Home | History | Annotate | Download | only in crypto 
      1 // Copyright 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CRYPTO_NSS_CRYPTO_MODULE_DELEGATE_H_
      6 #define CRYPTO_NSS_CRYPTO_MODULE_DELEGATE_H_
      7 
      8 #include <string>
      9 
     10 #include "base/callback_forward.h"
     11 #include "crypto/scoped_nss_types.h"
     12 
     13 namespace crypto {
     14 
     15 // PK11_SetPasswordFunc is a global setting.  An implementation of
     16 // CryptoModuleBlockingPasswordDelegate should be passed using wincx() as the
     17 // user data argument (|wincx|) to relevant NSS functions, which the global
     18 // password handler will call to do the actual work. This delegate should only
     19 // be used in NSS calls on worker threads due to the blocking nature.
     20 class CryptoModuleBlockingPasswordDelegate {
     21  public:
     22   virtual ~CryptoModuleBlockingPasswordDelegate() {}
     23 
     24   // Return a value suitable for passing to the |wincx| argument of relevant NSS
     25   // functions. This should be used instead of passing the object pointer
     26   // directly to avoid accidentally casting a pointer to a subclass to void* and
     27   // then casting back to a pointer of the base class
     28   void* wincx() { return this; }
     29 
     30   // Requests a password to unlock |slot_name|. The interface is synchronous
     31   // because NSS cannot issue an asynchronous request. |retry| is true if this
     32   // is a request for the retry and we previously returned the wrong password.
     33   // The implementation should set |*cancelled| to true if the user cancelled
     34   // instead of entering a password, otherwise it should return the password the
     35   // user entered.
     36   virtual std::string RequestPassword(const std::string& slot_name, bool retry,
     37                                       bool* cancelled) = 0;
     38 };
     39 
     40 // Extends CryptoModuleBlockingPasswordDelegate with the ability to return a
     41 // slot in which to act. (Eg, which slot to store a generated key in.)
     42 class NSSCryptoModuleDelegate : public CryptoModuleBlockingPasswordDelegate {
     43  public:
     44   ~NSSCryptoModuleDelegate() override {}
     45 
     46   // Get the slot to store the generated key.
     47   virtual ScopedPK11Slot RequestSlot() = 0;
     48 };
     49 
     50 }  // namespace crypto
     51 
     52 #endif  // CRYPTO_NSS_CRYPTO_MODULE_DELEGATE_H_
     53