OLD | NEW |
1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef LOGIN_MANAGER_OWNER_KEY_H_ | 5 #ifndef LOGIN_MANAGER_OWNER_KEY_H_ |
6 #define LOGIN_MANAGER_OWNER_KEY_H_ | 6 #define LOGIN_MANAGER_OWNER_KEY_H_ |
7 | 7 |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include <base/basictypes.h> | 10 #include <base/basictypes.h> |
11 #include <base/file_path.h> | 11 #include <base/file_path.h> |
(...skipping 13 matching lines...) Expand all Loading... |
25 // If there is an owner key on disk, we will load that key, and deny | 25 // If there is an owner key on disk, we will load that key, and deny |
26 // attempts to set a new key programmatically. If there is no key | 26 // attempts to set a new key programmatically. If there is no key |
27 // present, we will allow the owner's key to be set programmatically, | 27 // present, we will allow the owner's key to be set programmatically, |
28 // and will persist it to disk upon request. Attempts to set the key | 28 // and will persist it to disk upon request. Attempts to set the key |
29 // before on-disk storage has been checked will be denied. | 29 // before on-disk storage has been checked will be denied. |
30 class OwnerKey { | 30 class OwnerKey { |
31 public: | 31 public: |
32 explicit OwnerKey(const FilePath& key_file); | 32 explicit OwnerKey(const FilePath& key_file); |
33 virtual ~OwnerKey(); | 33 virtual ~OwnerKey(); |
34 | 34 |
| 35 virtual bool Equals(const std::string& key_der) const; |
| 36 virtual bool VEquals(const std::vector<uint8>& key_der) const; |
35 virtual bool HaveCheckedDisk(); | 37 virtual bool HaveCheckedDisk(); |
36 virtual bool IsPopulated(); | 38 virtual bool IsPopulated(); |
37 | 39 |
38 // If |key_file_| exists, populate the object with the contents of the file. | 40 // If |key_file_| exists, populate the object with the contents of the file. |
39 // If the file isn't there, that's ok. | 41 // If the file isn't there, that's ok. |
40 // Will return false if the file exists and there are errors reading it. | 42 // Will return false if the file exists and there are errors reading it. |
41 // If this returns true, call IsPopulated() to tell whether or not data was | 43 // If this returns true, call IsPopulated() to tell whether or not data was |
42 // loaded off of disk. | 44 // loaded off of disk. |
43 virtual bool PopulateFromDiskIfPossible(); | 45 virtual bool PopulateFromDiskIfPossible(); |
44 | 46 |
45 // Load key material from |public_key_der|. | 47 // Load key material from |public_key_der|. |
46 // We will _deny_ such an attempt if we have not yet checked disk for a key, | 48 // We will _deny_ such an attempt if we have not yet checked disk for a key, |
47 // or if we have already successfully loaded a key from disk. | 49 // or if we have already successfully loaded a key from disk. |
48 virtual bool PopulateFromBuffer(const std::vector<uint8>& public_key_der); | 50 virtual bool PopulateFromBuffer(const std::vector<uint8>& public_key_der); |
49 | 51 |
50 // Load key material from |pair|. | 52 // Load key material from |pair|. |
51 // We will _deny_ such an attempt if we have not yet checked disk for a key, | 53 // We will _deny_ such an attempt if we have not yet checked disk for a key, |
52 // or if we have already successfully loaded a key from disk. | 54 // or if we have already successfully loaded a key from disk. |
53 virtual bool PopulateFromKeypair(base::RSAPrivateKey* pair); | 55 virtual bool PopulateFromKeypair(base::RSAPrivateKey* pair); |
54 | 56 |
55 // Persist |key_| to disk, at |key_file_|. | 57 // Persist |key_| to disk, at |key_file_|. |
56 // Calling this method before checking for a key on disk is an error. | 58 // Calling this method before checking for a key on disk is an error. |
57 // Returns false if |key_file_| already exists, or if there's an error while | 59 // Returns false if |key_file_| already exists, or if there's an error while |
58 // writing data. | 60 // writing data. |
59 virtual bool Persist(); | 61 virtual bool Persist(); |
60 | 62 |
| 63 // Load key material from |public_key_der|, as long as |sig| is a valid |
| 64 // signature over |public_key_der| with |key_|. |
| 65 // We will _deny_ such an attempt if we do not have a key loaded. |
| 66 // If you're trying to set a key for the first time, use PopulateFromBuffer() |
| 67 virtual bool Rotate(const std::vector<uint8>& public_key_der, |
| 68 const std::vector<uint8>& signature); |
| 69 |
| 70 // THIS IS ONLY INTENDED TO BE USED WHEN THE CURRENTLY REGISTERED KEY HAS BEEN |
| 71 // COMPROMISED OR LOST AND WE ARE RECOVERING. |
| 72 // Load key material from |public_key_der| into key_. |
| 73 virtual void ClobberCompromisedKey(const std::vector<uint8>& public_key_der); |
| 74 |
61 // Verify that |signature| is a valid sha1 w/ RSA signature over the data in | 75 // Verify that |signature| is a valid sha1 w/ RSA signature over the data in |
62 // |data| with |key_|. | 76 // |data| with |key_|. |
63 // Returns false if the sig is invalid, or there's an error. | 77 // Returns false if the sig is invalid, or there's an error. |
64 virtual bool Verify(const char* data, | 78 virtual bool Verify(const uint8* data, |
65 uint32 data_len, | 79 uint32 data_len, |
66 const char* signature, | 80 const uint8* signature, |
67 uint32 sig_len); | 81 uint32 sig_len); |
68 | 82 |
69 // Generate |OUT_signature|, a valid sha1 w/ RSA signature over the data in | 83 // Generate |OUT_signature|, a valid sha1 w/ RSA signature over the data in |
70 // |data| that can be verified with |key_|. | 84 // |data| that can be verified with |key_|. |
71 // Returns false if the sig is invalid, or there's an error. | 85 // Returns false if the sig is invalid, or there's an error. |
72 virtual bool Sign(const char* data, | 86 virtual bool Sign(const uint8* data, |
73 uint32 data_len, | 87 uint32 data_len, |
74 std::vector<uint8>* OUT_signature); | 88 std::vector<uint8>* OUT_signature); |
75 | 89 |
76 // Runs |generator| in a child process. Returns pid of the child. | 90 // Runs |generator| in a child process. Returns pid of the child. |
77 virtual int StartGeneration(ChildJobInterface* generator); | 91 virtual int StartGeneration(ChildJobInterface* generator); |
78 | 92 |
79 // Returned reference will be empty if we haven't populated |key_| yet. | 93 // Returned reference will be empty if we haven't populated |key_| yet. |
80 const std::vector<uint8>& public_key_der() const { | 94 const std::vector<uint8>& public_key_der() const { |
81 return key_; | 95 return key_; |
82 } | 96 } |
83 | 97 |
84 private: | 98 private: |
85 static const uint8 kAlgorithm[]; | 99 static const uint8 kAlgorithm[]; |
86 | 100 |
87 const FilePath key_file_; | 101 const FilePath key_file_; |
88 bool have_checked_disk_; | 102 bool have_checked_disk_; |
| 103 bool have_replaced_; |
89 std::vector<uint8> key_; | 104 std::vector<uint8> key_; |
90 scoped_ptr<SystemUtils> utils_; | 105 scoped_ptr<SystemUtils> utils_; |
91 | 106 |
92 DISALLOW_COPY_AND_ASSIGN(OwnerKey); | 107 DISALLOW_COPY_AND_ASSIGN(OwnerKey); |
93 }; | 108 }; |
94 } // namespace login_manager | 109 } // namespace login_manager |
95 | 110 |
96 #endif // LOGIN_MANAGER_OWNER_KEY_H_ | 111 #endif // LOGIN_MANAGER_OWNER_KEY_H_ |
OLD | NEW |