Chromium Code Reviews Chromium Code Reviews
Issue 27044004:
Added multi-profile support for attestation on chromeos. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROMEOS_DBUS_CRYPTOHOME_CLIENT_H_ | 5 #ifndef CHROMEOS_DBUS_CRYPTOHOME_CLIENT_H_ |
| 6 #define CHROMEOS_DBUS_CRYPTOHOME_CLIENT_H_ | 6 #define CHROMEOS_DBUS_CRYPTOHOME_CLIENT_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 267 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 278 const std::string& user_email, | 278 const std::string& user_email, |
| 279 const std::string& request_origin, | 279 const std::string& request_origin, |
| 280 const AsyncMethodCallback& callback) = 0; | 280 const AsyncMethodCallback& callback) = 0; |
| 281 | 281 |
| 282 // Asynchronously finishes a certificate request operation. The callback will | 282 // Asynchronously finishes a certificate request operation. The callback will |
| 283 // be called when the dbus call completes. When the operation completes, the | 283 // be called when the dbus call completes. When the operation completes, the |
| 284 // AsyncCallStatusWithDataHandler signal handler is called. The data that is | 284 // AsyncCallStatusWithDataHandler signal handler is called. The data that is |
| 285 // sent with the signal is a certificate chain in PEM format. |pca_response| | 285 // sent with the signal is a certificate chain in PEM format. |pca_response| |
| 286 // is the response to the certificate request emitted by the Privacy CA. | 286 // is the response to the certificate request emitted by the Privacy CA. |
| 287 // |key_type| determines whether the certified key is to be associated with | 287 // |key_type| determines whether the certified key is to be associated with |
| 288 // the current user. |key_name| is a name for the key. | 288 // the current user. |key_name| is a name for the key. If |key_type| is |
| 289 // KEY_USER, the user's canonical email address must be provided in | |
| 290 // |user_email|. Otherwise |user_email| is ignored. | |
| 289 virtual void AsyncTpmAttestationFinishCertRequest( | 291 virtual void AsyncTpmAttestationFinishCertRequest( |
| 290 const std::string& pca_response, | 292 const std::string& pca_response, |
| 291 attestation::AttestationKeyType key_type, | 293 attestation::AttestationKeyType key_type, |
| 294 const std::string& user_email, | |
|
bartfab (slow)
2013/10/13 16:31:35
As in the other files, please use user_id.
Darren Krahn
2013/10/15 16:49:06
Done.
| |
| 292 const std::string& key_name, | 295 const std::string& key_name, |
| 293 const AsyncMethodCallback& callback) = 0; | 296 const AsyncMethodCallback& callback) = 0; |
| 294 | 297 |
| 295 // Checks if an attestation key already exists. If the key specified by | 298 // Checks if an attestation key already exists. If the key specified by |
| 296 // |key_type| and |key_name| exists, then the result sent to the callback will | 299 // |key_type| and |key_name| exists, then the result sent to the callback will |
| 297 // be true. | 300 // be true. If |key_type| is KEY_USER, the user's canonical email address |
| 301 // must be provided in |user_email|. Otherwise |user_email| is ignored. | |
| 298 virtual void TpmAttestationDoesKeyExist( | 302 virtual void TpmAttestationDoesKeyExist( |
| 299 attestation::AttestationKeyType key_type, | 303 attestation::AttestationKeyType key_type, |
| 304 const std::string& user_email, | |
| 300 const std::string& key_name, | 305 const std::string& key_name, |
| 301 const BoolDBusMethodCallback& callback) = 0; | 306 const BoolDBusMethodCallback& callback) = 0; |
| 302 | 307 |
| 303 // Gets the attestation certificate for the key specified by |key_type| and | 308 // Gets the attestation certificate for the key specified by |key_type| and |
| 304 // |key_name|. |callback| will be called when the operation completes. If | 309 // |key_name|. |callback| will be called when the operation completes. If |
| 305 // the key does not exist the callback |result| parameter will be false. | 310 // the key does not exist the callback |result| parameter will be false. If |
| 311 // |key_type| is KEY_USER, the user's canonical email address must be provided | |
| 312 // in |user_email|. Otherwise |user_email| is ignored. | |
| 306 virtual void TpmAttestationGetCertificate( | 313 virtual void TpmAttestationGetCertificate( |
| 307 attestation::AttestationKeyType key_type, | 314 attestation::AttestationKeyType key_type, |
| 315 const std::string& user_email, | |
| 308 const std::string& key_name, | 316 const std::string& key_name, |
| 309 const DataMethodCallback& callback) = 0; | 317 const DataMethodCallback& callback) = 0; |
| 310 | 318 |
| 311 // Gets the public key for the key specified by |key_type| and |key_name|. | 319 // Gets the public key for the key specified by |key_type| and |key_name|. |
| 312 // |callback| will be called when the operation completes. If the key does | 320 // |callback| will be called when the operation completes. If the key does |
| 313 // not exist the callback |result| parameter will be false. | 321 // not exist the callback |result| parameter will be false. If |key_type| is |
| 322 // KEY_USER, the user's canonical email address must be provided in | |
| 323 // |user_email|. Otherwise |user_email| is ignored. | |
| 314 virtual void TpmAttestationGetPublicKey( | 324 virtual void TpmAttestationGetPublicKey( |
| 315 attestation::AttestationKeyType key_type, | 325 attestation::AttestationKeyType key_type, |
| 326 const std::string& user_email, | |
| 316 const std::string& key_name, | 327 const std::string& key_name, |
| 317 const DataMethodCallback& callback) = 0; | 328 const DataMethodCallback& callback) = 0; |
| 318 | 329 |
| 319 // Asynchronously registers an attestation key with the current user's | 330 // Asynchronously registers an attestation key with the current user's |
| 320 // PKCS #11 token. The |callback| will be called when the dbus call | 331 // PKCS #11 token. The |callback| will be called when the dbus call |
| 321 // completes. When the operation completes, the AsyncCallStatusHandler signal | 332 // completes. When the operation completes, the AsyncCallStatusHandler signal |
| 322 // handler is called. |key_type| and |key_name| specify the key to register. | 333 // handler is called. |key_type| and |key_name| specify the key to register. |
| 334 // If |key_type| is KEY_USER, the user's canonical email address must be | |
| 335 // provided in |user_email|. Otherwise |user_email| is ignored. | |
| 323 virtual void TpmAttestationRegisterKey( | 336 virtual void TpmAttestationRegisterKey( |
| 324 attestation::AttestationKeyType key_type, | 337 attestation::AttestationKeyType key_type, |
| 338 const std::string& user_email, | |
| 325 const std::string& key_name, | 339 const std::string& key_name, |
| 326 const AsyncMethodCallback& callback) = 0; | 340 const AsyncMethodCallback& callback) = 0; |
| 327 | 341 |
| 328 // Asynchronously signs an enterprise challenge with the key specified by | 342 // Asynchronously signs an enterprise challenge with the key specified by |
| 329 // |key_type| and |key_name|. |domain| and |device_id| will be included in | 343 // |key_type| and |key_name|. |domain| and |device_id| will be included in |
| 330 // the challenge response. |options| control how the challenge response is | 344 // the challenge response. |options| control how the challenge response is |
| 331 // generated. |challenge| must be a valid enterprise attestation challenge. | 345 // generated. |challenge| must be a valid enterprise attestation challenge. |
| 332 // The |callback| will be called when the dbus call completes. When the | 346 // The |callback| will be called when the dbus call completes. When the |
| 333 // operation completes, the AsyncCallStatusWithDataHandler signal handler is | 347 // operation completes, the AsyncCallStatusWithDataHandler signal handler is |
| 334 // called. | 348 // called. If |key_type| is KEY_USER, the user's canonical email address must |
| 349 // be provided in |user_email|. Otherwise |user_email| is ignored. | |
| 335 virtual void TpmAttestationSignEnterpriseChallenge( | 350 virtual void TpmAttestationSignEnterpriseChallenge( |
| 336 attestation::AttestationKeyType key_type, | 351 attestation::AttestationKeyType key_type, |
| 352 const std::string& user_email, | |
| 337 const std::string& key_name, | 353 const std::string& key_name, |
| 338 const std::string& domain, | 354 const std::string& domain, |
| 339 const std::string& device_id, | 355 const std::string& device_id, |
| 340 attestation::AttestationChallengeOptions options, | 356 attestation::AttestationChallengeOptions options, |
| 341 const std::string& challenge, | 357 const std::string& challenge, |
| 342 const AsyncMethodCallback& callback) = 0; | 358 const AsyncMethodCallback& callback) = 0; |
| 343 | 359 |
| 344 // Asynchronously signs a simple challenge with the key specified by | 360 // Asynchronously signs a simple challenge with the key specified by |
| 345 // |key_type| and |key_name|. |challenge| can be any set of arbitrary bytes. | 361 // |key_type| and |key_name|. |challenge| can be any set of arbitrary bytes. |
| 346 // A nonce will be appended to the challenge before signing; this method | 362 // A nonce will be appended to the challenge before signing; this method |
| 347 // cannot be used to sign arbitrary data. The |callback| will be called when | 363 // cannot be used to sign arbitrary data. The |callback| will be called when |
| 348 // the dbus call completes. When the operation completes, the | 364 // the dbus call completes. When the operation completes, the |
| 349 // AsyncCallStatusWithDataHandler signal handler is called. | 365 // AsyncCallStatusWithDataHandler signal handler is called. If |key_type| is |
| 366 // KEY_USER, the user's canonical email address must be provided in | |
| 367 // |user_email|. Otherwise |user_email| is ignored. | |
| 350 virtual void TpmAttestationSignSimpleChallenge( | 368 virtual void TpmAttestationSignSimpleChallenge( |
| 351 attestation::AttestationKeyType key_type, | 369 attestation::AttestationKeyType key_type, |
| 370 const std::string& user_email, | |
| 352 const std::string& key_name, | 371 const std::string& key_name, |
| 353 const std::string& challenge, | 372 const std::string& challenge, |
| 354 const AsyncMethodCallback& callback) = 0; | 373 const AsyncMethodCallback& callback) = 0; |
| 355 | 374 |
| 356 // Gets the payload associated with the key specified by |key_type| and | 375 // Gets the payload associated with the key specified by |key_type| and |
| 357 // |key_name|. The |callback| will be called when the operation completes. | 376 // |key_name|. The |callback| will be called when the operation completes. |
| 358 // If the key does not exist the callback |result| parameter will be false. | 377 // If the key does not exist the callback |result| parameter will be false. |
| 359 // If no payload has been set for the key the callback |result| parameter will | 378 // If no payload has been set for the key the callback |result| parameter will |
| 360 // be true and the |data| parameter will be empty. | 379 // be true and the |data| parameter will be empty. If |key_type| is |
| 380 // KEY_USER, the user's canonical email address must be provided in | |
| 381 // |user_email|. Otherwise |user_email| is ignored. | |
| 361 virtual void TpmAttestationGetKeyPayload( | 382 virtual void TpmAttestationGetKeyPayload( |
| 362 attestation::AttestationKeyType key_type, | 383 attestation::AttestationKeyType key_type, |
| 384 const std::string& user_email, | |
| 363 const std::string& key_name, | 385 const std::string& key_name, |
| 364 const DataMethodCallback& callback) = 0; | 386 const DataMethodCallback& callback) = 0; |
| 365 | 387 |
| 366 // Sets the |payload| associated with the key specified by |key_type| and | 388 // Sets the |payload| associated with the key specified by |key_type| and |
| 367 // |key_name|. The |callback| will be called when the operation completes. | 389 // |key_name|. The |callback| will be called when the operation completes. |
| 368 // If the operation succeeds, the callback |result| parameter will be true. | 390 // If the operation succeeds, the callback |result| parameter will be true. |
| 391 // If |key_type| is KEY_USER, the user's canonical email address must be | |
| 392 // provided in |user_email|. Otherwise |user_email| is ignored. | |
| 369 virtual void TpmAttestationSetKeyPayload( | 393 virtual void TpmAttestationSetKeyPayload( |
| 370 attestation::AttestationKeyType key_type, | 394 attestation::AttestationKeyType key_type, |
| 395 const std::string& user_email, | |
| 371 const std::string& key_name, | 396 const std::string& key_name, |
| 372 const std::string& payload, | 397 const std::string& payload, |
| 373 const BoolDBusMethodCallback& callback) = 0; | 398 const BoolDBusMethodCallback& callback) = 0; |
| 374 | 399 |
| 375 protected: | 400 protected: |
| 376 // Create() should be used instead. | 401 // Create() should be used instead. |
| 377 CryptohomeClient(); | 402 CryptohomeClient(); |
| 378 | 403 |
| 379 private: | 404 private: |
| 380 DISALLOW_COPY_AND_ASSIGN(CryptohomeClient); | 405 DISALLOW_COPY_AND_ASSIGN(CryptohomeClient); |
| 381 }; | 406 }; |
| 382 | 407 |
| 383 } // namespace chromeos | 408 } // namespace chromeos |
| 384 | 409 |
| 385 #endif // CHROMEOS_DBUS_CRYPTOHOME_CLIENT_H_ | 410 #endif // CHROMEOS_DBUS_CRYPTOHOME_CLIENT_H_ |
| OLD | NEW |
