Home | History | Annotate | Download | only in crypto 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CRYPTO_NSS_UTIL_H_
      6 #define CRYPTO_NSS_UTIL_H_
      7 
      8 #include <stdint.h>
      9 
     10 #include <string>
     11 #include "base/callback.h"
     12 #include "base/compiler_specific.h"
     13 #include "base/macros.h"
     14 #include "crypto/crypto_export.h"
     15 
     16 namespace base {
     17 class FilePath;
     18 class Lock;
     19 class Time;
     20 }  // namespace base
     21 
     22 // This file specifically doesn't depend on any NSS or NSPR headers because it
     23 // is included by various (non-crypto) parts of chrome to call the
     24 // initialization functions.
     25 namespace crypto {
     26 
     27 #if defined(USE_NSS_CERTS)
     28 // EarlySetupForNSSInit performs lightweight setup which must occur before the
     29 // process goes multithreaded. This does not initialise NSS. For test, see
     30 // EnsureNSSInit.
     31 CRYPTO_EXPORT void EarlySetupForNSSInit();
     32 #endif
     33 
     34 // Initialize NRPR if it isn't already initialized.  This function is
     35 // thread-safe, and NSPR will only ever be initialized once.
     36 CRYPTO_EXPORT void EnsureNSPRInit();
     37 
     38 // Initialize NSS if it isn't already initialized.  This must be called before
     39 // any other NSS functions.  This function is thread-safe, and NSS will only
     40 // ever be initialized once.
     41 CRYPTO_EXPORT void EnsureNSSInit();
     42 
     43 // Check if the current NSS version is greater than or equals to |version|.
     44 // A sample version string is "3.12.3".
     45 bool CheckNSSVersion(const char* version);
     46 
     47 #if defined(OS_CHROMEOS)
     48 // Indicates that NSS should use the Chaps library so that we
     49 // can access the TPM through NSS.  InitializeTPMTokenAndSystemSlot and
     50 // InitializeTPMForChromeOSUser must still be called to load the slots.
     51 CRYPTO_EXPORT void EnableTPMTokenForNSS();
     52 
     53 // Returns true if EnableTPMTokenForNSS has been called.
     54 CRYPTO_EXPORT bool IsTPMTokenEnabledForNSS();
     55 
     56 // Returns true if the TPM is owned and PKCS#11 initialized with the
     57 // user and security officer PINs, and has been enabled in NSS by
     58 // calling EnableTPMForNSS, and Chaps has been successfully
     59 // loaded into NSS.
     60 // If |callback| is non-null and the function returns false, the |callback| will
     61 // be run once the TPM is ready. |callback| will never be run if the function
     62 // returns true.
     63 CRYPTO_EXPORT bool IsTPMTokenReady(const base::Closure& callback)
     64     WARN_UNUSED_RESULT;
     65 
     66 // Initialize the TPM token and system slot. The |callback| will run on the same
     67 // thread with true if the token and slot were successfully loaded or were
     68 // already initialized. |callback| will be passed false if loading failed.  Once
     69 // called, InitializeTPMTokenAndSystemSlot must not be called again until the
     70 // |callback| has been run.
     71 CRYPTO_EXPORT void InitializeTPMTokenAndSystemSlot(
     72     int system_slot_id,
     73     const base::Callback<void(bool)>& callback);
     74 #endif
     75 
     76 // Convert a NSS PRTime value into a base::Time object.
     77 // We use a int64_t instead of PRTime here to avoid depending on NSPR headers.
     78 CRYPTO_EXPORT base::Time PRTimeToBaseTime(int64_t prtime);
     79 
     80 // Convert a base::Time object into a PRTime value.
     81 // We use a int64_t instead of PRTime here to avoid depending on NSPR headers.
     82 CRYPTO_EXPORT int64_t BaseTimeToPRTime(base::Time time);
     83 
     84 #if defined(USE_NSS_CERTS)
     85 // NSS has a bug which can cause a deadlock or stall in some cases when writing
     86 // to the certDB and keyDB. It also has a bug which causes concurrent key pair
     87 // generations to scribble over each other. To work around this, we synchronize
     88 // writes to the NSS databases with a global lock. The lock is hidden beneath a
     89 // function for easy disabling when the bug is fixed. Callers should allow for
     90 // it to return NULL in the future.
     91 //
     92 // See https://bugzilla.mozilla.org/show_bug.cgi?id=564011
     93 base::Lock* GetNSSWriteLock();
     94 
     95 // A helper class that acquires the NSS write Lock while the AutoNSSWriteLock
     96 // is in scope.
     97 class CRYPTO_EXPORT AutoNSSWriteLock {
     98  public:
     99   AutoNSSWriteLock();
    100   ~AutoNSSWriteLock();
    101  private:
    102   base::Lock *lock_;
    103   DISALLOW_COPY_AND_ASSIGN(AutoNSSWriteLock);
    104 };
    105 #endif  // defined(USE_NSS_CERTS)
    106 
    107 }  // namespace crypto
    108 
    109 #endif  // CRYPTO_NSS_UTIL_H_
    110