crypto/nss_util_internal.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CRYPTO_NSS_UTIL_INTERNAL_H_
   6 #define CRYPTO_NSS_UTIL_INTERNAL_H_
   7
   8 #include <secmodt.h>
   9
  10 #include "base/callback.h"
  11 #include "base/compiler_specific.h"
  12 #include "crypto/crypto_export.h"
  13 #include "crypto/scoped_nss_types.h"
  14
  15 namespace base {
  16 class FilePath;
  17 }
  18
  19 // These functions return a type defined in an NSS header, and so cannot be
  20 // declared in nss_util.h.  Hence, they are declared here.
  21
  22 namespace crypto {
  23
  24 // Opens an NSS software database in folder |path|, with the (potentially)
  25 // user-visible description |description|. Returns the slot for the opened
  26 // database, or NULL if the database could not be opened.
  27 CRYPTO_EXPORT_PRIVATE ScopedPK11Slot
  28     OpenSoftwareNSSDB(const base::FilePath& path,
  29                       const std::string& description);
  30
  31 #if !defined(OS_CHROMEOS)
  32 // Returns a reference to the default NSS key slot for storing persistent data.
  33 // Caller must release returned reference with PK11_FreeSlot.
  34 CRYPTO_EXPORT PK11SlotInfo* GetPersistentNSSKeySlot() WARN_UNUSED_RESULT;
  35 #endif
  36
  37 // A helper class that acquires the SECMOD list read lock while the
  38 // AutoSECMODListReadLock is in scope.
  39 class CRYPTO_EXPORT AutoSECMODListReadLock {
  40  public:
  41   AutoSECMODListReadLock();
  42   ~AutoSECMODListReadLock();
  43
  44  private:
  45   SECMODListLock* lock_;
  46   DISALLOW_COPY_AND_ASSIGN(AutoSECMODListReadLock);
  47 };
  48
  49 #if defined(OS_CHROMEOS)
  50 // Returns a reference to the system-wide TPM slot if it is loaded. If it is not
  51 // loaded and |callback| is non-null, the |callback| will be run once the slot
  52 // is loaded.
  53 CRYPTO_EXPORT ScopedPK11Slot GetSystemNSSKeySlot(
  54     const base::Callback<void(ScopedPK11Slot)>& callback) WARN_UNUSED_RESULT;
  55
  56 // Sets the test system slot to |slot|, which means that |slot| will be exposed
  57 // through |GetSystemNSSKeySlot| and |IsTPMTokenReady| will return true.
  58 // |InitializeTPMTokenAndSystemSlot|, which triggers the TPM initialization,
  59 // does not have to be called if the test system slot is set.
  60 // This must must not be called consecutively with a |slot| != NULL. If |slot|
  61 // is NULL, the test system slot is unset.
  62 CRYPTO_EXPORT_PRIVATE void SetSystemKeySlotForTesting(ScopedPK11Slot slot);
  63
  64 // Prepare per-user NSS slot mapping. It is safe to call this function multiple
  65 // times. Returns true if the user was added, or false if it already existed.
  66 CRYPTO_EXPORT bool InitializeNSSForChromeOSUser(
  67     const std::string& email,
  68     const std::string& username_hash,
  69     const base::FilePath& path);
  70
  71 // Returns whether TPM for ChromeOS user still needs initialization. If
  72 // true is returned, the caller can proceed to initialize TPM slot for the
  73 // user, but should call |WillInitializeTPMForChromeOSUser| first.
  74 // |InitializeNSSForChromeOSUser| must have been called first.
  75 CRYPTO_EXPORT bool ShouldInitializeTPMForChromeOSUser(
  76     const std::string& username_hash) WARN_UNUSED_RESULT;
  77
  78 // Makes |ShouldInitializeTPMForChromeOSUser| start returning false.
  79 // Should be called before starting TPM initialization for the user.
  80 // Assumes |InitializeNSSForChromeOSUser| had already been called.
  81 CRYPTO_EXPORT void WillInitializeTPMForChromeOSUser(
  82     const std::string& username_hash);
  83
  84 // Use TPM slot |slot_id| for user.  InitializeNSSForChromeOSUser must have been
  85 // called first.
  86 CRYPTO_EXPORT void InitializeTPMForChromeOSUser(
  87     const std::string& username_hash,
  88     CK_SLOT_ID slot_id);
  89
  90 // Use the software slot as the private slot for user.
  91 // InitializeNSSForChromeOSUser must have been called first.
  92 CRYPTO_EXPORT void InitializePrivateSoftwareSlotForChromeOSUser(
  93     const std::string& username_hash);
  94
  95 // Returns a reference to the public slot for user.
  96 CRYPTO_EXPORT ScopedPK11Slot GetPublicSlotForChromeOSUser(
  97     const std::string& username_hash) WARN_UNUSED_RESULT;
  98
  99 // Returns the private slot for |username_hash| if it is loaded. If it is not
 100 // loaded and |callback| is non-null, the |callback| will be run once the slot
 101 // is loaded.
 102 CRYPTO_EXPORT ScopedPK11Slot GetPrivateSlotForChromeOSUser(
 103     const std::string& username_hash,
 104     const base::Callback<void(ScopedPK11Slot)>& callback) WARN_UNUSED_RESULT;
 105
 106 // Closes the NSS DB for |username_hash| that was previously opened by the
 107 // *Initialize*ForChromeOSUser functions.
 108 CRYPTO_EXPORT_PRIVATE void CloseChromeOSUserForTesting(
 109     const std::string& username_hash);
 110 #endif  // defined(OS_CHROMEOS)
 111
 112 }  // namespace crypto
 113
 114 #endif  // CRYPTO_NSS_UTIL_INTERNAL_H_