| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CRYPTO_NSS_UTIL_H_ | 5 #ifndef CRYPTO_NSS_UTIL_H_ |
| 6 #define CRYPTO_NSS_UTIL_H_ | 6 #define CRYPTO_NSS_UTIL_H_ |
| 7 #pragma once | 7 #pragma once |
| 8 | 8 |
| 9 #include <string> | 9 #include <string> |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| 11 #include "crypto/crypto_export.h" | 11 #include "crypto/crypto_export.h" |
| 12 | 12 |
| 13 #if defined(USE_NSS) | 13 #if defined(USE_NSS) |
| 14 class FilePath; | 14 class FilePath; |
| 15 #endif // defined(USE_NSS) | 15 #endif // defined(USE_NSS) |
| 16 | 16 |
| 17 namespace base { | 17 namespace base { |
| 18 class Lock; | 18 class Lock; |
| 19 class Time; | 19 class Time; |
| 20 } // namespace base | 20 } // namespace base |
| 21 | 21 |
| 22 // This file specifically doesn't depend on any NSS or NSPR headers because it | 22 // This file specifically doesn't depend on any NSS or NSPR headers because it |
| 23 // is included by various (non-crypto) parts of chrome to call the | 23 // is included by various (non-crypto) parts of chrome to call the |
| 24 // initialization functions. | 24 // initialization functions. |
| 25 namespace crypto { | 25 namespace crypto { |
| 26 | 26 |
| 27 class SymmetricKey; |
| 28 |
| 27 #if defined(USE_NSS) | 29 #if defined(USE_NSS) |
| 28 // EarlySetupForNSSInit performs lightweight setup which must occur before the | 30 // EarlySetupForNSSInit performs lightweight setup which must occur before the |
| 29 // process goes multithreaded. This does not initialise NSS. For test, see | 31 // process goes multithreaded. This does not initialise NSS. For test, see |
| 30 // EnsureNSSInit. | 32 // EnsureNSSInit. |
| 31 CRYPTO_EXPORT void EarlySetupForNSSInit(); | 33 CRYPTO_EXPORT void EarlySetupForNSSInit(); |
| 32 #endif | 34 #endif |
| 33 | 35 |
| 34 // Initialize NRPR if it isn't already initialized. This function is | 36 // Initialize NRPR if it isn't already initialized. This function is |
| 35 // thread-safe, and NSPR will only ever be initialized once. | 37 // thread-safe, and NSPR will only ever be initialized once. |
| 36 CRYPTO_EXPORT void EnsureNSPRInit(); | 38 CRYPTO_EXPORT void EnsureNSPRInit(); |
| (...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 126 | 128 |
| 127 // Returns true if the TPM is owned and PKCS#11 initialized with the | 129 // Returns true if the TPM is owned and PKCS#11 initialized with the |
| 128 // user and security officer PINs, and has been enabled in NSS by | 130 // user and security officer PINs, and has been enabled in NSS by |
| 129 // calling EnableTPMForNSS, and opencryptoki has been successfully | 131 // calling EnableTPMForNSS, and opencryptoki has been successfully |
| 130 // loaded into NSS. | 132 // loaded into NSS. |
| 131 CRYPTO_EXPORT bool IsTPMTokenReady(); | 133 CRYPTO_EXPORT bool IsTPMTokenReady(); |
| 132 | 134 |
| 133 // Same as IsTPMTokenReady() except this attempts to initialize the token | 135 // Same as IsTPMTokenReady() except this attempts to initialize the token |
| 134 // if necessary. | 136 // if necessary. |
| 135 CRYPTO_EXPORT bool EnsureTPMTokenReady(); | 137 CRYPTO_EXPORT bool EnsureTPMTokenReady(); |
| 138 |
| 139 // Gets supplemental user key. Creates one in NSS database if it does not exist. |
| 140 // The supplemental user key is used for AES encryption of user data that is |
| 141 // stored and protected by cryptohome. This additional layer of encryption of |
| 142 // provided to ensure that sensitive data wouldn't be exposed in plain text in |
| 143 // case when an attacker would somehow gain access to all content within |
| 144 // cryptohome. |
| 145 CRYPTO_EXPORT SymmetricKey* GetSupplementalUserKey(); |
| 136 #endif | 146 #endif |
| 137 | 147 |
| 138 // Convert a NSS PRTime value into a base::Time object. | 148 // Convert a NSS PRTime value into a base::Time object. |
| 139 // We use a int64 instead of PRTime here to avoid depending on NSPR headers. | 149 // We use a int64 instead of PRTime here to avoid depending on NSPR headers. |
| 140 CRYPTO_EXPORT base::Time PRTimeToBaseTime(int64 prtime); | 150 CRYPTO_EXPORT base::Time PRTimeToBaseTime(int64 prtime); |
| 141 | 151 |
| 142 #if defined(USE_NSS) | 152 #if defined(USE_NSS) |
| 143 // Exposed for unittests only. |path| should be an existing directory under | 153 // Exposed for unittests only. |path| should be an existing directory under |
| 144 // which the DB files will be placed. |description| is a user-visible name for | 154 // which the DB files will be placed. |description| is a user-visible name for |
| 145 // the DB, as a utf8 string, which will be truncated at 32 bytes. | 155 // the DB, as a utf8 string, which will be truncated at 32 bytes. |
| (...skipping 19 matching lines...) Expand all Loading... |
| 165 private: | 175 private: |
| 166 base::Lock *lock_; | 176 base::Lock *lock_; |
| 167 DISALLOW_COPY_AND_ASSIGN(AutoNSSWriteLock); | 177 DISALLOW_COPY_AND_ASSIGN(AutoNSSWriteLock); |
| 168 }; | 178 }; |
| 169 | 179 |
| 170 #endif // defined(USE_NSS) | 180 #endif // defined(USE_NSS) |
| 171 | 181 |
| 172 } // namespace crypto | 182 } // namespace crypto |
| 173 | 183 |
| 174 #endif // CRYPTO_NSS_UTIL_H_ | 184 #endif // CRYPTO_NSS_UTIL_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 7756025:
Changed OAuth token+secret encryption to use supplemental user key. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/