| // Copyright 2012 The Chromium Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef CRYPTO_NSS_UTIL_H_ |
| #define CRYPTO_NSS_UTIL_H_ |
| |
| #include <stdint.h> |
| |
| #include "base/compiler_specific.h" |
| #include "base/files/file_path.h" |
| #include "base/functional/callback_forward.h" |
| #include "base/threading/thread_restrictions.h" |
| #include "build/chromeos_buildflags.h" |
| #include "components/nacl/common/buildflags.h" |
| #include "crypto/crypto_export.h" |
| |
| namespace base { |
| class Time; |
| } // namespace base |
| |
| // This file specifically doesn't depend on any NSS or NSPR headers because it |
| // is included by various (non-crypto) parts of chrome to call the |
| // initialization functions. |
| namespace crypto { |
| |
| class ScopedAllowBlockingForNSS : public base::ScopedAllowBlocking {}; |
| |
| // Initialize NRPR if it isn't already initialized. This function is |
| // thread-safe, and NSPR will only ever be initialized once. |
| CRYPTO_EXPORT void EnsureNSPRInit(); |
| |
| // Initialize NSS if it isn't already initialized. This must be called before |
| // any other NSS functions. This function is thread-safe, and NSS will only |
| // ever be initialized once. |
| CRYPTO_EXPORT void EnsureNSSInit(); |
| |
| // Check if the current NSS version is greater than or equals to |version|. |
| // A sample version string is "3.12.3". |
| bool CheckNSSVersion(const char* version); |
| |
| #if BUILDFLAG(IS_CHROMEOS_ASH) && !BUILDFLAG(IS_MINIMAL_TOOLCHAIN) |
| |
| // Returns true once the TPM is owned and PKCS#11 initialized with the |
| // user and security officer PINs, and Chaps has been successfully loaded into |
| // NSS. Returns false if the TPM will never be loaded. |
| CRYPTO_EXPORT void IsTPMTokenEnabled(base::OnceCallback<void(bool)> callback); |
| |
| // Initialize the TPM token and system slot. The |callback| will run on the same |
| // thread with true if the token and slot were successfully loaded or were |
| // already initialized. |callback| will be passed false if loading failed. |
| // Should be called only once. |
| CRYPTO_EXPORT void InitializeTPMTokenAndSystemSlot( |
| int system_slot_id, |
| base::OnceCallback<void(bool)> callback); |
| |
| // Notifies clients that the TPM has finished initialization (i.e. notify |
| // the callbacks of `IsTPMTokenEnabled()` or `GetSystemNSSKeySlot()`). |
| // If `InitializeTPMTokenAndSystemSlot()` has been called before this method, |
| // this signals that the TPM is enabled, and should use the slot configured by |
| // those methods. If neither of those methods have been called, this signals |
| // that no TPM system slot will be available. |
| CRYPTO_EXPORT void FinishInitializingTPMTokenAndSystemSlot(); |
| |
| // TODO(crbug.com/1163303) Remove when the bug is fixed. |
| // Can be used to collect additional information when public slot fails to open. |
| // Mainly checks the access permissions on the files and tries to read them. |
| // Crashes Chrome because it will crash anyway when it tries to instantiate |
| // NSSCertDatabase with a nullptr public slot, crashing early can provide better |
| // logs/stacktraces for diagnosing. |
| // Takes `nss_path` where NSS is supposed to be (or created). Will attempt |
| // creating the path if it doesn't exist (to check that it can be done). |
| // Theoretically the path should already exist because it's created when Chrome |
| // tries to open the public slot. |
| CRYPTO_EXPORT void DiagnosePublicSlotAndCrash(const base::FilePath& nss_path); |
| |
| #endif // BUILDFLAG(IS_CHROMEOS_ASH) && !BUILDFLAG(IS_MINIMAL_TOOLCHAIN) |
| |
| // Convert a NSS PRTime value into a base::Time object. |
| // We use a int64_t instead of PRTime here to avoid depending on NSPR headers. |
| CRYPTO_EXPORT base::Time PRTimeToBaseTime(int64_t prtime); |
| |
| // Convert a base::Time object into a PRTime value. |
| // We use a int64_t instead of PRTime here to avoid depending on NSPR headers. |
| CRYPTO_EXPORT int64_t BaseTimeToPRTime(base::Time time); |
| |
| } // namespace crypto |
| |
| #endif // CRYPTO_NSS_UTIL_H_ |