15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2012 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 55821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifndef CRYPTO_NSS_UTIL_H_ 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define CRYPTO_NSS_UTIL_H_ 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <string> 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/basictypes.h" 10a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#include "base/callback.h" 11a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "base/compiler_specific.h" 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "crypto/crypto_export.h" 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace base { 152a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)class FilePath; 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class Lock; 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class Time; 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace base 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// This file specifically doesn't depend on any NSS or NSPR headers because it 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// is included by various (non-crypto) parts of chrome to call the 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// initialization functions. 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace crypto { 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(USE_NSS) 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// EarlySetupForNSSInit performs lightweight setup which must occur before the 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// process goes multithreaded. This does not initialise NSS. For test, see 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// EnsureNSSInit. 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)CRYPTO_EXPORT void EarlySetupForNSSInit(); 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Initialize NRPR if it isn't already initialized. This function is 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// thread-safe, and NSPR will only ever be initialized once. 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)CRYPTO_EXPORT void EnsureNSPRInit(); 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 362a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// Initialize NSS safely for strict sandboxing. This function tells NSS to not 372a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// load user security modules, and makes sure NSS will have proper entropy in a 382a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// restricted, sandboxed environment. 392a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// 402a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// As a defense in depth measure, this function should be called in a sandboxed 412a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// environment. That way, in the event of a bug, NSS will still not be able to 422a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// load security modules that could expose private data and keys. 432a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// 442a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// Make sure to get an LGTM from the Chrome Security Team if you use this. 452a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)CRYPTO_EXPORT void InitNSSSafely(); 462a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Initialize NSS if it isn't already initialized. This must be called before 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// any other NSS functions. This function is thread-safe, and NSS will only 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// ever be initialized once. 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)CRYPTO_EXPORT void EnsureNSSInit(); 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Call this before calling EnsureNSSInit() will force NSS to initialize 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// without a persistent DB. This is used for the special case where access of 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// persistent DB is prohibited. 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// TODO(hclam): Isolate loading default root certs. 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// NSS will be initialized without loading any user security modules, including 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// the built-in root certificates module. User security modules need to be 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// loaded manually after NSS initialization. 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// If EnsureNSSInit() is called before then this function has no effect. 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Calling this method only has effect on Linux. 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// WARNING: Use this with caution. 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)CRYPTO_EXPORT void ForceNSSNoDBInit(); 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 692a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// This method is used to disable checks in NSS when used in a forked process. 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// NSS checks whether it is running a forked process to avoid problems when 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// using user security modules in a forked process. However if we are sure 725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// there are no modules loaded before the process is forked then there is no 735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// harm disabling the check. 745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// 755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// This method must be called before EnsureNSSInit() to take effect. 765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// WARNING: Use this with caution. 785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)CRYPTO_EXPORT void DisableNSSForkCheck(); 795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Load NSS library files. This function has no effect on Mac and Windows. 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// This loads the necessary NSS library files so that NSS can be initialized 825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// after loading additional library files is disallowed, for example when the 835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// sandbox is active. 845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// 855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Note that this does not load libnssckbi.so which contains the root 865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// certificates. 875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)CRYPTO_EXPORT void LoadNSSLibraries(); 885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Check if the current NSS version is greater than or equals to |version|. 905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// A sample version string is "3.12.3". 915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool CheckNSSVersion(const char* version); 925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(OS_CHROMEOS) 94116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch// Indicates that NSS should use the Chaps library so that we 95116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch// can access the TPM through NSS. InitializeTPMTokenAndSystemSlot and 96116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch// InitializeTPMForChromeOSUser must still be called to load the slots. 975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)CRYPTO_EXPORT void EnableTPMTokenForNSS(); 985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 99a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// Returns true if EnableTPMTokenForNSS has been called. 100a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)CRYPTO_EXPORT bool IsTPMTokenEnabledForNSS(); 101a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) 1025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Returns true if the TPM is owned and PKCS#11 initialized with the 1035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// user and security officer PINs, and has been enabled in NSS by 1045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// calling EnableTPMForNSS, and Chaps has been successfully 1055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// loaded into NSS. 106a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// If |callback| is non-null and the function returns false, the |callback| will 107a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// be run once the TPM is ready. |callback| will never be run if the function 108a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// returns true. 109a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)CRYPTO_EXPORT bool IsTPMTokenReady(const base::Closure& callback) 110a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) WARN_UNUSED_RESULT; 1115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 112116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch// Initialize the TPM token and system slot. The |callback| will run on the same 113116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch// thread with true if the token and slot were successfully loaded or were 114116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch// already initialized. |callback| will be passed false if loading failed. Once 115116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch// called, InitializeTPMTokenAndSystemSlot must not be called again until the 116116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch// |callback| has been run. 117116680a4aac90f2aa7413d9095a592090648e557Ben MurdochCRYPTO_EXPORT void InitializeTPMTokenAndSystemSlot( 118116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch int system_slot_id, 119a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) const base::Callback<void(bool)>& callback); 1205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 1215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Convert a NSS PRTime value into a base::Time object. 1235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// We use a int64 instead of PRTime here to avoid depending on NSPR headers. 1245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)CRYPTO_EXPORT base::Time PRTimeToBaseTime(int64 prtime); 1255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Convert a base::Time object into a PRTime value. 1275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// We use a int64 instead of PRTime here to avoid depending on NSPR headers. 1285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)CRYPTO_EXPORT int64 BaseTimeToPRTime(base::Time time); 1295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(USE_NSS) 1315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// NSS has a bug which can cause a deadlock or stall in some cases when writing 1325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// to the certDB and keyDB. It also has a bug which causes concurrent key pair 1335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// generations to scribble over each other. To work around this, we synchronize 1345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// writes to the NSS databases with a global lock. The lock is hidden beneath a 1355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// function for easy disabling when the bug is fixed. Callers should allow for 1365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// it to return NULL in the future. 1375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// 1385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// See https://bugzilla.mozilla.org/show_bug.cgi?id=564011 1395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)base::Lock* GetNSSWriteLock(); 1405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// A helper class that acquires the NSS write Lock while the AutoNSSWriteLock 1425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// is in scope. 1435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class CRYPTO_EXPORT AutoNSSWriteLock { 1445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) public: 1455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) AutoNSSWriteLock(); 1465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ~AutoNSSWriteLock(); 1475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) private: 1485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) base::Lock *lock_; 1495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DISALLOW_COPY_AND_ASSIGN(AutoNSSWriteLock); 1505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 1515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif // defined(USE_NSS) 1525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace crypto 1545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif // CRYPTO_NSS_UTIL_H_ 156