From 557737f70d0c097b2f1a78b4acb552dad725ab61 Mon Sep 17 00:00:00 2001 From: "mattm@google.com" Date: Fri, 6 Dec 2013 22:24:07 +0000 Subject: Initialize per-ChromeOS-user NSS slots and provide the functions to access them. BUG=302124 R=mmenke@chromium.org, rsleevi@chromium.org, xiyuan@chromium.org Review URL: https://codereview.chromium.org/53763003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@239266 0039d316-1c4b-4281-b951-d872f2087c98 --- crypto/nss_util_internal.h | 43 +++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 41 insertions(+), 2 deletions(-) (limited to 'crypto/nss_util_internal.h') diff --git a/crypto/nss_util_internal.h b/crypto/nss_util_internal.h index 056ec28..fb76bd8 100644 --- a/crypto/nss_util_internal.h +++ b/crypto/nss_util_internal.h @@ -7,7 +7,14 @@ #include +#include "base/callback.h" +#include "base/compiler_specific.h" #include "crypto/crypto_export.h" +#include "crypto/scoped_nss_types.h" + +namespace base { +class FilePath; +} // These functions return a type defined in an NSS header, and so cannot be // declared in nss_util.h. Hence, they are declared here. @@ -17,14 +24,14 @@ namespace crypto { // Returns a reference to the default NSS key slot for storing // public-key data only (e.g. server certs). Caller must release // returned reference with PK11_FreeSlot. -CRYPTO_EXPORT PK11SlotInfo* GetPublicNSSKeySlot(); +CRYPTO_EXPORT PK11SlotInfo* GetPublicNSSKeySlot() WARN_UNUSED_RESULT; // Returns a reference to the default slot for storing private-key and // mixed private-key/public-key data. Returns a hardware (TPM) NSS // key slot if on ChromeOS and EnableTPMForNSS() has been called // successfully. Caller must release returned reference with // PK11_FreeSlot. -CRYPTO_EXPORT PK11SlotInfo* GetPrivateNSSKeySlot(); +CRYPTO_EXPORT PK11SlotInfo* GetPrivateNSSKeySlot() WARN_UNUSED_RESULT; // A helper class that acquires the SECMOD list read lock while the // AutoSECMODListReadLock is in scope. @@ -38,6 +45,38 @@ class AutoSECMODListReadLock { DISALLOW_COPY_AND_ASSIGN(AutoSECMODListReadLock); }; +#if defined(OS_CHROMEOS) +// Prepare per-user NSS slot mapping. It is safe to call this function multiple +// times. Returns true if the user was added, or false if it already existed. +CRYPTO_EXPORT bool InitializeNSSForChromeOSUser( + const std::string& email, + const std::string& username_hash, + bool is_primary_user, + const base::FilePath& path) WARN_UNUSED_RESULT; + +// Use TPM slot |slot_id| for user. InitializeNSSForChromeOSUser must have been +// called first. +CRYPTO_EXPORT void InitializeTPMForChromeOSUser( + const std::string& username_hash, + CK_SLOT_ID slot_id); + +// Use the software slot as the private slot for user. +// InitializeNSSForChromeOSUser must have been called first. +CRYPTO_EXPORT void InitializePrivateSoftwareSlotForChromeOSUser( + const std::string& username_hash); + +// Returns a reference to the public slot for user. +CRYPTO_EXPORT ScopedPK11Slot GetPublicSlotForChromeOSUser( + const std::string& username_hash) WARN_UNUSED_RESULT; + +// Returns the private slot for |username_hash| if it is loaded. If it is not +// loaded and |callback| is non-null, the |callback| will be run once the slot +// is loaded. +CRYPTO_EXPORT ScopedPK11Slot GetPrivateSlotForChromeOSUser( + const std::string& username_hash, + const base::Callback& callback) WARN_UNUSED_RESULT; +#endif // defined(OS_CHROMEOS) + } // namespace crypto #endif // CRYPTO_NSS_UTIL_INTERNAL_H_ -- cgit v1.1