1// Copyright (c) 2011 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROME_BROWSER_CHROMEOS_CROS_CRYPTOHOME_LIBRARY_H_
6#define CHROME_BROWSER_CHROMEOS_CROS_CRYPTOHOME_LIBRARY_H_
7#pragma once
8
9#include <string>
10
11#include "base/memory/singleton.h"
12#include "chrome/browser/chromeos/cros/cros_library.h"
13#include "third_party/cros/chromeos_cryptohome.h"
14
15namespace chromeos {
16
17// This interface defines the interaction with the ChromeOS cryptohome library
18// APIs.
19class CryptohomeLibrary {
20 public:
21  class Delegate {
22   public:
23    // This will be called back on the UI thread.  Consult |return_code| for
24    // further information beyond mere success or failure.
25    virtual void OnComplete(bool success, int return_code) = 0;
26  };
27
28  CryptohomeLibrary();
29  virtual ~CryptohomeLibrary();
30
31  // Asks cryptohomed to try to find the cryptohome for |user_email| and then
32  // use |passhash| to unlock the key.
33  virtual bool CheckKey(const std::string& user_email,
34                        const std::string& passhash) = 0;
35
36  // Asks cryptohomed to asynchronously try to find the cryptohome for
37  // |user_email| and then use |passhash| to unlock the key.
38  // Returns true if the attempt is successfully initiated.
39  // d->OnComplete() will be called with status info on completion.
40  virtual bool AsyncCheckKey(const std::string& user_email,
41                             const std::string& passhash,
42                             Delegate* callback) = 0;
43
44  // Asks cryptohomed to try to find the cryptohome for |user_email| and then
45  // change from using |old_hash| to lock the key to using |new_hash|.
46  virtual bool MigrateKey(const std::string& user_email,
47                          const std::string& old_hash,
48                          const std::string& new_hash) = 0;
49
50  // Asks cryptohomed to asynchronously try to find the cryptohome for
51  // |user_email| and then change from using |old_hash| to lock the
52  // key to using |new_hash|.
53  // Returns true if the attempt is successfully initiated.
54  // d->OnComplete() will be called with status info on completion.
55  virtual bool AsyncMigrateKey(const std::string& user_email,
56                               const std::string& old_hash,
57                               const std::string& new_hash,
58                               Delegate* callback) = 0;
59
60  // Asks cryptohomed to try to find the cryptohome for |user_email| and then
61  // mount it using |passhash| to unlock the key.
62  virtual bool Mount(const std::string& user_email,
63                     const std::string& passhash,
64                     int* error_code) = 0;
65
66  // Asks cryptohomed to asynchronously try to find the cryptohome for
67  // |user_email| and then mount it using |passhash| to unlock the key.
68  // |create_if_missing| controls whether or not we ask cryptohomed to
69  // create a new home dir if one does not yet exist for |user_email|.
70  // Returns true if the attempt is successfully initiated.
71  // d->OnComplete() will be called with status info on completion.
72  // If |create_if_missing| is false, and no cryptohome exists for |user_email|,
73  // we'll get d->OnComplete(false, kCryptohomeMountErrorUserDoesNotExist).
74  // Otherwise, we expect the normal range of return codes.
75  virtual bool AsyncMount(const std::string& user_email,
76                          const std::string& passhash,
77                          const bool create_if_missing,
78                          Delegate* callback) = 0;
79
80  // Asks cryptohomed to mount a tmpfs for BWSI mode.
81  virtual bool MountForBwsi(int* error_code) = 0;
82
83  // Asks cryptohomed to asynchronously to mount a tmpfs for BWSI mode.
84  // Returns true if the attempt is successfully initiated.
85  // d->OnComplete() will be called with status info on completion.
86  virtual bool AsyncMountForBwsi(Delegate* callback) = 0;
87
88  // Asks cryptohomed to unmount the currently mounted cryptohome.
89  // Returns false if the cryptohome could not be unmounted, true otherwise.
90  virtual bool Unmount() = 0;
91
92  // Asks cryptohomed to try to find the cryptohome for |user_email| and then
93  // nuke it.
94  virtual bool Remove(const std::string& user_email) = 0;
95
96  // Asks cryptohomed to asynchronously try to find the cryptohome for
97  // |user_email| and then nuke it.
98  virtual bool AsyncRemove(const std::string& user_email,
99                           Delegate* callback) = 0;
100
101  // Asks cryptohomed if a drive is currently mounted.
102  virtual bool IsMounted() = 0;
103
104  // Asks cryptohomed for the system salt.
105  virtual CryptohomeBlob GetSystemSalt() = 0;
106
107  // Checks free disk space and if it falls below some minimum
108  // (cryptohome::kMinFreeSpace), performs cleanup.
109  virtual bool AsyncDoAutomaticFreeDiskSpaceControl(Delegate* callback) = 0;
110
111  // Wrappers of the functions for working with Tpm.
112
113  // Returns whether Tpm is ready.
114  virtual bool TpmIsReady() = 0;
115
116  // Returns whether Tpm is presented and enabled.
117  virtual bool TpmIsEnabled() = 0;
118
119  // Returns whether device has already been owned.
120  virtual bool TpmIsOwned() = 0;
121
122  // Returns whether device is being owned (Tpm password is generating).
123  virtual bool TpmIsBeingOwned() = 0;
124
125  // Returns Tpm password (if password was cleared empty one is returned).
126  // Return value is true if password was successfully acquired.
127  virtual bool TpmGetPassword(std::string* password) = 0;
128
129  // Attempts to start owning (if device isn't owned and isn't being owned).
130  virtual void TpmCanAttemptOwnership() = 0;
131
132  // Clears Tpm password. Password should be cleared after it was generated and
133  // shown to user.
134  virtual void TpmClearStoredPassword() = 0;
135
136  virtual bool InstallAttributesGet(const std::string& name,
137                                    std::string* value) = 0;
138  virtual bool InstallAttributesSet(const std::string& name,
139                                    const std::string& value) = 0;
140  virtual int InstallAttributesCount() = 0;
141  virtual bool InstallAttributesFinalize() = 0;
142  virtual bool InstallAttributesIsReady() = 0;
143  virtual bool InstallAttributesIsSecure() = 0;
144  virtual bool InstallAttributesIsInvalid() = 0;
145  virtual bool InstallAttributesIsFirstInstall() = 0;
146
147  // Get the PKCS#11 token info from the TPM.  This is different from
148  // the TpmGetPassword because it's getting the PKCS#11 user PIN and
149  // not the TPM password.
150  virtual void Pkcs11GetTpmTokenInfo(std::string* label,
151                                     std::string* user_pin) = 0;
152
153  // Gets the status of the TPM.  This is different from TpmIsReady
154  // because it's getting the staus of the PKCS#11 initialization of
155  // the TPM token, not the TPM itself.
156  virtual bool Pkcs11IsTpmTokenReady() = 0;
157
158  // Factory function, creates a new instance and returns ownership.
159  // For normal usage, access the singleton via CrosLibrary::Get().
160  static CryptohomeLibrary* GetImpl(bool stub);
161};
162
163}  // namespace chromeos
164
165#endif  // CHROME_BROWSER_CHROMEOS_CROS_CRYPTOHOME_LIBRARY_H_
166