1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CRYPTO_NSS_UTIL_H_ 6 #define CRYPTO_NSS_UTIL_H_ 7 8 #include <stdint.h> 9 10 #include <string> 11 #include "base/callback.h" 12 #include "base/compiler_specific.h" 13 #include "base/macros.h" 14 #include "crypto/crypto_export.h" 15 16 namespace base { 17 class FilePath; 18 class Lock; 19 class Time; 20 } // namespace base 21 22 // This file specifically doesn't depend on any NSS or NSPR headers because it 23 // is included by various (non-crypto) parts of chrome to call the 24 // initialization functions. 25 namespace crypto { 26 27 #if defined(USE_NSS_CERTS) 28 // EarlySetupForNSSInit performs lightweight setup which must occur before the 29 // process goes multithreaded. This does not initialise NSS. For test, see 30 // EnsureNSSInit. 31 CRYPTO_EXPORT void EarlySetupForNSSInit(); 32 #endif 33 34 // Initialize NRPR if it isn't already initialized. This function is 35 // thread-safe, and NSPR will only ever be initialized once. 36 CRYPTO_EXPORT void EnsureNSPRInit(); 37 38 // Initialize NSS if it isn't already initialized. This must be called before 39 // any other NSS functions. This function is thread-safe, and NSS will only 40 // ever be initialized once. 41 CRYPTO_EXPORT void EnsureNSSInit(); 42 43 // Check if the current NSS version is greater than or equals to |version|. 44 // A sample version string is "3.12.3". 45 bool CheckNSSVersion(const char* version); 46 47 #if defined(OS_CHROMEOS) 48 // Indicates that NSS should use the Chaps library so that we 49 // can access the TPM through NSS. InitializeTPMTokenAndSystemSlot and 50 // InitializeTPMForChromeOSUser must still be called to load the slots. 51 CRYPTO_EXPORT void EnableTPMTokenForNSS(); 52 53 // Returns true if EnableTPMTokenForNSS has been called. 54 CRYPTO_EXPORT bool IsTPMTokenEnabledForNSS(); 55 56 // Returns true if the TPM is owned and PKCS#11 initialized with the 57 // user and security officer PINs, and has been enabled in NSS by 58 // calling EnableTPMForNSS, and Chaps has been successfully 59 // loaded into NSS. 60 // If |callback| is non-null and the function returns false, the |callback| will 61 // be run once the TPM is ready. |callback| will never be run if the function 62 // returns true. 63 CRYPTO_EXPORT bool IsTPMTokenReady(const base::Closure& callback) 64 WARN_UNUSED_RESULT; 65 66 // Initialize the TPM token and system slot. The |callback| will run on the same 67 // thread with true if the token and slot were successfully loaded or were 68 // already initialized. |callback| will be passed false if loading failed. Once 69 // called, InitializeTPMTokenAndSystemSlot must not be called again until the 70 // |callback| has been run. 71 CRYPTO_EXPORT void InitializeTPMTokenAndSystemSlot( 72 int system_slot_id, 73 const base::Callback<void(bool)>& callback); 74 #endif 75 76 // Convert a NSS PRTime value into a base::Time object. 77 // We use a int64_t instead of PRTime here to avoid depending on NSPR headers. 78 CRYPTO_EXPORT base::Time PRTimeToBaseTime(int64_t prtime); 79 80 // Convert a base::Time object into a PRTime value. 81 // We use a int64_t instead of PRTime here to avoid depending on NSPR headers. 82 CRYPTO_EXPORT int64_t BaseTimeToPRTime(base::Time time); 83 84 #if defined(USE_NSS_CERTS) 85 // NSS has a bug which can cause a deadlock or stall in some cases when writing 86 // to the certDB and keyDB. It also has a bug which causes concurrent key pair 87 // generations to scribble over each other. To work around this, we synchronize 88 // writes to the NSS databases with a global lock. The lock is hidden beneath a 89 // function for easy disabling when the bug is fixed. Callers should allow for 90 // it to return NULL in the future. 91 // 92 // See https://bugzilla.mozilla.org/show_bug.cgi?id=564011 93 base::Lock* GetNSSWriteLock(); 94 95 // A helper class that acquires the NSS write Lock while the AutoNSSWriteLock 96 // is in scope. 97 class CRYPTO_EXPORT AutoNSSWriteLock { 98 public: 99 AutoNSSWriteLock(); 100 ~AutoNSSWriteLock(); 101 private: 102 base::Lock *lock_; 103 DISALLOW_COPY_AND_ASSIGN(AutoNSSWriteLock); 104 }; 105 #endif // defined(USE_NSS_CERTS) 106 107 } // namespace crypto 108 109 #endif // CRYPTO_NSS_UTIL_H_ 110