Supervised user whitelists: Cleanup
[chromium-blink-merge.git] / chromeos / cryptohome / cryptohome_parameters.h
blob0b744a42416b2c49a98e05c5e3c08f177eb86f22
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROMEOS_CRYPTOHOME_CRYPTOHOME_PARAMETERS_H_
6 #define CHROMEOS_CRYPTOHOME_CRYPTOHOME_PARAMETERS_H_
8 #include <string>
9 #include <vector>
11 #include "base/basictypes.h"
12 #include "base/memory/scoped_ptr.h"
13 #include "chromeos/chromeos_export.h"
15 namespace cryptohome {
17 enum AuthKeyPrivileges {
18 PRIV_MOUNT = 1 << 0, // Can mount with this key.
19 PRIV_ADD = 1 << 1, // Can add new keys.
20 PRIV_REMOVE = 1 << 2, // Can remove other keys.
21 PRIV_MIGRATE = 1 << 3, // Destroy all keys and replace with new.
22 PRIV_AUTHORIZED_UPDATE = 1 << 4, // Key can be updated in place.
23 PRIV_DEFAULT = PRIV_MOUNT | PRIV_ADD | PRIV_REMOVE | PRIV_MIGRATE
26 // Identification of the user calling cryptohome method.
27 struct CHROMEOS_EXPORT Identification {
28 explicit Identification(const std::string& user_id);
30 bool operator==(const Identification& other) const;
32 std::string user_id;
35 // Definition of the key (e.g. password) for the cryptohome.
36 // It contains authorization data along with extra parameters like permissions
37 // associated with this key.
38 struct CHROMEOS_EXPORT KeyDefinition {
39 enum Type {
40 TYPE_PASSWORD = 0
43 struct AuthorizationData {
44 enum Type {
45 TYPE_HMACSHA256 = 0,
46 TYPE_AES256CBC_HMACSHA256
49 struct Secret {
50 Secret();
51 Secret(bool encrypt,
52 bool sign,
53 const std::string& symmetric_key,
54 const std::string& public_key,
55 bool wrapped);
57 bool operator==(const Secret& other) const;
59 bool encrypt;
60 bool sign;
61 std::string symmetric_key;
62 std::string public_key;
63 bool wrapped;
66 AuthorizationData();
67 AuthorizationData(bool encrypt,
68 bool sign,
69 const std::string& symmetric_key);
70 ~AuthorizationData();
72 bool operator==(const AuthorizationData& other) const;
74 Type type;
75 std::vector<Secret> secrets;
78 // This struct holds metadata that will be stored alongside the key. Each
79 // |ProviderData| entry must have a |name| and may hold either a |number| or a
80 // sequence of |bytes|. The metadata is entirely opaque to cryptohome. It is
81 // stored with the key and returned when requested but is never interpreted by
82 // cryptohome in any way. The metadata can be used to store information such
83 // as the hashing algorithm and the salt used to create the key.
84 struct ProviderData {
85 ProviderData();
86 explicit ProviderData(const std::string& name);
87 explicit ProviderData(const ProviderData& other);
88 ProviderData(const std::string& name, int64 number);
89 ProviderData(const std::string& name, const std::string& bytes);
90 void operator=(const ProviderData& other);
91 ~ProviderData();
93 bool operator==(const ProviderData& other) const;
95 std::string name;
96 scoped_ptr<int64> number;
97 scoped_ptr<std::string> bytes;
100 KeyDefinition();
101 KeyDefinition(const std::string& secret,
102 const std::string& label,
103 int privileges);
104 ~KeyDefinition();
106 bool operator==(const KeyDefinition& other) const;
108 Type type;
109 std::string label;
110 // Privileges associated with key. Combination of |AuthKeyPrivileges| values.
111 int privileges;
112 int revision;
113 std::string secret;
115 std::vector<AuthorizationData> authorization_data;
116 std::vector<ProviderData> provider_data;
119 // Authorization attempt data for user.
120 struct CHROMEOS_EXPORT Authorization {
121 Authorization(const std::string& key, const std::string& label);
122 explicit Authorization(const KeyDefinition& key);
124 bool operator==(const Authorization& other) const;
126 std::string key;
127 std::string label;
130 // Parameters for Mount call.
131 class CHROMEOS_EXPORT MountParameters {
132 public:
133 explicit MountParameters(bool ephemeral);
134 ~MountParameters();
136 bool operator==(const MountParameters& other) const;
138 // If |true|, the mounted home dir will be backed by tmpfs. If |false|, the
139 // ephemeral users policy decides whether tmpfs or an encrypted directory is
140 // used as the backend.
141 bool ephemeral;
143 // If not empty, home dir will be created with these keys if it exist.
144 std::vector<KeyDefinition> create_keys;
147 } // namespace cryptohome
149 #endif // CHROMEOS_CRYPTOHOME_CRYPTOHOME_PARAMETERS_H_