1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef CHROMEOS_DBUS_CONSTANTS_ATTESTATION_CONSTANTS_H_
6 #define CHROMEOS_DBUS_CONSTANTS_ATTESTATION_CONSTANTS_H_
7 
8 #include "base/component_export.h"
9 
10 namespace chromeos {
11 namespace attestation {
12 
13 enum VerifiedAccessType {
14   DEFAULT_VA,  // The default Verified Access server.
15   TEST_VA,     // The test Verified Access server.
16 };
17 
18 // Key types supported by the Chrome OS attestation subsystem.
19 enum AttestationKeyType {
20   // The key will be associated with the device itself and will be available
21   // regardless of which user is signed-in.
22   KEY_DEVICE,
23   // The key will be associated with the current user and will only be available
24   // when that user is signed-in.
25   KEY_USER,
26 };
27 
28 // Options available for customizing an attestation challenge response.
29 enum AttestationChallengeOptions {
30   CHALLENGE_OPTION_NONE = 0,
31   // Indicates that a SignedPublicKeyAndChallenge should be embedded in the
32   // challenge response.
33   CHALLENGE_INCLUDE_SIGNED_PUBLIC_KEY = 1,
34 };
35 
36 // Available attestation certificate profiles. These values are sent straight
37 // to cryptohomed and therefore match the values of CertificateProfile in
38 // platform2/cryptohome/attestation.proto for the right certificates to be
39 // returned.
40 enum AttestationCertificateProfile {
41   // Uses the following certificate options:
42   //   CERTIFICATE_INCLUDE_STABLE_ID
43   //   CERTIFICATE_INCLUDE_DEVICE_STATE
44   PROFILE_ENTERPRISE_MACHINE_CERTIFICATE = 0,
45   // Uses the following certificate options:
46   //   CERTIFICATE_INCLUDE_DEVICE_STATE
47   PROFILE_ENTERPRISE_USER_CERTIFICATE = 1,
48   // A profile for certificates intended for protected content providers.
49   PROFILE_CONTENT_PROTECTION_CERTIFICATE = 2,
50   // A profile for certificates intended for enterprise registration.
51   PROFILE_ENTERPRISE_ENROLLMENT_CERTIFICATE = 7
52 };
53 
54 // Status for operations involving an attestation server.
55 enum AttestationStatus {
56   // Call successful
57   ATTESTATION_SUCCESS,
58   // Failure, no specific reason
59   ATTESTATION_UNSPECIFIED_FAILURE,
60   // Failure, sending a bad request to an attestation server
61   ATTESTATION_SERVER_BAD_REQUEST_FAILURE
62 };
63 
64 enum PrivacyCAType {
65   DEFAULT_PCA,  // The Google-operated Privacy CA.
66   TEST_PCA,     // The test version of the Google-operated Privacy CA.
67 };
68 
69 // A key name for the Enterprise Machine Key.  This key should always be stored
70 // as a DEVICE_KEY.
71 COMPONENT_EXPORT(CHROMEOS_DBUS_CONSTANTS)
72 extern const char kEnterpriseMachineKey[];
73 
74 // A key name for the Enterprise Enrollmnent Key.  This key should always be
75 // stored as a DEVICE_KEY.
76 COMPONENT_EXPORT(CHROMEOS_DBUS_CONSTANTS)
77 extern const char kEnterpriseEnrollmentKey[];
78 
79 // A key name for the Enterprise User Key.  This key should always be stored as
80 // a USER_KEY.
81 COMPONENT_EXPORT(CHROMEOS_DBUS_CONSTANTS)
82 extern const char kEnterpriseUserKey[];
83 
84 // The key name prefix for content protection keys.  This prefix must be
85 // appended with an origin-specific identifier to form the final key name.
86 COMPONENT_EXPORT(CHROMEOS_DBUS_CONSTANTS)
87 extern const char kContentProtectionKeyPrefix[];
88 
89 }  // namespace attestation
90 }  // namespace chromeos
91 
92 #endif  // CHROMEOS_DBUS_CONSTANTS_ATTESTATION_CONSTANTS_H_
93