1ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen// Copyright (c) 2011 The Chromium Authors. All rights reserved. 2bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen// Use of this source code is governed by a BSD-style license that can be 3bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen// found in the LICENSE file. 4bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen 5bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen#ifndef CHROME_BROWSER_CHROMEOS_LOGIN_OWNER_MANAGER_H_ 6bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen#define CHROME_BROWSER_CHROMEOS_LOGIN_OWNER_MANAGER_H_ 7bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen#pragma once 8bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen 9bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen#include <vector> 10bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen 11bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen#include "base/basictypes.h" 12ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen#include "base/memory/ref_counted.h" 13ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen#include "crypto/rsa_private_key.h" 14bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen#include "chrome/browser/chromeos/login/owner_key_utils.h" 15dc0f95d653279beabeb9817299e2902918ba123eKristian Monsen#include "content/browser/browser_thread.h" 16bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen 17bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsenclass FilePath; 18bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsenclass NotificationDetails; 19bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsenclass NotificationType; 20bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen 21bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsennamespace chromeos { 22bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen 23bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen// This class allows the registration of an Owner of a Chromium OS device. 24bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen// It handles generating the appropriate keys and storing them in the 25bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen// appropriate locations. 26dc0f95d653279beabeb9817299e2902918ba123eKristian Monsenclass OwnerManager : public base::RefCountedThreadSafe<OwnerManager> { 27bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen public: 28bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen // Return codes for public/private key operations. 29bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen enum KeyOpCode { 30bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen SUCCESS, 31bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen KEY_UNAVAILABLE, // The necessary key isn't available yet. 32bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen OPERATION_FAILED // The crypto operation failed. 33bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen }; 34bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen 35bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen class Delegate { 36bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen public: 37bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen // Upon completion of a key operation, this method will be called. 38bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen // |return_code| indicates what happened, |payload| will be used to pass 39bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen // back any artifacts of the operation. For example, if the operation 40bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen // was a signature attempt, the signature blob would come back in |payload|. 41bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen virtual void OnKeyOpComplete(const KeyOpCode return_code, 42bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen const std::vector<uint8>& payload) = 0; 43bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen }; 44bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen 45ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen class KeyUpdateDelegate { 46ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen public: 47ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen // Called upon completion of a key update operation. 48ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen virtual void OnKeyUpdated() = 0; 49ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen }; 50ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen 51bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen OwnerManager(); 52bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen virtual ~OwnerManager(); 53bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen 54ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen // Sets a new owner key from a provided memory buffer. 55ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen void UpdateOwnerKey(const BrowserThread::ID thread_id, 56ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen const std::vector<uint8>& key, 57ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen KeyUpdateDelegate* d); 58ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen 59bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen // Pulls the owner's public key off disk and into memory. 60bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen // 61bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen // Call this on the FILE thread. 62bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen void LoadOwnerKey(); 63bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen 64bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen bool EnsurePublicKey(); 65bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen bool EnsurePrivateKey(); 66bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen 67bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen // Do the actual work of signing |data| with |private_key_|. First, 68bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen // ensures that we have the keys we need. Then, computes the signature. 69bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen // 70bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen // On success, calls d->OnKeyOpComplete() on |thread_id| with a 71bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen // successful return code, passing the signaure blob in |payload|. 72bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen // On failure, calls d->OnKeyOpComplete() on |thread_id| with an appropriate 73bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen // error and passes an empty string for |payload|. 74731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick void Sign(const BrowserThread::ID thread_id, 75bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen const std::string& data, 76bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen Delegate* d); 77bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen 78bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen // Do the actual work of verifying that |signature| is valid over 79bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen // |data| with |public_key_|. First, ensures we have the key we 80bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen // need, then does the verify. 81bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen // 82bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen // On success, calls d->OnKeyOpComplete() on |thread_id| with a 83bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen // successful return code, passing an empty string for |payload|. 84bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen // On failure, calls d->OnKeyOpComplete() on |thread_id| with an appropriate 85bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen // error code, passing an empty string for |payload|. 86731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick void Verify(const BrowserThread::ID thread_id, 87bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen const std::string& data, 88bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen const std::vector<uint8>& signature, 89bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen Delegate* d); 90bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen 91bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen private: 92bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen // A helper method to send a notification on another thread. 93bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen void SendNotification(NotificationType type, 94bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen const NotificationDetails& details); 95bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen 96ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen // Calls back a key update delegate on a given thread. 97ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen void CallKeyUpdateDelegate(KeyUpdateDelegate* d) { 98ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen d->OnKeyUpdated(); 99ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen } 100ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen 101bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen // A helper method to call back a delegte on another thread. 102bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen void CallDelegate(Delegate* d, 103bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen const KeyOpCode return_code, 104bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen const std::vector<uint8>& payload) { 105bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen d->OnKeyOpComplete(return_code, payload); 106bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen } 107bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen 108ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen scoped_ptr<crypto::RSAPrivateKey> private_key_; 109bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen std::vector<uint8> public_key_; 110bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen 111bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen scoped_refptr<OwnerKeyUtils> utils_; 112bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen 113bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen friend class OwnerManagerTest; 114bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen 115bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen DISALLOW_COPY_AND_ASSIGN(OwnerManager); 116bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen}; 117bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen 118bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen} // namespace chromeos 119bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen 120bda42a81ee5f9b20d2bebedcf0bbef1e30e5b293Kristian Monsen#endif // CHROME_BROWSER_CHROMEOS_LOGIN_OWNER_MANAGER_H_ 121