Home | History | Annotate | Download | only in crypto 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CRYPTO_NSS_UTIL_INTERNAL_H_
      6 #define CRYPTO_NSS_UTIL_INTERNAL_H_
      7 
      8 #include <secmodt.h>
      9 
     10 #include <string>
     11 
     12 #include "base/callback.h"
     13 #include "base/compiler_specific.h"
     14 #include "base/macros.h"
     15 #include "crypto/crypto_export.h"
     16 #include "crypto/scoped_nss_types.h"
     17 
     18 namespace base {
     19 class FilePath;
     20 }
     21 
     22 // These functions return a type defined in an NSS header, and so cannot be
     23 // declared in nss_util.h.  Hence, they are declared here.
     24 
     25 namespace crypto {
     26 
     27 // Opens an NSS software database in folder |path|, with the (potentially)
     28 // user-visible description |description|. Returns the slot for the opened
     29 // database, or nullptr if the database could not be opened.
     30 CRYPTO_EXPORT ScopedPK11Slot OpenSoftwareNSSDB(const base::FilePath& path,
     31                                                const std::string& description);
     32 
     33 #if !defined(OS_CHROMEOS)
     34 // Returns a reference to the default NSS key slot for storing persistent data.
     35 // Caller must release returned reference with PK11_FreeSlot.
     36 CRYPTO_EXPORT PK11SlotInfo* GetPersistentNSSKeySlot() WARN_UNUSED_RESULT;
     37 #endif
     38 
     39 // A helper class that acquires the SECMOD list read lock while the
     40 // AutoSECMODListReadLock is in scope.
     41 class CRYPTO_EXPORT AutoSECMODListReadLock {
     42  public:
     43   AutoSECMODListReadLock();
     44   ~AutoSECMODListReadLock();
     45 
     46  private:
     47   SECMODListLock* lock_;
     48   DISALLOW_COPY_AND_ASSIGN(AutoSECMODListReadLock);
     49 };
     50 
     51 #if defined(OS_CHROMEOS)
     52 // Returns a reference to the system-wide TPM slot if it is loaded. If it is not
     53 // loaded and |callback| is non-null, the |callback| will be run once the slot
     54 // is loaded.
     55 CRYPTO_EXPORT ScopedPK11Slot GetSystemNSSKeySlot(
     56     const base::Callback<void(ScopedPK11Slot)>& callback) WARN_UNUSED_RESULT;
     57 
     58 // Sets the test system slot to |slot|, which means that |slot| will be exposed
     59 // through |GetSystemNSSKeySlot| and |IsTPMTokenReady| will return true.
     60 // |InitializeTPMTokenAndSystemSlot|, which triggers the TPM initialization,
     61 // does not have to be called if the test system slot is set.
     62 // This must must not be called consecutively with a |slot| != nullptr. If
     63 // |slot| is nullptr, the test system slot is unset.
     64 CRYPTO_EXPORT void SetSystemKeySlotForTesting(ScopedPK11Slot slot);
     65 
     66 // Prepare per-user NSS slot mapping. It is safe to call this function multiple
     67 // times. Returns true if the user was added, or false if it already existed.
     68 CRYPTO_EXPORT bool InitializeNSSForChromeOSUser(
     69     const std::string& username_hash,
     70     const base::FilePath& path);
     71 
     72 // Returns whether TPM for ChromeOS user still needs initialization. If
     73 // true is returned, the caller can proceed to initialize TPM slot for the
     74 // user, but should call |WillInitializeTPMForChromeOSUser| first.
     75 // |InitializeNSSForChromeOSUser| must have been called first.
     76 CRYPTO_EXPORT bool ShouldInitializeTPMForChromeOSUser(
     77     const std::string& username_hash) WARN_UNUSED_RESULT;
     78 
     79 // Makes |ShouldInitializeTPMForChromeOSUser| start returning false.
     80 // Should be called before starting TPM initialization for the user.
     81 // Assumes |InitializeNSSForChromeOSUser| had already been called.
     82 CRYPTO_EXPORT void WillInitializeTPMForChromeOSUser(
     83     const std::string& username_hash);
     84 
     85 // Use TPM slot |slot_id| for user.  InitializeNSSForChromeOSUser must have been
     86 // called first.
     87 CRYPTO_EXPORT void InitializeTPMForChromeOSUser(
     88     const std::string& username_hash,
     89     CK_SLOT_ID slot_id);
     90 
     91 // Use the software slot as the private slot for user.
     92 // InitializeNSSForChromeOSUser must have been called first.
     93 CRYPTO_EXPORT void InitializePrivateSoftwareSlotForChromeOSUser(
     94     const std::string& username_hash);
     95 
     96 // Returns a reference to the public slot for user.
     97 CRYPTO_EXPORT ScopedPK11Slot GetPublicSlotForChromeOSUser(
     98     const std::string& username_hash) WARN_UNUSED_RESULT;
     99 
    100 // Returns the private slot for |username_hash| if it is loaded. If it is not
    101 // loaded and |callback| is non-null, the |callback| will be run once the slot
    102 // is loaded.
    103 CRYPTO_EXPORT ScopedPK11Slot GetPrivateSlotForChromeOSUser(
    104     const std::string& username_hash,
    105     const base::Callback<void(ScopedPK11Slot)>& callback) WARN_UNUSED_RESULT;
    106 
    107 // Closes the NSS DB for |username_hash| that was previously opened by the
    108 // *Initialize*ForChromeOSUser functions.
    109 CRYPTO_EXPORT void CloseChromeOSUserForTesting(
    110     const std::string& username_hash);
    111 #endif  // defined(OS_CHROMEOS)
    112 
    113 }  // namespace crypto
    114 
    115 #endif  // CRYPTO_NSS_UTIL_INTERNAL_H_
    116