Change the Chrome OS PKCS #11 module from libopencryptoki.so to libchaps.so.

crypto/nss_util.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "crypto/nss_util.h"
 #include "crypto/nss_util_internal.h"
 
 #include <nss.h>
 #include <plarena.h>
 #include <prerror.h>
@@ skipping 37 matching lines @@
 #include "crypto/crypto_module_blocking_password_delegate.h"
 #endif  // defined(USE_NSS)
 
 namespace crypto {
 
 namespace {
 
 #if defined(OS_CHROMEOS)
 const char kNSSDatabaseName[] = "Real NSS database";
 
-// Constants for loading opencryptoki.
-const char kOpencryptokiModuleName[] = "opencryptoki";
-const char kOpencryptokiPath[] = "/usr/lib/opencryptoki/libopencryptoki.so";
+// Constants for loading the Chrome OS TPM-backed PKCS #11 library.
+const char kChapsModuleName[] = "Chaps";
+const char kChapsPath[] = "libchaps.so";
 
 // Fake certificate authority database used for testing.
 static const FilePath::CharType kReadOnlyCertDB[] =
     FILE_PATH_LITERAL("/etc/fake_root_ca/nssdb");
 #endif  // defined(OS_CHROMEOS)
 
 std::string GetNSSErrorMessage() {
   std::string result;
   if (PR_GetErrorTextLength()) {
     scoped_array<char> error_text(new char[PR_GetErrorTextLength() + 1]);
@@ skipping 167 matching lines @@
       software_slot_ = OpenUserDB(GetDefaultConfigDirectory(),
                                   kNSSDatabaseName);
     }
   }
 
   void EnableTPMTokenForNSS(TPMTokenInfoDelegate* info_delegate) {
     CHECK(info_delegate);
     tpm_token_info_delegate_.reset(info_delegate);
   }
 
-  // This is called whenever we want to make sure opencryptoki is
+  // This is called whenever we want to make sure Chaps is
   // properly loaded, because it can fail shortly after the initial
   // login while the PINs are being initialized, and we want to retry
   // if this happens.
   bool EnsureTPMTokenReady() {
     // If EnableTPMTokenForNSS hasn't been called, return false.
     if (tpm_token_info_delegate_.get() == NULL)
       return false;
 
     // If everything is already initialized, then return true.
-    if (opencryptoki_module_ && tpm_slot_)
+    if (chaps_module_ && tpm_slot_)
       return true;
 
     if (tpm_token_info_delegate_->IsTokenReady()) {
-      // This tries to load the opencryptoki module so NSS can talk to
-      // the hardware TPM.
-      if (!opencryptoki_module_) {
-        opencryptoki_module_ = LoadModule(
-            kOpencryptokiModuleName,
-            kOpencryptokiPath,
+      // This tries to load the Chaps module so NSS can talk to the hardware
+      // TPM.
+      if (!chaps_module_) {
+        chaps_module_ = LoadModule(
+            kChapsModuleName,
+            kChapsPath,
             // trustOrder=100 -- means it'll select this as the most
             //   trusted slot for the mechanisms it provides.
             // slotParams=... -- selects RSA as the only mechanism, and only
             //   asks for the password when necessary (instead of every
             //   time, or after a timeout).
             "trustOrder=100 slotParams=(1={slotFlags=[RSA] askpw=only})");
       }
-      if (opencryptoki_module_) {
+      if (chaps_module_) {
         // If this gets set, then we'll use the TPM for certs with
         // private keys, otherwise we'll fall back to the software
         // implementation.
         tpm_slot_ = GetTPMSlot();
         return tpm_slot_ != NULL;
       }
     }
     return false;
   }
 
@@ skipping 80 matching lines @@
       return PK11_ReferenceSlot(software_slot_);
     return PK11_GetInternalKeySlot();
   }
 
   PK11SlotInfo* GetPrivateNSSKeySlot() {
     if (test_slot_)
       return PK11_ReferenceSlot(test_slot_);
 
 #if defined(OS_CHROMEOS)
     // Make sure that if EnableTPMTokenForNSS has been called that we
-    // have successfully loaded opencryptoki.
+    // have successfully loaded Chaps.
     if (tpm_token_info_delegate_.get() != NULL) {
       if (EnsureTPMTokenReady()) {
         return PK11_ReferenceSlot(tpm_slot_);
       } else {
         // If we were supposed to get the hardware token, but were
         // unable to, return NULL rather than fall back to sofware.
         return NULL;
       }
     }
 #endif
@@ skipping 13 matching lines @@
   // This method is used to force NSS to be initialized without a DB.
   // Call this method before NSSInitSingleton() is constructed.
   static void ForceNoDBInit() {
     force_nodb_init_ = true;
   }
 
  private:
   friend struct base::DefaultLazyInstanceTraits<NSSInitSingleton>;
 
   NSSInitSingleton()
-      : opencryptoki_module_(NULL),
+      : chaps_module_(NULL),
         software_slot_(NULL),
         test_slot_(NULL),
         tpm_slot_(NULL),
         root_(NULL),
         chromeos_user_logged_in_(false) {
     EnsureNSPRInit();
 
     // We *must* have NSS >= 3.12.3.  See bug 26448.
     COMPILE_ASSERT(
         (NSS_VMAJOR == 3 && NSS_VMINOR == 12 && NSS_VPATCH >= 3) ||
@@ skipping 94 matching lines @@
       SECMOD_CloseUserDB(software_slot_);
       PK11_FreeSlot(software_slot_);
       software_slot_ = NULL;
     }
     CloseTestNSSDB();
     if (root_) {
       SECMOD_UnloadUserModule(root_);
       SECMOD_DestroyModule(root_);
       root_ = NULL;
     }
-    if (opencryptoki_module_) {
-      SECMOD_UnloadUserModule(opencryptoki_module_);
-      SECMOD_DestroyModule(opencryptoki_module_);
-      opencryptoki_module_ = NULL;
+    if (chaps_module_) {
+      SECMOD_UnloadUserModule(chaps_module_);
+      SECMOD_DestroyModule(chaps_module_);
+      chaps_module_ = NULL;
     }
 
     SECStatus status = NSS_Shutdown();
     if (status != SECSuccess) {
       // We VLOG(1) because this failure is relatively harmless (leaking, but
       // we're shutting down anyway).
       VLOG(1) << "NSS_Shutdown failed; see http://crbug.com/4609";
     }
   }
 
@@ skipping 50 matching lines @@
     return db_slot;
   }
 
   // If this is set to true NSS is forced to be initialized without a DB.
   static bool force_nodb_init_;
 
 #if defined(OS_CHROMEOS)
   scoped_ptr<TPMTokenInfoDelegate> tpm_token_info_delegate_;
 #endif
 
-  SECMODModule* opencryptoki_module_;
+  SECMODModule* chaps_module_;
   PK11SlotInfo* software_slot_;
   PK11SlotInfo* test_slot_;
   PK11SlotInfo* tpm_slot_;
   SECMODModule* root_;
   bool chromeos_user_logged_in_;
 #if defined(USE_NSS)
   // TODO(davidben): When https://bugzilla.mozilla.org/show_bug.cgi?id=564011
   // is fixed, we will no longer need the lock.
   base::Lock write_lock_;
 #endif  // defined(USE_NSS)
@@ skipping 180 matching lines @@
 
 PK11SlotInfo* GetPublicNSSKeySlot() {
   return g_nss_singleton.Get().GetPublicNSSKeySlot();
 }
 
 PK11SlotInfo* GetPrivateNSSKeySlot() {
   return g_nss_singleton.Get().GetPrivateNSSKeySlot();
 }
 
 }  // namespace crypto