Chromium Code Reviews Chromium Code Reviews
Issue 729803002:
Easy Sign-in: Use TPM RSA key to sign nonce in sign-in protocol (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_EASY_UNLOCK_EASY_UNLOCK_TPM_KEY_MANAGER_H_ | |
| 6 #define CHROME_BROWSER_CHROMEOS_LOGIN_EASY_UNLOCK_EASY_UNLOCK_TPM_KEY_MANAGER_H_ | |
| 7 | |
| 8 #include <string> | |
| 9 #include <vector> | |
| 10 | |
| 11 #include "base/callback.h" | |
| 12 #include "base/macros.h" | |
| 13 #include "base/memory/weak_ptr.h" | |
| 14 #include "components/keyed_service/core/keyed_service.h" | |
| 15 #include "crypto/scoped_nss_types.h" | |
| 16 | |
| 17 class PrefRegistrySimple; | |
| 18 class PrefService; | |
| 19 | |
| 20 // Manages per user RSA keys stored in system TPM slot used in easy signin | |
| 21 // protocol. The keys are used to sign a nonce exchanged during signin. | |
| 22 class EasyUnlockTpmKeyManager : public KeyedService { | |
|
pneubeck (no reviews)
2014/12/05 12:16:05
I find the state transitions of this implementatio
tbarzic
2014/12/11 23:43:28
Done.
| |
| 23 public: | |
| 24 // Registers local state prefs used to store public RSA keys per user. | |
| 25 static void RegisterLocalStatePrefs(PrefRegistrySimple* registry); | |
| 26 | |
| 27 // Clears local state for user. Should be called when a user is removed. | |
| 28 static void ResetLocalStateForUser(const std::string& user_id); | |
| 29 | |
| 30 // |user_id|: Id for the user associated with the service. Empty for signin | |
| 31 // service. | |
| 32 // |local_state|: The local state prefs. | |
| 33 EasyUnlockTpmKeyManager(const std::string& user_id, PrefService* local_state); | |
| 34 ~EasyUnlockTpmKeyManager() override; | |
| 35 | |
| 36 // Checks if the RSA public key is set in the local state. If not, creates | |
| 37 // one. If the key presence can be confirmed, immediately returns true and | |
| 38 // |callback| never gets called, otherwise returns false (callback is called | |
| 39 // when the key presence is confirmed). | |
| 40 // Must not be called for signin profile. | |
| 41 // |check_private_key|: If public RSA key is set in the local state, whether | |
| 42 // the method should confirm that the private key is present in the system | |
| 43 // slot. If the private key cannot be found, a new key pair will be | |
| 44 // created for the user. | |
| 45 // Note: Checking TPM for the private key is more expensive than only | |
| 46 // checking local state, so setting this to |false| should be preferable. | |
| 47 // Generally, if public key is set in local state, the private key should | |
| 48 // be present in the system TPM slot. This is used to make sure that easy | |
| 49 // signin does not remain permanently broken if something goes wrong. | |
| 50 // |callback|: If the method cannot return immediately, called when the key | |
| 51 // pair presence is confirmed (or a key pair for the user is created). | |
| 52 bool PrepareTpmKey(const std::string& user_id, | |
| 53 bool check_private_key, | |
| 54 const base::Closure& callback); | |
| 55 | |
| 56 // If called, posts a delayed task that cancels |PrepareTpmKey| in case | |
|
pneubeck (no reviews)
2014/12/05 12:16:05
... and cancels all previously started timeouts.
tbarzic
2014/12/11 23:43:28
Done.
| |
| 57 // getting system slot takes more than |timeout_ms|. In the case getting | |
| 58 // system slot times out |PrepareTpmKey| callback will be called with an empty | |
|
pneubeck (no reviews)
2014/12/05 12:16:05
nit: comma after 'out'
tbarzic
2014/12/11 23:43:28
Done.
| |
| 59 // public key. | |
| 60 bool SetGetSystemSlotTimeoutMs(size_t timeout_ms); | |
|
pneubeck (no reviews)
2014/12/05 12:16:05
currently must be called after PrepareTpmKey to ha
tbarzic
2014/12/11 23:43:28
Done.
| |
| 61 | |
| 62 // Gets the public RSA key for user. The key is retrieved from local state. | |
| 63 std::string GetPublicTpmKey(const std::string& user_id); | |
| 64 | |
| 65 // Signs |data| using private RSA key associated with |user_id| stored in TPM | |
| 66 // system slot. | |
| 67 void SignUsingTpmKey( | |
| 68 const std::string& user_id, | |
| 69 const std::string& data, | |
| 70 const base::Callback<void(const std::string& data)> callback); | |
| 71 | |
| 72 private: | |
| 73 // Utility method for setting public key values in local state. | |
| 74 // Note that the keys are saved base64 encoded. | |
| 75 void SetKeyInLocalState(const std::string& user_id, | |
| 76 const std::string& value); | |
| 77 | |
| 78 // Called when TPM system slot is initialized and ready to be used. | |
| 79 // It creates RSA key pair for the user in the system slot. | |
| 80 // When the key pair is created, |OnTpmKeyCreated| will be called with the | |
| 81 // created public key. | |
| 82 // The key will not be created if |public_key| is non-empty and the associated | |
| 83 // private key can be found in the slot. Instead |OnTpmKeyCreated| will be | |
| 84 // called with |public_key|. | |
| 85 void CreateKeyInSystemSlot( | |
| 86 const std::string& user_id, | |
| 87 const std::string& public_key, | |
| 88 crypto::ScopedPK11Slot system_slot); | |
| 89 | |
| 90 // Called when TPM system slot is initialized and ready to be used. | |
| 91 // It schedules data signing operation on a worker thread. The data is signed | |
| 92 // by a private key stored in |system_slot| and identified by |public_key| | |
| 93 // (a private key that is part of the same RSA key pair as |public_key|). | |
| 94 // Once data is signed |callback| is called with the signed data. | |
| 95 void SignDataWithSystemSlot( | |
| 96 const std::string& public_key, | |
| 97 const std::string& data, | |
| 98 const base::Callback<void(const std::string& data)> callback, | |
| 99 crypto::ScopedPK11Slot system_slot); | |
| 100 | |
| 101 // Called when a RSA key pair is created for a user in TPM system slot. | |
| 102 // It saves the pulic key in the local state and runs queued up | |
| 103 // |PrepareTpmKey| callbacks. | |
| 104 void OnTpmKeyCreated(const std::string& user_id, | |
| 105 const std::string& public_key); | |
| 106 | |
| 107 // Called when data signing requested in |SignUsingTpmKey| is done. | |
| 108 // It runs |callback| with the created |signature|. On error the callback will | |
| 109 // be run with an empty string. | |
| 110 void OnDataSigned( | |
| 111 const base::Callback<void(const std::string&)>& callback, | |
| 112 const std::string& signature); | |
| 113 | |
| 114 std::string user_id_; | |
| 115 | |
| 116 PrefService* local_state_; | |
| 117 | |
| 118 // Whether TPM key pair is being created as a result of call to | |
| 119 // |PrepareTpmKey|. If set, callbacks for further |PrepareTpmKey| | |
| 120 // will be queued up and run when the original function call finishes. | |
| 121 bool creating_tpm_key_pair_; | |
| 122 bool got_tpm_slot_; | |
| 123 | |
| 124 // Queued up |PrepareTpmKey| callbacks. | |
| 125 std::vector<base::Closure> tpm_key_present_callbacks_; | |
| 126 | |
| 127 base::WeakPtrFactory<EasyUnlockTpmKeyManager> get_tpm_slot_weak_ptr_factory_; | |
| 128 base::WeakPtrFactory<EasyUnlockTpmKeyManager> weak_ptr_factory_; | |
| 129 | |
| 130 DISALLOW_COPY_AND_ASSIGN(EasyUnlockTpmKeyManager); | |
| 131 }; | |
| 132 | |
| 133 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_EASY_UNLOCK_EASY_UNLOCK_TPM_KEY_MANAGER _H_ | |
| OLD | NEW |
