owner_key.h - chromiumos/platform/login_manager - Git at Google

 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef LOGIN_MANAGER_OWNER_KEY_H_
 #define LOGIN_MANAGER_OWNER_KEY_H_

 #include <vector>

 #include <base/basictypes.h>
 #include <base/file_path.h>
 #include <base/scoped_ptr.h>

 namespace base {
 class RSAPrivateKey;
 class SignatureVerifier;
 }  // namespace base

 namespace login_manager {
 class ChildJobInterface;
 class SystemUtils;

 // This class holds the device owner's public key.
 //
 // If there is an owner key on disk, we will load that key, and deny
 // attempts to set a new key programmatically.  If there is no key
 // present, we will allow the owner's key to be set programmatically,
 // and will persist it to disk upon request.  Attempts to set the key
 // before on-disk storage has been checked will be denied.
 class OwnerKey {
  public:
   OwnerKey(const FilePath& key_file);
   virtual ~OwnerKey();

   virtual bool HaveCheckedDisk();
   virtual bool IsPopulated();

   // If |key_file_| exists, populate the object with the contents of the file.
   // If the file isn't there, that's ok.
   // Will return false if the file exists and there are errors reading it.
   // If this returns true, call IsPopulated() to tell whether or not data was
   // loaded off of disk.
   virtual bool PopulateFromDiskIfPossible();

   // Load key material from |public_key_der|.
   // We will _deny_ such an attempt if we have not yet checked disk for a key,
   // or if we have already successfully loaded a key from disk.
   virtual bool PopulateFromBuffer(const std::vector<uint8>& public_key_der);

   // Load key material from |pair|.
   // We will _deny_ such an attempt if we have not yet checked disk for a key,
   // or if we have already successfully loaded a key from disk.
   virtual bool PopulateFromKeypair(base::RSAPrivateKey* pair);

   // Persist |key_| to disk, at |key_file_|.
   // Calling this method before checking for a key on disk is an error.
   // Returns false if |key_file_| already exists, or if there's an error while
   // writing data.
   virtual bool Persist();

   // Verify that |signature| is a valid sha1 w/ RSA signature over the data in
   // |data| with |key_|.
   // Returns false if the sig is invalid, or there's an error.
   virtual bool Verify(const char* data,
                       uint32 data_len,
                       const char* signature,
                       uint32 sig_len);

   // Generate |OUT_signature|, a valid sha1 w/ RSA signature over the data in
   // |data| that can be verified with |key_|.
   // Returns false if the sig is invalid, or there's an error.
   virtual bool Sign(const char* data,
                     uint32 data_len,
                     std::vector<uint8>* OUT_signature);

   // Runs |generator| in a child process.  Returns pid of the child.
   virtual int StartGeneration(ChildJobInterface* generator);

   // Returned reference will be empty if we haven't populated |key_| yet.
   const std::vector<uint8>& public_key_der() const {
     return key_;
   }

  private:
   static const uint8 kAlgorithm[];

   const FilePath key_file_;
   bool have_checked_disk_;
   std::vector<uint8> key_;
   scoped_ptr<SystemUtils> utils_;

   DISALLOW_COPY_AND_ASSIGN(OwnerKey);
 };
 }  // namespace login_manager

 #endif  // LOGIN_MANAGER_OWNER_KEY_H_
	// Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef LOGIN_MANAGER_OWNER_KEY_H_
	#define LOGIN_MANAGER_OWNER_KEY_H_

	#include <vector>

	#include <base/basictypes.h>
	#include <base/file_path.h>
	#include <base/scoped_ptr.h>

	namespace base {
	class RSAPrivateKey;
	class SignatureVerifier;
	} // namespace base

	namespace login_manager {
	class ChildJobInterface;
	class SystemUtils;

	// This class holds the device owner's public key.
	//
	// If there is an owner key on disk, we will load that key, and deny
	// attempts to set a new key programmatically. If there is no key
	// present, we will allow the owner's key to be set programmatically,
	// and will persist it to disk upon request. Attempts to set the key
	// before on-disk storage has been checked will be denied.
	class OwnerKey {
	public:
	OwnerKey(const FilePath& key_file);
	virtual ~OwnerKey();

	virtual bool HaveCheckedDisk();
	virtual bool IsPopulated();

	// If \|key_file_\| exists, populate the object with the contents of the file.
	// If the file isn't there, that's ok.
	// Will return false if the file exists and there are errors reading it.
	// If this returns true, call IsPopulated() to tell whether or not data was
	// loaded off of disk.
	virtual bool PopulateFromDiskIfPossible();

	// Load key material from \|public_key_der\|.
	// We will _deny_ such an attempt if we have not yet checked disk for a key,
	// or if we have already successfully loaded a key from disk.
	virtual bool PopulateFromBuffer(const std::vector<uint8>& public_key_der);

	// Load key material from \|pair\|.
	// We will _deny_ such an attempt if we have not yet checked disk for a key,
	// or if we have already successfully loaded a key from disk.
	virtual bool PopulateFromKeypair(base::RSAPrivateKey* pair);

	// Persist \|key_\| to disk, at \|key_file_\|.
	// Calling this method before checking for a key on disk is an error.
	// Returns false if \|key_file_\| already exists, or if there's an error while
	// writing data.
	virtual bool Persist();

	// Verify that \|signature\| is a valid sha1 w/ RSA signature over the data in
	// \|data\| with \|key_\|.
	// Returns false if the sig is invalid, or there's an error.
	virtual bool Verify(const char* data,
	uint32 data_len,
	const char* signature,
	uint32 sig_len);

	// Generate \|OUT_signature\|, a valid sha1 w/ RSA signature over the data in
	// \|data\| that can be verified with \|key_\|.
	// Returns false if the sig is invalid, or there's an error.
	virtual bool Sign(const char* data,
	uint32 data_len,
	std::vector<uint8>* OUT_signature);

	// Runs \|generator\| in a child process. Returns pid of the child.
	virtual int StartGeneration(ChildJobInterface* generator);

	// Returned reference will be empty if we haven't populated \|key_\| yet.
	const std::vector<uint8>& public_key_der() const {
	return key_;
	}

	private:
	static const uint8 kAlgorithm[];

	const FilePath key_file_;
	bool have_checked_disk_;
	std::vector<uint8> key_;
	scoped_ptr<SystemUtils> utils_;

	DISALLOW_COPY_AND_ASSIGN(OwnerKey);
	};
	} // namespace login_manager

	#endif // LOGIN_MANAGER_OWNER_KEY_H_