1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CRYPTO_NSS_UTIL_INTERNAL_H_ 6 #define CRYPTO_NSS_UTIL_INTERNAL_H_ 7 8 #include <secmodt.h> 9 10 #include <string> 11 12 #include "base/callback.h" 13 #include "base/compiler_specific.h" 14 #include "base/macros.h" 15 #include "crypto/crypto_export.h" 16 #include "crypto/scoped_nss_types.h" 17 18 namespace base { 19 class FilePath; 20 } 21 22 // These functions return a type defined in an NSS header, and so cannot be 23 // declared in nss_util.h. Hence, they are declared here. 24 25 namespace crypto { 26 27 // Opens an NSS software database in folder |path|, with the (potentially) 28 // user-visible description |description|. Returns the slot for the opened 29 // database, or nullptr if the database could not be opened. 30 CRYPTO_EXPORT ScopedPK11Slot OpenSoftwareNSSDB(const base::FilePath& path, 31 const std::string& description); 32 33 #if !defined(OS_CHROMEOS) 34 // Returns a reference to the default NSS key slot for storing persistent data. 35 // Caller must release returned reference with PK11_FreeSlot. 36 CRYPTO_EXPORT PK11SlotInfo* GetPersistentNSSKeySlot() WARN_UNUSED_RESULT; 37 #endif 38 39 // A helper class that acquires the SECMOD list read lock while the 40 // AutoSECMODListReadLock is in scope. 41 class CRYPTO_EXPORT AutoSECMODListReadLock { 42 public: 43 AutoSECMODListReadLock(); 44 ~AutoSECMODListReadLock(); 45 46 private: 47 SECMODListLock* lock_; 48 DISALLOW_COPY_AND_ASSIGN(AutoSECMODListReadLock); 49 }; 50 51 #if defined(OS_CHROMEOS) 52 // Returns a reference to the system-wide TPM slot if it is loaded. If it is not 53 // loaded and |callback| is non-null, the |callback| will be run once the slot 54 // is loaded. 55 CRYPTO_EXPORT ScopedPK11Slot GetSystemNSSKeySlot( 56 base::OnceCallback<void(ScopedPK11Slot)> callback) WARN_UNUSED_RESULT; 57 58 // Sets the test system slot to |slot|, which means that |slot| will be exposed 59 // through |GetSystemNSSKeySlot| and |IsTPMTokenReady| will return true. 60 // |InitializeTPMTokenAndSystemSlot|, which triggers the TPM initialization, 61 // does not have to be called if the test system slot is set. 62 // This must must not be called consecutively with a |slot| != nullptr. If 63 // |slot| is nullptr, the test system slot is unset. 64 CRYPTO_EXPORT void SetSystemKeySlotForTesting(ScopedPK11Slot slot); 65 66 // Prepare per-user NSS slot mapping. It is safe to call this function multiple 67 // times. Returns true if the user was added, or false if it already existed. 68 CRYPTO_EXPORT bool InitializeNSSForChromeOSUser( 69 const std::string& username_hash, 70 const base::FilePath& path); 71 72 // Returns whether TPM for ChromeOS user still needs initialization. If 73 // true is returned, the caller can proceed to initialize TPM slot for the 74 // user, but should call |WillInitializeTPMForChromeOSUser| first. 75 // |InitializeNSSForChromeOSUser| must have been called first. 76 CRYPTO_EXPORT bool ShouldInitializeTPMForChromeOSUser( 77 const std::string& username_hash) WARN_UNUSED_RESULT; 78 79 // Makes |ShouldInitializeTPMForChromeOSUser| start returning false. 80 // Should be called before starting TPM initialization for the user. 81 // Assumes |InitializeNSSForChromeOSUser| had already been called. 82 CRYPTO_EXPORT void WillInitializeTPMForChromeOSUser( 83 const std::string& username_hash); 84 85 // Use TPM slot |slot_id| for user. InitializeNSSForChromeOSUser must have been 86 // called first. 87 CRYPTO_EXPORT void InitializeTPMForChromeOSUser( 88 const std::string& username_hash, 89 CK_SLOT_ID slot_id); 90 91 // Use the software slot as the private slot for user. 92 // InitializeNSSForChromeOSUser must have been called first. 93 CRYPTO_EXPORT void InitializePrivateSoftwareSlotForChromeOSUser( 94 const std::string& username_hash); 95 96 // Returns a reference to the public slot for user. 97 CRYPTO_EXPORT ScopedPK11Slot GetPublicSlotForChromeOSUser( 98 const std::string& username_hash) WARN_UNUSED_RESULT; 99 100 // Returns the private slot for |username_hash| if it is loaded. If it is not 101 // loaded and |callback| is non-null, the |callback| will be run once the slot 102 // is loaded. 103 CRYPTO_EXPORT ScopedPK11Slot GetPrivateSlotForChromeOSUser( 104 const std::string& username_hash, 105 base::OnceCallback<void(ScopedPK11Slot)> callback) WARN_UNUSED_RESULT; 106 107 // Closes the NSS DB for |username_hash| that was previously opened by the 108 // *Initialize*ForChromeOSUser functions. 109 CRYPTO_EXPORT void CloseChromeOSUserForTesting( 110 const std::string& username_hash); 111 112 // Sets the slot which should be used as private slot for the next 113 // |InitializePrivateSoftwareSlotForChromeOSUser| called. This is intended for 114 // simulating a separate private slot in Chrome OS browser tests. 115 // As a sanity check, it is recommended to check that the private slot of the 116 // profile's certificate database is set to |slot| when the profile is 117 // available, because |slot| will be used as private slot for whichever profile 118 // is initialized next. 119 CRYPTO_EXPORT void SetPrivateSoftwareSlotForChromeOSUserForTesting( 120 ScopedPK11Slot slot); 121 122 #endif // defined(OS_CHROMEOS) 123 124 } // namespace crypto 125 126 #endif // CRYPTO_NSS_UTIL_INTERNAL_H_ 127