OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "crypto/nss_util.h" | 5 #include "crypto/nss_util.h" |
6 | 6 |
7 #include <nss.h> | 7 #include <nss.h> |
8 #include <pk11pub.h> | 8 #include <pk11pub.h> |
9 #include <plarena.h> | 9 #include <plarena.h> |
10 #include <prerror.h> | 10 #include <prerror.h> |
(...skipping 24 matching lines...) Expand all Loading... |
35 #include "base/base_paths.h" | 35 #include "base/base_paths.h" |
36 #include "base/bind.h" | 36 #include "base/bind.h" |
37 #include "base/cpu.h" | 37 #include "base/cpu.h" |
38 #include "base/debug/alias.h" | 38 #include "base/debug/alias.h" |
39 #include "base/debug/stack_trace.h" | 39 #include "base/debug/stack_trace.h" |
40 #include "base/environment.h" | 40 #include "base/environment.h" |
41 #include "base/files/file_path.h" | 41 #include "base/files/file_path.h" |
42 #include "base/files/file_util.h" | 42 #include "base/files/file_util.h" |
43 #include "base/lazy_instance.h" | 43 #include "base/lazy_instance.h" |
44 #include "base/logging.h" | 44 #include "base/logging.h" |
| 45 #include "base/memory/ptr_util.h" |
45 #include "base/native_library.h" | 46 #include "base/native_library.h" |
46 #include "base/path_service.h" | 47 #include "base/path_service.h" |
47 #include "base/stl_util.h" | |
48 #include "base/strings/stringprintf.h" | 48 #include "base/strings/stringprintf.h" |
49 #include "base/synchronization/lock.h" | 49 #include "base/synchronization/lock.h" |
50 #include "base/threading/thread_checker.h" | 50 #include "base/threading/thread_checker.h" |
51 #include "base/threading/thread_restrictions.h" | 51 #include "base/threading/thread_restrictions.h" |
52 #include "base/threading/worker_pool.h" | 52 #include "base/threading/worker_pool.h" |
53 #include "build/build_config.h" | 53 #include "build/build_config.h" |
54 #include "crypto/nss_crypto_module_delegate.h" | 54 #include "crypto/nss_crypto_module_delegate.h" |
55 | 55 |
56 namespace crypto { | 56 namespace crypto { |
57 | 57 |
(...skipping 428 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
486 // This user already exists in our mapping. | 486 // This user already exists in our mapping. |
487 DVLOG(2) << username_hash << " already initialized."; | 487 DVLOG(2) << username_hash << " already initialized."; |
488 return false; | 488 return false; |
489 } | 489 } |
490 | 490 |
491 DVLOG(2) << "Opening NSS DB " << path.value(); | 491 DVLOG(2) << "Opening NSS DB " << path.value(); |
492 std::string db_name = base::StringPrintf( | 492 std::string db_name = base::StringPrintf( |
493 "%s %s", kUserNSSDatabaseName, username_hash.c_str()); | 493 "%s %s", kUserNSSDatabaseName, username_hash.c_str()); |
494 ScopedPK11Slot public_slot(OpenPersistentNSSDBForPath(db_name, path)); | 494 ScopedPK11Slot public_slot(OpenPersistentNSSDBForPath(db_name, path)); |
495 chromeos_user_map_[username_hash] = | 495 chromeos_user_map_[username_hash] = |
496 new ChromeOSUserData(std::move(public_slot)); | 496 base::MakeUnique<ChromeOSUserData>(std::move(public_slot)); |
497 return true; | 497 return true; |
498 } | 498 } |
499 | 499 |
500 bool ShouldInitializeTPMForChromeOSUser(const std::string& username_hash) { | 500 bool ShouldInitializeTPMForChromeOSUser(const std::string& username_hash) { |
501 DCHECK(thread_checker_.CalledOnValidThread()); | 501 DCHECK(thread_checker_.CalledOnValidThread()); |
502 DCHECK(chromeos_user_map_.find(username_hash) != chromeos_user_map_.end()); | 502 DCHECK(chromeos_user_map_.find(username_hash) != chromeos_user_map_.end()); |
503 | 503 |
504 return !chromeos_user_map_[username_hash] | 504 return !chromeos_user_map_[username_hash] |
505 ->private_slot_initialization_started(); | 505 ->private_slot_initialization_started(); |
506 } | 506 } |
(...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
593 return ScopedPK11Slot(); | 593 return ScopedPK11Slot(); |
594 } | 594 } |
595 | 595 |
596 DCHECK(chromeos_user_map_.find(username_hash) != chromeos_user_map_.end()); | 596 DCHECK(chromeos_user_map_.find(username_hash) != chromeos_user_map_.end()); |
597 | 597 |
598 return chromeos_user_map_[username_hash]->GetPrivateSlot(callback); | 598 return chromeos_user_map_[username_hash]->GetPrivateSlot(callback); |
599 } | 599 } |
600 | 600 |
601 void CloseChromeOSUserForTesting(const std::string& username_hash) { | 601 void CloseChromeOSUserForTesting(const std::string& username_hash) { |
602 DCHECK(thread_checker_.CalledOnValidThread()); | 602 DCHECK(thread_checker_.CalledOnValidThread()); |
603 ChromeOSUserMap::iterator i = chromeos_user_map_.find(username_hash); | 603 auto i = chromeos_user_map_.find(username_hash); |
604 DCHECK(i != chromeos_user_map_.end()); | 604 DCHECK(i != chromeos_user_map_.end()); |
605 delete i->second; | |
606 chromeos_user_map_.erase(i); | 605 chromeos_user_map_.erase(i); |
607 } | 606 } |
608 | 607 |
609 void SetSystemKeySlotForTesting(ScopedPK11Slot slot) { | 608 void SetSystemKeySlotForTesting(ScopedPK11Slot slot) { |
610 // Ensure that a previous value of test_system_slot_ is not overwritten. | 609 // Ensure that a previous value of test_system_slot_ is not overwritten. |
611 // Unsetting, i.e. setting a nullptr, however is allowed. | 610 // Unsetting, i.e. setting a nullptr, however is allowed. |
612 DCHECK(!slot || !test_system_slot_); | 611 DCHECK(!slot || !test_system_slot_); |
613 test_system_slot_ = std::move(slot); | 612 test_system_slot_ = std::move(slot); |
614 if (test_system_slot_) { | 613 if (test_system_slot_) { |
615 tpm_slot_.reset(PK11_ReferenceSlot(test_system_slot_.get())); | 614 tpm_slot_.reset(PK11_ReferenceSlot(test_system_slot_.get())); |
(...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
745 NSS_SetAlgorithmPolicy(SEC_OID_MD5, 0, NSS_USE_ALG_IN_CERT_SIGNATURE); | 744 NSS_SetAlgorithmPolicy(SEC_OID_MD5, 0, NSS_USE_ALG_IN_CERT_SIGNATURE); |
746 NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, | 745 NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, |
747 0, NSS_USE_ALG_IN_CERT_SIGNATURE); | 746 0, NSS_USE_ALG_IN_CERT_SIGNATURE); |
748 } | 747 } |
749 | 748 |
750 // NOTE(willchan): We don't actually execute this code since we leak NSS to | 749 // NOTE(willchan): We don't actually execute this code since we leak NSS to |
751 // prevent non-joinable threads from using NSS after it's already been shut | 750 // prevent non-joinable threads from using NSS after it's already been shut |
752 // down. | 751 // down. |
753 ~NSSInitSingleton() { | 752 ~NSSInitSingleton() { |
754 #if defined(OS_CHROMEOS) | 753 #if defined(OS_CHROMEOS) |
755 base::STLDeleteValues(&chromeos_user_map_); | 754 chromeos_user_map_.clear(); |
756 #endif | 755 #endif |
757 tpm_slot_.reset(); | 756 tpm_slot_.reset(); |
758 if (root_) { | 757 if (root_) { |
759 SECMOD_UnloadUserModule(root_); | 758 SECMOD_UnloadUserModule(root_); |
760 SECMOD_DestroyModule(root_); | 759 SECMOD_DestroyModule(root_); |
761 root_ = nullptr; | 760 root_ = nullptr; |
762 } | 761 } |
763 if (chaps_module_) { | 762 if (chaps_module_) { |
764 SECMOD_UnloadUserModule(chaps_module_); | 763 SECMOD_UnloadUserModule(chaps_module_); |
765 SECMOD_DestroyModule(chaps_module_); | 764 SECMOD_DestroyModule(chaps_module_); |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
815 } | 814 } |
816 | 815 |
817 bool tpm_token_enabled_for_nss_; | 816 bool tpm_token_enabled_for_nss_; |
818 bool initializing_tpm_token_; | 817 bool initializing_tpm_token_; |
819 typedef std::vector<base::Closure> TPMReadyCallbackList; | 818 typedef std::vector<base::Closure> TPMReadyCallbackList; |
820 TPMReadyCallbackList tpm_ready_callback_list_; | 819 TPMReadyCallbackList tpm_ready_callback_list_; |
821 SECMODModule* chaps_module_; | 820 SECMODModule* chaps_module_; |
822 crypto::ScopedPK11Slot tpm_slot_; | 821 crypto::ScopedPK11Slot tpm_slot_; |
823 SECMODModule* root_; | 822 SECMODModule* root_; |
824 #if defined(OS_CHROMEOS) | 823 #if defined(OS_CHROMEOS) |
825 typedef std::map<std::string, ChromeOSUserData*> ChromeOSUserMap; | 824 std::map<std::string, std::unique_ptr<ChromeOSUserData>> chromeos_user_map_; |
826 ChromeOSUserMap chromeos_user_map_; | |
827 ScopedPK11Slot test_system_slot_; | 825 ScopedPK11Slot test_system_slot_; |
828 #endif | 826 #endif |
829 // TODO(davidben): When https://bugzilla.mozilla.org/show_bug.cgi?id=564011 | 827 // TODO(davidben): When https://bugzilla.mozilla.org/show_bug.cgi?id=564011 |
830 // is fixed, we will no longer need the lock. | 828 // is fixed, we will no longer need the lock. |
831 base::Lock write_lock_; | 829 base::Lock write_lock_; |
832 | 830 |
833 base::ThreadChecker thread_checker_; | 831 base::ThreadChecker thread_checker_; |
834 }; | 832 }; |
835 | 833 |
836 base::LazyInstance<NSSInitSingleton>::Leaky | 834 base::LazyInstance<NSSInitSingleton>::Leaky |
(...skipping 146 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
983 return time.ToInternalValue() - base::Time::UnixEpoch().ToInternalValue(); | 981 return time.ToInternalValue() - base::Time::UnixEpoch().ToInternalValue(); |
984 } | 982 } |
985 | 983 |
986 #if !defined(OS_CHROMEOS) | 984 #if !defined(OS_CHROMEOS) |
987 PK11SlotInfo* GetPersistentNSSKeySlot() { | 985 PK11SlotInfo* GetPersistentNSSKeySlot() { |
988 return g_nss_singleton.Get().GetPersistentNSSKeySlot(); | 986 return g_nss_singleton.Get().GetPersistentNSSKeySlot(); |
989 } | 987 } |
990 #endif | 988 #endif |
991 | 989 |
992 } // namespace crypto | 990 } // namespace crypto |
OLD | NEW |