1 // Copyright 2020 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_H_
6 #define CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_H_
7 
8 #include <memory>
9 #include <string>
10 #include <vector>
11 
12 #include "base/callback.h"
13 #include "net/cert/x509_certificate.h"
14 
15 namespace chromeos {
16 namespace platform_keys {
17 
18 // Supported key types.
19 enum class KeyType { kRsassaPkcs1V15, kEcdsa };
20 
21 // Supported key attribute types.
22 enum class KeyAttributeType { kCertificateProvisioningId, kKeyPermissions };
23 
24 // Supported hash algorithms.
25 enum HashAlgorithm {
26   HASH_ALGORITHM_NONE,  // The value if no hash function is selected.
27   HASH_ALGORITHM_SHA1,
28   HASH_ALGORITHM_SHA256,
29   HASH_ALGORITHM_SHA384,
30   HASH_ALGORITHM_SHA512
31 };
32 
33 // Supported token IDs.
34 // A token is a store for keys or certs and can provide cryptographic
35 // operations.
36 // ChromeOS provides itself a user token and conditionally a system wide token.
37 enum class TokenId { kUser, kSystem };
38 
39 // The service possible statuses.
40 // For every platform keys service operation callback, a status is passed
41 // signaling the success or failure of the operation.
42 enum class Status {
43   kSuccess,
44   kErrorAlgorithmNotSupported,
45   kErrorCertificateNotFound,
46   kErrorGrantKeyPermissionForExtension,
47   kErrorInternal,
48   kErrorKeyAttributeRetrievalFailed,
49   kErrorKeyAttributeSettingFailed,
50   kErrorKeyNotAllowedForSigning,
51   kErrorKeyNotFound,
52   kErrorShutDown,
53   // kNetError* are for errors occurred during net::* operations.
54   kNetErrorAddUserCertFailed,
55   kNetErrorCertificateDateInvalid,
56   kNetErrorCertificateInvalid,
57 };
58 
59 // These strings can be used to be passed to extensions as well as for logging
60 // purposes.
61 // Note: Do not change already existing status-to-string translations, since
62 // extensions may hardcode specific messages.
63 std::string StatusToString(Status status);
64 
65 // Returns the DER encoding of the X.509 Subject Public Key Info of the public
66 // key in |certificate|.
67 std::string GetSubjectPublicKeyInfo(
68     const scoped_refptr<net::X509Certificate>& certificate);
69 
70 // Intersects the two certificate lists |certs1| and |certs2| and passes the
71 // intersection to |callback|. The intersction preserves the order of |certs1|.
72 void IntersectCertificates(
73     const net::CertificateList& certs1,
74     const net::CertificateList& certs2,
75     const base::Callback<void(std::unique_ptr<net::CertificateList>)>&
76         callback);
77 
78 // Obtains information about the public key in |certificate|.
79 // If |certificate| contains an RSA key, sets |key_size_bits| to the modulus
80 // length, and |key_type| to type RSA and returns true.
81 // If |certificate| contains any other key type, or if the public exponent of
82 // the RSA key in |certificate| is not F4, returns false and does not update any
83 // of the output parameters.
84 // All pointer arguments must not be null.
85 bool GetPublicKey(const scoped_refptr<net::X509Certificate>& certificate,
86                   net::X509Certificate::PublicKeyType* key_type,
87                   size_t* key_size_bits);
88 
89 // Obtains information about the public key in |spki|.
90 // If |spki| is an RSA key, sets |key_size_bits| to the modulus
91 // length, and |key_type| to type RSA and returns true.
92 // If |spki| is any other key type, returns false and does not update any
93 // of the output parameters.
94 // All pointer arguments must not be null.
95 bool GetPublicKeyBySpki(const std::string& spki,
96                         net::X509Certificate::PublicKeyType* key_type,
97                         size_t* key_size_bits);
98 
99 struct ClientCertificateRequest {
100   ClientCertificateRequest();
101   ClientCertificateRequest(const ClientCertificateRequest& other);
102   ~ClientCertificateRequest();
103 
104   // The list of the types of certificates requested, sorted in order of the
105   // server's preference.
106   std::vector<net::X509Certificate::PublicKeyType> certificate_key_types;
107 
108   // List of distinguished names of certificate authorities allowed by the
109   // server. Each entry must be a DER-encoded X.509 DistinguishedName.
110   std::vector<std::string> certificate_authorities;
111 };
112 
113 }  // namespace platform_keys
114 }  // namespace chromeos
115 
116 #endif  // CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_H_
117