| blob | b68874cae14426991a33fa9462c794d79b1a652d |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
8 #include <nss.h>
9 #include <pk11pub.h>
10 #include <plarena.h>
11 #include <prerror.h>
12 #include <prinit.h>
13 #include <prtime.h>
14 #include <secmod.h>
16 #if defined(OS_LINUX)
17 #include <linux/nfs_fs.h>
18 #include <sys/vfs.h>
19 #elif defined(OS_OPENBSD)
20 #include <sys/mount.h>
21 #include <sys/param.h>
22 #endif
24 #include <vector>
40 #if defined(OS_CHROMEOS)
42 #endif
44 // USE_NSS means we use NSS for everything crypto-related. If USE_NSS is not
45 // defined, such as on Mac and Windows, we use NSS for SSL only -- we don't
46 // use NSS for crypto or certificate verification, and we don't use the NSS
47 // certificate and key databases.
48 #if defined(USE_NSS)
57 #if defined(OS_CHROMEOS)
60 // Constants for loading the Chrome OS TPM-backed PKCS #11 library.
64 // Fake certificate authority database used for testing.
77 }
79 }
81 #if defined(USE_NSS)
87 }
92 }
94 }
96 #if defined(OS_CHROMEOS)
97 // Supplemental user key id.
101 };
105 // On non-chromeos platforms, return the default config directory.
106 // On chromeos, return a read-only directory with fake root CA certs for testing
107 // (which will not exist on non-testing images). These root CA certs are used
108 // by the local Google Accounts server mock we use when testing our login code.
109 // If this directory is not present, NSS_Init() will fail. It is up to the
110 // caller to failover to NSS_NoDB_Init() at that point.
112 #if defined(OS_CHROMEOS)
114 #else
117 }
119 // This callback for NSS forwards all requests to a caller-specified
120 // CryptoModuleBlockingPasswordDelegate object.
122 #if defined(OS_CHROMEOS)
123 // If we get asked for a password for the TPM, then return the
124 // well known password we use, as long as the TPM slot has been
125 // initialized.
132 }
133 #endif
146 }
149 }
151 // NSS creates a local cache of the sqlite database if it detects that the
152 // filesystem the database is on is much slower than the local disk. The
153 // detection doesn't work with the latest versions of sqlite, such as 3.6.22
154 // (NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=578561). So we set
155 // the NSS environment variable NSS_SDB_USE_CACHE to "yes" to override NSS's
156 // detection when database_dir is on NFS. See http://crbug.com/48585.
157 //
158 // TODO(wtc): port this function to other USE_NSS platforms. It is defined
159 // only for OS_LINUX and OS_OPENBSD simply because the statfs structure
160 // is OS-specific.
161 //
162 // Because this function sets an environment variable it must be run before we
163 // go multi-threaded.
165 #if defined(OS_LINUX) || defined(OS_OPENBSD)
168 #if defined(OS_LINUX)
170 #elif defined(OS_OPENBSD)
172 #endif
177 }
178 }
180 }
183 AutoSECMODListReadLock auto_lock;
191 }
192 }
194 }
198 // A singleton to initialize/deinitialize NSPR.
199 // Separate from the NSS singleton because we initialize NSPR on the UI thread.
200 // Now that we're leaking the singleton, we could merge back with the NSS
201 // singleton.
208 }
210 // NOTE(willchan): We don't actually execute this code since we leak NSS to
211 // prevent non-joinable threads from using NSS after it's already been shut
212 // down.
218 }
219 };
224 // This is a LazyInstance so that it will be deleted automatically when the
225 // unittest exits. NSSInitSingleton is a LeakySingleton, so it would not be
226 // deleted if it were a regular member.
228 LAZY_INSTANCE_INITIALIZER;
230 // Force a crash with error info on NSS_NoDB_Init failure.
239 }
243 #if defined(OS_CHROMEOS)
246 // GetDefaultConfigDirectory causes us to do blocking IO on UI thread.
247 // Temporarily allow it until we fix http://crbug.com/70119
251 // This creates another DB slot in NSS that is read/write, unlike
252 // the fake root CA cert DB and the "default" crypto key
253 // provider, which are still read-only (because we initialized
254 // NSS before we had a cryptohome mounted).
256 kNSSDatabaseName);
257 }
258 }
262 }
266 // If EnableTPMTokenForNSS hasn't been called, return false.
270 // If everything is already initialized, then return true.
277 // This tries to load the Chaps module so NSS can talk to the hardware
278 // TPM.
281 kChapsModuleName,
282 kChapsPath,
283 // For more details on these parameters, see:
284 // https://developer.mozilla.org/en/PKCS11_Module_Specs
285 // slotFlags=[PublicCerts] -- Certificates and public keys can be
286 // read from this slot without requiring a call to C_Login.
287 // askpw=only -- Only authenticate to the token when necessary.
289 }
291 // If this gets set, then we'll use the TPM for certs with
292 // private keys, otherwise we'll fall back to the software
293 // implementation.
297 }
299 }
305 }
310 }
314 }
320 }
327 SECItem keyID;
341 // Find/generate AES key.
346 kKeySizeInBytes,
348 }
350 done:
355 }
366 }
376 }
377 }
385 }
391 #if defined(OS_CHROMEOS)
396 // If we were supposed to get the hardware token, but were
397 // unable to, return NULL rather than fall back to sofware.
399 }
400 }
401 #endif
402 // If we weren't supposed to enable the TPM for NSS, then return
403 // the software slot.
407 }
409 #if defined(USE_NSS)
412 }
415 // This method is used to force NSS to be initialized without a DB.
416 // Call this method before NSSInitSingleton() is constructed.
419 }
435 // We *must* have NSS >= 3.12.3. See bug 26448.
440 nss_version_check_failed);
441 // Also check the run-time NSS version.
442 // NSS_VersionCheck is a >= check, not strict equality.
444 // It turns out many people have misconfigured NSS setups, where
445 // their run-time NSPR doesn't match the one their NSS was compiled
446 // against. So rather than aborting, complain loudly.
448 "We depend on NSS >= 3.12.3, and this error is not fatal "
449 "only because many people have busted NSS setups (for "
450 "example, using the wrong version of NSPR). "
451 "Please upgrade to the latest NSS and NSPR, and if you "
452 "still get this error, contact your distribution "
454 }
459 #if !defined(USE_NSS)
460 // Use the system certificate store, so initialize NSS without database.
462 #endif
469 }
470 #if defined(OS_IOS)
474 #if defined(USE_NSS)
477 // This duplicates the work which should have been done in
478 // EarlySetupForNSSInit. However, this function is idempotent so
479 // there's no harm done.
482 // Initialize with a persistent database (likely, ~/.pki/nssdb).
483 // Use "sql:" which can be shared by multiple processes safely.
486 #if defined(OS_CHROMEOS)
488 #else
490 #endif
495 }
496 }
503 }
504 }
508 // If we haven't initialized the password for the NSS databases,
509 // initialize an empty-string password so that we don't need to
510 // log in.
513 // PK11_InitPin may write to the keyDB, but no other thread can use NSS
514 // yet, so we don't need to lock.
518 }
522 }
524 // Disable MD5 certificate signatures. (They are disabled by default in
525 // NSS 3.14.)
530 // The UMA bit is conditionally set for this histogram in
531 // chrome/common/startup_metric_utils.cc .
537 }
539 // NOTE(willchan): We don't actually execute this code since we leak NSS to
540 // prevent non-joinable threads from using NSS after it's already been shut
541 // down.
546 }
551 }
557 }
562 }
566 // We VLOG(1) because this failure is relatively harmless (leaking, but
567 // we're shutting down anyway).
569 }
570 }
572 #if defined(USE_NSS) || defined(OS_IOS)
573 // Load nss's built-in root certs.
579 // Aw, snap. Can't find/load root cert shared library.
580 // This will make it hard to talk to anybody via https.
583 }
585 // Load the given module for this NSS session.
593 // Shouldn't need to const_cast here, but SECMOD doesn't properly
594 // declare input string arguments as const. Bug
595 // https://bugzilla.mozilla.org/show_bug.cgi?id=642546 was filed
596 // on NSS codebase to address this.
603 }
605 }
606 #endif
617 }
621 }
623 }
625 // If this is set to true NSS is forced to be initialized without a DB.
637 #if defined(USE_NSS)
638 // TODO(davidben): When https://bugzilla.mozilla.org/show_bug.cgi?id=564011
639 // is fixed, we will no longer need the lock.
642 };
644 // static
651 #if defined(USE_NSS)
656 }
657 #endif
661 }
664 // We might fork, but we haven't loaded any security modules.
666 // If we're sandboxed, we shouldn't be able to open user security modules,
667 // but it's more correct to tell NSS to not even try.
668 // Loading user security modules would have security implications.
670 // Initialize NSS.
672 }
675 // Initializing SSL causes us to do blocking IO.
676 // Temporarily allow it until we fix
677 // http://code.google.com/p/chromium/issues/detail?id=59847
680 }
684 }
689 }
692 // Some NSS libraries are linked dynamically so load them here.
693 #if defined(USE_NSS)
694 // Try to search for multiple directories to load the libraries.
697 // Use relative path to Search PATH for the library files.
700 // For Debian derivatives NSS libraries are located here.
703 // Ubuntu 11.10 (Oneiric) places the libraries here.
704 #if defined(ARCH_CPU_X86_64)
706 #elif defined(ARCH_CPU_X86)
708 #elif defined(ARCH_CPU_ARMEL)
710 #endif
712 // A list of library files to load.
717 // For each combination of library file and path, check for existence and
718 // then load.
727 }
728 }
729 }
735 }
736 #endif
737 }
741 }
743 #if defined(USE_NSS)
746 }
749 // TODO(mattm): Close the dababase once NSS 3.14 is required,
750 // which fixes https://bugzilla.mozilla.org/show_bug.cgi?id=588269
751 // Resource leaks are suppressed. http://crbug.com/156433 .
752 }
756 }
759 // May be NULL if the lock is not needed in our version of NSS.
762 }
768 }
769 }
774 }
778 }
782 #if defined(OS_CHROMEOS)
785 }
789 }
793 }
797 }
802 }
806 }
812 }
816 }
820 }
824 }