1 // Copyright 2020 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_H_ 6 #define CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_H_ 7 8 #include <memory> 9 #include <string> 10 #include <vector> 11 12 #include "base/callback.h" 13 #include "net/cert/x509_certificate.h" 14 15 namespace chromeos { 16 namespace platform_keys { 17 18 // Supported key types. 19 enum class KeyType { kRsassaPkcs1V15, kEcdsa }; 20 21 // Supported key attribute types. 22 enum class KeyAttributeType { kCertificateProvisioningId, kKeyPermissions }; 23 24 // Supported hash algorithms. 25 enum HashAlgorithm { 26 HASH_ALGORITHM_NONE, // The value if no hash function is selected. 27 HASH_ALGORITHM_SHA1, 28 HASH_ALGORITHM_SHA256, 29 HASH_ALGORITHM_SHA384, 30 HASH_ALGORITHM_SHA512 31 }; 32 33 // Supported token IDs. 34 // A token is a store for keys or certs and can provide cryptographic 35 // operations. 36 // ChromeOS provides itself a user token and conditionally a system wide token. 37 enum class TokenId { kUser, kSystem }; 38 39 // The service possible statuses. 40 // For every platform keys service operation callback, a status is passed 41 // signaling the success or failure of the operation. 42 enum class Status { 43 kSuccess, 44 kErrorAlgorithmNotSupported, 45 kErrorCertificateNotFound, 46 kErrorGrantKeyPermissionForExtension, 47 kErrorInternal, 48 kErrorKeyAttributeRetrievalFailed, 49 kErrorKeyAttributeSettingFailed, 50 kErrorKeyNotAllowedForSigning, 51 kErrorKeyNotFound, 52 kErrorShutDown, 53 // kNetError* are for errors occurred during net::* operations. 54 kNetErrorAddUserCertFailed, 55 kNetErrorCertificateDateInvalid, 56 kNetErrorCertificateInvalid, 57 }; 58 59 // These strings can be used to be passed to extensions as well as for logging 60 // purposes. 61 // Note: Do not change already existing status-to-string translations, since 62 // extensions may hardcode specific messages. 63 std::string StatusToString(Status status); 64 65 // Returns the DER encoding of the X.509 Subject Public Key Info of the public 66 // key in |certificate|. 67 std::string GetSubjectPublicKeyInfo( 68 const scoped_refptr<net::X509Certificate>& certificate); 69 70 // Intersects the two certificate lists |certs1| and |certs2| and passes the 71 // intersection to |callback|. The intersction preserves the order of |certs1|. 72 void IntersectCertificates( 73 const net::CertificateList& certs1, 74 const net::CertificateList& certs2, 75 const base::Callback<void(std::unique_ptr<net::CertificateList>)>& 76 callback); 77 78 // Obtains information about the public key in |certificate|. 79 // If |certificate| contains an RSA key, sets |key_size_bits| to the modulus 80 // length, and |key_type| to type RSA and returns true. 81 // If |certificate| contains any other key type, or if the public exponent of 82 // the RSA key in |certificate| is not F4, returns false and does not update any 83 // of the output parameters. 84 // All pointer arguments must not be null. 85 bool GetPublicKey(const scoped_refptr<net::X509Certificate>& certificate, 86 net::X509Certificate::PublicKeyType* key_type, 87 size_t* key_size_bits); 88 89 // Obtains information about the public key in |spki|. 90 // If |spki| is an RSA key, sets |key_size_bits| to the modulus 91 // length, and |key_type| to type RSA and returns true. 92 // If |spki| is any other key type, returns false and does not update any 93 // of the output parameters. 94 // All pointer arguments must not be null. 95 bool GetPublicKeyBySpki(const std::string& spki, 96 net::X509Certificate::PublicKeyType* key_type, 97 size_t* key_size_bits); 98 99 struct ClientCertificateRequest { 100 ClientCertificateRequest(); 101 ClientCertificateRequest(const ClientCertificateRequest& other); 102 ~ClientCertificateRequest(); 103 104 // The list of the types of certificates requested, sorted in order of the 105 // server's preference. 106 std::vector<net::X509Certificate::PublicKeyType> certificate_key_types; 107 108 // List of distinguished names of certificate authorities allowed by the 109 // server. Each entry must be a DER-encoded X.509 DistinguishedName. 110 std::vector<std::string> certificate_authorities; 111 }; 112 113 } // namespace platform_keys 114 } // namespace chromeos 115 116 #endif // CHROME_BROWSER_CHROMEOS_PLATFORM_KEYS_PLATFORM_KEYS_H_ 117