blob: 534f913ed5f7998ac9f9b6e8a2d1aed3c013aef1 [file] [log] [blame]
// Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Pkcs11Init - class for handling opencryptoki initialization.
#include <sys/types.h>
#include <string>
#include <base/basictypes.h>
#include <glib.h>
#include <opencryptoki/pkcs11.h>
namespace cryptohome {
class Pkcs11Init {
Pkcs11Init() : is_initialized_(false), pkcs11_group_id_(0),
chronos_user_id_(0), chronos_group_id_(0) { }
virtual ~Pkcs11Init() { }
virtual void GetTpmTokenInfo(gchar **OUT_label,
gchar **OUT_user_pin);
// Initialize openCryptoki. This includes starting and setting up the
// necessary service daemons, and initializing the tokens.
virtual bool Initialize();
// Start the PKCS11 service daemons.
virtual bool SetUpPkcs11System();
// Initialize a PKCS#11 token and set default SO and User PINs. Will return
// false if the token was found to be already initialized.
virtual bool SetUpTPMToken();
// Sets the correct symlinks to the user's opencryptoki token dir. Also,
// sets permissions correctly for all the files and directory corresponding
// to the token.
virtual bool SetUpLinksAndPermissions();
// Check if the PKCS user token is valid.
virtual bool IsTokenBroken();
// Remove the user's token dir. Useful when token directory is found to be
// corrupted.
virtual bool RemoveUserTokenDir();
virtual bool is_initialized() const { return is_initialized_; }
// Sets the Pkcs11 initialization to true or false by dropping or removing
// the initialized file.
virtual bool SetInitialized(bool status);
static const CK_SLOT_ID kDefaultTpmSlotId;
static const CK_ULONG kMaxPinLen;
static const CK_ULONG kMaxLabelLen;
static const CK_CHAR kDefaultOpencryptokiSoPin[];
static const CK_CHAR kDefaultOpencryptokiUserPin[];
static const CK_CHAR kDefaultSoPin[];
static const CK_CHAR kDefaultUserPin[];
static const CK_CHAR kDefaultLabel[];
static const char kOpencryptokiDir[];
static const char kUserTokenLink[];
static const char kRootTokenLink[];
static const char kUserTokenDir[];
static const char kRootTokenDir[];
static const char kPkcs11Group[];
static const char kOldTokenEntry[];
static const std::string kPkcs11StartupPath;
static const std::string kPkcsSlotdPath;
static const std::string kPkcsSlotPath;
static const std::string kPkcsSlotCmd[];
static const std::string kPkcs11InitializedFile;
// Set the PIN on |slot_id| for user |user| to |new_pin| of length
// |new_pin_len|
bool SetPin(CK_SLOT_ID slot_id, CK_USER_TYPE user,
CK_CHAR_PTR old_pin, CK_ULONG old_pin_len,
CK_CHAR_PTR new_pin, CK_ULONG new_pin_len);
bool is_initialized_;
gid_t pkcs11_group_id_;
uid_t chronos_user_id_;
gid_t chronos_group_id_;
} // namespace cryptohome