Delay creating easy signin TPM keys until TPM is initialized

chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.h"
 
 #include <cryptohi.h>
 
 #include "base/base64.h"
 #include "base/bind.h"
@@ skipping 36 matching lines @@
     const base::Callback<void(crypto::ScopedPK11Slot)>& callback) {
   base::Callback<void(crypto::ScopedPK11Slot)> callback_on_origin_thread =
       base::Bind(&RunCallbackOnThreadRunner, response_task_runner, callback);
 
   crypto::ScopedPK11Slot system_slot =
       crypto::GetSystemNSSKeySlot(callback_on_origin_thread);
   if (system_slot)
     callback_on_origin_thread.Run(system_slot.Pass());
 }
 
+// Relays |EnsureUserTpmInitializedOnIOThread| callback to
+// |response_task_runner|, ignoring |slot|.
+void RunCallbackWithoutSlotOnThreadRunner(

[pneubeck (no reviews), 2015/05/12 12:21:43]

s/ThreadRunner/TaskRunner/

[tbarzic, 2015/05/12 17:10:46]

Done.

+    const scoped_refptr<base::SingleThreadTaskRunner>& response_task_runner,
+    const base::Closure& callback,
+    crypto::ScopedPK11Slot slot) {
+  response_task_runner->PostTask(FROM_HERE, callback);
+}
+
+void EnsureUserTPMInitializedOnIOThread(
+    const std::string& username_hash,
+    const scoped_refptr<base::SingleThreadTaskRunner>& response_task_runner,
+    const base::Closure& callback) {
+  base::Callback<void(crypto::ScopedPK11Slot)> callback_on_origin_thread =
+      base::Bind(&RunCallbackWithoutSlotOnThreadRunner, response_task_runner,
+                 callback);
+
+  crypto::ScopedPK11Slot private_slot = crypto::GetPrivateSlotForChromeOSUser(
+      username_hash, callback_on_origin_thread);
+  if (private_slot)
+    callback_on_origin_thread.Run(private_slot.Pass());
+}
+
 // Checks if a private RSA key associated with |public_key| can be found in
 // |slot|.
 // Must be called on a worker thread.
 scoped_ptr<crypto::RSAPrivateKey> GetPrivateKeyOnWorkerThread(
     PK11SlotInfo* slot,
     const std::string& public_key) {
   const uint8* public_key_uint8 =
       reinterpret_cast<const uint8*>(public_key.data());
   std::vector<uint8> public_key_vector(
       public_key_uint8, public_key_uint8 + public_key.size());
@@ skipping 94 matching lines @@
   if (!g_browser_process)
     return;
   PrefService* local_state = g_browser_process->local_state();
   if (!local_state)
     return;
 
   DictionaryPrefUpdate update(local_state, prefs::kEasyUnlockLocalStateTpmKeys);
   update->RemoveWithoutPathExpansion(user_id, NULL);
 }
 
-EasyUnlockTpmKeyManager::EasyUnlockTpmKeyManager(const std::string& user_id,
-                                                 PrefService* local_state)
+EasyUnlockTpmKeyManager::EasyUnlockTpmKeyManager(
+    const std::string& user_id,
+    const std::string& username_hash,
+    PrefService* local_state)
     : user_id_(user_id),
+      username_hash_(username_hash),
       local_state_(local_state),
       create_tpm_key_state_(CREATE_TPM_KEY_NOT_STARTED),
       get_tpm_slot_weak_ptr_factory_(this),
       weak_ptr_factory_(this) {
 }
 
 EasyUnlockTpmKeyManager::~EasyUnlockTpmKeyManager() {
 }
 
 bool EasyUnlockTpmKeyManager::PrepareTpmKey(
     bool check_private_key,
     const base::Closure& callback) {
   CHECK(!user_id_.empty());
+  CHECK(!username_hash_.empty());
 
   if (create_tpm_key_state_ == CREATE_TPM_KEY_DONE)
     return true;
 
   std::string key = GetPublicTpmKey(user_id_);
   if (!check_private_key && !key.empty() &&
       create_tpm_key_state_ == CREATE_TPM_KEY_NOT_STARTED) {
     return true;
   }
 
   prepare_tpm_key_callbacks_.push_back(callback);
 
   if (create_tpm_key_state_ == CREATE_TPM_KEY_NOT_STARTED) {
-    create_tpm_key_state_ = CREATE_TPM_KEY_WAITING_FOR_SYSTEM_SLOT;
+    create_tpm_key_state_ = CREATE_TPM_KEY_WAITING_FOR_USER_SLOT;
 
-    base::Callback<void(crypto::ScopedPK11Slot)> create_key_with_system_slot =
-        base::Bind(&EasyUnlockTpmKeyManager::CreateKeyInSystemSlot,
-                   get_tpm_slot_weak_ptr_factory_.GetWeakPtr(),
-                   key);
+    base::Closure on_user_tpm_ready =
+        base::Bind(&EasyUnlockTpmKeyManager::OnUserTPMInitialized,
+                   get_tpm_slot_weak_ptr_factory_.GetWeakPtr(), key);
 
     content::BrowserThread::PostTask(
-        content::BrowserThread::IO,
-        FROM_HERE,
-        base::Bind(&GetSystemSlotOnIOThread,
-                   base::ThreadTaskRunnerHandle::Get(),
-                   create_key_with_system_slot));
+        content::BrowserThread::IO, FROM_HERE,
+        base::Bind(&EnsureUserTPMInitializedOnIOThread, username_hash_,
+                   base::ThreadTaskRunnerHandle::Get(), on_user_tpm_ready));
   }
 
   return false;
 }
 
 bool EasyUnlockTpmKeyManager::StartGetSystemSlotTimeoutMs(size_t timeout_ms) {
-  if (create_tpm_key_state_ == CREATE_TPM_KEY_DONE ||
-      create_tpm_key_state_ == CREATE_TPM_KEY_GOT_SYSTEM_SLOT) {
+  if (StartedCreatingTpmKeys())
     return false;
-  }
 
   base::ThreadTaskRunnerHandle::Get()->PostDelayedTask(
       FROM_HERE,
       base::Bind(&EasyUnlockTpmKeyManager::OnTpmKeyCreated,
                  get_tpm_slot_weak_ptr_factory_.GetWeakPtr(),
                  std::string()),
       base::TimeDelta::FromMilliseconds(timeout_ms));
   return true;
 }
 
@@ skipping 27 matching lines @@
                  key, data, callback);
 
   content::BrowserThread::PostTask(
       content::BrowserThread::IO,
       FROM_HERE,
       base::Bind(&GetSystemSlotOnIOThread,
                  base::ThreadTaskRunnerHandle::Get(),
                  sign_with_system_slot));
 }
 
+bool EasyUnlockTpmKeyManager::StartedCreatingTpmKeys() const {
+  return create_tpm_key_state_ == CREATE_TPM_KEY_GOT_SYSTEM_SLOT ||
+         create_tpm_key_state_ == CREATE_TPM_KEY_DONE;
+}
+
 void EasyUnlockTpmKeyManager::SetKeyInLocalState(const std::string& user_id,
                                                  const std::string& value) {
   if (!local_state_)
     return;
 
   std::string encoded;
   base::Base64Encode(value, &encoded);
   DictionaryPrefUpdate update(local_state_,
                               prefs::kEasyUnlockLocalStateTpmKeys);
   update->SetStringWithoutPathExpansion(user_id, encoded);
 }
 
+void EasyUnlockTpmKeyManager::OnUserTPMInitialized(
+    const std::string& public_key) {
+  create_tpm_key_state_ = CREATE_TPM_KEY_WAITING_FOR_SYSTEM_SLOT;
+
+  base::Callback<void(crypto::ScopedPK11Slot)> create_key_with_system_slot =
+      base::Bind(&EasyUnlockTpmKeyManager::CreateKeyInSystemSlot,
+                 get_tpm_slot_weak_ptr_factory_.GetWeakPtr(), public_key);
+
+  content::BrowserThread::PostTask(
+      content::BrowserThread::IO, FROM_HERE,
+      base::Bind(&GetSystemSlotOnIOThread, base::ThreadTaskRunnerHandle::Get(),
+                 create_key_with_system_slot));
+}
+
 void EasyUnlockTpmKeyManager::CreateKeyInSystemSlot(
     const std::string& public_key,
     crypto::ScopedPK11Slot system_slot) {
   CHECK(system_slot);
-
   create_tpm_key_state_ = CREATE_TPM_KEY_GOT_SYSTEM_SLOT;
 
   // If there are any delayed tasks posted using |StartGetSystemSlotTimeoutMs|,
   // this will cancel them.
   // Note that this would cancel other pending |CreateKeyInSystemSlot| tasks,
   // but there should be at most one such task at a time.
   get_tpm_slot_weak_ptr_factory_.InvalidateWeakPtrs();
 
   base::WorkerPool::PostTask(
       FROM_HERE,
@@ skipping 49 matching lines @@
   // If key creation failed, reset the state machine.
   create_tpm_key_state_ =
       public_key.empty() ? CREATE_TPM_KEY_NOT_STARTED : CREATE_TPM_KEY_DONE;
 }
 
 void EasyUnlockTpmKeyManager::OnDataSigned(
     const base::Callback<void(const std::string&)>& callback,
     const std::string& signature) {
   callback.Run(signature);
 }