1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROMEOS_DBUS_CRYPTOHOME_CLIENT_H_
6#define CHROMEOS_DBUS_CRYPTOHOME_CLIENT_H_
7
8#include <string>
9#include <vector>
10
11#include "base/basictypes.h"
12#include "base/callback.h"
13#include "chromeos/attestation/attestation_constants.h"
14#include "chromeos/chromeos_export.h"
15#include "chromeos/dbus/dbus_client_implementation_type.h"
16#include "chromeos/dbus/dbus_method_call_status.h"
17
18namespace dbus {
19class Bus;
20}
21
22namespace chromeos {
23
24// CryptohomeClient is used to communicate with the Cryptohome service.
25// All method should be called from the origin thread (UI thread) which
26// initializes the DBusThreadManager instance.
27class CHROMEOS_EXPORT CryptohomeClient {
28 public:
29  // A callback to handle AsyncCallStatus signals.
30  typedef base::Callback<void(int async_id,
31                              bool return_status,
32                              int return_code)>
33      AsyncCallStatusHandler;
34  // A callback to handle AsyncCallStatusWithData signals.
35  typedef base::Callback<void(int async_id,
36                              bool return_status,
37                              const std::string& data)>
38      AsyncCallStatusWithDataHandler;
39  // A callback to handle responses of AsyncXXX methods.
40  typedef base::Callback<void(int async_id)> AsyncMethodCallback;
41  // A callback to handle responses of Pkcs11GetTpmTokenInfo method.
42  typedef base::Callback<void(
43      DBusMethodCallStatus call_status,
44      const std::string& label,
45      const std::string& user_pin)> Pkcs11GetTpmTokenInfoCallback;
46  // A callback for methods which return both a bool result and data.
47  typedef base::Callback<void(DBusMethodCallStatus call_status,
48                              bool result,
49                              const std::string& data)> DataMethodCallback;
50
51  virtual ~CryptohomeClient();
52
53  // Factory function, creates a new instance and returns ownership.
54  // For normal usage, access the singleton via DBusThreadManager::Get().
55  static CryptohomeClient* Create(DBusClientImplementationType type,
56                                  dbus::Bus* bus);
57
58  // Returns the sanitized |username| that the stub implementation would return.
59  static std::string GetStubSanitizedUsername(const std::string& username);
60
61  // Sets AsyncCallStatus signal handlers.
62  // |handler| is called when results for AsyncXXX methods are returned.
63  // Cryptohome service will process the calls in a first-in-first-out manner
64  // when they are made in parallel.
65  virtual void SetAsyncCallStatusHandlers(
66      const AsyncCallStatusHandler& handler,
67      const AsyncCallStatusWithDataHandler& data_handler) = 0;
68
69  // Resets AsyncCallStatus signal handlers.
70  virtual void ResetAsyncCallStatusHandlers() = 0;
71
72  // Calls IsMounted method and returns true when the call succeeds.
73  virtual void IsMounted(const BoolDBusMethodCallback& callback) = 0;
74
75  // Calls Unmount method and returns true when the call succeeds.
76  // This method blocks until the call returns.
77  virtual bool Unmount(bool* success) = 0;
78
79  // Calls AsyncCheckKey method.  |callback| is called after the method call
80  // succeeds.
81  virtual void AsyncCheckKey(const std::string& username,
82                             const std::string& key,
83                             const AsyncMethodCallback& callback) = 0;
84
85  // Calls AsyncMigrateKey method.  |callback| is called after the method call
86  // succeeds.
87  virtual void AsyncMigrateKey(const std::string& username,
88                               const std::string& from_key,
89                               const std::string& to_key,
90                               const AsyncMethodCallback& callback) = 0;
91
92  // Calls AsyncRemove method.  |callback| is called after the method call
93  // succeeds.
94  virtual void AsyncRemove(const std::string& username,
95                           const AsyncMethodCallback& callback) = 0;
96
97  // Calls GetSystemSalt method.  This method blocks until the call returns.
98  // The original content of |salt| is lost.
99  virtual bool GetSystemSalt(std::vector<uint8>* salt) = 0;
100
101  // Calls GetSanitizedUsername method.  |callback| is called after the method
102  // call succeeds.
103  virtual void GetSanitizedUsername(
104      const std::string& username,
105      const StringDBusMethodCallback& callback) = 0;
106
107  // Same as GetSanitizedUsername() but blocks until a reply is received, and
108  // returns the sanitized username synchronously. Returns an empty string if
109  // the method call fails.
110  // This may only be called in situations where blocking the UI thread is
111  // considered acceptable (e.g. restarting the browser after a crash or after
112  // a flag change).
113  virtual std::string BlockingGetSanitizedUsername(
114      const std::string& username) = 0;
115
116  // Calls the AsyncMount method to asynchronously mount the cryptohome for
117  // |username|, using |key| to unlock it. For supported |flags|, see the
118  // documentation of AsyncMethodCaller::AsyncMount().
119  // |callback| is called after the method call succeeds.
120  virtual void AsyncMount(const std::string& username,
121                          const std::string& key,
122                          int flags,
123                          const AsyncMethodCallback& callback) = 0;
124
125  // Calls the AsyncAddKey method to asynchronously add another |new_key| for
126  // |username|, using |key| to unlock it first.
127  // |callback| is called after the method call succeeds.
128  virtual void AsyncAddKey(const std::string& username,
129                           const std::string& key,
130                           const std::string& new_key,
131                           const AsyncMethodCallback& callback) = 0;
132
133  // Calls AsyncMountGuest method.  |callback| is called after the method call
134  // succeeds.
135  virtual void AsyncMountGuest(const AsyncMethodCallback& callback) = 0;
136
137  // Calls the AsyncMount method to asynchronously mount the cryptohome for
138  // |public_mount_id|. For supported |flags|, see the documentation of
139  // AsyncMethodCaller::AsyncMount().  |callback| is called after the method
140  // call succeeds.
141  virtual void AsyncMountPublic(const std::string& public_mount_id,
142                                int flags,
143                                const AsyncMethodCallback& callback) = 0;
144
145  // Calls TpmIsReady method.
146  virtual void TpmIsReady(const BoolDBusMethodCallback& callback) = 0;
147
148  // Calls TpmIsEnabled method.
149  virtual void TpmIsEnabled(const BoolDBusMethodCallback& callback) = 0;
150
151  // Calls TpmIsEnabled method and returns true when the call succeeds.
152  // This method blocks until the call returns.
153  // TODO(hashimoto): Remove this method. crbug.com/141006
154  virtual bool CallTpmIsEnabledAndBlock(bool* enabled) = 0;
155
156  // Calls TpmGetPassword method.
157  virtual void TpmGetPassword(const StringDBusMethodCallback& callback) = 0;
158
159  // Calls TpmIsOwned method.
160  virtual void TpmIsOwned(const BoolDBusMethodCallback& callback) = 0;
161
162  // Calls TpmIsOwned method and returns true when the call succeeds.
163  // This method blocks until the call returns.
164  // TODO(hashimoto): Remove this method. crbug.com/141012
165  virtual bool CallTpmIsOwnedAndBlock(bool* owned) = 0;
166
167  // Calls TpmIsBeingOwned method.
168  virtual void TpmIsBeingOwned(const BoolDBusMethodCallback& callback) = 0;
169
170  // Calls TpmIsBeingOwned method and returns true when the call succeeds.
171  // This method blocks until the call returns.
172  // TODO(hashimoto): Remove this method. crbug.com/141011
173  virtual bool CallTpmIsBeingOwnedAndBlock(bool* owning) = 0;
174
175  // Calls TpmCanAttemptOwnership method.
176  // This method tells the service that it is OK to attempt ownership.
177  virtual void TpmCanAttemptOwnership(
178      const VoidDBusMethodCallback& callback) = 0;
179
180  // Calls TpmClearStoredPasswordMethod.
181  virtual void TpmClearStoredPassword(
182      const VoidDBusMethodCallback& callback) = 0;
183
184  // Calls TpmClearStoredPassword method and returns true when the call
185  // succeeds.  This method blocks until the call returns.
186  // TODO(hashimoto): Remove this method. crbug.com/141010
187  virtual bool CallTpmClearStoredPasswordAndBlock() = 0;
188
189  // Calls Pkcs11IsTpmTokenReady method.
190  virtual void Pkcs11IsTpmTokenReady(
191      const BoolDBusMethodCallback& callback) = 0;
192
193  // Calls Pkcs11GetTpmTokenInfo method.
194  virtual void Pkcs11GetTpmTokenInfo(
195      const Pkcs11GetTpmTokenInfoCallback& callback) = 0;
196
197  // Calls InstallAttributesGet method and returns true when the call succeeds.
198  // This method blocks until the call returns.
199  // The original content of |value| is lost.
200  virtual bool InstallAttributesGet(const std::string& name,
201                                    std::vector<uint8>* value,
202                                    bool* successful) = 0;
203
204  // Calls InstallAttributesSet method and returns true when the call succeeds.
205  // This method blocks until the call returns.
206  virtual bool InstallAttributesSet(const std::string& name,
207                                    const std::vector<uint8>& value,
208                                    bool* successful) = 0;
209
210  // Calls InstallAttributesFinalize method and returns true when the call
211  // succeeds.  This method blocks until the call returns.
212  virtual bool InstallAttributesFinalize(bool* successful) = 0;
213
214  // Calls InstallAttributesIsReady method.
215  virtual void InstallAttributesIsReady(
216      const BoolDBusMethodCallback& callback) = 0;
217
218  // Calls InstallAttributesIsInvalid method and returns true when the call
219  // succeeds.  This method blocks until the call returns.
220  virtual bool InstallAttributesIsInvalid(bool* is_invalid) = 0;
221
222  // Calls InstallAttributesIsFirstInstall method and returns true when the call
223  // succeeds. This method blocks until the call returns.
224  virtual bool InstallAttributesIsFirstInstall(bool* is_first_install) = 0;
225
226  // Calls the TpmAttestationIsPrepared dbus method.  The callback is called
227  // when the operation completes.
228  virtual void TpmAttestationIsPrepared(
229        const BoolDBusMethodCallback& callback) = 0;
230
231  // Calls the TpmAttestationIsEnrolled dbus method.  The callback is called
232  // when the operation completes.
233  virtual void TpmAttestationIsEnrolled(
234        const BoolDBusMethodCallback& callback) = 0;
235
236  // Asynchronously creates an attestation enrollment request.  The callback
237  // will be called when the dbus call completes.  When the operation completes,
238  // the AsyncCallStatusWithDataHandler signal handler is called.  The data that
239  // is sent with the signal is an enrollment request to be sent to the Privacy
240  // CA.  The enrollment is completed by calling AsyncTpmAttestationEnroll.
241  virtual void AsyncTpmAttestationCreateEnrollRequest(
242      const AsyncMethodCallback& callback) = 0;
243
244  // Asynchronously finishes an attestation enrollment operation.  The callback
245  // will be called when the dbus call completes.  When the operation completes,
246  // the AsyncCallStatusHandler signal handler is called.  |pca_response| is the
247  // response to the enrollment request emitted by the Privacy CA.
248  virtual void AsyncTpmAttestationEnroll(
249      const std::string& pca_response,
250      const AsyncMethodCallback& callback) = 0;
251
252  // Asynchronously creates an attestation certificate request according to
253  // |options|, which is a combination of AttestationCertificateOptions.
254  // |callback| will be called when the dbus call completes.  When the operation
255  // completes, the AsyncCallStatusWithDataHandler signal handler is called.
256  // The data that is sent with the signal is a certificate request to be sent
257  // to the Privacy CA.  The certificate request is completed by calling
258  // AsyncTpmAttestationFinishCertRequest.
259  virtual void AsyncTpmAttestationCreateCertRequest(
260      int options,
261      const AsyncMethodCallback& callback) = 0;
262
263  // Asynchronously finishes a certificate request operation.  The callback will
264  // be called when the dbus call completes.  When the operation completes, the
265  // AsyncCallStatusWithDataHandler signal handler is called.  The data that is
266  // sent with the signal is a certificate chain in PEM format.  |pca_response|
267  // is the response to the certificate request emitted by the Privacy CA.
268  // |key_type| determines whether the certified key is to be associated with
269  // the current user.  |key_name| is a name for the key.
270  virtual void AsyncTpmAttestationFinishCertRequest(
271      const std::string& pca_response,
272      attestation::AttestationKeyType key_type,
273      const std::string& key_name,
274      const AsyncMethodCallback& callback) = 0;
275
276  // Checks if an attestation key already exists.  If the key specified by
277  // |key_type| and |key_name| exists, then the result sent to the callback will
278  // be true.
279  virtual void TpmAttestationDoesKeyExist(
280      attestation::AttestationKeyType key_type,
281      const std::string& key_name,
282      const BoolDBusMethodCallback& callback) = 0;
283
284  // Gets the attestation certificate for the key specified by |key_type| and
285  // |key_name|.  |callback| will be called when the operation completes.  If
286  // the key does not exist the callback |result| parameter will be false.
287  virtual void TpmAttestationGetCertificate(
288      attestation::AttestationKeyType key_type,
289      const std::string& key_name,
290      const DataMethodCallback& callback) = 0;
291
292  // Gets the public key for the key specified by |key_type| and |key_name|.
293  // |callback| will be called when the operation completes.  If the key does
294  // not exist the callback |result| parameter will be false.
295  virtual void TpmAttestationGetPublicKey(
296      attestation::AttestationKeyType key_type,
297      const std::string& key_name,
298      const DataMethodCallback& callback) = 0;
299
300  // Asynchronously registers an attestation key with the current user's
301  // PKCS #11 token.  The |callback| will be called when the dbus call
302  // completes.  When the operation completes, the AsyncCallStatusHandler signal
303  // handler is called.  |key_type| and |key_name| specify the key to register.
304  virtual void TpmAttestationRegisterKey(
305      attestation::AttestationKeyType key_type,
306      const std::string& key_name,
307      const AsyncMethodCallback& callback) = 0;
308
309  // Asynchronously signs an enterprise challenge with the key specified by
310  // |key_type| and |key_name|.  |domain| and |device_id| will be included in
311  // the challenge response.  |options| control how the challenge response is
312  // generated.  |challenge| must be a valid enterprise attestation challenge.
313  // The |callback| will be called when the dbus call completes.  When the
314  // operation completes, the AsyncCallStatusWithDataHandler signal handler is
315  // called.
316  virtual void TpmAttestationSignEnterpriseChallenge(
317      attestation::AttestationKeyType key_type,
318      const std::string& key_name,
319      const std::string& domain,
320      const std::string& device_id,
321      attestation::AttestationChallengeOptions options,
322      const std::string& challenge,
323      const AsyncMethodCallback& callback) = 0;
324
325  // Asynchronously signs a simple challenge with the key specified by
326  // |key_type| and |key_name|.  |challenge| can be any set of arbitrary bytes.
327  // A nonce will be appended to the challenge before signing; this method
328  // cannot be used to sign arbitrary data.  The |callback| will be called when
329  // the dbus call completes.  When the operation completes, the
330  // AsyncCallStatusWithDataHandler signal handler is called.
331  virtual void TpmAttestationSignSimpleChallenge(
332      attestation::AttestationKeyType key_type,
333      const std::string& key_name,
334      const std::string& challenge,
335      const AsyncMethodCallback& callback) = 0;
336
337  // Gets the payload associated with the key specified by |key_type| and
338  // |key_name|.  The |callback| will be called when the operation completes.
339  // If the key does not exist the callback |result| parameter will be false.
340  // If no payload has been set for the key the callback |result| parameter will
341  // be true and the |data| parameter will be empty.
342  virtual void TpmAttestationGetKeyPayload(
343      attestation::AttestationKeyType key_type,
344      const std::string& key_name,
345      const DataMethodCallback& callback) = 0;
346
347  // Sets the |payload| associated with the key specified by |key_type| and
348  // |key_name|.  The |callback| will be called when the operation completes.
349  // If the operation succeeds, the callback |result| parameter will be true.
350  virtual void TpmAttestationSetKeyPayload(
351      attestation::AttestationKeyType key_type,
352      const std::string& key_name,
353      const std::string& payload,
354      const BoolDBusMethodCallback& callback) = 0;
355
356 protected:
357  // Create() should be used instead.
358  CryptohomeClient();
359
360 private:
361  DISALLOW_COPY_AND_ASSIGN(CryptohomeClient);
362};
363
364}  // namespace chromeos
365
366#endif  // CHROMEOS_DBUS_CRYPTOHOME_CLIENT_H_
367