Home | History | Annotate | Download | only in crypto 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CRYPTO_NSS_UTIL_INTERNAL_H_
      6 #define CRYPTO_NSS_UTIL_INTERNAL_H_
      7 
      8 #include <secmodt.h>
      9 
     10 #include "base/callback.h"
     11 #include "base/compiler_specific.h"
     12 #include "base/macros.h"
     13 #include "crypto/crypto_export.h"
     14 #include "crypto/scoped_nss_types.h"
     15 
     16 namespace base {
     17 class FilePath;
     18 }
     19 
     20 // These functions return a type defined in an NSS header, and so cannot be
     21 // declared in nss_util.h.  Hence, they are declared here.
     22 
     23 namespace crypto {
     24 
     25 // Opens an NSS software database in folder |path|, with the (potentially)
     26 // user-visible description |description|. Returns the slot for the opened
     27 // database, or nullptr if the database could not be opened.
     28 CRYPTO_EXPORT ScopedPK11Slot OpenSoftwareNSSDB(const base::FilePath& path,
     29                                                const std::string& description);
     30 
     31 #if !defined(OS_CHROMEOS)
     32 // Returns a reference to the default NSS key slot for storing persistent data.
     33 // Caller must release returned reference with PK11_FreeSlot.
     34 CRYPTO_EXPORT PK11SlotInfo* GetPersistentNSSKeySlot() WARN_UNUSED_RESULT;
     35 #endif
     36 
     37 // A helper class that acquires the SECMOD list read lock while the
     38 // AutoSECMODListReadLock is in scope.
     39 class CRYPTO_EXPORT AutoSECMODListReadLock {
     40  public:
     41   AutoSECMODListReadLock();
     42   ~AutoSECMODListReadLock();
     43 
     44  private:
     45   SECMODListLock* lock_;
     46   DISALLOW_COPY_AND_ASSIGN(AutoSECMODListReadLock);
     47 };
     48 
     49 #if defined(OS_CHROMEOS)
     50 // Returns a reference to the system-wide TPM slot if it is loaded. If it is not
     51 // loaded and |callback| is non-null, the |callback| will be run once the slot
     52 // is loaded.
     53 CRYPTO_EXPORT ScopedPK11Slot GetSystemNSSKeySlot(
     54     const base::Callback<void(ScopedPK11Slot)>& callback) WARN_UNUSED_RESULT;
     55 
     56 // Sets the test system slot to |slot|, which means that |slot| will be exposed
     57 // through |GetSystemNSSKeySlot| and |IsTPMTokenReady| will return true.
     58 // |InitializeTPMTokenAndSystemSlot|, which triggers the TPM initialization,
     59 // does not have to be called if the test system slot is set.
     60 // This must must not be called consecutively with a |slot| != nullptr. If
     61 // |slot| is nullptr, the test system slot is unset.
     62 CRYPTO_EXPORT void SetSystemKeySlotForTesting(ScopedPK11Slot slot);
     63 
     64 // Prepare per-user NSS slot mapping. It is safe to call this function multiple
     65 // times. Returns true if the user was added, or false if it already existed.
     66 CRYPTO_EXPORT bool InitializeNSSForChromeOSUser(
     67     const std::string& username_hash,
     68     const base::FilePath& path);
     69 
     70 // Returns whether TPM for ChromeOS user still needs initialization. If
     71 // true is returned, the caller can proceed to initialize TPM slot for the
     72 // user, but should call |WillInitializeTPMForChromeOSUser| first.
     73 // |InitializeNSSForChromeOSUser| must have been called first.
     74 CRYPTO_EXPORT bool ShouldInitializeTPMForChromeOSUser(
     75     const std::string& username_hash) WARN_UNUSED_RESULT;
     76 
     77 // Makes |ShouldInitializeTPMForChromeOSUser| start returning false.
     78 // Should be called before starting TPM initialization for the user.
     79 // Assumes |InitializeNSSForChromeOSUser| had already been called.
     80 CRYPTO_EXPORT void WillInitializeTPMForChromeOSUser(
     81     const std::string& username_hash);
     82 
     83 // Use TPM slot |slot_id| for user.  InitializeNSSForChromeOSUser must have been
     84 // called first.
     85 CRYPTO_EXPORT void InitializeTPMForChromeOSUser(
     86     const std::string& username_hash,
     87     CK_SLOT_ID slot_id);
     88 
     89 // Use the software slot as the private slot for user.
     90 // InitializeNSSForChromeOSUser must have been called first.
     91 CRYPTO_EXPORT void InitializePrivateSoftwareSlotForChromeOSUser(
     92     const std::string& username_hash);
     93 
     94 // Returns a reference to the public slot for user.
     95 CRYPTO_EXPORT ScopedPK11Slot GetPublicSlotForChromeOSUser(
     96     const std::string& username_hash) WARN_UNUSED_RESULT;
     97 
     98 // Returns the private slot for |username_hash| if it is loaded. If it is not
     99 // loaded and |callback| is non-null, the |callback| will be run once the slot
    100 // is loaded.
    101 CRYPTO_EXPORT ScopedPK11Slot GetPrivateSlotForChromeOSUser(
    102     const std::string& username_hash,
    103     const base::Callback<void(ScopedPK11Slot)>& callback) WARN_UNUSED_RESULT;
    104 
    105 // Closes the NSS DB for |username_hash| that was previously opened by the
    106 // *Initialize*ForChromeOSUser functions.
    107 CRYPTO_EXPORT void CloseChromeOSUserForTesting(
    108     const std::string& username_hash);
    109 #endif  // defined(OS_CHROMEOS)
    110 
    111 }  // namespace crypto
    112 
    113 #endif  // CRYPTO_NSS_UTIL_INTERNAL_H_
    114