diff options
| author | hashimoto@chromium.org <hashimoto@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-17 10:04:17 +0000 |
|---|---|---|
| committer | hashimoto@chromium.org <hashimoto@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-17 10:04:17 +0000 |
| commit | 450b4ad7ccea8fe949634cd957a364813815fdf5 (patch) | |
| tree | 9669670b14ede6f9c8ad03e169df03a40e4b8ee2 | |
| parent | 4ded2f910c76d4af63e6b6d022fcc7f371c08e91 (diff) | |
| download | chromium_src-450b4ad7ccea8fe949634cd957a364813815fdf5.zip chromium_src-450b4ad7ccea8fe949634cd957a364813815fdf5.tar.gz chromium_src-450b4ad7ccea8fe949634cd957a364813815fdf5.tar.bz2 | |
Remove TPMTokenInfoDelegate to make TPM initialization code path simple
Move Cryptohome D-Bus method calls to chromeos::CertLibrary
BUG=125848
TEST=can login
Review URL: https://chromiumcodereview.appspot.com/10332191
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@137646 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | chrome/browser/chromeos/cros/cert_library.cc | 231 | ||||
| -rw-r--r-- | crypto/nss_util.cc | 123 | ||||
| -rw-r--r-- | crypto/nss_util.h | 35 |
3 files changed, 134 insertions, 255 deletions
diff --git a/chrome/browser/chromeos/cros/cert_library.cc b/chrome/browser/chromeos/cros/cert_library.cc index f2e1ee8..a5cade1 100644 --- a/chrome/browser/chromeos/cros/cert_library.cc +++ b/chrome/browser/chromeos/cros/cert_library.cc @@ -95,97 +95,6 @@ string16 GetDisplayString(net::X509Certificate* cert, bool hardware_backed) { } } -class RealTPMTokenInfoDelegate : public crypto::TPMTokenInfoDelegate { - public: - RealTPMTokenInfoDelegate(); - virtual ~RealTPMTokenInfoDelegate(); - - // TPMTokenInfoDeleagte overrides: - virtual void RequestIsTokenReady( - base::Callback<void(bool result)> callback) const OVERRIDE; - virtual void GetTokenInfo(std::string* token_name, - std::string* user_pin) const OVERRIDE; - - private: - // This method is used to implement RequestIsTokenReady. - void OnPkcs11IsTpmTokenReady(base::Callback<void(bool result)> callback, - DBusMethodCallStatus call_status, - bool is_tpm_token_ready) const; - - // This method is used to implement RequestIsTokenReady. - void OnPkcs11GetTpmTokenInfo(base::Callback<void(bool result)> callback, - DBusMethodCallStatus call_status, - const std::string& token_name, - const std::string& user_pin) const; - - // These are mutable since we need to cache them in IsTokenReady(). - mutable bool token_ready_; - mutable std::string token_name_; - mutable std::string user_pin_; - mutable base::WeakPtrFactory<RealTPMTokenInfoDelegate> weak_ptr_factory_; -}; - -RealTPMTokenInfoDelegate::RealTPMTokenInfoDelegate() : token_ready_(false), - weak_ptr_factory_(this) { -} - -RealTPMTokenInfoDelegate::~RealTPMTokenInfoDelegate() {} - -void RealTPMTokenInfoDelegate::RequestIsTokenReady( - base::Callback<void(bool result)> callback) const { - CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); - if (token_ready_) { - BrowserThread::PostTask(BrowserThread::UI, FROM_HERE, - base::Bind(callback, true)); - return; - } - DBusThreadManager::Get()->GetCryptohomeClient()->Pkcs11IsTpmTokenReady( - base::Bind(&RealTPMTokenInfoDelegate::OnPkcs11IsTpmTokenReady, - weak_ptr_factory_.GetWeakPtr(), - callback)); -} - -void RealTPMTokenInfoDelegate::GetTokenInfo(std::string* token_name, - std::string* user_pin) const { - // May be called from a non UI thread, but must only be called after - // IsTokenReady() returns true. - CHECK(token_ready_); - if (token_name) - *token_name = token_name_; - if (user_pin) - *user_pin = user_pin_; -} - -void RealTPMTokenInfoDelegate::OnPkcs11IsTpmTokenReady( - base::Callback<void(bool result)> callback, - DBusMethodCallStatus call_status, - bool is_tpm_token_ready) const { - if (call_status != DBUS_METHOD_CALL_SUCCESS || !is_tpm_token_ready) { - callback.Run(false); - return; - } - - // Retrieve token_name_ and user_pin_ here since they will never change - // and CryptohomeClient calls are not thread safe. - DBusThreadManager::Get()->GetCryptohomeClient()->Pkcs11GetTpmTokenInfo( - base::Bind(&RealTPMTokenInfoDelegate::OnPkcs11GetTpmTokenInfo, - weak_ptr_factory_.GetWeakPtr(), - callback)); -} - -void RealTPMTokenInfoDelegate::OnPkcs11GetTpmTokenInfo( - base::Callback<void(bool result)> callback, - DBusMethodCallStatus call_status, - const std::string& token_name, - const std::string& user_pin) const { - if (call_status == DBUS_METHOD_CALL_SUCCESS) { - token_name_ = token_name; - user_pin_ = user_pin; - token_ready_ = true; - } - callback.Run(token_ready_); -} - } // namespace ////////////////////////////////////////////////////////////////////////////// @@ -201,6 +110,7 @@ class CertLibraryImpl CertLibraryImpl() : observer_list_(new CertLibraryObserverList), + tpm_token_ready_(false), user_logged_in_(false), certificates_requested_(false), certificates_loaded_(false), @@ -210,8 +120,7 @@ class CertLibraryImpl ALLOW_THIS_IN_INITIALIZER_LIST(server_certs_(this)), ALLOW_THIS_IN_INITIALIZER_LIST(server_ca_certs_(this)), ALLOW_THIS_IN_INITIALIZER_LIST(weak_ptr_factory_(this)) { - CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)) - << __FUNCTION__ << " should be called on UI thread."; + CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); net::CertDatabase::AddObserver(this); } @@ -246,7 +155,7 @@ class CertLibraryImpl if (CommandLine::ForCurrentProcess()->HasSwitch( switches::kLoadOpencryptoki) || CommandLine::ForCurrentProcess()->HasSwitch(switches::kStubCros)) { - crypto::EnableTPMTokenForNSS(new RealTPMTokenInfoDelegate()); + crypto::EnableTPMTokenForNSS(); // Note: this calls crypto::EnsureTPMTokenReady() RequestCertificates(); } @@ -266,26 +175,22 @@ class CertLibraryImpl } virtual const CertList& GetCertificates() const OVERRIDE { - CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)) - << __FUNCTION__ << " should be called on UI thread."; + CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); return certs_; } virtual const CertList& GetUserCertificates() const OVERRIDE { - CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)) - << __FUNCTION__ << " should be called on UI thread."; + CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); return user_certs_; } virtual const CertList& GetServerCertificates() const OVERRIDE { - CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)) - << __FUNCTION__ << " should be called on UI thread."; + CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); return server_certs_; } virtual const CertList& GetCACertificates() const OVERRIDE { - CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)) - << __FUNCTION__ << " should be called on UI thread."; + CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); return server_ca_certs_; } @@ -320,13 +225,11 @@ class CertLibraryImpl // net::CertDatabase::Observer implementation. Observer added on UI thread. virtual void OnCertTrustChanged(const net::X509Certificate* cert) OVERRIDE { - CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)) - << __FUNCTION__ << " should be called on UI thread."; + CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); } virtual void OnUserCertAdded(const net::X509Certificate* cert) OVERRIDE { - CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)) - << __FUNCTION__ << " should be called on UI thread."; + CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); // Only load certificates if we have completed an initial request. if (certificates_loaded_) { BrowserThread::PostTask( @@ -337,8 +240,7 @@ class CertLibraryImpl } virtual void OnUserCertRemoved(const net::X509Certificate* cert) OVERRIDE { - CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)) - << __FUNCTION__ << " should be called on UI thread."; + CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); // Only load certificates if we have completed an initial request. if (certificates_loaded_) { BrowserThread::PostTask( @@ -356,8 +258,7 @@ class CertLibraryImpl void LoadCertificates() { VLOG(1) << " Loading Certificates."; // Certificate fetch occurs on the DB thread. - CHECK(BrowserThread::CurrentlyOn(BrowserThread::DB)) - << __FUNCTION__ << " should be called on DB thread."; + CHECK(BrowserThread::CurrentlyOn(BrowserThread::DB)); net::CertDatabase cert_db; net::CertificateList* cert_list = new net::CertificateList(); cert_db.ListCerts(cert_list); @@ -387,14 +288,6 @@ class CertLibraryImpl icu::Collator* collator_; }; - void RequestCertificatesTask() { - CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)) - << __FUNCTION__ << " should be called on UI thread."; - // Reset the task to the initial state so is_null() returns true. - request_task_ = base::Closure(); - RequestCertificates(); - } - void NotifyCertificatesLoaded(bool initial_load) { observer_list_->Notify( &CertLibrary::Observer::OnCertificatesLoaded, initial_load); @@ -402,8 +295,7 @@ class CertLibraryImpl // |cert_list| is allocated in LoadCertificates() and must be deleted here. void UpdateCertificates(net::CertificateList* cert_list) { - CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)) - << __FUNCTION__ << " should be called on UI thread."; + CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); DCHECK(cert_list); // Clear any existing certificates. @@ -484,8 +376,7 @@ class CertLibraryImpl // Call this to start the certificate list initialization process. // Must be called from the UI thread. void RequestCertificates() { - CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)) - << __FUNCTION__ << " should be called on UI thread."; + CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); certificates_requested_ = true; @@ -506,15 +397,13 @@ class CertLibraryImpl VLOG(1) << "Requesting Certificates."; DBusThreadManager::Get()->GetCryptohomeClient()->TpmIsEnabled( - base::Bind(&CertLibraryImpl::RequestCertificatesInternal, + base::Bind(&CertLibraryImpl::OnTpmIsEnabled, weak_ptr_factory_.GetWeakPtr())); } // This method is used to implement RequestCertificates. - void RequestCertificatesInternal(DBusMethodCallStatus call_status, - bool tpm_is_enabled) { - CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)) - << __FUNCTION__ << " should be called on UI thread."; + void OnTpmIsEnabled(DBusMethodCallStatus call_status, bool tpm_is_enabled) { + CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); if (call_status != DBUS_METHOD_CALL_SUCCESS || !tpm_is_enabled) { // TPM is not enabled, so proceed with empty tpm token name. VLOG(1) << "TPM not available."; @@ -522,35 +411,50 @@ class CertLibraryImpl BrowserThread::DB, FROM_HERE, base::Bind(&CertLibraryImpl::LoadCertificates, base::Unretained(this))); - } else if (crypto::IsTPMTokenReady()) { - // Need TPM token name to filter user certificates. - const bool tpm_token_ready = true; - GetTPMTokenName(tpm_token_ready); + } else if (tpm_token_ready_) { + InitializeTPMToken(); } else { - crypto::InitializeTPMToken( - base::Bind(&CertLibraryImpl::GetTPMTokenName, + DBusThreadManager::Get()->GetCryptohomeClient()->Pkcs11IsTpmTokenReady( + base::Bind(&CertLibraryImpl::OnPkcs11IsTpmTokenReady, weak_ptr_factory_.GetWeakPtr())); } } // This method is used to implement RequestCertificates. - void GetTPMTokenName(bool tpm_token_ready) { - CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)) - << __FUNCTION__ << " should be called on UI thread."; - if (tpm_token_ready) { - std::string unused_pin; - crypto::GetTPMTokenInfo(&tpm_token_name_, &unused_pin); - } else { - VLOG(1) << "TPM token not ready."; - if (request_task_.is_null()) { - // Cryptohome does not notify us when the token is ready, so call - // this again after a delay. - request_task_ = base::Bind(&CertLibraryImpl::RequestCertificatesTask, - weak_ptr_factory_.GetWeakPtr()); - BrowserThread::PostDelayedTask( - BrowserThread::UI, FROM_HERE, request_task_, - base::TimeDelta::FromMilliseconds(kRequestDelayMs)); - } + void OnPkcs11IsTpmTokenReady(DBusMethodCallStatus call_status, + bool is_tpm_token_ready) { + if (call_status != DBUS_METHOD_CALL_SUCCESS || !is_tpm_token_ready) { + MaybeRetryRequestCertificates(); + return; + } + + // Retrieve token_name_ and user_pin_ here since they will never change + // and CryptohomeClient calls are not thread safe. + DBusThreadManager::Get()->GetCryptohomeClient()->Pkcs11GetTpmTokenInfo( + base::Bind(&CertLibraryImpl::OnPkcs11GetTpmTokenInfo, + weak_ptr_factory_.GetWeakPtr())); + } + + // This method is used to implement RequestCertificates. + void OnPkcs11GetTpmTokenInfo(DBusMethodCallStatus call_status, + const std::string& token_name, + const std::string& user_pin) { + if (call_status != DBUS_METHOD_CALL_SUCCESS) { + MaybeRetryRequestCertificates(); + return; + } + tpm_token_name_ = token_name; + tpm_user_pin_ = user_pin; + tpm_token_ready_ = true; + + InitializeTPMToken(); + } + + // This method is used to implement RequestCertificates. + void InitializeTPMToken() { + CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); + if (!crypto::InitializeTPMToken(tpm_token_name_, tpm_user_pin_)) { + MaybeRetryRequestCertificates(); return; } @@ -560,15 +464,39 @@ class CertLibraryImpl base::Bind(&CertLibraryImpl::LoadCertificates, base::Unretained(this))); } + void MaybeRetryRequestCertificates() { + if (!request_task_.is_null()) + return; + // Cryptohome does not notify us when the token is ready, so call + // this again after a delay. + request_task_ = base::Bind(&CertLibraryImpl::RequestCertificatesTask, + weak_ptr_factory_.GetWeakPtr()); + BrowserThread::PostDelayedTask( + BrowserThread::UI, FROM_HERE, request_task_, + base::TimeDelta::FromMilliseconds(kRequestDelayMs)); + } + + void RequestCertificatesTask() { + CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); + // Reset the task to the initial state so is_null() returns true. + request_task_ = base::Closure(); + RequestCertificates(); + } + // Observers. const scoped_refptr<CertLibraryObserverList> observer_list_; // Active request task for re-requests while waiting for TPM init. base::Closure request_task_; + bool tpm_token_ready_; + // Cached TPM token name. std::string tpm_token_name_; + // Cached TPM user pin. + std::string tpm_user_pin_; + // Supplemental user key. scoped_ptr<crypto::SymmetricKey> supplemental_user_key_; @@ -606,8 +534,7 @@ CertLibrary* CertLibrary::GetImpl(bool stub) { ////////////////////////////////////////////////////////////////////////////// net::X509Certificate* CertLibrary::CertList::GetCertificateAt(int index) const { - CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)) - << __FUNCTION__ << " should be called on UI thread."; + CHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); DCHECK_GE(index, 0); DCHECK_LT(index, static_cast<int>(list_.size())); return list_[index].get(); diff --git a/crypto/nss_util.cc b/crypto/nss_util.cc index 927f2b8..8b62294 100644 --- a/crypto/nss_util.cc +++ b/crypto/nss_util.cc @@ -23,20 +23,17 @@ #include <vector> -#include "base/bind.h" #include "base/environment.h" #include "base/file_path.h" #include "base/file_util.h" #include "base/lazy_instance.h" #include "base/logging.h" #include "base/memory/scoped_ptr.h" -#include "base/message_loop.h" #include "base/native_library.h" #include "base/scoped_temp_dir.h" #include "base/stringprintf.h" #include "base/threading/thread_restrictions.h" #include "build/build_config.h" -#include "crypto/scoped_nss_types.h" #if defined(OS_CHROMEOS) #include "crypto/symmetric_key.h" @@ -214,9 +211,8 @@ class NSPRInitSingleton { ~NSPRInitSingleton() { PL_ArenaFinish(); PRStatus prstatus = PR_Cleanup(); - if (prstatus != PR_SUCCESS) { + if (prstatus != PR_SUCCESS) LOG(ERROR) << "PR_Cleanup failed; was NSPR initialized on wrong thread?"; - } } }; @@ -247,35 +243,56 @@ class NSSInitSingleton { } } - void EnableTPMTokenForNSS(TPMTokenInfoDelegate* info_delegate) { - CHECK(info_delegate); - tpm_token_info_delegate_.reset(info_delegate); + void EnableTPMTokenForNSS() { + tpm_token_enabled_for_nss_ = true; } - void InitializeTPMToken(InitializeTPMTokenCallback callback) { - // If EnableTPMTokenForNSS hasn't been called, run |callback| with false. - if (tpm_token_info_delegate_.get() == NULL) { - MessageLoop::current()->PostTask(FROM_HERE, base::Bind(callback, false)); - return; + bool InitializeTPMToken(const std::string& token_name, + const std::string& user_pin) { + // If EnableTPMTokenForNSS hasn't been called, return false. + if (!tpm_token_enabled_for_nss_) + return false; + + // If everything is already initialized, then return true. + if (chaps_module_ && tpm_slot_) + return true; + + tpm_token_name_ = token_name; + tpm_user_pin_ = user_pin; + + // This tries to load the Chaps module so NSS can talk to the hardware + // TPM. + if (!chaps_module_) { + chaps_module_ = LoadModule( + kChapsModuleName, + kChapsPath, + // For more details on these parameters, see: + // https://developer.mozilla.org/en/PKCS11_Module_Specs + // slotFlags=[PublicCerts] -- Certificates and public keys can be + // read from this slot without requiring a call to C_Login. + // askpw=only -- Only authenticate to the token when necessary. + "NSS=\"slotParams=(0={slotFlags=[PublicCerts] askpw=only})\""); } + if (chaps_module_){ + // If this gets set, then we'll use the TPM for certs with + // private keys, otherwise we'll fall back to the software + // implementation. + tpm_slot_ = GetTPMSlot(); - // If everything is already initialized, then run |callback| with true. - if (chaps_module_ && tpm_slot_) { - MessageLoop::current()->PostTask(FROM_HERE, base::Bind(callback, true)); - return; + return tpm_slot_ != NULL; } - tpm_token_info_delegate_->RequestIsTokenReady( - base::Bind(&NSSInitSingleton::InitializeTPMTokenInternal, - weak_ptr_factory_.GetWeakPtr(), - callback)); + return false; } void GetTPMTokenInfo(std::string* token_name, std::string* user_pin) { - if (tpm_token_info_delegate_.get() == NULL) { + if (!tpm_token_enabled_for_nss_) { LOG(ERROR) << "GetTPMTokenInfo called before TPM Token is ready."; return; } - tpm_token_info_delegate_->GetTokenInfo(token_name, user_pin); + if (token_name) + *token_name = tpm_token_name_; + if (user_pin) + *user_pin = tpm_user_pin_; } bool IsTPMTokenReady() { @@ -358,7 +375,7 @@ class NSSInitSingleton { return PK11_ReferenceSlot(test_slot_); #if defined(OS_CHROMEOS) - if (tpm_token_info_delegate_.get() != NULL) { + if (tpm_token_enabled_for_nss_) { if (IsTPMTokenReady()) { return PK11_ReferenceSlot(tpm_slot_); } else { @@ -391,13 +408,13 @@ class NSSInitSingleton { friend struct base::DefaultLazyInstanceTraits<NSSInitSingleton>; NSSInitSingleton() - : chaps_module_(NULL), + : tpm_token_enabled_for_nss_(false), + chaps_module_(NULL), software_slot_(NULL), test_slot_(NULL), tpm_slot_(NULL), root_(NULL), - chromeos_user_logged_in_(false), - ALLOW_THIS_IN_INITIALIZER_LIST(weak_ptr_factory_(this)) { + chromeos_user_logged_in_(false) { EnsureNSPRInit(); // We *must* have NSS >= 3.12.3. See bug 26448. @@ -521,38 +538,6 @@ class NSSInitSingleton { } } -#if defined(OS_CHROMEOS) - // This method is used to implement InitializeTPMToken. - void InitializeTPMTokenInternal(InitializeTPMTokenCallback callback, - bool is_token_ready) { - if (is_token_ready) { - // This tries to load the Chaps module so NSS can talk to the hardware - // TPM. - if (!chaps_module_) { - chaps_module_ = LoadModule( - kChapsModuleName, - kChapsPath, - // For more details on these parameters, see: - // https://developer.mozilla.org/en/PKCS11_Module_Specs - // slotFlags=[PublicCerts] -- Certificates and public keys can be - // read from this slot without requiring a call to C_Login. - // askpw=only -- Only authenticate to the token when necessary. - "NSS=\"slotParams=(0={slotFlags=[PublicCerts] askpw=only})\""); - } - if (chaps_module_) { - // If this gets set, then we'll use the TPM for certs with - // private keys, otherwise we'll fall back to the software - // implementation. - tpm_slot_ = GetTPMSlot(); - - callback.Run(tpm_slot_ != NULL); - return; - } - } - callback.Run(false); - } -#endif // defined(OS_CHROMEOS) - #if defined(USE_NSS) // Load nss's built-in root certs. SECMODModule* InitDefaultRootCerts() { @@ -609,17 +594,15 @@ class NSSInitSingleton { // If this is set to true NSS is forced to be initialized without a DB. static bool force_nodb_init_; -#if defined(OS_CHROMEOS) - scoped_ptr<TPMTokenInfoDelegate> tpm_token_info_delegate_; -#endif - + bool tpm_token_enabled_for_nss_; + std::string tpm_token_name_; + std::string tpm_user_pin_; SECMODModule* chaps_module_; PK11SlotInfo* software_slot_; PK11SlotInfo* test_slot_; PK11SlotInfo* tpm_slot_; SECMODModule* root_; bool chromeos_user_logged_in_; - base::WeakPtrFactory<NSSInitSingleton> weak_ptr_factory_; #if defined(USE_NSS) // TODO(davidben): When https://bugzilla.mozilla.org/show_bug.cgi?id=564011 // is fixed, we will no longer need the lock. @@ -753,11 +736,8 @@ void OpenPersistentNSSDB() { g_nss_singleton.Get().OpenPersistentNSSDB(); } -TPMTokenInfoDelegate::TPMTokenInfoDelegate() {} -TPMTokenInfoDelegate::~TPMTokenInfoDelegate() {} - -void EnableTPMTokenForNSS(TPMTokenInfoDelegate* info_delegate) { - g_nss_singleton.Get().EnableTPMTokenForNSS(info_delegate); +void EnableTPMTokenForNSS() { + g_nss_singleton.Get().EnableTPMTokenForNSS(); } void GetTPMTokenInfo(std::string* token_name, std::string* user_pin) { @@ -768,8 +748,9 @@ bool IsTPMTokenReady() { return g_nss_singleton.Get().IsTPMTokenReady(); } -void InitializeTPMToken(InitializeTPMTokenCallback callback) { - g_nss_singleton.Get().InitializeTPMToken(callback); +bool InitializeTPMToken(const std::string& token_name, + const std::string& user_pin) { + return g_nss_singleton.Get().InitializeTPMToken(token_name, user_pin); } SymmetricKey* GetSupplementalUserKey() { diff --git a/crypto/nss_util.h b/crypto/nss_util.h index 0413333..0c141b6 100644 --- a/crypto/nss_util.h +++ b/crypto/nss_util.h @@ -8,7 +8,6 @@ #include <string> #include "base/basictypes.h" -#include "base/callback.h" #include "crypto/crypto_export.h" #if defined(USE_NSS) @@ -27,9 +26,6 @@ namespace crypto { class SymmetricKey; -// A callback to handle the result of InitializeTPMToken. -typedef base::Callback<void(bool result)> InitializeTPMTokenCallback; - #if defined(USE_NSS) // EarlySetupForNSSInit performs lightweight setup which must occur before the // process goes multithreaded. This does not initialise NSS. For test, see @@ -93,36 +89,10 @@ bool CheckNSSVersion(const char* version); // GetPublicNSSKeySlot(). CRYPTO_EXPORT void OpenPersistentNSSDB(); -// A delegate class that we can use to access the cros API for -// communication with cryptohomed and the TPM. -class CRYPTO_EXPORT TPMTokenInfoDelegate { - public: - // A callback to handle the result of RequestIsTokenReady. - typedef base::Callback<void(bool result)> RequestIsTokenReadyCallback; - - TPMTokenInfoDelegate(); - virtual ~TPMTokenInfoDelegate(); - - // Runs |callback| with true if the TPM and PKCS#11 token slot is ready to be - // used. - // If IsTokenAvailable() is false this should run |callback| with false. - // If IsTokenAvailable() is true, this should eventually run |callback| with - // true. - virtual void RequestIsTokenReady(RequestIsTokenReadyCallback callback) const - = 0; - - // Fetches token properties. TODO(stevenjb): make this interface asynchronous - // so that the implementation does not have to be blocking. - virtual void GetTokenInfo(std::string* token_name, - std::string* user_pin) const = 0; -}; - // Indicates that NSS should load the Chaps library so that we // can access the TPM through NSS. Once this is called, // GetPrivateNSSKeySlot() will return the TPM slot if one was found. -// Takes ownership of the passed-in delegate object so it can access -// the cros library to talk to cryptohomed. -CRYPTO_EXPORT void EnableTPMTokenForNSS(TPMTokenInfoDelegate* delegate); +CRYPTO_EXPORT void EnableTPMTokenForNSS(); // Get name and user PIN for the built-in TPM token on ChromeOS. // Either one can safely be NULL. Should only be called after @@ -137,7 +107,8 @@ CRYPTO_EXPORT void GetTPMTokenInfo(std::string* token_name, CRYPTO_EXPORT bool IsTPMTokenReady(); // Initialize the TPM token. Does nothing if it is already initialized. -CRYPTO_EXPORT void InitializeTPMToken(InitializeTPMTokenCallback callback); +CRYPTO_EXPORT bool InitializeTPMToken(const std::string& token_name, + const std::string& user_pin); // Gets supplemental user key. Creates one in NSS database if it does not exist. // The supplemental user key is used for AES encryption of user data that is |