1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CRYPTO_NSS_UTIL_INTERNAL_H_ 6 #define CRYPTO_NSS_UTIL_INTERNAL_H_ 7 8 #include <secmodt.h> 9 10 #include "base/callback.h" 11 #include "base/compiler_specific.h" 12 #include "base/macros.h" 13 #include "crypto/crypto_export.h" 14 #include "crypto/scoped_nss_types.h" 15 16 namespace base { 17 class FilePath; 18 } 19 20 // These functions return a type defined in an NSS header, and so cannot be 21 // declared in nss_util.h. Hence, they are declared here. 22 23 namespace crypto { 24 25 // Opens an NSS software database in folder |path|, with the (potentially) 26 // user-visible description |description|. Returns the slot for the opened 27 // database, or NULL if the database could not be opened. 28 CRYPTO_EXPORT ScopedPK11Slot OpenSoftwareNSSDB(const base::FilePath& path, 29 const std::string& description); 30 31 #if !defined(OS_CHROMEOS) 32 // Returns a reference to the default NSS key slot for storing persistent data. 33 // Caller must release returned reference with PK11_FreeSlot. 34 CRYPTO_EXPORT PK11SlotInfo* GetPersistentNSSKeySlot() WARN_UNUSED_RESULT; 35 #endif 36 37 // A helper class that acquires the SECMOD list read lock while the 38 // AutoSECMODListReadLock is in scope. 39 class CRYPTO_EXPORT AutoSECMODListReadLock { 40 public: 41 AutoSECMODListReadLock(); 42 ~AutoSECMODListReadLock(); 43 44 private: 45 SECMODListLock* lock_; 46 DISALLOW_COPY_AND_ASSIGN(AutoSECMODListReadLock); 47 }; 48 49 #if defined(OS_CHROMEOS) 50 // Returns a reference to the system-wide TPM slot if it is loaded. If it is not 51 // loaded and |callback| is non-null, the |callback| will be run once the slot 52 // is loaded. 53 CRYPTO_EXPORT ScopedPK11Slot GetSystemNSSKeySlot( 54 const base::Callback<void(ScopedPK11Slot)>& callback) WARN_UNUSED_RESULT; 55 56 // Sets the test system slot to |slot|, which means that |slot| will be exposed 57 // through |GetSystemNSSKeySlot| and |IsTPMTokenReady| will return true. 58 // |InitializeTPMTokenAndSystemSlot|, which triggers the TPM initialization, 59 // does not have to be called if the test system slot is set. 60 // This must must not be called consecutively with a |slot| != NULL. If |slot| 61 // is NULL, the test system slot is unset. 62 CRYPTO_EXPORT void SetSystemKeySlotForTesting(ScopedPK11Slot slot); 63 64 // Prepare per-user NSS slot mapping. It is safe to call this function multiple 65 // times. Returns true if the user was added, or false if it already existed. 66 CRYPTO_EXPORT bool InitializeNSSForChromeOSUser( 67 const std::string& username_hash, 68 const base::FilePath& path); 69 70 // Returns whether TPM for ChromeOS user still needs initialization. If 71 // true is returned, the caller can proceed to initialize TPM slot for the 72 // user, but should call |WillInitializeTPMForChromeOSUser| first. 73 // |InitializeNSSForChromeOSUser| must have been called first. 74 CRYPTO_EXPORT bool ShouldInitializeTPMForChromeOSUser( 75 const std::string& username_hash) WARN_UNUSED_RESULT; 76 77 // Makes |ShouldInitializeTPMForChromeOSUser| start returning false. 78 // Should be called before starting TPM initialization for the user. 79 // Assumes |InitializeNSSForChromeOSUser| had already been called. 80 CRYPTO_EXPORT void WillInitializeTPMForChromeOSUser( 81 const std::string& username_hash); 82 83 // Use TPM slot |slot_id| for user. InitializeNSSForChromeOSUser must have been 84 // called first. 85 CRYPTO_EXPORT void InitializeTPMForChromeOSUser( 86 const std::string& username_hash, 87 CK_SLOT_ID slot_id); 88 89 // Use the software slot as the private slot for user. 90 // InitializeNSSForChromeOSUser must have been called first. 91 CRYPTO_EXPORT void InitializePrivateSoftwareSlotForChromeOSUser( 92 const std::string& username_hash); 93 94 // Returns a reference to the public slot for user. 95 CRYPTO_EXPORT ScopedPK11Slot GetPublicSlotForChromeOSUser( 96 const std::string& username_hash) WARN_UNUSED_RESULT; 97 98 // Returns the private slot for |username_hash| if it is loaded. If it is not 99 // loaded and |callback| is non-null, the |callback| will be run once the slot 100 // is loaded. 101 CRYPTO_EXPORT ScopedPK11Slot GetPrivateSlotForChromeOSUser( 102 const std::string& username_hash, 103 const base::Callback<void(ScopedPK11Slot)>& callback) WARN_UNUSED_RESULT; 104 105 // Closes the NSS DB for |username_hash| that was previously opened by the 106 // *Initialize*ForChromeOSUser functions. 107 CRYPTO_EXPORT void CloseChromeOSUserForTesting( 108 const std::string& username_hash); 109 #endif // defined(OS_CHROMEOS) 110 111 } // namespace crypto 112 113 #endif // CRYPTO_NSS_UTIL_INTERNAL_H_ 114