chromeos/dbus/cryptohome_client.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROMEOS_DBUS_CRYPTOHOME_CLIENT_H_
   6 #define CHROMEOS_DBUS_CRYPTOHOME_CLIENT_H_
   7
   8 #include <string>
   9 #include <vector>
  10
  11 #include "base/basictypes.h"
  12 #include "base/callback.h"
  13 #include "chromeos/chromeos_export.h"
  14 #include "chromeos/dbus/dbus_client_implementation_type.h"
  15 #include "chromeos/dbus/dbus_method_call_status.h"
  16
  17 namespace dbus {
  18 class Bus;
  19 }
  20
  21 namespace chromeos {
  22
  23 // CryptohomeClient is used to communicate with the Cryptohome service.
  24 // All method should be called from the origin thread (UI thread) which
  25 // initializes the DBusThreadManager instance.
  26 class CHROMEOS_EXPORT CryptohomeClient {
  27  public:
  28   // A callback to handle AsyncCallStatus signals.
  29   typedef base::Callback<void(int async_id,
  30                               bool return_status,
  31                               int return_code)>
  32       AsyncCallStatusHandler;
  33   // A callback to handle AsyncCallStatusWithData signals.
  34   typedef base::Callback<void(int async_id,
  35                               bool return_status,
  36                               const std::string& data)>
  37       AsyncCallStatusWithDataHandler;
  38   // A callback to handle responses of AsyncXXX methods.
  39   typedef base::Callback<void(int async_id)> AsyncMethodCallback;
  40   // A callback to handle responses of Pkcs11GetTpmTokenInfo method.
  41   typedef base::Callback<void(
  42       DBusMethodCallStatus call_status,
  43       const std::string& label,
  44       const std::string& user_pin)> Pkcs11GetTpmTokenInfoCallback;
  45   // A callback for methods which return both a bool result and data.
  46   typedef base::Callback<void(DBusMethodCallStatus call_status,
  47                               bool result,
  48                               const std::string& data)> DataMethodCallback;
  49
  50   // Options available for customizing an attestation certificate.
  51   enum AttestationCertificateOptions {
  52     CERTIFICATE_OPTION_NONE = 0,
  53     INCLUDE_STABLE_ID = 1,
  54     INCLUDE_DEVICE_STATE = 1 << 1
  55   };
  56
  57   // Key types supported by the Chrome OS attestation subsystem.
  58   enum AttestationKeyType {
  59     DEVICE_KEY,
  60     USER_KEY
  61   };
  62
  63   // Options available for customizing an attestation challenge response.
  64   enum AttestationChallengeOptions {
  65     CHALLENGE_RESPONSE_OPTION_NONE = 0,
  66     INCLUDE_SIGNED_PUBLIC_KEY = 1
  67   };
  68
  69   virtual ~CryptohomeClient();
  70
  71   // Factory function, creates a new instance and returns ownership.
  72   // For normal usage, access the singleton via DBusThreadManager::Get().
  73   static CryptohomeClient* Create(DBusClientImplementationType type,
  74                                   dbus::Bus* bus);
  75
  76   // Sets AsyncCallStatus signal handlers.
  77   // |handler| is called when results for AsyncXXX methods are returned.
  78   // Cryptohome service will process the calls in a first-in-first-out manner
  79   // when they are made in parallel.
  80   virtual void SetAsyncCallStatusHandlers(
  81       const AsyncCallStatusHandler& handler,
  82       const AsyncCallStatusWithDataHandler& data_handler) = 0;
  83
  84   // Resets AsyncCallStatus signal handlers.
  85   virtual void ResetAsyncCallStatusHandlers() = 0;
  86
  87   // Calls IsMounted method and returns true when the call succeeds.
  88   virtual void IsMounted(const BoolDBusMethodCallback& callback) = 0;
  89
  90   // Calls Unmount method and returns true when the call succeeds.
  91   // This method blocks until the call returns.
  92   virtual bool Unmount(bool* success) = 0;
  93
  94   // Calls AsyncCheckKey method.  |callback| is called after the method call
  95   // succeeds.
  96   virtual void AsyncCheckKey(const std::string& username,
  97                              const std::string& key,
  98                              const AsyncMethodCallback& callback) = 0;
  99
 100   // Calls AsyncMigrateKey method.  |callback| is called after the method call
 101   // succeeds.
 102   virtual void AsyncMigrateKey(const std::string& username,
 103                                const std::string& from_key,
 104                                const std::string& to_key,
 105                                const AsyncMethodCallback& callback) = 0;
 106
 107   // Calls AsyncRemove method.  |callback| is called after the method call
 108   // succeeds.
 109   virtual void AsyncRemove(const std::string& username,
 110                            const AsyncMethodCallback& callback) = 0;
 111
 112   // Calls GetSystemSalt method.  This method blocks until the call returns.
 113   // The original content of |salt| is lost.
 114   virtual bool GetSystemSalt(std::vector<uint8>* salt) = 0;
 115
 116   // Calls GetSanitizedUsername method.  |callback| is called after the method
 117   // call succeeds.
 118   virtual void GetSanitizedUsername(
 119       const std::string& username,
 120       const StringDBusMethodCallback& callback) = 0;
 121
 122   // Calls the AsyncMount method to asynchronously mount the cryptohome for
 123   // |username|, using |key| to unlock it. For supported |flags|, see the
 124   // documentation of AsyncMethodCaller::AsyncMount().
 125   // |callback| is called after the method call succeeds.
 126   virtual void AsyncMount(const std::string& username,
 127                           const std::string& key,
 128                           int flags,
 129                           const AsyncMethodCallback& callback) = 0;
 130
 131   // Calls AsyncMountGuest method.  |callback| is called after the method call
 132   // succeeds.
 133   virtual void AsyncMountGuest(const AsyncMethodCallback& callback) = 0;
 134
 135   // Calls TpmIsReady method.
 136   virtual void TpmIsReady(const BoolDBusMethodCallback& callback) = 0;
 137
 138   // Calls TpmIsEnabled method.
 139   virtual void TpmIsEnabled(const BoolDBusMethodCallback& callback) = 0;
 140
 141   // Calls TpmIsEnabled method and returns true when the call succeeds.
 142   // This method blocks until the call returns.
 143   // TODO(hashimoto): Remove this method. crbug.com/141006
 144   virtual bool CallTpmIsEnabledAndBlock(bool* enabled) = 0;
 145
 146   // Calls TpmGetPassword method.
 147   virtual void TpmGetPassword(const StringDBusMethodCallback& callback) = 0;
 148
 149   // Calls TpmIsOwned method.
 150   virtual void TpmIsOwned(const BoolDBusMethodCallback& callback) = 0;
 151
 152   // Calls TpmIsOwned method and returns true when the call succeeds.
 153   // This method blocks until the call returns.
 154   // TODO(hashimoto): Remove this method. crbug.com/141012
 155   virtual bool CallTpmIsOwnedAndBlock(bool* owned) = 0;
 156
 157   // Calls TpmIsBeingOwned method.
 158   virtual void TpmIsBeingOwned(const BoolDBusMethodCallback& callback) = 0;
 159
 160   // Calls TpmIsBeingOwned method and returns true when the call succeeds.
 161   // This method blocks until the call returns.
 162   // TODO(hashimoto): Remove this method. crbug.com/141011
 163   virtual bool CallTpmIsBeingOwnedAndBlock(bool* owning) = 0;
 164
 165   // Calls TpmCanAttemptOwnership method.
 166   // This method tells the service that it is OK to attempt ownership.
 167   virtual void TpmCanAttemptOwnership(
 168       const VoidDBusMethodCallback& callback) = 0;
 169
 170   // Calls TpmClearStoredPasswordMethod.
 171   virtual void TpmClearStoredPassword(
 172       const VoidDBusMethodCallback& callback) = 0;
 173
 174   // Calls TpmClearStoredPassword method and returns true when the call
 175   // succeeds.  This method blocks until the call returns.
 176   // TODO(hashimoto): Remove this method. crbug.com/141010
 177   virtual bool CallTpmClearStoredPasswordAndBlock() = 0;
 178
 179   // Calls Pkcs11IsTpmTokenReady method.
 180   virtual void Pkcs11IsTpmTokenReady(
 181       const BoolDBusMethodCallback& callback) = 0;
 182
 183   // Calls Pkcs11GetTpmTokenInfo method.
 184   virtual void Pkcs11GetTpmTokenInfo(
 185       const Pkcs11GetTpmTokenInfoCallback& callback) = 0;
 186
 187   // Calls InstallAttributesGet method and returns true when the call succeeds.
 188   // This method blocks until the call returns.
 189   // The original content of |value| is lost.
 190   virtual bool InstallAttributesGet(const std::string& name,
 191                                     std::vector<uint8>* value,
 192                                     bool* successful) = 0;
 193
 194   // Calls InstallAttributesSet method and returns true when the call succeeds.
 195   // This method blocks until the call returns.
 196   virtual bool InstallAttributesSet(const std::string& name,
 197                                     const std::vector<uint8>& value,
 198                                     bool* successful) = 0;
 199
 200   // Calls InstallAttributesFinalize method and returns true when the call
 201   // succeeds.  This method blocks until the call returns.
 202   virtual bool InstallAttributesFinalize(bool* successful) = 0;
 203
 204   // Calls InstallAttributesIsReady method.
 205   virtual void InstallAttributesIsReady(
 206       const BoolDBusMethodCallback& callback) = 0;
 207
 208   // Calls InstallAttributesIsInvalid method and returns true when the call
 209   // succeeds.  This method blocks until the call returns.
 210   virtual bool InstallAttributesIsInvalid(bool* is_invalid) = 0;
 211
 212   // Calls InstallAttributesIsFirstInstall method and returns true when the call
 213   // succeeds. This method blocks until the call returns.
 214   virtual bool InstallAttributesIsFirstInstall(bool* is_first_install) = 0;
 215
 216   // Calls the TpmAttestationIsPrepared dbus method.  The callback is called
 217   // when the operation completes.
 218   virtual void TpmAttestationIsPrepared(
 219         const BoolDBusMethodCallback& callback) = 0;
 220
 221   // Calls the TpmAttestationIsEnrolled dbus method.  The callback is called
 222   // when the operation completes.
 223   virtual void TpmAttestationIsEnrolled(
 224         const BoolDBusMethodCallback& callback) = 0;
 225
 226   // Asynchronously creates an attestation enrollment request.  The callback
 227   // will be called when the dbus call completes.  When the operation completes,
 228   // the AsyncCallStatusWithDataHandler signal handler is called.  The data that
 229   // is sent with the signal is an enrollment request to be sent to the Privacy
 230   // CA.  The enrollment is completed by calling AsyncTpmAttestationEnroll.
 231   virtual void AsyncTpmAttestationCreateEnrollRequest(
 232       const AsyncMethodCallback& callback) = 0;
 233
 234   // Asynchronously finishes an attestation enrollment operation.  The callback
 235   // will be called when the dbus call completes.  When the operation completes,
 236   // the AsyncCallStatusHandler signal handler is called.  |pca_response| is the
 237   // response to the enrollment request emitted by the Privacy CA.
 238   virtual void AsyncTpmAttestationEnroll(
 239       const std::string& pca_response,
 240       const AsyncMethodCallback& callback) = 0;
 241
 242   // Asynchronously creates an attestation certificate request according to
 243   // |options|, which is a combination of AttestationCertificateOptions.
 244   // |callback| will be called when the dbus call completes.  When the operation
 245   // completes, the AsyncCallStatusWithDataHandler signal handler is called.
 246   // The data that is sent with the signal is a certificate request to be sent
 247   // to the Privacy CA.  The certificate request is completed by calling
 248   // AsyncTpmAttestationFinishCertRequest.
 249   virtual void AsyncTpmAttestationCreateCertRequest(
 250       int options,
 251       const AsyncMethodCallback& callback) = 0;
 252
 253   // Asynchronously finishes a certificate request operation.  The callback will
 254   // be called when the dbus call completes.  When the operation completes, the
 255   // AsyncCallStatusWithDataHandler signal handler is called.  The data that is
 256   // sent with the signal is a certificate chain in PEM format.  |pca_response|
 257   // is the response to the certificate request emitted by the Privacy CA.
 258   // |key_type| determines whether the certified key is to be associated with
 259   // the current user.  |key_name| is a name for the key.
 260   virtual void AsyncTpmAttestationFinishCertRequest(
 261       const std::string& pca_response,
 262       AttestationKeyType key_type,
 263       const std::string& key_name,
 264       const AsyncMethodCallback& callback) = 0;
 265
 266   // Checks if an attestation key already exists.  If the key specified by
 267   // |key_type| and |key_name| exists, then the result sent to the callback will
 268   // be true.
 269   virtual void TpmAttestationDoesKeyExist(
 270       AttestationKeyType key_type,
 271       const std::string& key_name,
 272       const BoolDBusMethodCallback& callback) = 0;
 273
 274   // Gets the attestation certificate for the key specified by |key_type| and
 275   // |key_name|.  |callback| will be called when the operation completes.  If
 276   // the key does not exist the callback |result| parameter will be false.
 277   virtual void TpmAttestationGetCertificate(
 278       AttestationKeyType key_type,
 279       const std::string& key_name,
 280       const DataMethodCallback& callback) = 0;
 281
 282   // Gets the public key for the key specified by |key_type| and |key_name|.
 283   // |callback| will be called when the operation completes.  If the key does
 284   // not exist the callback |result| parameter will be false.
 285   virtual void TpmAttestationGetPublicKey(
 286       AttestationKeyType key_type,
 287       const std::string& key_name,
 288       const DataMethodCallback& callback) = 0;
 289
 290   // Asynchronously registers an attestation key with the current user's
 291   // PKCS #11 token.  The |callback| will be called when the dbus call
 292   // completes.  When the operation completes, the AsyncCallStatusHandler signal
 293   // handler is called.  |key_type| and |key_name| specify the key to register.
 294   virtual void TpmAttestationRegisterKey(
 295       AttestationKeyType key_type,
 296       const std::string& key_name,
 297       const AsyncMethodCallback& callback) = 0;
 298
 299   // Asynchronously signs an enterprise challenge with the key specified by
 300   // |key_type| and |key_name|.  |domain| and |device_id| will be included in
 301   // the challenge response.  |options| control how the challenge response is
 302   // generated.  |challenge| must be a valid enterprise attestation challenge.
 303   // The |callback| will be called when the dbus call completes.  When the
 304   // operation completes, the AsyncCallStatusWithDataHandler signal handler is
 305   // called.
 306   virtual void TpmAttestationSignEnterpriseChallenge(
 307       AttestationKeyType key_type,
 308       const std::string& key_name,
 309       const std::string& domain,
 310       const std::string& device_id,
 311       AttestationChallengeOptions options,
 312       const std::string& challenge,
 313       const AsyncMethodCallback& callback) = 0;
 314
 315   // Asynchronously signs a simple challenge with the key specified by
 316   // |key_type| and |key_name|.  |challenge| can be any set of arbitrary bytes.
 317   // A nonce will be appended to the challenge before signing; this method
 318   // cannot be used to sign arbitrary data.  The |callback| will be called when
 319   // the dbus call completes.  When the operation completes, the
 320   // AsyncCallStatusWithDataHandler signal handler is called.
 321   virtual void TpmAttestationSignSimpleChallenge(
 322       AttestationKeyType key_type,
 323       const std::string& key_name,
 324       const std::string& challenge,
 325       const AsyncMethodCallback& callback) = 0;
 326
 327  protected:
 328   // Create() should be used instead.
 329   CryptohomeClient();
 330
 331  private:
 332   DISALLOW_COPY_AND_ASSIGN(CryptohomeClient);
 333 };
 334
 335 }  // namespace chromeos
 336
 337 #endif  // CHROMEOS_DBUS_CRYPTOHOME_CLIENT_H_