cryptohome/keyset_management.h - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2020 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CRYPTOHOME_KEYSET_MANAGEMENT_H_
 #define CRYPTOHOME_KEYSET_MANAGEMENT_H_

 #include <map>
 #include <memory>
 #include <string>
 #include <vector>

 #include <brillo/secure_blob.h>
 #include <dbus/cryptohome/dbus-constants.h>

 #include "cryptohome/cleanup/user_oldest_activity_timestamp_manager.h"
 #include "cryptohome/credentials.h"
 #include "cryptohome/crypto.h"
 #include "cryptohome/platform.h"
 #include "cryptohome/rpc.pb.h"
 #include "cryptohome/storage/homedirs.h"
 #include "cryptohome/UserDataAuth.pb.h"
 #include "cryptohome/vault_keyset.h"
 #include "cryptohome/vault_keyset_factory.h"

 namespace cryptohome {

 class KeysetManagement {
  public:
   KeysetManagement() = default;
   KeysetManagement(Platform* platform,
                    Crypto* crypto,
                    const brillo::SecureBlob& system_salt,
                    std::unique_ptr<VaultKeysetFactory> vault_keyset_factory);
   virtual ~KeysetManagement() = default;
   KeysetManagement(const KeysetManagement&) = delete;
   KeysetManagement& operator=(const KeysetManagement&) = delete;

   // Returns a list of present keyset indices for an obfuscated username.
   // There is no guarantee the keysets are valid.
   virtual bool GetVaultKeysets(const std::string& obfuscated,
                                std::vector<int>* keysets) const;

   // Outputs a list of present keysets by label for a given obfuscated username.
   // There is no guarantee the keysets are valid nor is the ordering guaranteed.
   // Returns true on success, false if no keysets are found.
   virtual bool GetVaultKeysetLabels(const std::string& obfuscated_username,
                                     std::vector<std::string>* labels) const;

   // Outputs a map of present keysets by label and the associate key data for a
   // given obfuscated username. There is no guarantee the keysets are valid nor
   // is the ordering guaranteed. Returns true on success, false if no keysets
   // are found.
   virtual bool GetVaultKeysetLabelsAndData(
       const std::string& obfuscated_username,
       std::map<std::string, KeyData>* key_label_data) const;

   // Returns a VaultKeyset that matches the given obfuscated username and the
   // key label. If the label is empty or if no matching keyset is found, NULL
   // will be returned.
   //
   // The caller DOES take ownership of the returned VaultKeyset pointer.
   // There is no guarantee the keyset is valid.
   virtual std::unique_ptr<VaultKeyset> GetVaultKeyset(
       const std::string& obfuscated_username,
       const std::string& key_label) const;

   // Returns true if the supplied Credentials are a valid (username, passkey)
   // pair.
   virtual bool AreCredentialsValid(const Credentials& credentials);

   // Returns decrypted with |creds| keyset, or nullptr if none decryptable
   // with the provided |creds| found and |error| will be populated with the
   // partucular failure reason.
   // NOTE: The LE Credential Keysets are only considered when the key label
   // provided via |creds| is non-empty.
   virtual std::unique_ptr<VaultKeyset> GetValidKeyset(const Credentials& creds,
                                                       MountError* error);

   // Loads the vault keyset for the supplied obfuscated username and index.
   // Returns true for success, false for failure.
   std::unique_ptr<VaultKeyset> LoadVaultKeysetForUser(
       const std::string& obfuscated_user, int index) const;

   // Checks if the directory containing user keys exists.
   virtual bool UserExists(const std::string& obfuscated_username);

   // Adds initial keyset for the credentials.
   virtual bool AddInitialKeyset(const Credentials& credentials);

   // Adds randomly generated reset_seed to the vault keyset if |reset_seed_|
   // doesn't have any value.
   virtual CryptohomeErrorCode AddWrappedResetSeedIfMissing(
       VaultKeyset* vault_keyset, const Credentials& credentials);

   // Adds a new keyset to the given |vault_keyset| and persist to
   // disk. This function assumes the user is already authenticated and their
   // vault keyset with the existing credentials is unwrapped which should be
   // inputted to this function to initialize a new vault keyset. Thus,
   // GetValidKeyset() should be called prior to this function to authenticate
   // with the existing credentials. New keyset is updated to have the key data
   // from |new_credentials|. If |clobber| is true and there are no matching,
   // labeled keys, then it does nothing; if there is an identically labeled key,
   // it will overwrite it.
   virtual CryptohomeErrorCode AddKeyset(const Credentials& new_credentials,
                                         const VaultKeyset& vault_keyset,
                                         bool clobber);

   // Removes the keyset identified by |key_data|.  The VaultKeyset backing
   // |credentials| may be the same that |key_data| identifies.
   virtual CryptohomeErrorCode RemoveKeyset(const Credentials& credentials,
                                            const KeyData& key_data);

   // Removes the keyset specified by |index| from the list for the user
   // vault identified by its |obfuscated| username.
   // The caller should check credentials if the call is user-sourced.
   // TODO(wad,ellyjones) Determine a better keyset priotization and management
   //                     scheme than just integer indices, like fingerprints.
   virtual bool ForceRemoveKeyset(const std::string& obfuscated, int index);

   // Allows a keyset to be moved to a different index assuming the index can be
   // claimed for a given |obfuscated| username.
   virtual bool MoveKeyset(const std::string& obfuscated, int src, int dst);

   // Migrates the cryptohome vault keyset to a new one for the new credentials.
   virtual bool Migrate(const VaultKeyset& old_vk, const Credentials& newcreds);

   // Attempts to reset all LE credentials associated with a username, given
   // a credential |cred|.
   void ResetLECredentials(const Credentials& creds);

   // Removes all LE credentials for a user with |obfuscated_username|.
   virtual void RemoveLECredentials(const std::string& obfuscated_username);

   // Returns the public mount pass key derived from username.
   virtual brillo::SecureBlob GetPublicMountPassKey(
       const std::string& account_id);

   // Get timestamp from a legacy location.
   // TODO(b/205759690, dlunev): can be removed after a stepping stone release.
   virtual base::Time GetKeysetBoundTimestamp(const std::string& obfuscated);

   // Remove legacy location for timestamp.
   // TODO(b/205759690, dlunev): can be removed after a stepping stone release.
   virtual void CleanupPerIndexTimestampFiles(const std::string& obfuscated);

   // Checks whether the keyset is up to date (e.g. has correct encryption
   // parameters, has all required fields populated etc.) and if not, updates
   // and resaves the keyset.
   virtual bool ReSaveKeysetIfNeeded(const Credentials& credentials,
                                     VaultKeyset* keyset) const;

  private:
   // Check if the vault keyset needs re-encryption.
   bool ShouldReSaveKeyset(VaultKeyset* vault_keyset) const;

   // Resaves the vault keyset, restoring on failure.
   bool ReSaveKeyset(const Credentials& credentials, VaultKeyset* keyset) const;

   // TODO(b/205759690, dlunev): can be removed after a stepping stone release.
   base::Time GetPerIndexTimestampFileData(const std::string& obfuscated,
                                           int index);

   Platform* platform_;
   Crypto* crypto_;
   brillo::SecureBlob system_salt_;
   std::unique_ptr<VaultKeysetFactory> vault_keyset_factory_;

   FRIEND_TEST(KeysetManagementTest, ReSaveOnLoadNoReSave);
   FRIEND_TEST(KeysetManagementTest, ReSaveOnLoadTestRegularCreds);
   FRIEND_TEST(KeysetManagementTest, ReSaveOnLoadTestLeCreds);
 };

 }  // namespace cryptohome

 #endif  // CRYPTOHOME_KEYSET_MANAGEMENT_H_
	// Copyright 2020 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CRYPTOHOME_KEYSET_MANAGEMENT_H_
	#define CRYPTOHOME_KEYSET_MANAGEMENT_H_

	#include <map>
	#include <memory>
	#include <string>
	#include <vector>

	#include <brillo/secure_blob.h>
	#include <dbus/cryptohome/dbus-constants.h>

	#include "cryptohome/cleanup/user_oldest_activity_timestamp_manager.h"
	#include "cryptohome/credentials.h"
	#include "cryptohome/crypto.h"
	#include "cryptohome/platform.h"
	#include "cryptohome/rpc.pb.h"
	#include "cryptohome/storage/homedirs.h"
	#include "cryptohome/UserDataAuth.pb.h"
	#include "cryptohome/vault_keyset.h"
	#include "cryptohome/vault_keyset_factory.h"

	namespace cryptohome {

	class KeysetManagement {
	public:
	KeysetManagement() = default;
	KeysetManagement(Platform* platform,
	Crypto* crypto,
	const brillo::SecureBlob& system_salt,
	std::unique_ptr<VaultKeysetFactory> vault_keyset_factory);
	virtual ~KeysetManagement() = default;
	KeysetManagement(const KeysetManagement&) = delete;
	KeysetManagement& operator=(const KeysetManagement&) = delete;

	// Returns a list of present keyset indices for an obfuscated username.
	// There is no guarantee the keysets are valid.
	virtual bool GetVaultKeysets(const std::string& obfuscated,
	std::vector<int>* keysets) const;

	// Outputs a list of present keysets by label for a given obfuscated username.
	// There is no guarantee the keysets are valid nor is the ordering guaranteed.
	// Returns true on success, false if no keysets are found.
	virtual bool GetVaultKeysetLabels(const std::string& obfuscated_username,
	std::vector<std::string>* labels) const;

	// Outputs a map of present keysets by label and the associate key data for a
	// given obfuscated username. There is no guarantee the keysets are valid nor
	// is the ordering guaranteed. Returns true on success, false if no keysets
	// are found.
	virtual bool GetVaultKeysetLabelsAndData(
	const std::string& obfuscated_username,
	std::map<std::string, KeyData>* key_label_data) const;

	// Returns a VaultKeyset that matches the given obfuscated username and the
	// key label. If the label is empty or if no matching keyset is found, NULL
	// will be returned.
	//
	// The caller DOES take ownership of the returned VaultKeyset pointer.
	// There is no guarantee the keyset is valid.
	virtual std::unique_ptr<VaultKeyset> GetVaultKeyset(
	const std::string& obfuscated_username,
	const std::string& key_label) const;

	// Returns true if the supplied Credentials are a valid (username, passkey)
	// pair.
	virtual bool AreCredentialsValid(const Credentials& credentials);

	// Returns decrypted with \|creds\| keyset, or nullptr if none decryptable
	// with the provided \|creds\| found and \|error\| will be populated with the
	// partucular failure reason.
	// NOTE: The LE Credential Keysets are only considered when the key label
	// provided via \|creds\| is non-empty.
	virtual std::unique_ptr<VaultKeyset> GetValidKeyset(const Credentials& creds,
	MountError* error);

	// Loads the vault keyset for the supplied obfuscated username and index.
	// Returns true for success, false for failure.
	std::unique_ptr<VaultKeyset> LoadVaultKeysetForUser(
	const std::string& obfuscated_user, int index) const;

	// Checks if the directory containing user keys exists.
	virtual bool UserExists(const std::string& obfuscated_username);

	// Adds initial keyset for the credentials.
	virtual bool AddInitialKeyset(const Credentials& credentials);

	// Adds randomly generated reset_seed to the vault keyset if \|reset_seed_\|
	// doesn't have any value.
	virtual CryptohomeErrorCode AddWrappedResetSeedIfMissing(
	VaultKeyset* vault_keyset, const Credentials& credentials);

	// Adds a new keyset to the given \|vault_keyset\| and persist to
	// disk. This function assumes the user is already authenticated and their
	// vault keyset with the existing credentials is unwrapped which should be
	// inputted to this function to initialize a new vault keyset. Thus,
	// GetValidKeyset() should be called prior to this function to authenticate
	// with the existing credentials. New keyset is updated to have the key data
	// from \|new_credentials\|. If \|clobber\| is true and there are no matching,
	// labeled keys, then it does nothing; if there is an identically labeled key,
	// it will overwrite it.
	virtual CryptohomeErrorCode AddKeyset(const Credentials& new_credentials,
	const VaultKeyset& vault_keyset,
	bool clobber);

	// Removes the keyset identified by \|key_data\|. The VaultKeyset backing
	// \|credentials\| may be the same that \|key_data\| identifies.
	virtual CryptohomeErrorCode RemoveKeyset(const Credentials& credentials,
	const KeyData& key_data);

	// Removes the keyset specified by \|index\| from the list for the user
	// vault identified by its \|obfuscated\| username.
	// The caller should check credentials if the call is user-sourced.
	// TODO(wad,ellyjones) Determine a better keyset priotization and management
	// scheme than just integer indices, like fingerprints.
	virtual bool ForceRemoveKeyset(const std::string& obfuscated, int index);

	// Allows a keyset to be moved to a different index assuming the index can be
	// claimed for a given \|obfuscated\| username.
	virtual bool MoveKeyset(const std::string& obfuscated, int src, int dst);

	// Migrates the cryptohome vault keyset to a new one for the new credentials.
	virtual bool Migrate(const VaultKeyset& old_vk, const Credentials& newcreds);

	// Attempts to reset all LE credentials associated with a username, given
	// a credential \|cred\|.
	void ResetLECredentials(const Credentials& creds);

	// Removes all LE credentials for a user with \|obfuscated_username\|.
	virtual void RemoveLECredentials(const std::string& obfuscated_username);

	// Returns the public mount pass key derived from username.
	virtual brillo::SecureBlob GetPublicMountPassKey(
	const std::string& account_id);

	// Get timestamp from a legacy location.
	// TODO(b/205759690, dlunev): can be removed after a stepping stone release.
	virtual base::Time GetKeysetBoundTimestamp(const std::string& obfuscated);

	// Remove legacy location for timestamp.
	// TODO(b/205759690, dlunev): can be removed after a stepping stone release.
	virtual void CleanupPerIndexTimestampFiles(const std::string& obfuscated);

	// Checks whether the keyset is up to date (e.g. has correct encryption
	// parameters, has all required fields populated etc.) and if not, updates
	// and resaves the keyset.
	virtual bool ReSaveKeysetIfNeeded(const Credentials& credentials,
	VaultKeyset* keyset) const;

	private:
	// Check if the vault keyset needs re-encryption.
	bool ShouldReSaveKeyset(VaultKeyset* vault_keyset) const;

	// Resaves the vault keyset, restoring on failure.
	bool ReSaveKeyset(const Credentials& credentials, VaultKeyset* keyset) const;

	// TODO(b/205759690, dlunev): can be removed after a stepping stone release.
	base::Time GetPerIndexTimestampFileData(const std::string& obfuscated,
	int index);

	Platform* platform_;
	Crypto* crypto_;
	brillo::SecureBlob system_salt_;
	std::unique_ptr<VaultKeysetFactory> vault_keyset_factory_;

	FRIEND_TEST(KeysetManagementTest, ReSaveOnLoadNoReSave);
	FRIEND_TEST(KeysetManagementTest, ReSaveOnLoadTestRegularCreds);
	FRIEND_TEST(KeysetManagementTest, ReSaveOnLoadTestLeCreds);
	};

	} // namespace cryptohome

	#endif // CRYPTOHOME_KEYSET_MANAGEMENT_H_