mattm@chromium.org | 0274629 | 2012-01-25 04:37:51 | [diff] [blame] | 1 | // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
deanm@google.com | bc1e07c7 | 2008-09-16 14:32:44 | [diff] [blame] | 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
rvargas@google.com | 4b559b4d | 2011-04-14 17:37:14 | [diff] [blame] | 5 | #ifndef CRYPTO_NSS_UTIL_H_ |
| 6 | #define CRYPTO_NSS_UTIL_H_ |
mattm@chromium.org | 1b1a264a | 2010-01-14 22:36:35 | [diff] [blame] | 7 | |
gspencer@chromium.org | 6a89ef2 | 2011-04-07 17:34:21 | [diff] [blame] | 8 | #include <string> |
mattm@chromium.org | 1b1a264a | 2010-01-14 22:36:35 | [diff] [blame] | 9 | #include "base/basictypes.h" |
darin@chromium.org | d613a990 | 2011-08-05 20:59:11 | [diff] [blame] | 10 | #include "crypto/crypto_export.h" |
deanm@google.com | bc1e07c7 | 2008-09-16 14:32:44 | [diff] [blame] | 11 | |
rvargas@google.com | 4b559b4d | 2011-04-14 17:37:14 | [diff] [blame] | 12 | namespace base { |
brettw@chromium.org | a3ef483 | 2013-02-02 05:12:33 | [diff] [blame] | 13 | class FilePath; |
rvargas@google.com | 4b559b4d | 2011-04-14 17:37:14 | [diff] [blame] | 14 | class Lock; |
| 15 | class Time; |
| 16 | } // namespace base |
| 17 | |
albertb@chromium.org | 41c78fa | 2010-03-22 20:08:41 | [diff] [blame] | 18 | // This file specifically doesn't depend on any NSS or NSPR headers because it |
| 19 | // is included by various (non-crypto) parts of chrome to call the |
| 20 | // initialization functions. |
rvargas@google.com | 4b559b4d | 2011-04-14 17:37:14 | [diff] [blame] | 21 | namespace crypto { |
deanm@google.com | bc1e07c7 | 2008-09-16 14:32:44 | [diff] [blame] | 22 | |
pneubeck@chromium.org | b17bc366 | 2013-08-12 14:09:19 | [diff] [blame] | 23 | // The TPMToken name used for the NSS slot opened by ScopedTestNSSDB. |
| 24 | CRYPTO_EXPORT extern const char kTestTPMTokenName[]; |
| 25 | |
agl@chromium.org | ac3d597 | 2011-01-13 20:33:45 | [diff] [blame] | 26 | #if defined(USE_NSS) |
| 27 | // EarlySetupForNSSInit performs lightweight setup which must occur before the |
| 28 | // process goes multithreaded. This does not initialise NSS. For test, see |
| 29 | // EnsureNSSInit. |
darin@chromium.org | d613a990 | 2011-08-05 20:59:11 | [diff] [blame] | 30 | CRYPTO_EXPORT void EarlySetupForNSSInit(); |
agl@chromium.org | ac3d597 | 2011-01-13 20:33:45 | [diff] [blame] | 31 | #endif |
| 32 | |
evan@chromium.org | 730fb13 | 2009-09-02 22:50:25 | [diff] [blame] | 33 | // Initialize NRPR if it isn't already initialized. This function is |
rvargas@google.com | 4b559b4d | 2011-04-14 17:37:14 | [diff] [blame] | 34 | // thread-safe, and NSPR will only ever be initialized once. |
darin@chromium.org | d613a990 | 2011-08-05 20:59:11 | [diff] [blame] | 35 | CRYPTO_EXPORT void EnsureNSPRInit(); |
evan@chromium.org | 730fb13 | 2009-09-02 22:50:25 | [diff] [blame] | 36 | |
jorgelo@chromium.org | 2fdd99e8 | 2012-11-29 04:46:41 | [diff] [blame] | 37 | // Initialize NSS safely for strict sandboxing. This function tells NSS to not |
| 38 | // load user security modules, and makes sure NSS will have proper entropy in a |
| 39 | // restricted, sandboxed environment. |
jorgelo@chromium.org | 5fe0c769 | 2012-11-17 03:57:56 | [diff] [blame] | 40 | // |
| 41 | // As a defense in depth measure, this function should be called in a sandboxed |
jorgelo@chromium.org | 2fdd99e8 | 2012-11-29 04:46:41 | [diff] [blame] | 42 | // environment. That way, in the event of a bug, NSS will still not be able to |
| 43 | // load security modules that could expose private data and keys. |
| 44 | // |
| 45 | // Make sure to get an LGTM from the Chrome Security Team if you use this. |
| 46 | CRYPTO_EXPORT void InitNSSSafely(); |
jorgelo@chromium.org | 5fe0c769 | 2012-11-17 03:57:56 | [diff] [blame] | 47 | |
deanm@google.com | bc1e07c7 | 2008-09-16 14:32:44 | [diff] [blame] | 48 | // Initialize NSS if it isn't already initialized. This must be called before |
| 49 | // any other NSS functions. This function is thread-safe, and NSS will only |
rvargas@google.com | 4b559b4d | 2011-04-14 17:37:14 | [diff] [blame] | 50 | // ever be initialized once. |
darin@chromium.org | d613a990 | 2011-08-05 20:59:11 | [diff] [blame] | 51 | CRYPTO_EXPORT void EnsureNSSInit(); |
deanm@google.com | bc1e07c7 | 2008-09-16 14:32:44 | [diff] [blame] | 52 | |
hclam@google.com | ed450f3 | 2011-03-16 01:26:49 | [diff] [blame] | 53 | // Call this before calling EnsureNSSInit() will force NSS to initialize |
| 54 | // without a persistent DB. This is used for the special case where access of |
| 55 | // persistent DB is prohibited. |
| 56 | // |
| 57 | // TODO(hclam): Isolate loading default root certs. |
| 58 | // |
| 59 | // NSS will be initialized without loading any user security modules, including |
| 60 | // the built-in root certificates module. User security modules need to be |
| 61 | // loaded manually after NSS initialization. |
| 62 | // |
| 63 | // If EnsureNSSInit() is called before then this function has no effect. |
| 64 | // |
| 65 | // Calling this method only has effect on Linux. |
| 66 | // |
| 67 | // WARNING: Use this with caution. |
darin@chromium.org | d613a990 | 2011-08-05 20:59:11 | [diff] [blame] | 68 | CRYPTO_EXPORT void ForceNSSNoDBInit(); |
hclam@google.com | ed450f3 | 2011-03-16 01:26:49 | [diff] [blame] | 69 | |
jorgelo@chromium.org | 5fe0c769 | 2012-11-17 03:57:56 | [diff] [blame] | 70 | // This method is used to disable checks in NSS when used in a forked process. |
hclam@google.com | ed450f3 | 2011-03-16 01:26:49 | [diff] [blame] | 71 | // NSS checks whether it is running a forked process to avoid problems when |
| 72 | // using user security modules in a forked process. However if we are sure |
| 73 | // there are no modules loaded before the process is forked then there is no |
| 74 | // harm disabling the check. |
| 75 | // |
| 76 | // This method must be called before EnsureNSSInit() to take effect. |
| 77 | // |
| 78 | // WARNING: Use this with caution. |
darin@chromium.org | d613a990 | 2011-08-05 20:59:11 | [diff] [blame] | 79 | CRYPTO_EXPORT void DisableNSSForkCheck(); |
hclam@google.com | ed450f3 | 2011-03-16 01:26:49 | [diff] [blame] | 80 | |
hclam@google.com | f6a67b4 | 2011-03-17 23:49:21 | [diff] [blame] | 81 | // Load NSS library files. This function has no effect on Mac and Windows. |
| 82 | // This loads the necessary NSS library files so that NSS can be initialized |
| 83 | // after loading additional library files is disallowed, for example when the |
| 84 | // sandbox is active. |
| 85 | // |
| 86 | // Note that this does not load libnssckbi.so which contains the root |
| 87 | // certificates. |
darin@chromium.org | d613a990 | 2011-08-05 20:59:11 | [diff] [blame] | 88 | CRYPTO_EXPORT void LoadNSSLibraries(); |
hclam@google.com | f6a67b4 | 2011-03-17 23:49:21 | [diff] [blame] | 89 | |
hclam@chromium.org | f61c397 | 2010-12-23 09:54:15 | [diff] [blame] | 90 | // Check if the current NSS version is greater than or equals to |version|. |
| 91 | // A sample version string is "3.12.3". |
| 92 | bool CheckNSSVersion(const char* version); |
| 93 | |
cmasone@google.com | dcce6cf | 2010-04-29 17:50:06 | [diff] [blame] | 94 | #if defined(OS_CHROMEOS) |
gspencer@chromium.org | 6a89ef2 | 2011-04-07 17:34:21 | [diff] [blame] | 95 | // Open the r/w nssdb that's stored inside the user's encrypted home |
| 96 | // directory. This is the default slot returned by |
| 97 | // GetPublicNSSKeySlot(). |
darin@chromium.org | d613a990 | 2011-08-05 20:59:11 | [diff] [blame] | 98 | CRYPTO_EXPORT void OpenPersistentNSSDB(); |
gspencer@chromium.org | 6a89ef2 | 2011-04-07 17:34:21 | [diff] [blame] | 99 | |
dkrahn@chromium.org | 84e4772 | 2011-11-17 05:12:02 | [diff] [blame] | 100 | // Indicates that NSS should load the Chaps library so that we |
gspencer@chromium.org | c64b914 | 2011-04-19 18:49:54 | [diff] [blame] | 101 | // can access the TPM through NSS. Once this is called, |
| 102 | // GetPrivateNSSKeySlot() will return the TPM slot if one was found. |
hashimoto@chromium.org | 450b4ad7 | 2012-05-17 10:04:17 | [diff] [blame] | 103 | CRYPTO_EXPORT void EnableTPMTokenForNSS(); |
gspencer@chromium.org | 74beead | 2011-04-12 20:40:12 | [diff] [blame] | 104 | |
gspencer@chromium.org | c64b914 | 2011-04-19 18:49:54 | [diff] [blame] | 105 | // Get name and user PIN for the built-in TPM token on ChromeOS. |
| 106 | // Either one can safely be NULL. Should only be called after |
| 107 | // EnableTPMTokenForNSS has been called with a non-null delegate. |
darin@chromium.org | d613a990 | 2011-08-05 20:59:11 | [diff] [blame] | 108 | CRYPTO_EXPORT void GetTPMTokenInfo(std::string* token_name, |
| 109 | std::string* user_pin); |
stevenjb@google.com | c175cdb | 2011-06-28 20:41:55 | [diff] [blame] | 110 | |
gspencer@chromium.org | c64b914 | 2011-04-19 18:49:54 | [diff] [blame] | 111 | // Returns true if the TPM is owned and PKCS#11 initialized with the |
| 112 | // user and security officer PINs, and has been enabled in NSS by |
dkrahn@chromium.org | 84e4772 | 2011-11-17 05:12:02 | [diff] [blame] | 113 | // calling EnableTPMForNSS, and Chaps has been successfully |
gspencer@chromium.org | c64b914 | 2011-04-19 18:49:54 | [diff] [blame] | 114 | // loaded into NSS. |
darin@chromium.org | d613a990 | 2011-08-05 20:59:11 | [diff] [blame] | 115 | CRYPTO_EXPORT bool IsTPMTokenReady(); |
stevenjb@google.com | c175cdb | 2011-06-28 20:41:55 | [diff] [blame] | 116 | |
hashimoto@chromium.org | 14172c8 | 2012-02-28 10:34:21 | [diff] [blame] | 117 | // Initialize the TPM token. Does nothing if it is already initialized. |
hashimoto@chromium.org | 450b4ad7 | 2012-05-17 10:04:17 | [diff] [blame] | 118 | CRYPTO_EXPORT bool InitializeTPMToken(const std::string& token_name, |
| 119 | const std::string& user_pin); |
cmasone@google.com | dcce6cf | 2010-04-29 17:50:06 | [diff] [blame] | 120 | #endif |
| 121 | |
mattm@chromium.org | 1b1a264a | 2010-01-14 22:36:35 | [diff] [blame] | 122 | // Convert a NSS PRTime value into a base::Time object. |
| 123 | // We use a int64 instead of PRTime here to avoid depending on NSPR headers. |
darin@chromium.org | d613a990 | 2011-08-05 20:59:11 | [diff] [blame] | 124 | CRYPTO_EXPORT base::Time PRTimeToBaseTime(int64 prtime); |
mattm@chromium.org | 1b1a264a | 2010-01-14 22:36:35 | [diff] [blame] | 125 | |
mattm@chromium.org | ca929ed3 | 2011-12-15 20:37:28 | [diff] [blame] | 126 | // Convert a base::Time object into a PRTime value. |
| 127 | // We use a int64 instead of PRTime here to avoid depending on NSPR headers. |
| 128 | CRYPTO_EXPORT int64 BaseTimeToPRTime(base::Time time); |
| 129 | |
davidben@chromium.org | 6913847 | 2010-06-25 22:44:48 | [diff] [blame] | 130 | #if defined(USE_NSS) |
mattm@chromium.org | 0274629 | 2012-01-25 04:37:51 | [diff] [blame] | 131 | // Exposed for unittests only. |
toyoshim@chromium.org | 7025e93 | 2012-10-18 07:02:54 | [diff] [blame] | 132 | // TODO(mattm): When NSS 3.14 is the minimum version required, |
| 133 | // switch back to using a separate user DB for each test. |
| 134 | // Because of https://bugzilla.mozilla.org/show_bug.cgi?id=588269 , the |
| 135 | // opened user DB is not automatically closed. |
| 136 | class CRYPTO_EXPORT_PRIVATE ScopedTestNSSDB { |
| 137 | public: |
| 138 | ScopedTestNSSDB(); |
| 139 | ~ScopedTestNSSDB(); |
| 140 | |
| 141 | bool is_open() { return is_open_; } |
| 142 | |
| 143 | private: |
| 144 | bool is_open_; |
| 145 | DISALLOW_COPY_AND_ASSIGN(ScopedTestNSSDB); |
| 146 | }; |
mattm@chromium.org | bb63903 | 2010-08-12 19:49:40 | [diff] [blame] | 147 | |
davidben@chromium.org | 6913847 | 2010-06-25 22:44:48 | [diff] [blame] | 148 | // NSS has a bug which can cause a deadlock or stall in some cases when writing |
| 149 | // to the certDB and keyDB. It also has a bug which causes concurrent key pair |
| 150 | // generations to scribble over each other. To work around this, we synchronize |
| 151 | // writes to the NSS databases with a global lock. The lock is hidden beneath a |
| 152 | // function for easy disabling when the bug is fixed. Callers should allow for |
| 153 | // it to return NULL in the future. |
| 154 | // |
| 155 | // See https://bugzilla.mozilla.org/show_bug.cgi?id=564011 |
rvargas@google.com | 4b559b4d | 2011-04-14 17:37:14 | [diff] [blame] | 156 | base::Lock* GetNSSWriteLock(); |
davidben@chromium.org | 6913847 | 2010-06-25 22:44:48 | [diff] [blame] | 157 | |
| 158 | // A helper class that acquires the NSS write Lock while the AutoNSSWriteLock |
| 159 | // is in scope. |
darin@chromium.org | d613a990 | 2011-08-05 20:59:11 | [diff] [blame] | 160 | class CRYPTO_EXPORT AutoNSSWriteLock { |
davidben@chromium.org | 6913847 | 2010-06-25 22:44:48 | [diff] [blame] | 161 | public: |
| 162 | AutoNSSWriteLock(); |
| 163 | ~AutoNSSWriteLock(); |
| 164 | private: |
rvargas@google.com | 4b559b4d | 2011-04-14 17:37:14 | [diff] [blame] | 165 | base::Lock *lock_; |
davidben@chromium.org | 6913847 | 2010-06-25 22:44:48 | [diff] [blame] | 166 | DISALLOW_COPY_AND_ASSIGN(AutoNSSWriteLock); |
| 167 | }; |
| 168 | |
| 169 | #endif // defined(USE_NSS) |
| 170 | |
rvargas@google.com | 4b559b4d | 2011-04-14 17:37:14 | [diff] [blame] | 171 | } // namespace crypto |
deanm@google.com | bc1e07c7 | 2008-09-16 14:32:44 | [diff] [blame] | 172 | |
rvargas@google.com | 4b559b4d | 2011-04-14 17:37:14 | [diff] [blame] | 173 | #endif // CRYPTO_NSS_UTIL_H_ |