Convert blocking chromeos::CryptohomeClient::Pkcs11* methods to async

CryptohomeLibrary::Pkcs11* methods are removed. crypto::EnsureTPMTokenReady (renamed to InitializeTPMToken) and TPMTokenInfoDelegate::IsTokenReady are also converted to async. BUG=chromium-os:16552 TEST=Login as a user, open chrome://cryptohome and see "token_name" is displayed correctly, open chrome://settings/certificates and see "Import and Bind to Device…" button is enabled (can be pushed). Review URL: http://codereview.chromium.org/9421045 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@123956 0039d316-1c4b-4281-b951-d872f2087c98
author: hashimoto@chromium.org <hashimoto@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-02-28 10:34:21 +0000
committer: hashimoto@chromium.org <hashimoto@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-02-28 10:34:21 +0000
commit: 14172c8f5b57c8ec6da296c7f1b305cb1946dd12 (patch)
tree: ba228884299aa638295874c1402a8bfc248513f0 /crypto
parent: 23bd6c4084302144ab8d81d963019e1b568fe1a8 (diff)
download: chromium_src-14172c8f5b57c8ec6da296c7f1b305cb1946dd12.zip
chromium_src-14172c8f5b57c8ec6da296c7f1b305cb1946dd12.tar.gz
chromium_src-14172c8f5b57c8ec6da296c7f1b305cb1946dd12.tar.bz2
2 files changed, 68 insertions, 44 deletions
diff --git a/crypto/nss_util.cc b/crypto/nss_util.cc
index e981cb2..48f356c 100644
--- a/crypto/nss_util.cc
+++ b/crypto/nss_util.cc
@@ -23,12 +23,14 @@
 
 #include <vector>
 
+#include "base/bind.h"
 #include "base/environment.h"
 #include "base/file_path.h"
 #include "base/file_util.h"
 #include "base/lazy_instance.h"
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
+#include "base/message_loop.h"
 #include "base/native_library.h"
 #include "base/scoped_temp_dir.h"
 #include "base/stringprintf.h"
@@ -250,42 +252,22 @@ class NSSInitSingleton {
     tpm_token_info_delegate_.reset(info_delegate);
   }
 
-  // This is called whenever we want to make sure Chaps is
-  // properly loaded, because it can fail shortly after the initial
-  // login while the PINs are being initialized, and we want to retry
-  // if this happens.
-  bool EnsureTPMTokenReady() {
-    // If EnableTPMTokenForNSS hasn't been called, return false.
-    if (tpm_token_info_delegate_.get() == NULL)
-      return false;
-
-    // If everything is already initialized, then return true.
-    if (chaps_module_ && tpm_slot_)
-      return true;
+  void InitializeTPMToken(InitializeTPMTokenCallback callback) {
+    // If EnableTPMTokenForNSS hasn't been called, run |callback| with false.
+    if (tpm_token_info_delegate_.get() == NULL) {
+      MessageLoop::current()->PostTask(FROM_HERE, base::Bind(callback, false));
+      return;
+    }
 
-    if (tpm_token_info_delegate_->IsTokenReady()) {
-      // This tries to load the Chaps module so NSS can talk to the hardware
-      // TPM.
-      if (!chaps_module_) {
-        chaps_module_ = LoadModule(
-            kChapsModuleName,
-            kChapsPath,
-            // trustOrder=100 -- means it'll select this as the most
-            //   trusted slot for the mechanisms it provides.
-            // slotParams=... -- selects RSA as the only mechanism, and only
-            //   asks for the password when necessary (instead of every
-            //   time, or after a timeout).
-            "trustOrder=100 slotParams=(1={slotFlags=[RSA] askpw=only})");
-      }
-      if (chaps_module_) {
-        // If this gets set, then we'll use the TPM for certs with
-        // private keys, otherwise we'll fall back to the software
-        // implementation.
-        tpm_slot_ = GetTPMSlot();
-        return tpm_slot_ != NULL;
-      }
+    // If everything is already initialized, then run |callback| with true.
+    if (chaps_module_ && tpm_slot_) {
+      MessageLoop::current()->PostTask(FROM_HERE, base::Bind(callback, true));
+      return;
     }
-    return false;
+    tpm_token_info_delegate_->RequestIsTokenReady(
+        base::Bind(&NSSInitSingleton::InitializeTPMTokenInternal,
+                   weak_ptr_factory_.GetWeakPtr(),
+                   callback));
   }
 
   bool IsTPMTokenAvailable() {
@@ -420,7 +402,8 @@ class NSSInitSingleton {
         test_slot_(NULL),
         tpm_slot_(NULL),
         root_(NULL),
-        chromeos_user_logged_in_(false) {
+        chromeos_user_logged_in_(false),
+        ALLOW_THIS_IN_INITIALIZER_LIST(weak_ptr_factory_(this)) {
     EnsureNSPRInit();
 
     // We *must* have NSS >= 3.12.3.  See bug 26448.
@@ -544,6 +527,37 @@ class NSSInitSingleton {
     }
   }
 
+#if defined(OS_CHROMEOS)
+  // This method is used to implement InitializeTPMToken.
+  void InitializeTPMTokenInternal(InitializeTPMTokenCallback callback,
+                                  bool is_token_ready) {
+    if (is_token_ready) {
+      // This tries to load the Chaps module so NSS can talk to the hardware
+      // TPM.
+      if (!chaps_module_) {
+        chaps_module_ = LoadModule(
+            kChapsModuleName,
+            kChapsPath,
+            // trustOrder=100 -- means it'll select this as the most
+            //   trusted slot for the mechanisms it provides.
+            // slotParams=... -- selects RSA as the only mechanism, and only
+            //   asks for the password when necessary (instead of every
+            //   time, or after a timeout).
+            "trustOrder=100 slotParams=(1={slotFlags=[RSA] askpw=only})");
+      }
+      if (chaps_module_) {
+        // If this gets set, then we'll use the TPM for certs with
+        // private keys, otherwise we'll fall back to the software
+        // implementation.
+        tpm_slot_ = GetTPMSlot();
+        callback.Run(tpm_slot_ != NULL);
+        return;
+      }
+    }
+    callback.Run(false);
+  }
+#endif
+
 #if defined(USE_NSS)
   // Load nss's built-in root certs.
   SECMODModule* InitDefaultRootCerts() {
@@ -610,6 +624,7 @@ class NSSInitSingleton {
   PK11SlotInfo* tpm_slot_;
   SECMODModule* root_;
   bool chromeos_user_logged_in_;
+  base::WeakPtrFactory<NSSInitSingleton> weak_ptr_factory_;
 #if defined(USE_NSS)
   // TODO(davidben): When https://bugzilla.mozilla.org/show_bug.cgi?id=564011
   // is fixed, we will no longer need the lock.
@@ -763,8 +778,8 @@ bool IsTPMTokenReady() {
   return g_nss_singleton.Get().IsTPMTokenReady();
 }
 
-bool EnsureTPMTokenReady() {
-  return g_nss_singleton.Get().EnsureTPMTokenReady();
+void InitializeTPMToken(InitializeTPMTokenCallback callback) {
+  g_nss_singleton.Get().InitializeTPMToken(callback);
 }
 
 SymmetricKey* GetSupplementalUserKey() {
diff --git a/crypto/nss_util.h b/crypto/nss_util.h
index 9cfdf0b..fb5049b 100644
--- a/crypto/nss_util.h
+++ b/crypto/nss_util.h
@@ -8,6 +8,7 @@
 
 #include <string>
 #include "base/basictypes.h"
+#include "base/callback.h"
 #include "crypto/crypto_export.h"
 
 #if defined(USE_NSS)
@@ -26,6 +27,9 @@ namespace crypto {
 
 class SymmetricKey;
 
+// A callback to handle the result of InitializeTPMToken.
+typedef base::Callback<void(bool result)> InitializeTPMTokenCallback;
+
 #if defined(USE_NSS)
 // EarlySetupForNSSInit performs lightweight setup which must occur before the
 // process goes multithreaded. This does not initialise NSS. For test, see
@@ -93,16 +97,22 @@ CRYPTO_EXPORT void OpenPersistentNSSDB();
 // communication with cryptohomed and the TPM.
 class CRYPTO_EXPORT TPMTokenInfoDelegate {
  public:
+  // A callback to handle the result of RequestIsTokenReady.
+  typedef base::Callback<void(bool result)> RequestIsTokenReadyCallback;
+
   TPMTokenInfoDelegate();
   virtual ~TPMTokenInfoDelegate();
 
   // Returns true if the hardware supports a TPM Token and the TPM is enabled.
   virtual bool IsTokenAvailable() const = 0;
 
-  // Returns true if the TPM and PKCS#11 token slot is ready to be used.
-  // If IsTokenAvailable() is false this should return false.
-  // If IsTokenAvailable() is true, this should eventually return true.
-  virtual bool IsTokenReady() const = 0;
+  // Runs |callback| with true if the TPM and PKCS#11 token slot is ready to be
+  // used.
+  // If IsTokenAvailable() is false this should run |callback| with false.
+  // If IsTokenAvailable() is true, this should eventually run |callback| with
+  // true.
+  virtual void RequestIsTokenReady(RequestIsTokenReadyCallback callback) const
+      = 0;
 
   // Fetches token properties. TODO(stevenjb): make this interface asynchronous
   // so that the implementation does not have to be blocking.
@@ -132,9 +142,8 @@ CRYPTO_EXPORT bool IsTPMTokenAvailable();
 // loaded into NSS.
 CRYPTO_EXPORT bool IsTPMTokenReady();
 
-// Same as IsTPMTokenReady() except this attempts to initialize the token
-// if necessary.
-CRYPTO_EXPORT bool EnsureTPMTokenReady();
+// Initialize the TPM token.  Does nothing if it is already initialized.
+CRYPTO_EXPORT void InitializeTPMToken(InitializeTPMTokenCallback callback);
 
 // Gets supplemental user key. Creates one in NSS database if it does not exist.
 // The supplemental user key is used for AES encryption of user data that is
author	hashimoto@chromium.org <hashimoto@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-02-28 10:34:21 +0000
committer	hashimoto@chromium.org <hashimoto@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-02-28 10:34:21 +0000
commit	14172c8f5b57c8ec6da296c7f1b305cb1946dd12 (patch)
tree	ba228884299aa638295874c1402a8bfc248513f0 /crypto
parent	23bd6c4084302144ab8d81d963019e1b568fe1a8 (diff)
download	chromium_src-14172c8f5b57c8ec6da296c7f1b305cb1946dd12.zip chromium_src-14172c8f5b57c8ec6da296c7f1b305cb1946dd12.tar.gz chromium_src-14172c8f5b57c8ec6da296c7f1b305cb1946dd12.tar.bz2