nss_util_internal.h 4.49 KB
Newer Older
1
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 3 4
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

5 6
#ifndef CRYPTO_NSS_UTIL_INTERNAL_H_
#define CRYPTO_NSS_UTIL_INTERNAL_H_
7 8 9

#include <secmodt.h>

10 11
#include <string>

12 13
#include "base/callback.h"
#include "base/compiler_specific.h"
14
#include "base/macros.h"
15
#include "crypto/crypto_export.h"
16 17 18 19 20
#include "crypto/scoped_nss_types.h"

namespace base {
class FilePath;
}
21

22 23 24
// These functions return a type defined in an NSS header, and so cannot be
// declared in nss_util.h.  Hence, they are declared here.

25
namespace crypto {
26

27 28
// Opens an NSS software database in folder |path|, with the (potentially)
// user-visible description |description|. Returns the slot for the opened
29
// database, or nullptr if the database could not be opened.
xhwang's avatar
xhwang committed
30 31
CRYPTO_EXPORT ScopedPK11Slot OpenSoftwareNSSDB(const base::FilePath& path,
                                               const std::string& description);
32 33

#if !defined(OS_CHROMEOS)
34 35 36
// Returns a reference to the default NSS key slot for storing persistent data.
// Caller must release returned reference with PK11_FreeSlot.
CRYPTO_EXPORT PK11SlotInfo* GetPersistentNSSKeySlot() WARN_UNUSED_RESULT;
37
#endif
38

39 40
// A helper class that acquires the SECMOD list read lock while the
// AutoSECMODListReadLock is in scope.
41
class CRYPTO_EXPORT AutoSECMODListReadLock {
42 43 44 45 46 47 48 49 50
 public:
  AutoSECMODListReadLock();
  ~AutoSECMODListReadLock();

 private:
  SECMODListLock* lock_;
  DISALLOW_COPY_AND_ASSIGN(AutoSECMODListReadLock);
};

51
#if defined(OS_CHROMEOS)
52 53 54 55 56
// Returns a reference to the system-wide TPM slot if it is loaded. If it is not
// loaded and |callback| is non-null, the |callback| will be run once the slot
// is loaded.
CRYPTO_EXPORT ScopedPK11Slot GetSystemNSSKeySlot(
    const base::Callback<void(ScopedPK11Slot)>& callback) WARN_UNUSED_RESULT;
57

58 59 60 61
// Sets the test system slot to |slot|, which means that |slot| will be exposed
// through |GetSystemNSSKeySlot| and |IsTPMTokenReady| will return true.
// |InitializeTPMTokenAndSystemSlot|, which triggers the TPM initialization,
// does not have to be called if the test system slot is set.
62 63
// This must must not be called consecutively with a |slot| != nullptr. If
// |slot| is nullptr, the test system slot is unset.
xhwang's avatar
xhwang committed
64
CRYPTO_EXPORT void SetSystemKeySlotForTesting(ScopedPK11Slot slot);
65

66 67 68 69
// Prepare per-user NSS slot mapping. It is safe to call this function multiple
// times. Returns true if the user was added, or false if it already existed.
CRYPTO_EXPORT bool InitializeNSSForChromeOSUser(
    const std::string& username_hash,
70 71 72 73 74 75 76 77 78 79 80 81 82 83
    const base::FilePath& path);

// Returns whether TPM for ChromeOS user still needs initialization. If
// true is returned, the caller can proceed to initialize TPM slot for the
// user, but should call |WillInitializeTPMForChromeOSUser| first.
// |InitializeNSSForChromeOSUser| must have been called first.
CRYPTO_EXPORT bool ShouldInitializeTPMForChromeOSUser(
    const std::string& username_hash) WARN_UNUSED_RESULT;

// Makes |ShouldInitializeTPMForChromeOSUser| start returning false.
// Should be called before starting TPM initialization for the user.
// Assumes |InitializeNSSForChromeOSUser| had already been called.
CRYPTO_EXPORT void WillInitializeTPMForChromeOSUser(
    const std::string& username_hash);
84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105

// Use TPM slot |slot_id| for user.  InitializeNSSForChromeOSUser must have been
// called first.
CRYPTO_EXPORT void InitializeTPMForChromeOSUser(
    const std::string& username_hash,
    CK_SLOT_ID slot_id);

// Use the software slot as the private slot for user.
// InitializeNSSForChromeOSUser must have been called first.
CRYPTO_EXPORT void InitializePrivateSoftwareSlotForChromeOSUser(
    const std::string& username_hash);

// Returns a reference to the public slot for user.
CRYPTO_EXPORT ScopedPK11Slot GetPublicSlotForChromeOSUser(
    const std::string& username_hash) WARN_UNUSED_RESULT;

// Returns the private slot for |username_hash| if it is loaded. If it is not
// loaded and |callback| is non-null, the |callback| will be run once the slot
// is loaded.
CRYPTO_EXPORT ScopedPK11Slot GetPrivateSlotForChromeOSUser(
    const std::string& username_hash,
    const base::Callback<void(ScopedPK11Slot)>& callback) WARN_UNUSED_RESULT;
106 107 108

// Closes the NSS DB for |username_hash| that was previously opened by the
// *Initialize*ForChromeOSUser functions.
xhwang's avatar
xhwang committed
109
CRYPTO_EXPORT void CloseChromeOSUserForTesting(
110
    const std::string& username_hash);
111 112
#endif  // defined(OS_CHROMEOS)

113
}  // namespace crypto
114

115
#endif  // CRYPTO_NSS_UTIL_INTERNAL_H_