Merge 253942 "chromeos: Load chaps module and lookup TPM slots o..."

crypto/nss_util.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "crypto/nss_util.h"
 #include "crypto/nss_util_internal.h"
 
 #include <nss.h>
 #include <pk11pub.h>
 #include <plarena.h>
 #include <prerror.h>
 #include <prinit.h>
 #include <prtime.h>
 #include <secmod.h>
 
 #if defined(OS_OPENBSD)
 #include <sys/mount.h>
 #include <sys/param.h>
 #endif
 
 #include <map>
 #include <vector>
 
 #include "base/bind.h"
-#include "base/callback.h"
 #include "base/cpu.h"
 #include "base/debug/alias.h"
 #include "base/debug/stack_trace.h"
 #include "base/environment.h"
 #include "base/file_util.h"
 #include "base/files/file_path.h"
 #include "base/lazy_instance.h"
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/message_loop/message_loop.h"
 #include "base/metrics/histogram.h"
 #include "base/native_library.h"
 #include "base/stl_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/threading/thread_checker.h"
 #include "base/threading/thread_restrictions.h"
+#include "base/threading/worker_pool.h"
 #include "build/build_config.h"
 
 // USE_NSS means we use NSS for everything crypto-related.  If USE_NSS is not
 // defined, such as on Mac and Windows, we use NSS for SSL only -- we don't
 // use NSS for crypto or certificate verification, and we don't use the NSS
 // certificate and key databases.
 #if defined(USE_NSS)
 #include "base/synchronization/lock.h"
 #include "crypto/nss_crypto_module_delegate.h"
 #endif  // defined(USE_NSS)
@@ skipping 206 matching lines @@
 
   typedef std::vector<base::Callback<void(ScopedPK11Slot)> >
       SlotReadyCallbackList;
   SlotReadyCallbackList tpm_ready_callback_list_;
 };
 #endif  // defined(OS_CHROMEOS)
 
 class NSSInitSingleton {
  public:
 #if defined(OS_CHROMEOS)
+  // Used with PostTaskAndReply to pass handles to worker thread and back.
+  struct TPMModuleAndSlot {
+    explicit TPMModuleAndSlot(SECMODModule* init_chaps_module)
+        : chaps_module(init_chaps_module), tpm_slot(NULL) {}
+    SECMODModule* chaps_module;
+    PK11SlotInfo* tpm_slot;
+  };
+
   void OpenPersistentNSSDB() {
     DCHECK(thread_checker_.CalledOnValidThread());
 
     if (!chromeos_user_logged_in_) {
       // GetDefaultConfigDirectory causes us to do blocking IO on UI thread.
       // Temporarily allow it until we fix http://crbug.com/70119
       base::ThreadRestrictions::ScopedAllowIO allow_io;
       chromeos_user_logged_in_ = true;
 
       // This creates another DB slot in NSS that is read/write, unlike
@@ skipping 27 matching lines @@
     // private keys, otherwise we'll fall back to the software
     // implementation.
     tpm_token_enabled_for_nss_ = true;
   }
 
   bool IsTPMTokenEnabledForNSS() {
     DCHECK(thread_checker_.CalledOnValidThread());
     return tpm_token_enabled_for_nss_;
   }
 
-  bool InitializeTPMToken(int token_slot_id) {
+  void InitializeTPMToken(int token_slot_id,
+                          const base::Callback<void(bool)>& callback) {
     DCHECK(thread_checker_.CalledOnValidThread());
-
+    // Should not be called while there is already an initialization in
+    // progress.
+    DCHECK(!initializing_tpm_token_);
     // If EnableTPMTokenForNSS hasn't been called, return false.
-    if (!tpm_token_enabled_for_nss_)
-      return false;
+    if (!tpm_token_enabled_for_nss_) {
+      base::MessageLoop::current()->PostTask(FROM_HERE,
+                                             base::Bind(callback, false));
+      return;
+    }
 
     // If everything is already initialized, then return true.
-    if (chaps_module_ && tpm_slot_)
-      return true;
+    // Note that only |tpm_slot_| is checked, since |chaps_module_| could be
+    // NULL in tests while |tpm_slot_| has been set to the test DB.
+    if (tpm_slot_) {
+      base::MessageLoop::current()->PostTask(FROM_HERE,
+                                             base::Bind(callback, true));
+      return;
+    }
 
+    // Note that a reference is not taken to chaps_module_. This is safe since
+    // NSSInitSingleton is Leaky, so the reference it holds is never released.
+    scoped_ptr<TPMModuleAndSlot> tpm_args(new TPMModuleAndSlot(chaps_module_));
+    TPMModuleAndSlot* tpm_args_ptr = tpm_args.get();
+    if (base::WorkerPool::PostTaskAndReply(
+            FROM_HERE,
+            base::Bind(&NSSInitSingleton::InitializeTPMTokenOnWorkerThread,
+                       token_slot_id,
+                       tpm_args_ptr),
+            base::Bind(&NSSInitSingleton::OnInitializedTPMToken,
+                       base::Unretained(this),  // NSSInitSingleton is leaky
+                       callback,
+                       base::Passed(&tpm_args)),
+            true /* task_is_slow */
+            )) {
+      initializing_tpm_token_ = true;
+    } else {
+      base::MessageLoop::current()->PostTask(FROM_HERE,
+                                             base::Bind(callback, false));
+    }
+  }
+
+  static void InitializeTPMTokenOnWorkerThread(CK_SLOT_ID token_slot_id,
+                                               TPMModuleAndSlot* tpm_args) {
     // This tries to load the Chaps module so NSS can talk to the hardware
     // TPM.
-    if (!chaps_module_) {
-      chaps_module_ = LoadModule(
+    if (!tpm_args->chaps_module) {
+      DVLOG(3) << "Loading chaps...";
+      tpm_args->chaps_module = LoadModule(
           kChapsModuleName,
           kChapsPath,
           // For more details on these parameters, see:
           // https://developer.mozilla.org/en/PKCS11_Module_Specs
           // slotFlags=[PublicCerts] -- Certificates and public keys can be
           //   read from this slot without requiring a call to C_Login.
           // askpw=only -- Only authenticate to the token when necessary.
           "NSS=\"slotParams=(0={slotFlags=[PublicCerts] askpw=only})\"");
-      if (!chaps_module_ && test_slot_) {
-        // chromeos_unittests try to test the TPM initialization process. If we
-        // have a test DB open, pretend that it is the TPM slot.
-        tpm_slot_ = PK11_ReferenceSlot(test_slot_);
-        return true;
-      }
     }
-    if (chaps_module_){
-      tpm_slot_ = GetTPMSlotForId(token_slot_id);
+    if (tpm_args->chaps_module) {
+      tpm_args->tpm_slot =
+          GetTPMSlotForIdOnWorkerThread(tpm_args->chaps_module, token_slot_id);
+    }
+  }
 
-      if (!tpm_slot_)
-        return false;
+  void OnInitializedTPMToken(const base::Callback<void(bool)>& callback,
+                             scoped_ptr<TPMModuleAndSlot> tpm_args) {
+    DCHECK(thread_checker_.CalledOnValidThread());
+    DVLOG(2) << "Loaded chaps: " << !!tpm_args->chaps_module
+             << ", got tpm slot: " << !!tpm_args->tpm_slot;
 
+    chaps_module_ = tpm_args->chaps_module;
+    tpm_slot_ = tpm_args->tpm_slot;
+    if (!chaps_module_ && test_slot_) {
+      // chromeos_unittests try to test the TPM initialization process. If we
+      // have a test DB open, pretend that it is the TPM slot.
+      tpm_slot_ = PK11_ReferenceSlot(test_slot_);
+    }
+    initializing_tpm_token_ = false;
+
+    if (tpm_slot_) {
       TPMReadyCallbackList callback_list;
       callback_list.swap(tpm_ready_callback_list_);
-      for (TPMReadyCallbackList::iterator i =
-               callback_list.begin();
+      for (TPMReadyCallbackList::iterator i = callback_list.begin();
            i != callback_list.end();
            ++i) {
         (*i).Run();
       }
+    }
 
-      return true;
-    }
-    return false;
+    callback.Run(!!tpm_slot_);
   }
 
   bool IsTPMTokenReady(const base::Closure& callback) {
     if (!callback.is_null()) {
       // Cannot DCHECK in the general case yet, but since the callback is
       // a new addition to the API, DCHECK to make sure at least the new uses
       // don't regress.
       DCHECK(thread_checker_.CalledOnValidThread());
     } else if (!thread_checker_.CalledOnValidThread()) {
       // TODO(mattm): Change to DCHECK when callers have been fixed.
       DVLOG(1) << "Called on wrong thread.\n"
                << base::debug::StackTrace().ToString();
     }
 
     if (tpm_slot_ != NULL)
       return true;
 
     if (!callback.is_null())
       tpm_ready_callback_list_.push_back(callback);
 
     return false;
   }
 
   // Note that CK_SLOT_ID is an unsigned long, but cryptohome gives us the slot
   // id as an int. This should be safe since this is only used with chaps, which
   // we also control.
-  PK11SlotInfo* GetTPMSlotForId(CK_SLOT_ID slot_id) {
-    DCHECK(thread_checker_.CalledOnValidThread());
-
-    if (!chaps_module_)
-      return NULL;
+  static PK11SlotInfo* GetTPMSlotForIdOnWorkerThread(SECMODModule* chaps_module,
+                                                     CK_SLOT_ID slot_id) {
+    DCHECK(chaps_module);
 
     DVLOG(3) << "Poking chaps module.";
-    SECStatus rv = SECMOD_UpdateSlotList(chaps_module_);
+    SECStatus rv = SECMOD_UpdateSlotList(chaps_module);
     if (rv != SECSuccess)
       PLOG(ERROR) << "SECMOD_UpdateSlotList failed: " << PORT_GetError();
 
-    PK11SlotInfo* slot = SECMOD_LookupSlot(chaps_module_->moduleID, slot_id);
+    PK11SlotInfo* slot = SECMOD_LookupSlot(chaps_module->moduleID, slot_id);
     if (!slot)
       LOG(ERROR) << "TPM slot " << slot_id << " not found.";
     return slot;
   }
 
   bool InitializeNSSForChromeOSUser(
       const std::string& email,
       const std::string& username_hash,
       bool is_primary_user,
       const base::FilePath& path) {
@@ skipping 13 matching lines @@
     }
     chromeos_user_map_[username_hash] =
         new ChromeOSUserData(public_slot.Pass(), is_primary_user);
     return true;
   }
 
   void InitializeTPMForChromeOSUser(const std::string& username_hash,
                                     CK_SLOT_ID slot_id) {
     DCHECK(thread_checker_.CalledOnValidThread());
     DCHECK(chromeos_user_map_.find(username_hash) != chromeos_user_map_.end());
-    chromeos_user_map_[username_hash]
-        ->SetPrivateSlot(ScopedPK11Slot(GetTPMSlotForId(slot_id)));
+
+    if (!chaps_module_)
+      return;
+
+    // Note that a reference is not taken to chaps_module_. This is safe since
+    // NSSInitSingleton is Leaky, so the reference it holds is never released.
+    scoped_ptr<TPMModuleAndSlot> tpm_args(new TPMModuleAndSlot(chaps_module_));
+    TPMModuleAndSlot* tpm_args_ptr = tpm_args.get();
+    base::WorkerPool::PostTaskAndReply(
+        FROM_HERE,
+        base::Bind(&NSSInitSingleton::InitializeTPMTokenOnWorkerThread,
+                   slot_id,
+                   tpm_args_ptr),
+        base::Bind(&NSSInitSingleton::OnInitializedTPMForChromeOSUser,
+                   base::Unretained(this),  // NSSInitSingleton is leaky
+                   username_hash,
+                   base::Passed(&tpm_args)),
+        true /* task_is_slow */
+        );
+  }
+
+  void OnInitializedTPMForChromeOSUser(const std::string& username_hash,
+                                       scoped_ptr<TPMModuleAndSlot> tpm_args) {
+    DCHECK(thread_checker_.CalledOnValidThread());
+    DVLOG(2) << "Got tpm slot for " << username_hash << " "
+             << !!tpm_args->tpm_slot;
+    chromeos_user_map_[username_hash]->SetPrivateSlot(
+        ScopedPK11Slot(tpm_args->tpm_slot));
   }
 
   void InitializePrivateSoftwareSlotForChromeOSUser(
       const std::string& username_hash) {
     DCHECK(thread_checker_.CalledOnValidThread());
     VLOG(1) << "using software private slot for " << username_hash;
     DCHECK(chromeos_user_map_.find(username_hash) != chromeos_user_map_.end());
     chromeos_user_map_[username_hash]->SetPrivateSlot(
         chromeos_user_map_[username_hash]->GetPublicSlot());
   }
@@ skipping 137 matching lines @@
   // Call this method before NSSInitSingleton() is constructed.
   static void ForceNoDBInit() {
     force_nodb_init_ = true;
   }
 
  private:
   friend struct base::DefaultLazyInstanceTraits<NSSInitSingleton>;
 
   NSSInitSingleton()
       : tpm_token_enabled_for_nss_(false),
+        initializing_tpm_token_(false),
         chaps_module_(NULL),
         software_slot_(NULL),
         test_slot_(NULL),
         tpm_slot_(NULL),
         root_(NULL),
         chromeos_user_logged_in_(false) {
     base::TimeTicks start_time = base::TimeTicks::Now();
 
     // It's safe to construct on any thread, since LazyInstance will prevent any
     // other threads from accessing until the constructor is done.
@@ skipping 144 matching lines @@
     if (root)
       return root;
 
     // Aw, snap.  Can't find/load root cert shared library.
     // This will make it hard to talk to anybody via https.
     // TODO(mattm): Re-add the NOTREACHED here when crbug.com/310972 is fixed.
     return NULL;
   }
 
   // Load the given module for this NSS session.
-  SECMODModule* LoadModule(const char* name,
-                           const char* library_path,
-                           const char* params) {
+  static SECMODModule* LoadModule(const char* name,
+                                  const char* library_path,
+                                  const char* params) {
     std::string modparams = base::StringPrintf(
         "name=\"%s\" library=\"%s\" %s",
         name, library_path, params ? params : "");
 
     // Shouldn't need to const_cast here, but SECMOD doesn't properly
     // declare input string arguments as const.  Bug
     // https://bugzilla.mozilla.org/show_bug.cgi?id=642546 was filed
     // on NSS codebase to address this.
     SECMODModule* module = SECMOD_LoadUserModule(
         const_cast<char*>(modparams.c_str()), NULL, PR_FALSE);
@@ skipping 41 matching lines @@
       if (cpu.has_avx_hardware() && !cpu.has_avx()) {
         base::Environment::Create()->SetVar("NSS_DISABLE_HW_AES", "1");
       }
     }
   }
 
   // If this is set to true NSS is forced to be initialized without a DB.
   static bool force_nodb_init_;
 
   bool tpm_token_enabled_for_nss_;
+  bool initializing_tpm_token_;
   typedef std::vector<base::Closure> TPMReadyCallbackList;
   TPMReadyCallbackList tpm_ready_callback_list_;
   SECMODModule* chaps_module_;
   PK11SlotInfo* software_slot_;
   PK11SlotInfo* test_slot_;
   PK11SlotInfo* tpm_slot_;
   SECMODModule* root_;
   bool chromeos_user_logged_in_;
 #if defined(OS_CHROMEOS)
   typedef std::map<std::string, ChromeOSUserData*> ChromeOSUserMap;
@@ skipping 167 matching lines @@
 }
 
 bool IsTPMTokenEnabledForNSS() {
   return g_nss_singleton.Get().IsTPMTokenEnabledForNSS();
 }
 
 bool IsTPMTokenReady(const base::Closure& callback) {
   return g_nss_singleton.Get().IsTPMTokenReady(callback);
 }
 
-bool InitializeTPMToken(int token_slot_id) {
-  return g_nss_singleton.Get().InitializeTPMToken(token_slot_id);
+void InitializeTPMToken(int token_slot_id,
+                        const base::Callback<void(bool)>& callback) {
+  g_nss_singleton.Get().InitializeTPMToken(token_slot_id, callback);
 }
 
 ScopedTestNSSChromeOSUser::ScopedTestNSSChromeOSUser(
     const std::string& username_hash)
     : username_hash_(username_hash), constructed_successfully_(false) {
   if (!temp_dir_.CreateUniqueTempDir())
     return;
   constructed_successfully_ =
       InitializeNSSForChromeOSUser(username_hash,
                                    username_hash,
@@ skipping 50 matching lines @@
 
 PK11SlotInfo* GetPublicNSSKeySlot() {
   return g_nss_singleton.Get().GetPublicNSSKeySlot();
 }
 
 PK11SlotInfo* GetPrivateNSSKeySlot() {
   return g_nss_singleton.Get().GetPrivateNSSKeySlot();
 }
 
 }  // namespace crypto