| Index: chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.cc
|
| diff --git a/chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.cc b/chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.cc
|
| index 3321ed9a336e55cc9240c61ff3b2ba9d7e67ee62..f8c512af57bf83812695454673db9f00dfcbbdcc 100644
|
| --- a/chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.cc
|
| +++ b/chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.cc
|
| @@ -32,7 +32,7 @@ namespace {
|
| const int kKeyModulusLength = 2048;
|
|
|
| // Relays |GetSystemSlotOnIOThread| callback to |response_task_runner|.
|
| -void RunCallbackOnThreadRunner(
|
| +void RunCallbackOnTaskRunner(
|
| const scoped_refptr<base::SingleThreadTaskRunner>& response_task_runner,
|
| const base::Callback<void(crypto::ScopedPK11Slot)>& callback,
|
| crypto::ScopedPK11Slot slot) {
|
| @@ -46,7 +46,7 @@ void GetSystemSlotOnIOThread(
|
| const scoped_refptr<base::SingleThreadTaskRunner>& response_task_runner,
|
| const base::Callback<void(crypto::ScopedPK11Slot)>& callback) {
|
| base::Callback<void(crypto::ScopedPK11Slot)> callback_on_origin_thread =
|
| - base::Bind(&RunCallbackOnThreadRunner, response_task_runner, callback);
|
| + base::Bind(&RunCallbackOnTaskRunner, response_task_runner, callback);
|
|
|
| crypto::ScopedPK11Slot system_slot =
|
| crypto::GetSystemNSSKeySlot(callback_on_origin_thread);
|
| @@ -54,6 +54,29 @@ void GetSystemSlotOnIOThread(
|
| callback_on_origin_thread.Run(system_slot.Pass());
|
| }
|
|
|
| +// Relays |EnsureUserTpmInitializedOnIOThread| callback to
|
| +// |response_task_runner|, ignoring |slot|.
|
| +void RunCallbackWithoutSlotOnTaskRunner(
|
| + const scoped_refptr<base::SingleThreadTaskRunner>& response_task_runner,
|
| + const base::Closure& callback,
|
| + crypto::ScopedPK11Slot slot) {
|
| + response_task_runner->PostTask(FROM_HERE, callback);
|
| +}
|
| +
|
| +void EnsureUserTPMInitializedOnIOThread(
|
| + const std::string& username_hash,
|
| + const scoped_refptr<base::SingleThreadTaskRunner>& response_task_runner,
|
| + const base::Closure& callback) {
|
| + base::Callback<void(crypto::ScopedPK11Slot)> callback_on_origin_thread =
|
| + base::Bind(&RunCallbackWithoutSlotOnTaskRunner, response_task_runner,
|
| + callback);
|
| +
|
| + crypto::ScopedPK11Slot private_slot = crypto::GetPrivateSlotForChromeOSUser(
|
| + username_hash, callback_on_origin_thread);
|
| + if (private_slot)
|
| + callback_on_origin_thread.Run(private_slot.Pass());
|
| +}
|
| +
|
| // Checks if a private RSA key associated with |public_key| can be found in
|
| // |slot|.
|
| // Must be called on a worker thread.
|
| @@ -168,9 +191,12 @@ void EasyUnlockTpmKeyManager::ResetLocalStateForUser(
|
| update->RemoveWithoutPathExpansion(user_id, NULL);
|
| }
|
|
|
| -EasyUnlockTpmKeyManager::EasyUnlockTpmKeyManager(const std::string& user_id,
|
| - PrefService* local_state)
|
| +EasyUnlockTpmKeyManager::EasyUnlockTpmKeyManager(
|
| + const std::string& user_id,
|
| + const std::string& username_hash,
|
| + PrefService* local_state)
|
| : user_id_(user_id),
|
| + username_hash_(username_hash),
|
| local_state_(local_state),
|
| create_tpm_key_state_(CREATE_TPM_KEY_NOT_STARTED),
|
| get_tpm_slot_weak_ptr_factory_(this),
|
| @@ -184,6 +210,7 @@ bool EasyUnlockTpmKeyManager::PrepareTpmKey(
|
| bool check_private_key,
|
| const base::Closure& callback) {
|
| CHECK(!user_id_.empty());
|
| + CHECK(!username_hash_.empty());
|
|
|
| if (create_tpm_key_state_ == CREATE_TPM_KEY_DONE)
|
| return true;
|
| @@ -197,29 +224,24 @@ bool EasyUnlockTpmKeyManager::PrepareTpmKey(
|
| prepare_tpm_key_callbacks_.push_back(callback);
|
|
|
| if (create_tpm_key_state_ == CREATE_TPM_KEY_NOT_STARTED) {
|
| - create_tpm_key_state_ = CREATE_TPM_KEY_WAITING_FOR_SYSTEM_SLOT;
|
| + create_tpm_key_state_ = CREATE_TPM_KEY_WAITING_FOR_USER_SLOT;
|
|
|
| - base::Callback<void(crypto::ScopedPK11Slot)> create_key_with_system_slot =
|
| - base::Bind(&EasyUnlockTpmKeyManager::CreateKeyInSystemSlot,
|
| - get_tpm_slot_weak_ptr_factory_.GetWeakPtr(),
|
| - key);
|
| + base::Closure on_user_tpm_ready =
|
| + base::Bind(&EasyUnlockTpmKeyManager::OnUserTPMInitialized,
|
| + get_tpm_slot_weak_ptr_factory_.GetWeakPtr(), key);
|
|
|
| content::BrowserThread::PostTask(
|
| - content::BrowserThread::IO,
|
| - FROM_HERE,
|
| - base::Bind(&GetSystemSlotOnIOThread,
|
| - base::ThreadTaskRunnerHandle::Get(),
|
| - create_key_with_system_slot));
|
| + content::BrowserThread::IO, FROM_HERE,
|
| + base::Bind(&EnsureUserTPMInitializedOnIOThread, username_hash_,
|
| + base::ThreadTaskRunnerHandle::Get(), on_user_tpm_ready));
|
| }
|
|
|
| return false;
|
| }
|
|
|
| bool EasyUnlockTpmKeyManager::StartGetSystemSlotTimeoutMs(size_t timeout_ms) {
|
| - if (create_tpm_key_state_ == CREATE_TPM_KEY_DONE ||
|
| - create_tpm_key_state_ == CREATE_TPM_KEY_GOT_SYSTEM_SLOT) {
|
| + if (StartedCreatingTpmKeys())
|
| return false;
|
| - }
|
|
|
| base::ThreadTaskRunnerHandle::Get()->PostDelayedTask(
|
| FROM_HERE,
|
| @@ -267,6 +289,11 @@ void EasyUnlockTpmKeyManager::SignUsingTpmKey(
|
| sign_with_system_slot));
|
| }
|
|
|
| +bool EasyUnlockTpmKeyManager::StartedCreatingTpmKeys() const {
|
| + return create_tpm_key_state_ == CREATE_TPM_KEY_GOT_SYSTEM_SLOT ||
|
| + create_tpm_key_state_ == CREATE_TPM_KEY_DONE;
|
| +}
|
| +
|
| void EasyUnlockTpmKeyManager::SetKeyInLocalState(const std::string& user_id,
|
| const std::string& value) {
|
| if (!local_state_)
|
| @@ -279,11 +306,24 @@ void EasyUnlockTpmKeyManager::SetKeyInLocalState(const std::string& user_id,
|
| update->SetStringWithoutPathExpansion(user_id, encoded);
|
| }
|
|
|
| +void EasyUnlockTpmKeyManager::OnUserTPMInitialized(
|
| + const std::string& public_key) {
|
| + create_tpm_key_state_ = CREATE_TPM_KEY_WAITING_FOR_SYSTEM_SLOT;
|
| +
|
| + base::Callback<void(crypto::ScopedPK11Slot)> create_key_with_system_slot =
|
| + base::Bind(&EasyUnlockTpmKeyManager::CreateKeyInSystemSlot,
|
| + get_tpm_slot_weak_ptr_factory_.GetWeakPtr(), public_key);
|
| +
|
| + content::BrowserThread::PostTask(
|
| + content::BrowserThread::IO, FROM_HERE,
|
| + base::Bind(&GetSystemSlotOnIOThread, base::ThreadTaskRunnerHandle::Get(),
|
| + create_key_with_system_slot));
|
| +}
|
| +
|
| void EasyUnlockTpmKeyManager::CreateKeyInSystemSlot(
|
| const std::string& public_key,
|
| crypto::ScopedPK11Slot system_slot) {
|
| CHECK(system_slot);
|
| -
|
| create_tpm_key_state_ = CREATE_TPM_KEY_GOT_SYSTEM_SLOT;
|
|
|
| // If there are any delayed tasks posted using |StartGetSystemSlotTimeoutMs|,
|
|
|
Chromium Code Reviews
Issue 1138123003:
Delay creating easy signin TPM keys until TPM is initialized (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master