diff options
Diffstat (limited to 'chromium/crypto/nss_util_internal.h')
-rw-r--r-- | chromium/crypto/nss_util_internal.h | 59 |
1 files changed, 45 insertions, 14 deletions
diff --git a/chromium/crypto/nss_util_internal.h b/chromium/crypto/nss_util_internal.h index 262a59a1ba9..f321343d956 100644 --- a/chromium/crypto/nss_util_internal.h +++ b/chromium/crypto/nss_util_internal.h @@ -21,17 +21,18 @@ class FilePath; namespace crypto { -// Returns a reference to the default NSS key slot for storing -// public-key data only (e.g. server certs). Caller must release -// returned reference with PK11_FreeSlot. -CRYPTO_EXPORT PK11SlotInfo* GetPublicNSSKeySlot() WARN_UNUSED_RESULT; - -// Returns a reference to the default slot for storing private-key and -// mixed private-key/public-key data. Returns a hardware (TPM) NSS -// key slot if on ChromeOS and EnableTPMForNSS() has been called -// successfully. Caller must release returned reference with -// PK11_FreeSlot. -CRYPTO_EXPORT PK11SlotInfo* GetPrivateNSSKeySlot() WARN_UNUSED_RESULT; +// Opens an NSS software database in folder |path|, with the (potentially) +// user-visible description |description|. Returns the slot for the opened +// database, or NULL if the database could not be opened. +CRYPTO_EXPORT_PRIVATE ScopedPK11Slot + OpenSoftwareNSSDB(const base::FilePath& path, + const std::string& description); + +#if !defined(OS_CHROMEOS) +// Returns a reference to the default NSS key slot for storing persistent data. +// Caller must release returned reference with PK11_FreeSlot. +CRYPTO_EXPORT PK11SlotInfo* GetPersistentNSSKeySlot() WARN_UNUSED_RESULT; +#endif // A helper class that acquires the SECMOD list read lock while the // AutoSECMODListReadLock is in scope. @@ -46,13 +47,38 @@ class CRYPTO_EXPORT AutoSECMODListReadLock { }; #if defined(OS_CHROMEOS) +// Returns a reference to the system-wide TPM slot if it is loaded. If it is not +// loaded and |callback| is non-null, the |callback| will be run once the slot +// is loaded. +CRYPTO_EXPORT ScopedPK11Slot GetSystemNSSKeySlot( + const base::Callback<void(ScopedPK11Slot)>& callback) WARN_UNUSED_RESULT; + +// Sets the test system slot to |slot|, which means that |slot| will be exposed +// through |GetSystemNSSKeySlot| and |IsTPMTokenReady| will return true. +// |InitializeTPMTokenAndSystemSlot|, which triggers the TPM initialization, +// does not have to be called if the test system slot is set. +// This must must not be called consecutively with a |slot| != NULL. If |slot| +// is NULL, the test system slot is unset. +CRYPTO_EXPORT_PRIVATE void SetSystemKeySlotForTesting(ScopedPK11Slot slot); + // Prepare per-user NSS slot mapping. It is safe to call this function multiple // times. Returns true if the user was added, or false if it already existed. CRYPTO_EXPORT bool InitializeNSSForChromeOSUser( - const std::string& email, const std::string& username_hash, - bool is_primary_user, - const base::FilePath& path) WARN_UNUSED_RESULT; + const base::FilePath& path); + +// Returns whether TPM for ChromeOS user still needs initialization. If +// true is returned, the caller can proceed to initialize TPM slot for the +// user, but should call |WillInitializeTPMForChromeOSUser| first. +// |InitializeNSSForChromeOSUser| must have been called first. +CRYPTO_EXPORT bool ShouldInitializeTPMForChromeOSUser( + const std::string& username_hash) WARN_UNUSED_RESULT; + +// Makes |ShouldInitializeTPMForChromeOSUser| start returning false. +// Should be called before starting TPM initialization for the user. +// Assumes |InitializeNSSForChromeOSUser| had already been called. +CRYPTO_EXPORT void WillInitializeTPMForChromeOSUser( + const std::string& username_hash); // Use TPM slot |slot_id| for user. InitializeNSSForChromeOSUser must have been // called first. @@ -75,6 +101,11 @@ CRYPTO_EXPORT ScopedPK11Slot GetPublicSlotForChromeOSUser( CRYPTO_EXPORT ScopedPK11Slot GetPrivateSlotForChromeOSUser( const std::string& username_hash, const base::Callback<void(ScopedPK11Slot)>& callback) WARN_UNUSED_RESULT; + +// Closes the NSS DB for |username_hash| that was previously opened by the +// *Initialize*ForChromeOSUser functions. +CRYPTO_EXPORT_PRIVATE void CloseChromeOSUserForTesting( + const std::string& username_hash); #endif // defined(OS_CHROMEOS) } // namespace crypto |