| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "crypto/nss_util.h" | 5 #include "crypto/nss_util.h" |
| 6 #include "crypto/nss_util_internal.h" | |
| 7 | 6 |
| 8 #include <nss.h> | 7 #include <nss.h> |
| 9 #include <pk11pub.h> | 8 #include <pk11pub.h> |
| 10 #include <plarena.h> | 9 #include <plarena.h> |
| 11 #include <prerror.h> | 10 #include <prerror.h> |
| 12 #include <prinit.h> | 11 #include <prinit.h> |
| 13 #include <prtime.h> | 12 #include <prtime.h> |
| 14 #include <secmod.h> | 13 #include <secmod.h> |
| 14 #include <utility> |
| 15 |
| 16 #include "crypto/nss_util_internal.h" |
| 15 | 17 |
| 16 #if defined(OS_OPENBSD) | 18 #if defined(OS_OPENBSD) |
| 17 #include <sys/mount.h> | 19 #include <sys/mount.h> |
| 18 #include <sys/param.h> | 20 #include <sys/param.h> |
| 19 #endif | 21 #endif |
| 20 | 22 |
| 21 #if defined(OS_CHROMEOS) | 23 #if defined(OS_CHROMEOS) |
| 22 #include <dlfcn.h> | 24 #include <dlfcn.h> |
| 23 #endif | 25 #endif |
| 24 | 26 |
| (...skipping 183 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 208 base::debug::Alias(&os_error); | 210 base::debug::Alias(&os_error); |
| 209 LOG(ERROR) << "Error initializing NSS without a persistent database: " | 211 LOG(ERROR) << "Error initializing NSS without a persistent database: " |
| 210 << GetNSSErrorMessage(); | 212 << GetNSSErrorMessage(); |
| 211 LOG(FATAL) << "nss_error=" << nss_error << ", os_error=" << os_error; | 213 LOG(FATAL) << "nss_error=" << nss_error << ", os_error=" << os_error; |
| 212 } | 214 } |
| 213 | 215 |
| 214 #if defined(OS_CHROMEOS) | 216 #if defined(OS_CHROMEOS) |
| 215 class ChromeOSUserData { | 217 class ChromeOSUserData { |
| 216 public: | 218 public: |
| 217 explicit ChromeOSUserData(ScopedPK11Slot public_slot) | 219 explicit ChromeOSUserData(ScopedPK11Slot public_slot) |
| 218 : public_slot_(public_slot.Pass()), | 220 : public_slot_(std::move(public_slot)), |
| 219 private_slot_initialization_started_(false) {} | 221 private_slot_initialization_started_(false) {} |
| 220 ~ChromeOSUserData() { | 222 ~ChromeOSUserData() { |
| 221 if (public_slot_) { | 223 if (public_slot_) { |
| 222 SECStatus status = SECMOD_CloseUserDB(public_slot_.get()); | 224 SECStatus status = SECMOD_CloseUserDB(public_slot_.get()); |
| 223 if (status != SECSuccess) | 225 if (status != SECSuccess) |
| 224 PLOG(ERROR) << "SECMOD_CloseUserDB failed: " << PORT_GetError(); | 226 PLOG(ERROR) << "SECMOD_CloseUserDB failed: " << PORT_GetError(); |
| 225 } | 227 } |
| 226 } | 228 } |
| 227 | 229 |
| 228 ScopedPK11Slot GetPublicSlot() { | 230 ScopedPK11Slot GetPublicSlot() { |
| 229 return ScopedPK11Slot( | 231 return ScopedPK11Slot( |
| 230 public_slot_ ? PK11_ReferenceSlot(public_slot_.get()) : NULL); | 232 public_slot_ ? PK11_ReferenceSlot(public_slot_.get()) : NULL); |
| 231 } | 233 } |
| 232 | 234 |
| 233 ScopedPK11Slot GetPrivateSlot( | 235 ScopedPK11Slot GetPrivateSlot( |
| 234 const base::Callback<void(ScopedPK11Slot)>& callback) { | 236 const base::Callback<void(ScopedPK11Slot)>& callback) { |
| 235 if (private_slot_) | 237 if (private_slot_) |
| 236 return ScopedPK11Slot(PK11_ReferenceSlot(private_slot_.get())); | 238 return ScopedPK11Slot(PK11_ReferenceSlot(private_slot_.get())); |
| 237 if (!callback.is_null()) | 239 if (!callback.is_null()) |
| 238 tpm_ready_callback_list_.push_back(callback); | 240 tpm_ready_callback_list_.push_back(callback); |
| 239 return ScopedPK11Slot(); | 241 return ScopedPK11Slot(); |
| 240 } | 242 } |
| 241 | 243 |
| 242 void SetPrivateSlot(ScopedPK11Slot private_slot) { | 244 void SetPrivateSlot(ScopedPK11Slot private_slot) { |
| 243 DCHECK(!private_slot_); | 245 DCHECK(!private_slot_); |
| 244 private_slot_ = private_slot.Pass(); | 246 private_slot_ = std::move(private_slot); |
| 245 | 247 |
| 246 SlotReadyCallbackList callback_list; | 248 SlotReadyCallbackList callback_list; |
| 247 callback_list.swap(tpm_ready_callback_list_); | 249 callback_list.swap(tpm_ready_callback_list_); |
| 248 for (SlotReadyCallbackList::iterator i = callback_list.begin(); | 250 for (SlotReadyCallbackList::iterator i = callback_list.begin(); |
| 249 i != callback_list.end(); | 251 i != callback_list.end(); |
| 250 ++i) { | 252 ++i) { |
| 251 (*i).Run(ScopedPK11Slot(PK11_ReferenceSlot(private_slot_.get()))); | 253 (*i).Run(ScopedPK11Slot(PK11_ReferenceSlot(private_slot_.get()))); |
| 252 } | 254 } |
| 253 } | 255 } |
| 254 | 256 |
| (...skipping 160 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 415 } | 417 } |
| 416 | 418 |
| 417 void OnInitializedTPMTokenAndSystemSlot( | 419 void OnInitializedTPMTokenAndSystemSlot( |
| 418 const base::Callback<void(bool)>& callback, | 420 const base::Callback<void(bool)>& callback, |
| 419 scoped_ptr<TPMModuleAndSlot> tpm_args) { | 421 scoped_ptr<TPMModuleAndSlot> tpm_args) { |
| 420 DCHECK(thread_checker_.CalledOnValidThread()); | 422 DCHECK(thread_checker_.CalledOnValidThread()); |
| 421 DVLOG(2) << "Loaded chaps: " << !!tpm_args->chaps_module | 423 DVLOG(2) << "Loaded chaps: " << !!tpm_args->chaps_module |
| 422 << ", got tpm slot: " << !!tpm_args->tpm_slot; | 424 << ", got tpm slot: " << !!tpm_args->tpm_slot; |
| 423 | 425 |
| 424 chaps_module_ = tpm_args->chaps_module; | 426 chaps_module_ = tpm_args->chaps_module; |
| 425 tpm_slot_ = tpm_args->tpm_slot.Pass(); | 427 tpm_slot_ = std::move(tpm_args->tpm_slot); |
| 426 if (!chaps_module_ && test_system_slot_) { | 428 if (!chaps_module_ && test_system_slot_) { |
| 427 // chromeos_unittests try to test the TPM initialization process. If we | 429 // chromeos_unittests try to test the TPM initialization process. If we |
| 428 // have a test DB open, pretend that it is the TPM slot. | 430 // have a test DB open, pretend that it is the TPM slot. |
| 429 tpm_slot_.reset(PK11_ReferenceSlot(test_system_slot_.get())); | 431 tpm_slot_.reset(PK11_ReferenceSlot(test_system_slot_.get())); |
| 430 } | 432 } |
| 431 initializing_tpm_token_ = false; | 433 initializing_tpm_token_ = false; |
| 432 | 434 |
| 433 if (tpm_slot_) | 435 if (tpm_slot_) |
| 434 RunAndClearTPMReadyCallbackList(); | 436 RunAndClearTPMReadyCallbackList(); |
| 435 | 437 |
| (...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 493 // This user already exists in our mapping. | 495 // This user already exists in our mapping. |
| 494 DVLOG(2) << username_hash << " already initialized."; | 496 DVLOG(2) << username_hash << " already initialized."; |
| 495 return false; | 497 return false; |
| 496 } | 498 } |
| 497 | 499 |
| 498 DVLOG(2) << "Opening NSS DB " << path.value(); | 500 DVLOG(2) << "Opening NSS DB " << path.value(); |
| 499 std::string db_name = base::StringPrintf( | 501 std::string db_name = base::StringPrintf( |
| 500 "%s %s", kUserNSSDatabaseName, username_hash.c_str()); | 502 "%s %s", kUserNSSDatabaseName, username_hash.c_str()); |
| 501 ScopedPK11Slot public_slot(OpenPersistentNSSDBForPath(db_name, path)); | 503 ScopedPK11Slot public_slot(OpenPersistentNSSDBForPath(db_name, path)); |
| 502 chromeos_user_map_[username_hash] = | 504 chromeos_user_map_[username_hash] = |
| 503 new ChromeOSUserData(public_slot.Pass()); | 505 new ChromeOSUserData(std::move(public_slot)); |
| 504 return true; | 506 return true; |
| 505 } | 507 } |
| 506 | 508 |
| 507 bool ShouldInitializeTPMForChromeOSUser(const std::string& username_hash) { | 509 bool ShouldInitializeTPMForChromeOSUser(const std::string& username_hash) { |
| 508 DCHECK(thread_checker_.CalledOnValidThread()); | 510 DCHECK(thread_checker_.CalledOnValidThread()); |
| 509 DCHECK(chromeos_user_map_.find(username_hash) != chromeos_user_map_.end()); | 511 DCHECK(chromeos_user_map_.find(username_hash) != chromeos_user_map_.end()); |
| 510 | 512 |
| 511 return !chromeos_user_map_[username_hash] | 513 return !chromeos_user_map_[username_hash] |
| 512 ->private_slot_initialization_started(); | 514 ->private_slot_initialization_started(); |
| 513 } | 515 } |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 546 true /* task_is_slow */ | 548 true /* task_is_slow */ |
| 547 ); | 549 ); |
| 548 } | 550 } |
| 549 | 551 |
| 550 void OnInitializedTPMForChromeOSUser(const std::string& username_hash, | 552 void OnInitializedTPMForChromeOSUser(const std::string& username_hash, |
| 551 scoped_ptr<TPMModuleAndSlot> tpm_args) { | 553 scoped_ptr<TPMModuleAndSlot> tpm_args) { |
| 552 DCHECK(thread_checker_.CalledOnValidThread()); | 554 DCHECK(thread_checker_.CalledOnValidThread()); |
| 553 DVLOG(2) << "Got tpm slot for " << username_hash << " " | 555 DVLOG(2) << "Got tpm slot for " << username_hash << " " |
| 554 << !!tpm_args->tpm_slot; | 556 << !!tpm_args->tpm_slot; |
| 555 chromeos_user_map_[username_hash]->SetPrivateSlot( | 557 chromeos_user_map_[username_hash]->SetPrivateSlot( |
| 556 tpm_args->tpm_slot.Pass()); | 558 std::move(tpm_args->tpm_slot)); |
| 557 } | 559 } |
| 558 | 560 |
| 559 void InitializePrivateSoftwareSlotForChromeOSUser( | 561 void InitializePrivateSoftwareSlotForChromeOSUser( |
| 560 const std::string& username_hash) { | 562 const std::string& username_hash) { |
| 561 DCHECK(thread_checker_.CalledOnValidThread()); | 563 DCHECK(thread_checker_.CalledOnValidThread()); |
| 562 VLOG(1) << "using software private slot for " << username_hash; | 564 VLOG(1) << "using software private slot for " << username_hash; |
| 563 DCHECK(chromeos_user_map_.find(username_hash) != chromeos_user_map_.end()); | 565 DCHECK(chromeos_user_map_.find(username_hash) != chromeos_user_map_.end()); |
| 564 DCHECK(chromeos_user_map_[username_hash]-> | 566 DCHECK(chromeos_user_map_[username_hash]-> |
| 565 private_slot_initialization_started()); | 567 private_slot_initialization_started()); |
| 566 | 568 |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 608 ChromeOSUserMap::iterator i = chromeos_user_map_.find(username_hash); | 610 ChromeOSUserMap::iterator i = chromeos_user_map_.find(username_hash); |
| 609 DCHECK(i != chromeos_user_map_.end()); | 611 DCHECK(i != chromeos_user_map_.end()); |
| 610 delete i->second; | 612 delete i->second; |
| 611 chromeos_user_map_.erase(i); | 613 chromeos_user_map_.erase(i); |
| 612 } | 614 } |
| 613 | 615 |
| 614 void SetSystemKeySlotForTesting(ScopedPK11Slot slot) { | 616 void SetSystemKeySlotForTesting(ScopedPK11Slot slot) { |
| 615 // Ensure that a previous value of test_system_slot_ is not overwritten. | 617 // Ensure that a previous value of test_system_slot_ is not overwritten. |
| 616 // Unsetting, i.e. setting a NULL, however is allowed. | 618 // Unsetting, i.e. setting a NULL, however is allowed. |
| 617 DCHECK(!slot || !test_system_slot_); | 619 DCHECK(!slot || !test_system_slot_); |
| 618 test_system_slot_ = slot.Pass(); | 620 test_system_slot_ = std::move(slot); |
| 619 if (test_system_slot_) { | 621 if (test_system_slot_) { |
| 620 tpm_slot_.reset(PK11_ReferenceSlot(test_system_slot_.get())); | 622 tpm_slot_.reset(PK11_ReferenceSlot(test_system_slot_.get())); |
| 621 RunAndClearTPMReadyCallbackList(); | 623 RunAndClearTPMReadyCallbackList(); |
| 622 } else { | 624 } else { |
| 623 tpm_slot_.reset(); | 625 tpm_slot_.reset(); |
| 624 } | 626 } |
| 625 } | 627 } |
| 626 #endif // defined(OS_CHROMEOS) | 628 #endif // defined(OS_CHROMEOS) |
| 627 | 629 |
| 628 #if !defined(OS_CHROMEOS) | 630 #if !defined(OS_CHROMEOS) |
| (...skipping 308 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 937 } | 939 } |
| 938 #endif // defined(USE_NSS_CERTS) | 940 #endif // defined(USE_NSS_CERTS) |
| 939 | 941 |
| 940 #if defined(OS_CHROMEOS) | 942 #if defined(OS_CHROMEOS) |
| 941 ScopedPK11Slot GetSystemNSSKeySlot( | 943 ScopedPK11Slot GetSystemNSSKeySlot( |
| 942 const base::Callback<void(ScopedPK11Slot)>& callback) { | 944 const base::Callback<void(ScopedPK11Slot)>& callback) { |
| 943 return g_nss_singleton.Get().GetSystemNSSKeySlot(callback); | 945 return g_nss_singleton.Get().GetSystemNSSKeySlot(callback); |
| 944 } | 946 } |
| 945 | 947 |
| 946 void SetSystemKeySlotForTesting(ScopedPK11Slot slot) { | 948 void SetSystemKeySlotForTesting(ScopedPK11Slot slot) { |
| 947 g_nss_singleton.Get().SetSystemKeySlotForTesting(slot.Pass()); | 949 g_nss_singleton.Get().SetSystemKeySlotForTesting(std::move(slot)); |
| 948 } | 950 } |
| 949 | 951 |
| 950 void EnableTPMTokenForNSS() { | 952 void EnableTPMTokenForNSS() { |
| 951 g_nss_singleton.Get().EnableTPMTokenForNSS(); | 953 g_nss_singleton.Get().EnableTPMTokenForNSS(); |
| 952 } | 954 } |
| 953 | 955 |
| 954 bool IsTPMTokenEnabledForNSS() { | 956 bool IsTPMTokenEnabledForNSS() { |
| 955 return g_nss_singleton.Get().IsTPMTokenEnabledForNSS(); | 957 return g_nss_singleton.Get().IsTPMTokenEnabledForNSS(); |
| 956 } | 958 } |
| 957 | 959 |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1018 return time.ToInternalValue() - base::Time::UnixEpoch().ToInternalValue(); | 1020 return time.ToInternalValue() - base::Time::UnixEpoch().ToInternalValue(); |
| 1019 } | 1021 } |
| 1020 | 1022 |
| 1021 #if !defined(OS_CHROMEOS) | 1023 #if !defined(OS_CHROMEOS) |
| 1022 PK11SlotInfo* GetPersistentNSSKeySlot() { | 1024 PK11SlotInfo* GetPersistentNSSKeySlot() { |
| 1023 return g_nss_singleton.Get().GetPersistentNSSKeySlot(); | 1025 return g_nss_singleton.Get().GetPersistentNSSKeySlot(); |
| 1024 } | 1026 } |
| 1025 #endif | 1027 #endif |
| 1026 | 1028 |
| 1027 } // namespace crypto | 1029 } // namespace crypto |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1552863003:
Global conversion of Pass()→std::move(): CrOS edition (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master