OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "crypto/nss_util.h" | 5 #include "crypto/nss_util.h" |
6 #include "crypto/nss_util_internal.h" | 6 #include "crypto/nss_util_internal.h" |
7 | 7 |
8 #include <nss.h> | 8 #include <nss.h> |
9 #include <pk11pub.h> | 9 #include <pk11pub.h> |
10 #include <plarena.h> | 10 #include <plarena.h> |
11 #include <prerror.h> | 11 #include <prerror.h> |
12 #include <prinit.h> | 12 #include <prinit.h> |
13 #include <prtime.h> | 13 #include <prtime.h> |
14 #include <secmod.h> | 14 #include <secmod.h> |
15 | 15 |
16 #if defined(OS_OPENBSD) | 16 #if defined(OS_OPENBSD) |
17 #include <sys/mount.h> | 17 #include <sys/mount.h> |
18 #include <sys/param.h> | 18 #include <sys/param.h> |
19 #endif | 19 #endif |
20 | 20 |
| 21 #if defined(OS_CHROMEOS) |
| 22 #include <dlfcn.h> |
| 23 #endif |
| 24 |
21 #include <map> | 25 #include <map> |
22 #include <vector> | 26 #include <vector> |
23 | 27 |
24 #include "base/base_paths.h" | 28 #include "base/base_paths.h" |
25 #include "base/bind.h" | 29 #include "base/bind.h" |
26 #include "base/cpu.h" | 30 #include "base/cpu.h" |
27 #include "base/debug/alias.h" | 31 #include "base/debug/alias.h" |
28 #include "base/debug/stack_trace.h" | 32 #include "base/debug/stack_trace.h" |
29 #include "base/environment.h" | 33 #include "base/environment.h" |
30 #include "base/files/file_path.h" | 34 #include "base/files/file_path.h" |
(...skipping 229 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
260 private: | 264 private: |
261 ScopedPK11Slot public_slot_; | 265 ScopedPK11Slot public_slot_; |
262 ScopedPK11Slot private_slot_; | 266 ScopedPK11Slot private_slot_; |
263 | 267 |
264 bool private_slot_initialization_started_; | 268 bool private_slot_initialization_started_; |
265 | 269 |
266 typedef std::vector<base::Callback<void(ScopedPK11Slot)> > | 270 typedef std::vector<base::Callback<void(ScopedPK11Slot)> > |
267 SlotReadyCallbackList; | 271 SlotReadyCallbackList; |
268 SlotReadyCallbackList tpm_ready_callback_list_; | 272 SlotReadyCallbackList tpm_ready_callback_list_; |
269 }; | 273 }; |
| 274 |
| 275 class ScopedChapsLoadFixup { |
| 276 public: |
| 277 ScopedChapsLoadFixup(); |
| 278 ~ScopedChapsLoadFixup(); |
| 279 |
| 280 private: |
| 281 #if defined(COMPONENT_BUILD) |
| 282 void *chaps_handle_; |
| 283 #endif |
| 284 }; |
| 285 |
| 286 #if defined(COMPONENT_BUILD) |
| 287 |
| 288 ScopedChapsLoadFixup::ScopedChapsLoadFixup() { |
| 289 // HACK: libchaps links the system protobuf and there are symbol conflicts |
| 290 // with the bundled copy. Load chaps with RTLD_DEEPBIND to workaround. |
| 291 chaps_handle_ = dlopen(kChapsPath, RTLD_LOCAL | RTLD_NOW | RTLD_DEEPBIND); |
| 292 } |
| 293 |
| 294 ScopedChapsLoadFixup::~ScopedChapsLoadFixup() { |
| 295 // LoadModule() will have taken a 2nd reference. |
| 296 if (chaps_handle_) |
| 297 dlclose(chaps_handle_); |
| 298 } |
| 299 |
| 300 #else |
| 301 |
| 302 ScopedChapsLoadFixup::ScopedChapsLoadFixup() {} |
| 303 ScopedChapsLoadFixup::~ScopedChapsLoadFixup() {} |
| 304 |
| 305 #endif // defined(COMPONENT_BUILD) |
270 #endif // defined(OS_CHROMEOS) | 306 #endif // defined(OS_CHROMEOS) |
271 | 307 |
272 class NSSInitSingleton { | 308 class NSSInitSingleton { |
273 public: | 309 public: |
274 #if defined(OS_CHROMEOS) | 310 #if defined(OS_CHROMEOS) |
275 // Used with PostTaskAndReply to pass handles to worker thread and back. | 311 // Used with PostTaskAndReply to pass handles to worker thread and back. |
276 struct TPMModuleAndSlot { | 312 struct TPMModuleAndSlot { |
277 explicit TPMModuleAndSlot(SECMODModule* init_chaps_module) | 313 explicit TPMModuleAndSlot(SECMODModule* init_chaps_module) |
278 : chaps_module(init_chaps_module) {} | 314 : chaps_module(init_chaps_module) {} |
279 SECMODModule* chaps_module; | 315 SECMODModule* chaps_module; |
(...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
353 base::MessageLoop::current()->PostTask(FROM_HERE, | 389 base::MessageLoop::current()->PostTask(FROM_HERE, |
354 base::Bind(callback, false)); | 390 base::Bind(callback, false)); |
355 } | 391 } |
356 } | 392 } |
357 | 393 |
358 static void InitializeTPMTokenOnWorkerThread(CK_SLOT_ID token_slot_id, | 394 static void InitializeTPMTokenOnWorkerThread(CK_SLOT_ID token_slot_id, |
359 TPMModuleAndSlot* tpm_args) { | 395 TPMModuleAndSlot* tpm_args) { |
360 // This tries to load the Chaps module so NSS can talk to the hardware | 396 // This tries to load the Chaps module so NSS can talk to the hardware |
361 // TPM. | 397 // TPM. |
362 if (!tpm_args->chaps_module) { | 398 if (!tpm_args->chaps_module) { |
| 399 ScopedChapsLoadFixup chaps_loader; |
| 400 |
363 DVLOG(3) << "Loading chaps..."; | 401 DVLOG(3) << "Loading chaps..."; |
364 tpm_args->chaps_module = LoadModule( | 402 tpm_args->chaps_module = LoadModule( |
365 kChapsModuleName, | 403 kChapsModuleName, |
366 kChapsPath, | 404 kChapsPath, |
367 // For more details on these parameters, see: | 405 // For more details on these parameters, see: |
368 // https://developer.mozilla.org/en/PKCS11_Module_Specs | 406 // https://developer.mozilla.org/en/PKCS11_Module_Specs |
369 // slotFlags=[PublicCerts] -- Certificates and public keys can be | 407 // slotFlags=[PublicCerts] -- Certificates and public keys can be |
370 // read from this slot without requiring a call to C_Login. | 408 // read from this slot without requiring a call to C_Login. |
371 // askpw=only -- Only authenticate to the token when necessary. | 409 // askpw=only -- Only authenticate to the token when necessary. |
372 "NSS=\"slotParams=(0={slotFlags=[PublicCerts] askpw=only})\""); | 410 "NSS=\"slotParams=(0={slotFlags=[PublicCerts] askpw=only})\""); |
(...skipping 722 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1095 return time.ToInternalValue() - base::Time::UnixEpoch().ToInternalValue(); | 1133 return time.ToInternalValue() - base::Time::UnixEpoch().ToInternalValue(); |
1096 } | 1134 } |
1097 | 1135 |
1098 #if !defined(OS_CHROMEOS) | 1136 #if !defined(OS_CHROMEOS) |
1099 PK11SlotInfo* GetPersistentNSSKeySlot() { | 1137 PK11SlotInfo* GetPersistentNSSKeySlot() { |
1100 return g_nss_singleton.Get().GetPersistentNSSKeySlot(); | 1138 return g_nss_singleton.Get().GetPersistentNSSKeySlot(); |
1101 } | 1139 } |
1102 #endif | 1140 #endif |
1103 | 1141 |
1104 } // namespace crypto | 1142 } // namespace crypto |
OLD | NEW |