1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CRYPTO_NSS_UTIL_INTERNAL_H_
6#define CRYPTO_NSS_UTIL_INTERNAL_H_
7
8#include <secmodt.h>
9
10#include "base/callback.h"
11#include "base/compiler_specific.h"
12#include "crypto/crypto_export.h"
13#include "crypto/scoped_nss_types.h"
14
15namespace base {
16class FilePath;
17}
18
19// These functions return a type defined in an NSS header, and so cannot be
20// declared in nss_util.h.  Hence, they are declared here.
21
22namespace crypto {
23
24// Opens an NSS software database in folder |path|, with the (potentially)
25// user-visible description |description|. Returns the slot for the opened
26// database, or NULL if the database could not be opened.
27CRYPTO_EXPORT_PRIVATE ScopedPK11Slot
28    OpenSoftwareNSSDB(const base::FilePath& path,
29                      const std::string& description);
30
31#if !defined(OS_CHROMEOS)
32// Returns a reference to the default NSS key slot for storing persistent data.
33// Caller must release returned reference with PK11_FreeSlot.
34CRYPTO_EXPORT PK11SlotInfo* GetPersistentNSSKeySlot() WARN_UNUSED_RESULT;
35#endif
36
37// A helper class that acquires the SECMOD list read lock while the
38// AutoSECMODListReadLock is in scope.
39class CRYPTO_EXPORT AutoSECMODListReadLock {
40 public:
41  AutoSECMODListReadLock();
42  ~AutoSECMODListReadLock();
43
44 private:
45  SECMODListLock* lock_;
46  DISALLOW_COPY_AND_ASSIGN(AutoSECMODListReadLock);
47};
48
49#if defined(OS_CHROMEOS)
50// Returns a reference to the system-wide TPM slot if it is loaded. If it is not
51// loaded and |callback| is non-null, the |callback| will be run once the slot
52// is loaded.
53CRYPTO_EXPORT ScopedPK11Slot GetSystemNSSKeySlot(
54    const base::Callback<void(ScopedPK11Slot)>& callback) WARN_UNUSED_RESULT;
55
56// Sets the test system slot to |slot|, which means that |slot| will be exposed
57// through |GetSystemNSSKeySlot| and |IsTPMTokenReady| will return true.
58// |InitializeTPMTokenAndSystemSlot|, which triggers the TPM initialization,
59// does not have to be called if the test system slot is set.
60// This must must not be called consecutively with a |slot| != NULL. If |slot|
61// is NULL, the test system slot is unset.
62CRYPTO_EXPORT_PRIVATE void SetSystemKeySlotForTesting(ScopedPK11Slot slot);
63
64// Prepare per-user NSS slot mapping. It is safe to call this function multiple
65// times. Returns true if the user was added, or false if it already existed.
66CRYPTO_EXPORT bool InitializeNSSForChromeOSUser(
67    const std::string& username_hash,
68    const base::FilePath& path);
69
70// Returns whether TPM for ChromeOS user still needs initialization. If
71// true is returned, the caller can proceed to initialize TPM slot for the
72// user, but should call |WillInitializeTPMForChromeOSUser| first.
73// |InitializeNSSForChromeOSUser| must have been called first.
74CRYPTO_EXPORT bool ShouldInitializeTPMForChromeOSUser(
75    const std::string& username_hash) WARN_UNUSED_RESULT;
76
77// Makes |ShouldInitializeTPMForChromeOSUser| start returning false.
78// Should be called before starting TPM initialization for the user.
79// Assumes |InitializeNSSForChromeOSUser| had already been called.
80CRYPTO_EXPORT void WillInitializeTPMForChromeOSUser(
81    const std::string& username_hash);
82
83// Use TPM slot |slot_id| for user.  InitializeNSSForChromeOSUser must have been
84// called first.
85CRYPTO_EXPORT void InitializeTPMForChromeOSUser(
86    const std::string& username_hash,
87    CK_SLOT_ID slot_id);
88
89// Use the software slot as the private slot for user.
90// InitializeNSSForChromeOSUser must have been called first.
91CRYPTO_EXPORT void InitializePrivateSoftwareSlotForChromeOSUser(
92    const std::string& username_hash);
93
94// Returns a reference to the public slot for user.
95CRYPTO_EXPORT ScopedPK11Slot GetPublicSlotForChromeOSUser(
96    const std::string& username_hash) WARN_UNUSED_RESULT;
97
98// Returns the private slot for |username_hash| if it is loaded. If it is not
99// loaded and |callback| is non-null, the |callback| will be run once the slot
100// is loaded.
101CRYPTO_EXPORT ScopedPK11Slot GetPrivateSlotForChromeOSUser(
102    const std::string& username_hash,
103    const base::Callback<void(ScopedPK11Slot)>& callback) WARN_UNUSED_RESULT;
104
105// Closes the NSS DB for |username_hash| that was previously opened by the
106// *Initialize*ForChromeOSUser functions.
107CRYPTO_EXPORT_PRIVATE void CloseChromeOSUserForTesting(
108    const std::string& username_hash);
109#endif  // defined(OS_CHROMEOS)
110
111}  // namespace crypto
112
113#endif  // CRYPTO_NSS_UTIL_INTERNAL_H_
114