File: app_bound_encryption_win.h

package info (click to toggle)
chromium 139.0.7258.127-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,068 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (124 lines) | stat: -rw-r--r-- 4,974 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
 
// Copyright 2022 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CHROME_BROWSER_OS_CRYPT_APP_BOUND_ENCRYPTION_WIN_H_
#define CHROME_BROWSER_OS_CRYPT_APP_BOUND_ENCRYPTION_WIN_H_

#include <optional>
#include <string>

#include "base/feature_list.h"
#include "base/win/windows_types.h"
#include "chrome/elevation_service/elevation_service_idl.h"
#include "chrome/elevation_service/elevator.h"

class PrefService;

namespace os_crypt {

namespace features {
// If enabled, App-Bound encryption will attempt re-encryption of decrypted data
// if signaled that it should be re-encrypted.
BASE_DECLARE_FEATURE(kAppBoundDataReencrypt);
}  // namespace features

// These values are persisted to logs. Entries should not be renumbered and
// numeric values should never be reused.
enum class SupportLevel {
  // kSupported is the only level where both decrypt and encrypt operations are
  // fully supported.
  kSupported = 0,
  // Not running system level means no cryptographic operations are available,
  // and all calls will fail.
  kNotSystemLevel = 1,
  // The following enum values indicate that app-bound encryption can be
  // attempted, and decrypt operations may succeed, but encrypt operations
  // should not be carried out as the system has indicated that the storage may
  // not be fully reliable or disabled by policy.
  kNotLocalDisk = 2,
  kApiFailed = 3,
  kNotUsingDefaultUserDataDir = 4,
  kUserDataDirNotLocalDisk = 5,
  kDisabledByPolicy = 6,
  kDisabledByRoamingWindowsProfile = 7,
  kDisabledByRoamingChromeProfile = 8,
  kMaxValue = kDisabledByRoamingChromeProfile,
};

// For tests, this can be overriden and a concrete instance passed to
// `SetOverridesForTesting` to override the behavior of App-Bound encryption
// APIs.
class AppBoundEncryptionOverridesForTesting {
 public:
  virtual ~AppBoundEncryptionOverridesForTesting() = default;

  virtual HRESULT EncryptAppBoundString(
      ProtectionLevel level,
      const std::string& plaintext,
      std::string& ciphertext,
      DWORD& last_error,
      elevation_service::EncryptFlags* flags) = 0;

  virtual HRESULT DecryptAppBoundString(
      const std::string& ciphertext,
      std::string& plaintext,
      ProtectionLevel protection_level,
      std::optional<std::string>& new_ciphertext,
      DWORD& last_error,
      elevation_service::EncryptFlags* flags) = 0;

  virtual SupportLevel GetAppBoundEncryptionSupportLevel(
      PrefService* local_state) = 0;
};

// Returns whether or not app-bound encryption is supported on the current
// platform configuration. If this does not return kSupported then Encrypt and
// Decrypt operations will fail. This can be called on any thread.
SupportLevel GetAppBoundEncryptionSupportLevel(PrefService* local_state);

// Encrypts a string with a Protection level of `level`. See
// `src/chrome/elevation_service/elevation-service_idl.idl` for the definition
// of available protection levels.
//
// If `flags` is supplied, then this can control the behavior of the Encrypt
// operation. See `EncryptFlags` in `elevator.h` for more details.
//
// This returns an HRESULT as defined by src/chrome/elevation_service/elevator.h
// or S_OK for success. If the call fails then `last_error` will be set to the
// value returned from the most recent failing Windows API call or
// ERROR_GEN_FAILURE.
//
// This should be called on a COM-enabled thread.
HRESULT EncryptAppBoundString(ProtectionLevel level,
                              const std::string& plaintext,
                              std::string& ciphertext,
                              DWORD& last_error,
                              elevation_service::EncryptFlags* flags = nullptr);

// Decrypts a string previously encrypted by a call to EncryptAppBoundString.
//
// This returns an HRESULT as defined by src/chrome/elevation_service/elevator.h
// or S_OK for success. If the call fails then `last_error` will be set to the
// value returned from the most recent failing Windows API call or
// ERROR_GEN_FAILURE.
//
// App-Bound may recommend re-encryption of the data, for example if the key has
// been rotated. If so, `new_ciphertext` will contain the re-encrypted data
// according to the `protection_level` specified with the `flags`, if also
// specified.
//
// This should be called on a COM-enabled thread.
HRESULT DecryptAppBoundString(const std::string& ciphertext,
                              std::string& plaintext,
                              ProtectionLevel protection_level,
                              std::optional<std::string>& new_ciphertext,
                              DWORD& last_error,
                              elevation_service::EncryptFlags* flags = nullptr);

// Set to nullptr to reset.
void SetOverridesForTesting(AppBoundEncryptionOverridesForTesting* overrides);

}  // namespace os_crypt

#endif  // CHROME_BROWSER_OS_CRYPT_APP_BOUND_ENCRYPTION_WIN_H_