blob: d906600a11310ffaf59bd5f90a2bc1e76239db3b [file] [log] [blame]
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROMEOS_CRYPTOHOME_CRYPTOHOME_PARAMETERS_H_
#define CHROMEOS_CRYPTOHOME_CRYPTOHOME_PARAMETERS_H_
#include <stdint.h>
#include <memory>
#include <string>
#include <vector>
#include "base/containers/hash_tables.h"
#include "chromeos/chromeos_export.h"
class AccountId;
namespace cryptohome {
enum AuthKeyPrivileges {
PRIV_MOUNT = 1 << 0, // Can mount with this key.
PRIV_ADD = 1 << 1, // Can add new keys.
PRIV_REMOVE = 1 << 2, // Can remove other keys.
PRIV_MIGRATE = 1 << 3, // Destroy all keys and replace with new.
PRIV_AUTHORIZED_UPDATE = 1 << 4, // Key can be updated in place.
PRIV_DEFAULT = PRIV_MOUNT | PRIV_ADD | PRIV_REMOVE | PRIV_MIGRATE
};
// Identification of the user calling cryptohome method.
class CHROMEOS_EXPORT Identification {
public:
Identification();
explicit Identification(const AccountId& account_id);
bool operator==(const Identification& other) const;
// This method should be used for migration purpose only.
static Identification FromString(const std::string& id);
// Look up known user and return its AccountId.
AccountId GetAccountId() const;
const std::string& id() const { return id_; }
bool operator<(const Identification& right) const;
private:
explicit Identification(const std::string&);
std::string id_;
};
// Definition of the key (e.g. password) for the cryptohome.
// It contains authorization data along with extra parameters like permissions
// associated with this key.
struct CHROMEOS_EXPORT KeyDefinition {
enum Type {
TYPE_PASSWORD = 0
};
struct AuthorizationData {
enum Type {
TYPE_HMACSHA256 = 0,
TYPE_AES256CBC_HMACSHA256
};
struct Secret {
Secret();
Secret(bool encrypt,
bool sign,
const std::string& symmetric_key,
const std::string& public_key,
bool wrapped);
bool operator==(const Secret& other) const;
bool encrypt;
bool sign;
std::string symmetric_key;
std::string public_key;
bool wrapped;
};
AuthorizationData();
AuthorizationData(bool encrypt,
bool sign,
const std::string& symmetric_key);
AuthorizationData(const AuthorizationData& other);
~AuthorizationData();
bool operator==(const AuthorizationData& other) const;
Type type;
std::vector<Secret> secrets;
};
// This struct holds metadata that will be stored alongside the key. Each
// |ProviderData| entry must have a |name| and may hold either a |number| or a
// sequence of |bytes|. The metadata is entirely opaque to cryptohome. It is
// stored with the key and returned when requested but is never interpreted by
// cryptohome in any way. The metadata can be used to store information such
// as the hashing algorithm and the salt used to create the key.
struct ProviderData {
ProviderData();
explicit ProviderData(const std::string& name);
explicit ProviderData(const ProviderData& other);
ProviderData(const std::string& name, int64_t number);
ProviderData(const std::string& name, const std::string& bytes);
void operator=(const ProviderData& other);
~ProviderData();
bool operator==(const ProviderData& other) const;
std::string name;
std::unique_ptr<int64_t> number;
std::unique_ptr<std::string> bytes;
};
KeyDefinition();
KeyDefinition(const std::string& secret,
const std::string& label,
int privileges);
KeyDefinition(const KeyDefinition& other);
~KeyDefinition();
bool operator==(const KeyDefinition& other) const;
Type type;
std::string label;
// Privileges associated with key. Combination of |AuthKeyPrivileges| values.
int privileges;
int revision;
std::string secret;
std::vector<AuthorizationData> authorization_data;
std::vector<ProviderData> provider_data;
};
// Authorization attempt data for user.
struct CHROMEOS_EXPORT Authorization {
Authorization(const std::string& key, const std::string& label);
explicit Authorization(const KeyDefinition& key);
bool operator==(const Authorization& other) const;
std::string key;
std::string label;
};
// Parameters for Mount call.
class CHROMEOS_EXPORT MountParameters {
public:
explicit MountParameters(bool ephemeral);
MountParameters(const MountParameters& other);
~MountParameters();
bool operator==(const MountParameters& other) const;
// If |true|, the mounted home dir will be backed by tmpfs. If |false|, the
// ephemeral users policy decides whether tmpfs or an encrypted directory is
// used as the backend.
bool ephemeral;
// If not empty, home dir will be created with these keys if it exist.
std::vector<KeyDefinition> create_keys;
};
// This function returns true if cryptohome of |account_id| is migrated to
// gaiaId-based identifier (AccountId::GetGaiaIdKey()).
bool GetGaiaIdMigrationStatus(const AccountId& account_id);
// This function marks |account_id| cryptohome migrated to gaiaId-based
// identifier (AccountId::GetGaiaIdKey()).
void SetGaiaIdMigrationStatusDone(const AccountId& account_id);
} // namespace cryptohome
namespace BASE_HASH_NAMESPACE {
// Implement hashing of cryptohome::Identification, so it can be used as a key
// in STL containers.
template <>
struct hash<cryptohome::Identification> {
std::size_t operator()(const cryptohome::Identification& cryptohome_id) const;
};
} // namespace BASE_HASH_NAMESPACE
#endif // CHROMEOS_CRYPTOHOME_CRYPTOHOME_PARAMETERS_H_