// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef CRYPTO_NSS_UTIL_INTERNAL_H_ #define CRYPTO_NSS_UTIL_INTERNAL_H_ #include #include #include "base/callback.h" #include "base/compiler_specific.h" #include "base/macros.h" #include "crypto/crypto_export.h" #include "crypto/scoped_nss_types.h" namespace base { class FilePath; } // These functions return a type defined in an NSS header, and so cannot be // declared in nss_util.h. Hence, they are declared here. namespace crypto { // Opens an NSS software database in folder |path|, with the (potentially) // user-visible description |description|. Returns the slot for the opened // database, or nullptr if the database could not be opened. CRYPTO_EXPORT ScopedPK11Slot OpenSoftwareNSSDB(const base::FilePath& path, const std::string& description); #if !defined(OS_CHROMEOS) // Returns a reference to the default NSS key slot for storing persistent data. // Caller must release returned reference with PK11_FreeSlot. CRYPTO_EXPORT PK11SlotInfo* GetPersistentNSSKeySlot() WARN_UNUSED_RESULT; #endif // A helper class that acquires the SECMOD list read lock while the // AutoSECMODListReadLock is in scope. class CRYPTO_EXPORT AutoSECMODListReadLock { public: AutoSECMODListReadLock(); ~AutoSECMODListReadLock(); private: SECMODListLock* lock_; DISALLOW_COPY_AND_ASSIGN(AutoSECMODListReadLock); }; #if defined(OS_CHROMEOS) // Returns a reference to the system-wide TPM slot if it is loaded. If it is not // loaded and |callback| is non-null, the |callback| will be run once the slot // is loaded. CRYPTO_EXPORT ScopedPK11Slot GetSystemNSSKeySlot( const base::Callback& callback) WARN_UNUSED_RESULT; // Sets the test system slot to |slot|, which means that |slot| will be exposed // through |GetSystemNSSKeySlot| and |IsTPMTokenReady| will return true. // |InitializeTPMTokenAndSystemSlot|, which triggers the TPM initialization, // does not have to be called if the test system slot is set. // This must must not be called consecutively with a |slot| != nullptr. If // |slot| is nullptr, the test system slot is unset. CRYPTO_EXPORT void SetSystemKeySlotForTesting(ScopedPK11Slot slot); // Prepare per-user NSS slot mapping. It is safe to call this function multiple // times. Returns true if the user was added, or false if it already existed. CRYPTO_EXPORT bool InitializeNSSForChromeOSUser( const std::string& username_hash, const base::FilePath& path); // Returns whether TPM for ChromeOS user still needs initialization. If // true is returned, the caller can proceed to initialize TPM slot for the // user, but should call |WillInitializeTPMForChromeOSUser| first. // |InitializeNSSForChromeOSUser| must have been called first. CRYPTO_EXPORT bool ShouldInitializeTPMForChromeOSUser( const std::string& username_hash) WARN_UNUSED_RESULT; // Makes |ShouldInitializeTPMForChromeOSUser| start returning false. // Should be called before starting TPM initialization for the user. // Assumes |InitializeNSSForChromeOSUser| had already been called. CRYPTO_EXPORT void WillInitializeTPMForChromeOSUser( const std::string& username_hash); // Use TPM slot |slot_id| for user. InitializeNSSForChromeOSUser must have been // called first. CRYPTO_EXPORT void InitializeTPMForChromeOSUser( const std::string& username_hash, CK_SLOT_ID slot_id); // Use the software slot as the private slot for user. // InitializeNSSForChromeOSUser must have been called first. CRYPTO_EXPORT void InitializePrivateSoftwareSlotForChromeOSUser( const std::string& username_hash); // Returns a reference to the public slot for user. CRYPTO_EXPORT ScopedPK11Slot GetPublicSlotForChromeOSUser( const std::string& username_hash) WARN_UNUSED_RESULT; // Returns the private slot for |username_hash| if it is loaded. If it is not // loaded and |callback| is non-null, the |callback| will be run once the slot // is loaded. CRYPTO_EXPORT ScopedPK11Slot GetPrivateSlotForChromeOSUser( const std::string& username_hash, const base::Callback& callback) WARN_UNUSED_RESULT; // Closes the NSS DB for |username_hash| that was previously opened by the // *Initialize*ForChromeOSUser functions. CRYPTO_EXPORT void CloseChromeOSUserForTesting( const std::string& username_hash); #endif // defined(OS_CHROMEOS) } // namespace crypto #endif // CRYPTO_NSS_UTIL_INTERNAL_H_