chromeos/cryptohome/cryptohome_parameters.h - Issue 526353002: Merge cryptohome::RetrievedKeyData with cryptohome::KeyDefinition

Side by Side Diff: chromeos/cryptohome/cryptohome_parameters.h

Issue 526353002: Merge cryptohome::RetrievedKeyData with cryptohome::KeyDefinition (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@d_2_367847_add_get_key_data_ex_to_mount_flow

Patch Set: Created 6 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « chrome/browser/supervised_user/chromeos/manager_password_service.cc ('k') | chromeos/cryptohome/cryptohome_parameters.cc » ('j') | chromeos/cryptohome/cryptohome_parameters.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef CHROMEOS_CRYPTOHOME_CRYPTOHOME_PARAMETERS_H_	5 #ifndef CHROMEOS_CRYPTOHOME_CRYPTOHOME_PARAMETERS_H_

6 #define CHROMEOS_CRYPTOHOME_CRYPTOHOME_PARAMETERS_H_	6 #define CHROMEOS_CRYPTOHOME_CRYPTOHOME_PARAMETERS_H_

7	7

8 #include <string>	8 #include <string>

9 #include <vector>	9 #include <vector>

10	10

11 #include "base/basictypes.h"	11 #include "base/basictypes.h"

12 #include "base/memory/scoped_ptr.h"	12 #include "base/memory/scoped_ptr.h"

13 #include "base/memory/scoped_vector.h"

14 #include "chromeos/chromeos_export.h"	13 #include "chromeos/chromeos_export.h"

15	14

16 namespace cryptohome {	15 namespace cryptohome {

17	16

18 enum AuthKeyPrivileges {	17 enum AuthKeyPrivileges {

19 PRIV_MOUNT = 1 << 0, // Can mount with this key.	18 PRIV_MOUNT = 1 << 0, // Can mount with this key.

20 PRIV_ADD = 1 << 1, // Can add new keys.	19 PRIV_ADD = 1 << 1, // Can add new keys.

21 PRIV_REMOVE = 1 << 2, // Can remove other keys.	20 PRIV_REMOVE = 1 << 2, // Can remove other keys.

22 PRIV_MIGRATE = 1 << 3, // Destroy all keys and replace with new.	21 PRIV_MIGRATE = 1 << 3, // Destroy all keys and replace with new.

23 PRIV_AUTHORIZED_UPDATE = 1 << 4, // Key can be updated in place.	22 PRIV_AUTHORIZED_UPDATE = 1 << 4, // Key can be updated in place.

24 PRIV_DEFAULT = PRIV_MOUNT \| PRIV_ADD \| PRIV_REMOVE \| PRIV_MIGRATE	23 PRIV_DEFAULT = PRIV_MOUNT \| PRIV_ADD \| PRIV_REMOVE \| PRIV_MIGRATE

25 };	24 };

26	25

27 // Identification of the user calling cryptohome method.	26 // Identification of the user calling cryptohome method.

28 struct CHROMEOS_EXPORT Identification {	27 struct CHROMEOS_EXPORT Identification {

29 explicit Identification(const std::string& user_id);	28 explicit Identification(const std::string& user_id);

30	29

31 bool operator==(const Identification& other) const;	30 bool operator==(const Identification& other) const;

32	31

33 std::string user_id;	32 std::string user_id;

34 };	33 };

35	34

36 // Definition of the key (e.g. password) for the cryptohome.	35 // Definition of the key (e.g. password) for the cryptohome.

37 // It contains authorization data along with extra parameters like perimissions	36 // It contains authorization data along with extra parameters like perimissions
	Darren Krahn 2014/09/02 18:21:53 old code nit: perimissions -> permissions old code nit: perimissions -> permissions bartfab (slow) 2014/09/04 10:14:18 Done. Show quoted text On 2014/09/02 18:21:53, Darren Krahn wrote: > old code nit: perimissions -> permissions Done.
38 // associated with this key.	37 // associated with this key.

39 struct CHROMEOS_EXPORT KeyDefinition {	38 struct CHROMEOS_EXPORT KeyDefinition {

40 KeyDefinition(const std::string& key,	39 enum Type {

	40 TYPE_PASSWORD = 0

	41 };

	42

	43 struct AuthorizationData {
	Darren Krahn 2014/09/02 18:21:53 IMO, this is under-documented in the protobuf and IMO, this is under-documented in the protobuf and here's a chance to make it easier to understand. A description of AuthorizationData and its intended use would be great. bartfab (slow) 2014/09/04 10:14:18 Unfortunately, I do not understand it either. I se Show quoted text On 2014/09/02 18:21:53, Darren Krahn wrote: > IMO, this is under-documented in the protobuf and here's a chance to make it > easier to understand. A description of AuthorizationData and its intended use > would be great. Unfortunately, I do not understand it either. I see that everyone always sets this to \|TYPE_HMACSHA256\|. I have no idea what this is for and I do not know when the other value would be used. Is there a doc that explains this somewhere? I would be happy to distill it into a comment. Darren Krahn 2014/09/04 23:13:23 I shared the closest doc I could find. My understa Show quoted text On 2014/09/04 10:14:18, bartfab - very busy til 15 Sep wrote: > On 2014/09/02 18:21:53, Darren Krahn wrote: > > IMO, this is under-documented in the protobuf and here's a chance to make it > > easier to understand. A description of AuthorizationData and its intended use > > would be great. > > Unfortunately, I do not understand it either. I see that everyone always sets > this to \|TYPE_HMACSHA256\|. I have no idea what this is for and I do not know > when the other value would be used. Is there a doc that explains this somewhere? > I would be happy to distill it into a comment. I shared the closest doc I could find. My understanding is that this allows a key to be managed server-side -- or by a supervisor or some entity other than the user. It is configured with AddKey and verified by cryptohome on UpdateKey. Currently the only mechanism supported by cryptohome (AFAIK) is HMAC-SHA256 for signing. bartfab (slow) 2014/09/15 12:04:44 I cannot find any doc shared with me on that day. Show quoted text On 2014/09/04 23:13:23, Darren Krahn wrote: > On 2014/09/04 10:14:18, bartfab - very busy til 15 Sep wrote: > > On 2014/09/02 18:21:53, Darren Krahn wrote: > > > IMO, this is under-documented in the protobuf and here's a chance to make it > > > easier to understand. A description of AuthorizationData and its intended > use > > > would be great. > > > > Unfortunately, I do not understand it either. I see that everyone always sets > > this to \|TYPE_HMACSHA256\|. I have no idea what this is for and I do not know > > when the other value would be used. Is there a doc that explains this > somewhere? > > I would be happy to distill it into a comment. > > I shared the closest doc I could find. My understanding is that this allows a > key to be managed server-side -- or by a supervisor or some entity other than > the user. It is configured with AddKey and verified by cryptohome on UpdateKey. > > Currently the only mechanism supported by cryptohome (AFAIK) is HMAC-SHA256 for > signing. I cannot find any doc shared with me on that day. If you are OK with it, I will land the CL as-is and check with Will on the exact purpose of AuthorizationData. I do not want to add a description that ends up being incorrect.
	44 enum Type {

	45 TYPE_HMACSHA256 = 0,

	46 TYPE_AES256CBC_HMACSHA256

	47 };

	48

	49 struct Secret {

	50 Secret(bool encrypt,
	Darren Krahn 2014/09/02 18:21:53 A constructor for the way we typically use this wo A constructor for the way we typically use this would be nice. E.g. Secret(const std::string& hmac_key); Also, because this is a struct, would a default constructor be appropriate? bartfab (slow) 2014/09/04 10:14:18 Our typical use actuall always needs at least \|enc Show quoted text On 2014/09/02 18:21:53, Darren Krahn wrote: > A constructor for the way we typically use this would be nice. E.g. > > Secret(const std::string& hmac_key); Our typical use actuall always needs at least \|encrypt\|, \|sign\| and \|symmetric_key\| and in some cases, the other two arguments as well. We never construct a Secret with just a \|symmetric_key\|. Show quoted text > > Also, because this is a struct, would a default constructor be appropriate? I added default constructors for all structs in this file.
	51 bool sign,

	52 const std::string& symmetric_key,

	53 const std::string& public_key,

	54 bool wrapped);

	55

	56 bool operator==(const Secret& other) const;

	57

	58 bool encrypt;

	59 bool sign;

	60 std::string symmetric_key;

	61 std::string public_key;

	62 bool wrapped;

	63 };

	64

	65 AuthorizationData();
	Darren Krahn 2014/09/02 18:21:53 Same here, a typical usage constructor would be ni Same here, a typical usage constructor would be nice (in addition to this one). E.g. AuthorizationData(const std::string& hmac_key); bartfab (slow) 2014/09/04 10:14:18 Done. Show quoted text On 2014/09/02 18:21:53, Darren Krahn wrote: > Same here, a typical usage constructor would be nice (in addition to this one). > E.g. > > AuthorizationData(const std::string& hmac_key); Done.
	66 ~AuthorizationData();

	67

	68 bool operator==(const AuthorizationData& other) const;

	69

	70 Type type;

	71 std::vector<Secret> secrets;

	72 };

	73

	74 struct ProviderData {
	Darren Krahn 2014/09/02 18:21:53 Same here -- a bit of documentation would be great Same here -- a bit of documentation would be great. bartfab (slow) 2014/09/04 10:14:18 Done. Show quoted text On 2014/09/02 18:21:53, Darren Krahn wrote: > Same here -- a bit of documentation would be great. Done.
	75 explicit ProviderData(const std::string& name);

	76 explicit ProviderData(const ProviderData& other);

	77 void operator=(const ProviderData& other);

	78 ~ProviderData();

	79

	80 bool operator==(const ProviderData& other) const;

	81

	82 std::string name;

	83 scoped_ptr<int64> number;

	84 scoped_ptr<std::string> bytes;

	85 };

	86

	87 KeyDefinition(const std::string& secret,

41 const std::string& label,	88 const std::string& label,

42 int /AuthKeyPrivileges/ privileges);	89 int privileges);
	Darren Krahn 2014/09/02 18:21:53 [optional] Default constructor here too? It just s [optional] Default constructor here too? It just seems intuitive to me that a struct can be declared like: MyStruct my_struct; bartfab (slow) 2014/09/04 10:14:18 Done. Show quoted text On 2014/09/02 18:21:53, Darren Krahn wrote: > [optional] Default constructor here too? It just seems intuitive to me that a > struct can be declared like: > > MyStruct my_struct; Done.
43 ~KeyDefinition();	90 ~KeyDefinition();

44	91

45 bool operator==(const KeyDefinition& other) const;	92 bool operator==(const KeyDefinition& other) const;

46	93

	94 void AddSymmetricKey(bool encrypt,
	Darren Krahn 2014/09/02 18:21:53 It's not clear what this method does -- would it b It's not clear what this method does -- would it be better to call it AddAuthorizationData or AddAuthorizationKey or AddAuthorizationHMACKey? It's also not intuitive what the parameters actually mean. AFAIK, only 'sign' with 'hmac' is supported so we could drop the two bools unless we intend to use them in the short-medium term. bartfab (slow) 2014/09/04 10:14:18 I removed the method as AuthorizationData() has a Show quoted text On 2014/09/02 18:21:53, Darren Krahn wrote: > It's not clear what this method does -- would it be better to call it > AddAuthorizationData or AddAuthorizationKey or AddAuthorizationHMACKey? > > It's also not intuitive what the parameters actually mean. AFAIK, only 'sign' > with 'hmac' is supported so we could drop the two bools unless we intend to use > them in the short-medium term. I removed the method as AuthorizationData() has a handy constructor now. We do use both \|sign\| and \|encrypt\| by the way. The two places that create authorization data (SupervisedUserCreationControllerNew and ManagerPasswordService) create two keys each, an ecryption key and a signing key. Darren Krahn 2014/09/04 23:13:23 Ok, I guess they are just future-proofing, current Show quoted text On 2014/09/04 10:14:18, bartfab - very busy til 15 Sep wrote: > On 2014/09/02 18:21:53, Darren Krahn wrote: > > It's not clear what this method does -- would it be better to call it > > AddAuthorizationData or AddAuthorizationKey or AddAuthorizationHMACKey? > > > > It's also not intuitive what the parameters actually mean. AFAIK, only 'sign' > > with 'hmac' is supported so we could drop the two bools unless we intend to > use > > them in the short-medium term. > > I removed the method as AuthorizationData() has a handy constructor now. We do > use both \|sign\| and \|encrypt\| by the way. The two places that create > authorization data (SupervisedUserCreationControllerNew and > ManagerPasswordService) create two keys each, an ecryption key and a signing > key. Ok, I guess they are just future-proofing, currently the only encryption mechanism is AES256CBC_HMAC256 and it's not supported by cryptohome.
	95 bool sign,

	96 const std::string& symmetric_key);

	97

	98 Type type;

47 std::string label;	99 std::string label;

48

49 int revision;

50 std::string key;

51

52 std::string encryption_key;

53 std::string signature_key;

54 // Privileges associated with key. Combination of \|AuthKeyPrivileges\| values.	100 // Privileges associated with key. Combination of \|AuthKeyPrivileges\| values.

55 int privileges;	101 int privileges;

	102 int revision;

	103 std::string secret;

	104

	105 std::vector<AuthorizationData> authorization_data;

	106 std::vector<ProviderData> provider_data;

56 };	107 };

57	108

58 // Authorization attempt data for user.	109 // Authorization attempt data for user.

59 struct CHROMEOS_EXPORT Authorization {	110 struct CHROMEOS_EXPORT Authorization {

60 Authorization(const std::string& key, const std::string& label);	111 Authorization(const std::string& key, const std::string& label);

61 explicit Authorization(const KeyDefinition& key);	112 explicit Authorization(const KeyDefinition& key);

62	113

63 bool operator==(const Authorization& other) const;	114 bool operator==(const Authorization& other) const;

64	115

65 std::string key;	116 std::string key;

66 std::string label;	117 std::string label;

67 };	118 };

68	119

69 // Information about keys returned by GetKeyDataEx().

70 struct CHROMEOS_EXPORT RetrievedKeyData {

71 enum Type {

72 TYPE_PASSWORD = 0

73 };

74

75 enum AuthorizationType {

76 AUTHORIZATION_TYPE_HMACSHA256 = 0,

77 AUTHORIZATION_TYPE_AES256CBC_HMACSHA256

78 };

79

80 struct ProviderData {

81 explicit ProviderData(const std::string& name);

82 ~ProviderData();

83

84 std::string name;

85 scoped_ptr<int64> number;

86 scoped_ptr<std::string> bytes;

87 };

88

89 RetrievedKeyData(Type type, const std::string& label, int64 revision);

90 ~RetrievedKeyData();

91

92 Type type;

93 std::string label;

94 // Privileges associated with key. Combination of \|AuthKeyPrivileges\| values.

95 int privileges;

96 int64 revision;

97 std::vector<AuthorizationType> authorization_types;

98 ScopedVector<ProviderData> provider_data;

99 };

100

101 // Parameters for Mount call.	120 // Parameters for Mount call.

102 class CHROMEOS_EXPORT MountParameters {	121 class CHROMEOS_EXPORT MountParameters {

103 public:	122 public:

104 explicit MountParameters(bool ephemeral);	123 explicit MountParameters(bool ephemeral);

105 ~MountParameters();	124 ~MountParameters();

106	125

107 bool operator==(const MountParameters& other) const;	126 bool operator==(const MountParameters& other) const;

108	127

109 // If \|true\|, the mounted home dir will be backed by tmpfs. If \|false\|, the	128 // If \|true\|, the mounted home dir will be backed by tmpfs. If \|false\|, the

110 // ephemeral users policy decides whether tmpfs or an encrypted directory is	129 // ephemeral users policy decides whether tmpfs or an encrypted directory is

111 // used as the backend.	130 // used as the backend.

112 bool ephemeral;	131 bool ephemeral;

113	132

114 // If not empty, home dir will be created with these keys if it exist.	133 // If not empty, home dir will be created with these keys if it exist.

115 std::vector<KeyDefinition> create_keys;	134 std::vector<KeyDefinition> create_keys;

116 };	135 };

117	136

118 } // namespace cryptohome	137 } // namespace cryptohome

119	138

120 #endif // CHROMEOS_CRYPTOHOME_CRYPTOHOME_PARAMETERS_H_	139 #endif // CHROMEOS_CRYPTOHOME_CRYPTOHOME_PARAMETERS_H_

OLD	NEW