge with the key 176 // specified by |key_type| and |key_name|. |challenge| can be any arbitrary 177 // set of bytes. On success, the data sent to |callback| is the challenge 178 // response. If |key_type| is KEY_USER, a |user_id| must be provided. 179 // Otherwise |user_id| is ignored. For normal GAIA users the |user_id| is a 180 // canonical email address. 181 virtual void TpmAttestationSignSimpleChallenge( 182 chromeos::attestation::AttestationKeyType key_type, 183 const std::string& user_id, 184 const std::string& key_name, 185 const std::string& challenge, 186 const DataCallback& callback) = 0; 187 188 // Asks cryptohome to asynchronously retrieve a string associated with given 189 // |user| that would be used in mount path instead of |user|. 190 // On success the data is sent to |callback|. 191 virtual void AsyncGetSanitizedUsername( 192 const std::string& user, 193 const DataCallback& callback) = 0; 194 195 // Creates the global AsyncMethodCaller instance. 196 static void Initialize(); 197 198 // Similar to Initialize(), but can inject an alternative 199 // AsyncMethodCaller such as MockAsyncMethodCaller for testing. 200 // The injected object will be owned by the internal pointer and deleted 201 // by Shutdown(). 202 static void InitializeForTesting(AsyncMethodCaller* async_method_caller); 203 204 // Destroys the global AsyncMethodCaller instance if it exists. 205 static void Shutdown(); 206 207 // Returns a pointer to the global AsyncMethodCaller instance. 208 // Initialize() should already have been called. 209 static AsyncMethodCaller* GetInstance(); 210 }; 211 212 } // namespace cryptohome 213 214 #endif // CHROMEOS_CRYPTOHOME_ASYNC_METHOD_CALLER_H_ 215