| // Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| |
| #ifndef CHAPS_CHAPS_INTERFACE_H_ |
| #define CHAPS_CHAPS_INTERFACE_H_ |
| |
| #include <string> |
| #include <vector> |
| |
| #include <base/macros.h> |
| #include <chromeos/secure_blob.h> |
| |
| #include "chaps/chaps.h" |
| |
| namespace chaps { |
| |
| // ChapsInterface provides an abstract interface closely matching the |
| // interfaces generated by dbus-c++ but hiding any dbus-c++ specifics. See |
| // chaps_interface.xml for the dbus-c++ interface definition. |
| // |
| // Implemented By: |
| // - ChapsProxyImpl: On the Chaps client side; sends calls over IPC. |
| // - ChapsServiceImpl: On the Chaps daemon side; receives and implements IPC |
| // calls. |
| // - ChapsServiceRedirect: An alternative implementation on the daemon side |
| // which receives IPC calls and forwards to a PKCS #11 library. |
| class ChapsInterface { |
| public: |
| ChapsInterface() {} |
| virtual ~ChapsInterface() {} |
| |
| // The following methods map to PKCS #11 calls. Each method name is identical |
| // to the corresponding PKCS #11 function name except for the "C_" prefix. |
| |
| // PKCS #11 v2.20 section 11.5 page 106. |
| virtual uint32_t GetSlotList(const chromeos::SecureBlob& isolate_credential, |
| bool token_present, |
| std::vector<uint64_t>* slot_list) = 0; |
| // PKCS #11 v2.20 section 11.5 page 108. |
| virtual uint32_t GetSlotInfo(const chromeos::SecureBlob& isolate_credential, |
| uint64_t slot_id, |
| std::vector<uint8_t>* slot_description, |
| std::vector<uint8_t>* manufacturer_id, |
| uint64_t* flags, |
| uint8_t* hardware_version_major, |
| uint8_t* hardware_version_minor, |
| uint8_t* firmware_version_major, |
| uint8_t* firmware_version_minor) = 0; |
| // PKCS #11 v2.20 section 11.5 page 109. |
| virtual uint32_t GetTokenInfo(const chromeos::SecureBlob& isolate_credential, |
| uint64_t slot_id, |
| std::vector<uint8_t>* label, |
| std::vector<uint8_t>* manufacturer_id, |
| std::vector<uint8_t>* model, |
| std::vector<uint8_t>* serial_number, |
| uint64_t* flags, |
| uint64_t* max_session_count, |
| uint64_t* session_count, |
| uint64_t* max_session_count_rw, |
| uint64_t* session_count_rw, |
| uint64_t* max_pin_len, |
| uint64_t* min_pin_len, |
| uint64_t* total_public_memory, |
| uint64_t* free_public_memory, |
| uint64_t* total_private_memory, |
| uint64_t* free_private_memory, |
| uint8_t* hardware_version_major, |
| uint8_t* hardware_version_minor, |
| uint8_t* firmware_version_major, |
| uint8_t* firmware_version_minor) = 0; |
| // PKCS #11 v2.20 section 11.5 page 111. |
| virtual uint32_t GetMechanismList( |
| const chromeos::SecureBlob& isolate_credential, |
| uint64_t slot_id, |
| std::vector<uint64_t>* mechanism_list) = 0; |
| // PKCS #11 v2.20 section 11.5 page 112. |
| virtual uint32_t GetMechanismInfo( |
| const chromeos::SecureBlob& isolate_credential, |
| uint64_t slot_id, |
| uint64_t mechanism_type, |
| uint64_t* min_key_size, |
| uint64_t* max_key_size, |
| uint64_t* flags) = 0; |
| // PKCS #11 v2.20 section 11.5 page 113. |
| virtual uint32_t InitToken(const chromeos::SecureBlob& isolate_credential, |
| uint64_t slot_id, |
| const std::string* so_pin, |
| const std::vector<uint8_t>& label) = 0; |
| // PKCS #11 v2.20 section 11.5 page 115. |
| virtual uint32_t InitPIN(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, const std::string* pin) = 0; |
| // PKCS #11 v2.20 section 11.5 page 116. |
| virtual uint32_t SetPIN(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const std::string* old_pin, |
| const std::string* new_pin) = 0; |
| // PKCS #11 v2.20 section 11.6 page 117. |
| virtual uint32_t OpenSession(const chromeos::SecureBlob& isolate_credential, |
| uint64_t slot_id, uint64_t flags, |
| uint64_t* session) = 0; |
| // PKCS #11 v2.20 section 11.6 page 118. |
| virtual uint32_t CloseSession(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session) = 0; |
| // PKCS #11 v2.20 section 11.6 page 120. |
| virtual uint32_t CloseAllSessions( |
| const chromeos::SecureBlob& isolate_credential, |
| uint64_t slot_id) = 0; |
| // PKCS #11 v2.20 section 11.6 page 120. |
| virtual uint32_t GetSessionInfo( |
| const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t* slot_id, |
| uint64_t* state, |
| uint64_t* flags, |
| uint64_t* device_error) = 0; |
| // PKCS #11 v2.20 section 11.6 page 121. |
| virtual uint32_t GetOperationState( |
| const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| std::vector<uint8_t>* operation_state) = 0; |
| // PKCS #11 v2.20 section 11.6 page 123. |
| virtual uint32_t SetOperationState( |
| const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const std::vector<uint8_t>& operation_state, |
| uint64_t encryption_key_handle, |
| uint64_t authentication_key_handle) = 0; |
| // PKCS #11 v2.20 section 11.6 page 125. |
| virtual uint32_t Login(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t user_type, |
| const std::string* pin) = 0; |
| // PKCS #11 v2.20 section 11.6 page 127. |
| virtual uint32_t Logout(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id) = 0; |
| // PKCS #11 v2.20 section 11.7 page 128. |
| virtual uint32_t CreateObject(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const std::vector<uint8_t>& attributes, |
| uint64_t* new_object_handle) = 0; |
| // PKCS #11 v2.20 section 11.7 page 130. |
| virtual uint32_t CopyObject(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t object_handle, |
| const std::vector<uint8_t>& attributes, |
| uint64_t* new_object_handle) = 0; |
| // PKCS #11 v2.20 section 11.7 page 131. |
| virtual uint32_t DestroyObject(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t object_handle) = 0; |
| // PKCS #11 v2.20 section 11.7 page 132. |
| virtual uint32_t GetObjectSize(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t object_handle, |
| uint64_t* object_size) = 0; |
| // PKCS #11 v2.20 section 11.7 page 133. |
| virtual uint32_t GetAttributeValue( |
| const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t object_handle, |
| const std::vector<uint8_t>& attributes_in, |
| std::vector<uint8_t>* attributes_out) = 0; |
| // PKCS #11 v2.20 section 11.7 page 135. |
| virtual uint32_t SetAttributeValue( |
| const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t object_handle, |
| const std::vector<uint8_t>& attributes) = 0; |
| // PKCS #11 v2.20 section 11.7 page 136. |
| virtual uint32_t FindObjectsInit( |
| const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const std::vector<uint8_t>& attributes) = 0; |
| // PKCS #11 v2.20 section 11.7 page 137. |
| virtual uint32_t FindObjects(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t max_object_count, |
| std::vector<uint64_t>* object_list) = 0; |
| // PKCS #11 v2.20 section 11.7 page 138. |
| virtual uint32_t FindObjectsFinal( |
| const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id) = 0; |
| // PKCS #11 v2.20 section 11.8 page 139. |
| virtual uint32_t EncryptInit(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const std::vector<uint8_t>& mechanism_parameter, |
| uint64_t key_handle) = 0; |
| // PKCS #11 v2.20 section 11.8 page 140. |
| virtual uint32_t Encrypt(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const std::vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| std::vector<uint8_t>* data_out) = 0; |
| // PKCS #11 v2.20 section 11.8 page 141. |
| virtual uint32_t EncryptUpdate(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const std::vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| std::vector<uint8_t>* data_out) = 0; |
| // PKCS #11 v2.20 section 11.8 page 141. |
| virtual uint32_t EncryptFinal(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| std::vector<uint8_t>* data_out) = 0; |
| // PKCS #11 v2.20 section 11.9 page 144. |
| virtual uint32_t DecryptInit(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const std::vector<uint8_t>& mechanism_parameter, |
| uint64_t key_handle) = 0; |
| // PKCS #11 v2.20 section 11.9 page 145. |
| virtual uint32_t Decrypt(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const std::vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| std::vector<uint8_t>* data_out) = 0; |
| // PKCS #11 v2.20 section 11.9 page 146. |
| virtual uint32_t DecryptUpdate(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const std::vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| std::vector<uint8_t>* data_out) = 0; |
| // PKCS #11 v2.20 section 11.9 page 146. |
| virtual uint32_t DecryptFinal(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| std::vector<uint8_t>* data_out) = 0; |
| // PKCS #11 v2.20 section 11.10 page 148. |
| virtual uint32_t DigestInit( |
| const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const std::vector<uint8_t>& mechanism_parameter) = 0; |
| // PKCS #11 v2.20 section 11.10 page 149. |
| virtual uint32_t Digest(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const std::vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| std::vector<uint8_t>* digest) = 0; |
| // PKCS #11 v2.20 section 11.10 page 150. |
| virtual uint32_t DigestUpdate(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const std::vector<uint8_t>& data_in) = 0; |
| // PKCS #11 v2.20 section 11.10 page 150. |
| virtual uint32_t DigestKey(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t key_handle) = 0; |
| // PKCS #11 v2.20 section 11.10 page 151. |
| virtual uint32_t DigestFinal(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| std::vector<uint8_t>* digest) = 0; |
| // PKCS #11 v2.20 section 11.11 page 152. |
| virtual uint32_t SignInit(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const std::vector<uint8_t>& mechanism_parameter, |
| uint64_t key_handle) = 0; |
| // PKCS #11 v2.20 section 11.11 page 153. |
| virtual uint32_t Sign(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const std::vector<uint8_t>& data, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| std::vector<uint8_t>* signature) = 0; |
| // PKCS #11 v2.20 section 11.11 page 154. |
| virtual uint32_t SignUpdate(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const std::vector<uint8_t>& data_part) = 0; |
| // PKCS #11 v2.20 section 11.11 page 154. |
| virtual uint32_t SignFinal(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| std::vector<uint8_t>* signature) = 0; |
| // PKCS #11 v2.20 section 11.11 page 155. |
| virtual uint32_t SignRecoverInit( |
| const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const std::vector<uint8_t>& mechanism_parameter, |
| uint64_t key_handle) = 0; |
| // PKCS #11 v2.20 section 11.11 page 156. |
| virtual uint32_t SignRecover(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const std::vector<uint8_t>& data, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| std::vector<uint8_t>* signature) = 0; |
| // PKCS #11 v2.20 section 11.12 page 157. |
| virtual uint32_t VerifyInit(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const std::vector<uint8_t>& mechanism_parameter, |
| uint64_t key_handle) = 0; |
| // PKCS #11 v2.20 section 11.12 page 158. |
| virtual uint32_t Verify(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const std::vector<uint8_t>& data, |
| const std::vector<uint8_t>& signature) = 0; |
| // PKCS #11 v2.20 section 11.12 page 159. |
| virtual uint32_t VerifyUpdate(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const std::vector<uint8_t>& data_part) = 0; |
| // PKCS #11 v2.20 section 11.12 page 159. |
| virtual uint32_t VerifyFinal(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const std::vector<uint8_t>& signature) = 0; |
| // PKCS #11 v2.20 section 11.12 page 161. |
| virtual uint32_t VerifyRecoverInit( |
| const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const std::vector<uint8_t>& mechanism_parameter, |
| uint64_t key_handle) = 0; |
| // PKCS #11 v2.20 section 11.12 page 161. |
| virtual uint32_t VerifyRecover(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const std::vector<uint8_t>& signature, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| std::vector<uint8_t>* data) = 0; |
| // PKCS #11 v2.20 section 11.13 page 163. |
| virtual uint32_t DigestEncryptUpdate( |
| const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const std::vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| std::vector<uint8_t>* data_out) = 0; |
| // PKCS #11 v2.20 section 11.13 page 165. |
| virtual uint32_t DecryptDigestUpdate( |
| const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const std::vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| std::vector<uint8_t>* data_out) = 0; |
| // PKCS #11 v2.20 section 11.13 page 169. |
| virtual uint32_t SignEncryptUpdate( |
| const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const std::vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| std::vector<uint8_t>* data_out) = 0; |
| // PKCS #11 v2.20 section 11.13 page 171. |
| virtual uint32_t DecryptVerifyUpdate( |
| const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const std::vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| std::vector<uint8_t>* data_out) = 0; |
| // PKCS #11 v2.20 section 11.14 page 175. |
| virtual uint32_t GenerateKey(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const std::vector<uint8_t>& mechanism_parameter, |
| const std::vector<uint8_t>& attributes, |
| uint64_t* key_handle) = 0; |
| // PKCS #11 v2.20 section 11.14 page 176. |
| virtual uint32_t GenerateKeyPair( |
| const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const std::vector<uint8_t>& mechanism_parameter, |
| const std::vector<uint8_t>& public_attributes, |
| const std::vector<uint8_t>& private_attributes, |
| uint64_t* public_key_handle, |
| uint64_t* private_key_handle) = 0; |
| // PKCS #11 v2.20 section 11.14 page 178. |
| virtual uint32_t WrapKey(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const std::vector<uint8_t>& mechanism_parameter, |
| uint64_t wrapping_key_handle, |
| uint64_t key_handle, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| std::vector<uint8_t>* wrapped_key) = 0; |
| // PKCS #11 v2.20 section 11.14 page 180. |
| virtual uint32_t UnwrapKey(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const std::vector<uint8_t>& mechanism_parameter, |
| uint64_t wrapping_key_handle, |
| const std::vector<uint8_t>& wrapped_key, |
| const std::vector<uint8_t>& attributes, |
| uint64_t* key_handle) = 0; |
| // PKCS #11 v2.20 section 11.14 page 182. |
| virtual uint32_t DeriveKey(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const std::vector<uint8_t>& mechanism_parameter, |
| uint64_t base_key_handle, |
| const std::vector<uint8_t>& attributes, |
| uint64_t* key_handle) = 0; |
| // PKCS #11 v2.20 section 11.15 page 184. |
| virtual uint32_t SeedRandom(const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const std::vector<uint8_t>& seed) = 0; |
| // PKCS #11 v2.20 section 11.15 page 184. |
| virtual uint32_t GenerateRandom( |
| const chromeos::SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t num_bytes, |
| std::vector<uint8_t>* random_data) = 0; |
| |
| private: |
| DISALLOW_COPY_AND_ASSIGN(ChapsInterface); |
| }; |
| |
| } // namespace chaps |
| |
| #endif // CHAPS_CHAPS_INTERFACE_H_ |
