crypto/nss_util_internal.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CRYPTO_NSS_UTIL_INTERNAL_H_
   6 #define CRYPTO_NSS_UTIL_INTERNAL_H_
   7
   8 #include <secmodt.h>
   9
  10 #include "base/callback.h"
  11 #include "base/compiler_specific.h"
  12 #include "crypto/crypto_export.h"
  13 #include "crypto/scoped_nss_types.h"
  14
  15 namespace base {
  16 class FilePath;
  17 }
  18
  19 // These functions return a type defined in an NSS header, and so cannot be
  20 // declared in nss_util.h.  Hence, they are declared here.
  21
  22 namespace crypto {
  23
  24 // Returns a reference to the default NSS key slot for storing persistent data.
  25 // Caller must release returned reference with PK11_FreeSlot.
  26 // TODO(mattm): this should be if !defined(OS_CHROMEOS), but some tests need to
  27 // be fixed first.
  28 CRYPTO_EXPORT PK11SlotInfo* GetPersistentNSSKeySlot() WARN_UNUSED_RESULT;
  29
  30 // A helper class that acquires the SECMOD list read lock while the
  31 // AutoSECMODListReadLock is in scope.
  32 class CRYPTO_EXPORT AutoSECMODListReadLock {
  33  public:
  34   AutoSECMODListReadLock();
  35   ~AutoSECMODListReadLock();
  36
  37  private:
  38   SECMODListLock* lock_;
  39   DISALLOW_COPY_AND_ASSIGN(AutoSECMODListReadLock);
  40 };
  41
  42 #if defined(OS_CHROMEOS)
  43 // Returns a reference to the system-wide TPM slot.  Caller must release
  44 // returned reference with PK11_FreeSlot.
  45 CRYPTO_EXPORT PK11SlotInfo* GetSystemNSSKeySlot() WARN_UNUSED_RESULT;
  46
  47 // Prepare per-user NSS slot mapping. It is safe to call this function multiple
  48 // times. Returns true if the user was added, or false if it already existed.
  49 CRYPTO_EXPORT bool InitializeNSSForChromeOSUser(
  50     const std::string& email,
  51     const std::string& username_hash,
  52     const base::FilePath& path);
  53
  54 // Returns whether TPM for ChromeOS user still needs initialization. If
  55 // true is returned, the caller can proceed to initialize TPM slot for the
  56 // user, but should call |WillInitializeTPMForChromeOSUser| first.
  57 // |InitializeNSSForChromeOSUser| must have been called first.
  58 CRYPTO_EXPORT bool ShouldInitializeTPMForChromeOSUser(
  59     const std::string& username_hash) WARN_UNUSED_RESULT;
  60
  61 // Makes |ShouldInitializeTPMForChromeOSUser| start returning false.
  62 // Should be called before starting TPM initialization for the user.
  63 // Assumes |InitializeNSSForChromeOSUser| had already been called.
  64 CRYPTO_EXPORT void WillInitializeTPMForChromeOSUser(
  65     const std::string& username_hash);
  66
  67 // Use TPM slot |slot_id| for user.  InitializeNSSForChromeOSUser must have been
  68 // called first.
  69 CRYPTO_EXPORT void InitializeTPMForChromeOSUser(
  70     const std::string& username_hash,
  71     CK_SLOT_ID slot_id);
  72
  73 // Use the software slot as the private slot for user.
  74 // InitializeNSSForChromeOSUser must have been called first.
  75 CRYPTO_EXPORT void InitializePrivateSoftwareSlotForChromeOSUser(
  76     const std::string& username_hash);
  77
  78 // Returns a reference to the public slot for user.
  79 CRYPTO_EXPORT ScopedPK11Slot GetPublicSlotForChromeOSUser(
  80     const std::string& username_hash) WARN_UNUSED_RESULT;
  81
  82 // Returns the private slot for |username_hash| if it is loaded. If it is not
  83 // loaded and |callback| is non-null, the |callback| will be run once the slot
  84 // is loaded.
  85 CRYPTO_EXPORT ScopedPK11Slot GetPrivateSlotForChromeOSUser(
  86     const std::string& username_hash,
  87     const base::Callback<void(ScopedPK11Slot)>& callback) WARN_UNUSED_RESULT;
  88 #endif  // defined(OS_CHROMEOS)
  89
  90 }  // namespace crypto
  91
  92 #endif  // CRYPTO_NSS_UTIL_INTERNAL_H_