1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CRYPTO_NSS_UTIL_H_
6#define CRYPTO_NSS_UTIL_H_
7
8#include <stdint.h>
9
10#include <string>
11#include "base/callback.h"
12#include "base/compiler_specific.h"
13#include "base/macros.h"
14#include "crypto/crypto_export.h"
15
16namespace base {
17class FilePath;
18class Lock;
19class Time;
20}  // namespace base
21
22// This file specifically doesn't depend on any NSS or NSPR headers because it
23// is included by various (non-crypto) parts of chrome to call the
24// initialization functions.
25namespace crypto {
26
27#if defined(USE_NSS_CERTS)
28// EarlySetupForNSSInit performs lightweight setup which must occur before the
29// process goes multithreaded. This does not initialise NSS. For test, see
30// EnsureNSSInit.
31CRYPTO_EXPORT void EarlySetupForNSSInit();
32#endif
33
34// Initialize NRPR if it isn't already initialized.  This function is
35// thread-safe, and NSPR will only ever be initialized once.
36CRYPTO_EXPORT void EnsureNSPRInit();
37
38// Initialize NSS if it isn't already initialized.  This must be called before
39// any other NSS functions.  This function is thread-safe, and NSS will only
40// ever be initialized once.
41CRYPTO_EXPORT void EnsureNSSInit();
42
43// Check if the current NSS version is greater than or equals to |version|.
44// A sample version string is "3.12.3".
45bool CheckNSSVersion(const char* version);
46
47#if defined(OS_CHROMEOS)
48// Indicates that NSS should use the Chaps library so that we
49// can access the TPM through NSS.  InitializeTPMTokenAndSystemSlot and
50// InitializeTPMForChromeOSUser must still be called to load the slots.
51CRYPTO_EXPORT void EnableTPMTokenForNSS();
52
53// Returns true if EnableTPMTokenForNSS has been called.
54CRYPTO_EXPORT bool IsTPMTokenEnabledForNSS();
55
56// Returns true if the TPM is owned and PKCS#11 initialized with the
57// user and security officer PINs, and has been enabled in NSS by
58// calling EnableTPMForNSS, and Chaps has been successfully
59// loaded into NSS.
60// If |callback| is non-null and the function returns false, the |callback| will
61// be run once the TPM is ready. |callback| will never be run if the function
62// returns true.
63CRYPTO_EXPORT bool IsTPMTokenReady(const base::Closure& callback)
64    WARN_UNUSED_RESULT;
65
66// Initialize the TPM token and system slot. The |callback| will run on the same
67// thread with true if the token and slot were successfully loaded or were
68// already initialized. |callback| will be passed false if loading failed.  Once
69// called, InitializeTPMTokenAndSystemSlot must not be called again until the
70// |callback| has been run.
71CRYPTO_EXPORT void InitializeTPMTokenAndSystemSlot(
72    int system_slot_id,
73    const base::Callback<void(bool)>& callback);
74#endif
75
76// Convert a NSS PRTime value into a base::Time object.
77// We use a int64_t instead of PRTime here to avoid depending on NSPR headers.
78CRYPTO_EXPORT base::Time PRTimeToBaseTime(int64_t prtime);
79
80// Convert a base::Time object into a PRTime value.
81// We use a int64_t instead of PRTime here to avoid depending on NSPR headers.
82CRYPTO_EXPORT int64_t BaseTimeToPRTime(base::Time time);
83
84#if defined(USE_NSS_CERTS)
85// NSS has a bug which can cause a deadlock or stall in some cases when writing
86// to the certDB and keyDB. It also has a bug which causes concurrent key pair
87// generations to scribble over each other. To work around this, we synchronize
88// writes to the NSS databases with a global lock. The lock is hidden beneath a
89// function for easy disabling when the bug is fixed. Callers should allow for
90// it to return NULL in the future.
91//
92// See https://bugzilla.mozilla.org/show_bug.cgi?id=564011
93base::Lock* GetNSSWriteLock();
94
95// A helper class that acquires the NSS write Lock while the AutoNSSWriteLock
96// is in scope.
97class CRYPTO_EXPORT AutoNSSWriteLock {
98 public:
99  AutoNSSWriteLock();
100  ~AutoNSSWriteLock();
101 private:
102  base::Lock *lock_;
103  DISALLOW_COPY_AND_ASSIGN(AutoNSSWriteLock);
104};
105#endif  // defined(USE_NSS_CERTS)
106
107}  // namespace crypto
108
109#endif  // CRYPTO_NSS_UTIL_H_
110