forked from chromium/chromium
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathcryptohome_parameters.h
191 lines (146 loc) · 5.63 KB
/
cryptohome_parameters.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROMEOS_CRYPTOHOME_CRYPTOHOME_PARAMETERS_H_
#define CHROMEOS_CRYPTOHOME_CRYPTOHOME_PARAMETERS_H_
#include <stdint.h>
#include <memory>
#include <string>
#include <vector>
#include "base/containers/hash_tables.h"
#include "chromeos/chromeos_export.h"
class AccountId;
namespace cryptohome {
enum AuthKeyPrivileges {
PRIV_MOUNT = 1 << 0, // Can mount with this key.
PRIV_ADD = 1 << 1, // Can add new keys.
PRIV_REMOVE = 1 << 2, // Can remove other keys.
PRIV_MIGRATE = 1 << 3, // Destroy all keys and replace with new.
PRIV_AUTHORIZED_UPDATE = 1 << 4, // Key can be updated in place.
PRIV_DEFAULT = PRIV_MOUNT | PRIV_ADD | PRIV_REMOVE | PRIV_MIGRATE
};
// Identification of the user calling cryptohome method.
class CHROMEOS_EXPORT Identification {
public:
Identification();
explicit Identification(const AccountId& account_id);
bool operator==(const Identification& other) const;
// This method should be used for migration purpose only.
static Identification FromString(const std::string& id);
// Look up known user and return its AccountId.
AccountId GetAccountId() const;
const std::string& id() const { return id_; }
bool operator<(const Identification& right) const;
private:
explicit Identification(const std::string&);
std::string id_;
};
// Definition of the key (e.g. password) for the cryptohome.
// It contains authorization data along with extra parameters like permissions
// associated with this key.
struct CHROMEOS_EXPORT KeyDefinition {
enum Type {
TYPE_PASSWORD = 0
};
struct AuthorizationData {
enum Type {
TYPE_HMACSHA256 = 0,
TYPE_AES256CBC_HMACSHA256
};
struct Secret {
Secret();
Secret(bool encrypt,
bool sign,
const std::string& symmetric_key,
const std::string& public_key,
bool wrapped);
bool operator==(const Secret& other) const;
bool encrypt;
bool sign;
std::string symmetric_key;
std::string public_key;
bool wrapped;
};
AuthorizationData();
AuthorizationData(bool encrypt,
bool sign,
const std::string& symmetric_key);
AuthorizationData(const AuthorizationData& other);
~AuthorizationData();
bool operator==(const AuthorizationData& other) const;
Type type;
std::vector<Secret> secrets;
};
// This struct holds metadata that will be stored alongside the key. Each
// |ProviderData| entry must have a |name| and may hold either a |number| or a
// sequence of |bytes|. The metadata is entirely opaque to cryptohome. It is
// stored with the key and returned when requested but is never interpreted by
// cryptohome in any way. The metadata can be used to store information such
// as the hashing algorithm and the salt used to create the key.
struct ProviderData {
ProviderData();
explicit ProviderData(const std::string& name);
explicit ProviderData(const ProviderData& other);
ProviderData(const std::string& name, int64_t number);
ProviderData(const std::string& name, const std::string& bytes);
void operator=(const ProviderData& other);
~ProviderData();
bool operator==(const ProviderData& other) const;
std::string name;
std::unique_ptr<int64_t> number;
std::unique_ptr<std::string> bytes;
};
KeyDefinition();
KeyDefinition(const std::string& secret,
const std::string& label,
int privileges);
KeyDefinition(const KeyDefinition& other);
~KeyDefinition();
bool operator==(const KeyDefinition& other) const;
Type type;
std::string label;
// Privileges associated with key. Combination of |AuthKeyPrivileges| values.
int privileges;
int revision;
std::string secret;
std::vector<AuthorizationData> authorization_data;
std::vector<ProviderData> provider_data;
};
// Authorization attempt data for user.
struct CHROMEOS_EXPORT Authorization {
Authorization(const std::string& key, const std::string& label);
explicit Authorization(const KeyDefinition& key);
bool operator==(const Authorization& other) const;
std::string key;
std::string label;
};
// Parameters for Mount call.
class CHROMEOS_EXPORT MountParameters {
public:
explicit MountParameters(bool ephemeral);
MountParameters(const MountParameters& other);
~MountParameters();
bool operator==(const MountParameters& other) const;
// If |true|, the mounted home dir will be backed by tmpfs. If |false|, the
// ephemeral users policy decides whether tmpfs or an encrypted directory is
// used as the backend.
bool ephemeral;
// If not empty, home dir will be created with these keys if it exist.
std::vector<KeyDefinition> create_keys;
};
// This function returns true if cryptohome of |account_id| is migrated to
// accountId-based identifier (AccountId::GetAccountIdKey()).
bool GetGaiaIdMigrationStatus(const AccountId& account_id);
// This function marks |account_id| cryptohome migrated to accountId-based
// identifier (AccountId::GetAccountIdKey()).
void SetGaiaIdMigrationStatusDone(const AccountId& account_id);
} // namespace cryptohome
namespace BASE_HASH_NAMESPACE {
// Implement hashing of cryptohome::Identification, so it can be used as a key
// in STL containers.
template <>
struct hash<cryptohome::Identification> {
std::size_t operator()(const cryptohome::Identification& cryptohome_id) const;
};
} // namespace BASE_HASH_NAMESPACE
#endif // CHROMEOS_CRYPTOHOME_CRYPTOHOME_PARAMETERS_H_