1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CRYPTO_NSS_UTIL_H_ 6#define CRYPTO_NSS_UTIL_H_ 7 8#include <stdint.h> 9 10#include <string> 11#include "base/callback.h" 12#include "base/compiler_specific.h" 13#include "base/macros.h" 14#include "crypto/crypto_export.h" 15 16namespace base { 17class FilePath; 18class Lock; 19class Time; 20} // namespace base 21 22// This file specifically doesn't depend on any NSS or NSPR headers because it 23// is included by various (non-crypto) parts of chrome to call the 24// initialization functions. 25namespace crypto { 26 27#if defined(USE_NSS_CERTS) 28// EarlySetupForNSSInit performs lightweight setup which must occur before the 29// process goes multithreaded. This does not initialise NSS. For test, see 30// EnsureNSSInit. 31CRYPTO_EXPORT void EarlySetupForNSSInit(); 32#endif 33 34// Initialize NRPR if it isn't already initialized. This function is 35// thread-safe, and NSPR will only ever be initialized once. 36CRYPTO_EXPORT void EnsureNSPRInit(); 37 38// Initialize NSS if it isn't already initialized. This must be called before 39// any other NSS functions. This function is thread-safe, and NSS will only 40// ever be initialized once. 41CRYPTO_EXPORT void EnsureNSSInit(); 42 43// Check if the current NSS version is greater than or equals to |version|. 44// A sample version string is "3.12.3". 45bool CheckNSSVersion(const char* version); 46 47#if defined(OS_CHROMEOS) 48// Indicates that NSS should use the Chaps library so that we 49// can access the TPM through NSS. InitializeTPMTokenAndSystemSlot and 50// InitializeTPMForChromeOSUser must still be called to load the slots. 51CRYPTO_EXPORT void EnableTPMTokenForNSS(); 52 53// Returns true if EnableTPMTokenForNSS has been called. 54CRYPTO_EXPORT bool IsTPMTokenEnabledForNSS(); 55 56// Returns true if the TPM is owned and PKCS#11 initialized with the 57// user and security officer PINs, and has been enabled in NSS by 58// calling EnableTPMForNSS, and Chaps has been successfully 59// loaded into NSS. 60// If |callback| is non-null and the function returns false, the |callback| will 61// be run once the TPM is ready. |callback| will never be run if the function 62// returns true. 63CRYPTO_EXPORT bool IsTPMTokenReady(const base::Closure& callback) 64 WARN_UNUSED_RESULT; 65 66// Initialize the TPM token and system slot. The |callback| will run on the same 67// thread with true if the token and slot were successfully loaded or were 68// already initialized. |callback| will be passed false if loading failed. Once 69// called, InitializeTPMTokenAndSystemSlot must not be called again until the 70// |callback| has been run. 71CRYPTO_EXPORT void InitializeTPMTokenAndSystemSlot( 72 int system_slot_id, 73 const base::Callback<void(bool)>& callback); 74#endif 75 76// Convert a NSS PRTime value into a base::Time object. 77// We use a int64_t instead of PRTime here to avoid depending on NSPR headers. 78CRYPTO_EXPORT base::Time PRTimeToBaseTime(int64_t prtime); 79 80// Convert a base::Time object into a PRTime value. 81// We use a int64_t instead of PRTime here to avoid depending on NSPR headers. 82CRYPTO_EXPORT int64_t BaseTimeToPRTime(base::Time time); 83 84#if defined(USE_NSS_CERTS) 85// NSS has a bug which can cause a deadlock or stall in some cases when writing 86// to the certDB and keyDB. It also has a bug which causes concurrent key pair 87// generations to scribble over each other. To work around this, we synchronize 88// writes to the NSS databases with a global lock. The lock is hidden beneath a 89// function for easy disabling when the bug is fixed. Callers should allow for 90// it to return NULL in the future. 91// 92// See https://bugzilla.mozilla.org/show_bug.cgi?id=564011 93base::Lock* GetNSSWriteLock(); 94 95// A helper class that acquires the NSS write Lock while the AutoNSSWriteLock 96// is in scope. 97class CRYPTO_EXPORT AutoNSSWriteLock { 98 public: 99 AutoNSSWriteLock(); 100 ~AutoNSSWriteLock(); 101 private: 102 base::Lock *lock_; 103 DISALLOW_COPY_AND_ASSIGN(AutoNSSWriteLock); 104}; 105#endif // defined(USE_NSS_CERTS) 106 107} // namespace crypto 108 109#endif // CRYPTO_NSS_UTIL_H_ 110