1 // Copyright 2012 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CRYPTO_NSS_UTIL_H_ 6 #define CRYPTO_NSS_UTIL_H_ 7 8 #include <stdint.h> 9 10 #include "base/compiler_specific.h" 11 #include "base/files/file_path.h" 12 #include "base/functional/callback_forward.h" 13 #include "base/threading/thread_restrictions.h" 14 #include "build/chromeos_buildflags.h" 15 #include "components/nacl/common/buildflags.h" 16 #include "crypto/crypto_export.h" 17 18 namespace base { 19 class Time; 20 } // namespace base 21 22 // This file specifically doesn't depend on any NSS or NSPR headers because it 23 // is included by various (non-crypto) parts of chrome to call the 24 // initialization functions. 25 namespace crypto { 26 27 class ScopedAllowBlockingForNSS : public base::ScopedAllowBlocking {}; 28 29 // Initialize NRPR if it isn't already initialized. This function is 30 // thread-safe, and NSPR will only ever be initialized once. 31 CRYPTO_EXPORT void EnsureNSPRInit(); 32 33 // Initialize NSS if it isn't already initialized. This must be called before 34 // any other NSS functions. This function is thread-safe, and NSS will only 35 // ever be initialized once. 36 CRYPTO_EXPORT void EnsureNSSInit(); 37 38 // Check if the current NSS version is greater than or equals to |version|. 39 // A sample version string is "3.12.3". 40 bool CheckNSSVersion(const char* version); 41 42 #if BUILDFLAG(IS_CHROMEOS_ASH) && !BUILDFLAG(IS_MINIMAL_TOOLCHAIN) 43 44 // Returns true once the TPM is owned and PKCS#11 initialized with the 45 // user and security officer PINs, and Chaps has been successfully loaded into 46 // NSS. Returns false if the TPM will never be loaded. 47 CRYPTO_EXPORT void IsTPMTokenEnabled(base::OnceCallback<void(bool)> callback); 48 49 // Initialize the TPM token and system slot. The |callback| will run on the same 50 // thread with true if the token and slot were successfully loaded or were 51 // already initialized. |callback| will be passed false if loading failed. 52 // Should be called only once. 53 CRYPTO_EXPORT void InitializeTPMTokenAndSystemSlot( 54 int system_slot_id, 55 base::OnceCallback<void(bool)> callback); 56 57 // Notifies clients that the TPM has finished initialization (i.e. notify 58 // the callbacks of `IsTPMTokenEnabled()` or `GetSystemNSSKeySlot()`). 59 // If `InitializeTPMTokenAndSystemSlot()` has been called before this method, 60 // this signals that the TPM is enabled, and should use the slot configured by 61 // those methods. If neither of those methods have been called, this signals 62 // that no TPM system slot will be available. 63 CRYPTO_EXPORT void FinishInitializingTPMTokenAndSystemSlot(); 64 65 // TODO(crbug.com/1163303) Remove when the bug is fixed. 66 // Can be used to collect additional information when public slot fails to open. 67 // Mainly checks the access permissions on the files and tries to read them. 68 // Crashes Chrome because it will crash anyway when it tries to instantiate 69 // NSSCertDatabase with a nullptr public slot, crashing early can provide better 70 // logs/stacktraces for diagnosing. 71 // Takes `nss_path` where NSS is supposed to be (or created). Will attempt 72 // creating the path if it doesn't exist (to check that it can be done). 73 // Theoretically the path should already exist because it's created when Chrome 74 // tries to open the public slot. 75 CRYPTO_EXPORT void DiagnosePublicSlotAndCrash(const base::FilePath& nss_path); 76 77 #endif // BUILDFLAG(IS_CHROMEOS_ASH) && !BUILDFLAG(IS_MINIMAL_TOOLCHAIN) 78 79 // Convert a NSS PRTime value into a base::Time object. 80 // We use a int64_t instead of PRTime here to avoid depending on NSPR headers. 81 CRYPTO_EXPORT base::Time PRTimeToBaseTime(int64_t prtime); 82 83 // Convert a base::Time object into a PRTime value. 84 // We use a int64_t instead of PRTime here to avoid depending on NSPR headers. 85 CRYPTO_EXPORT int64_t BaseTimeToPRTime(base::Time time); 86 87 } // namespace crypto 88 89 #endif // CRYPTO_NSS_UTIL_H_ 90