crypto/nss_util_internal.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CRYPTO_NSS_UTIL_INTERNAL_H_
   6 #define CRYPTO_NSS_UTIL_INTERNAL_H_
   7
   8 #include <secmodt.h>
   9
  10 #include "base/callback.h"
  11 #include "base/compiler_specific.h"
  12 #include "crypto/crypto_export.h"
  13 #include "crypto/scoped_nss_types.h"
  14
  15 namespace base {
  16 class FilePath;
  17 }
  18
  19 // These functions return a type defined in an NSS header, and so cannot be
  20 // declared in nss_util.h.  Hence, they are declared here.
  21
  22 namespace crypto {
  23
  24 // Opens an NSS software database in folder |path|, with the (potentially)
  25 // user-visible description |description|. Returns the slot for the opened
  26 // database, or NULL if the database could not be opened.
  27 CRYPTO_EXPORT_PRIVATE ScopedPK11Slot
  28     OpenSoftwareNSSDB(const base::FilePath& path,
  29                       const std::string& description);
  30
  31 #if !defined(OS_CHROMEOS)
  32 // Returns a reference to the default NSS key slot for storing persistent data.
  33 // Caller must release returned reference with PK11_FreeSlot.
  34 CRYPTO_EXPORT PK11SlotInfo* GetPersistentNSSKeySlot() WARN_UNUSED_RESULT;
  35 #endif
  36
  37 // A helper class that acquires the SECMOD list read lock while the
  38 // AutoSECMODListReadLock is in scope.
  39 class CRYPTO_EXPORT AutoSECMODListReadLock {
  40  public:
  41   AutoSECMODListReadLock();
  42   ~AutoSECMODListReadLock();
  43
  44  private:
  45   SECMODListLock* lock_;
  46   DISALLOW_COPY_AND_ASSIGN(AutoSECMODListReadLock);
  47 };
  48
  49 #if defined(OS_CHROMEOS)
  50 // Returns a reference to the system-wide TPM slot if it is loaded. If it is not
  51 // loaded and |callback| is non-null, the |callback| will be run once the slot
  52 // is loaded.
  53 CRYPTO_EXPORT ScopedPK11Slot GetSystemNSSKeySlot(
  54     const base::Callback<void(ScopedPK11Slot)>& callback) WARN_UNUSED_RESULT;
  55
  56 // Sets the test system slot to |slot|, which means that |slot| will be exposed
  57 // through |GetSystemNSSKeySlot| and |IsTPMTokenReady| will return true.
  58 // |InitializeTPMTokenAndSystemSlot|, which triggers the TPM initialization,
  59 // does not have to be called if the test system slot is set.
  60 // This must must not be called consecutively with a |slot| != NULL. If |slot|
  61 // is NULL, the test system slot is unset.
  62 CRYPTO_EXPORT_PRIVATE void SetSystemKeySlotForTesting(ScopedPK11Slot slot);
  63
  64 // Prepare per-user NSS slot mapping. It is safe to call this function multiple
  65 // times. Returns true if the user was added, or false if it already existed.
  66 CRYPTO_EXPORT bool InitializeNSSForChromeOSUser(
  67     const std::string& username_hash,
  68     const base::FilePath& path);
  69
  70 // Returns whether TPM for ChromeOS user still needs initialization. If
  71 // true is returned, the caller can proceed to initialize TPM slot for the
  72 // user, but should call |WillInitializeTPMForChromeOSUser| first.
  73 // |InitializeNSSForChromeOSUser| must have been called first.
  74 CRYPTO_EXPORT bool ShouldInitializeTPMForChromeOSUser(
  75     const std::string& username_hash) WARN_UNUSED_RESULT;
  76
  77 // Makes |ShouldInitializeTPMForChromeOSUser| start returning false.
  78 // Should be called before starting TPM initialization for the user.
  79 // Assumes |InitializeNSSForChromeOSUser| had already been called.
  80 CRYPTO_EXPORT void WillInitializeTPMForChromeOSUser(
  81     const std::string& username_hash);
  82
  83 // Use TPM slot |slot_id| for user.  InitializeNSSForChromeOSUser must have been
  84 // called first.
  85 CRYPTO_EXPORT void InitializeTPMForChromeOSUser(
  86     const std::string& username_hash,
  87     CK_SLOT_ID slot_id);
  88
  89 // Use the software slot as the private slot for user.
  90 // InitializeNSSForChromeOSUser must have been called first.
  91 CRYPTO_EXPORT void InitializePrivateSoftwareSlotForChromeOSUser(
  92     const std::string& username_hash);
  93
  94 // Returns a reference to the public slot for user.
  95 CRYPTO_EXPORT ScopedPK11Slot GetPublicSlotForChromeOSUser(
  96     const std::string& username_hash) WARN_UNUSED_RESULT;
  97
  98 // Returns the private slot for |username_hash| if it is loaded. If it is not
  99 // loaded and |callback| is non-null, the |callback| will be run once the slot
 100 // is loaded.
 101 CRYPTO_EXPORT ScopedPK11Slot GetPrivateSlotForChromeOSUser(
 102     const std::string& username_hash,
 103     const base::Callback<void(ScopedPK11Slot)>& callback) WARN_UNUSED_RESULT;
 104
 105 // Closes the NSS DB for |username_hash| that was previously opened by the
 106 // *Initialize*ForChromeOSUser functions.
 107 CRYPTO_EXPORT_PRIVATE void CloseChromeOSUserForTesting(
 108     const std::string& username_hash);
 109 #endif  // defined(OS_CHROMEOS)
 110
 111 }  // namespace crypto
 112
 113 #endif  // CRYPTO_NSS_UTIL_INTERNAL_H_