Initialize per-ChromeOS-user NSS slots and provide the functions to access them.

crypto/nss_util.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CRYPTO_NSS_UTIL_H_
 #define CRYPTO_NSS_UTIL_H_
 
 #include <string>
 #include "base/basictypes.h"
+#include "base/callback_forward.h"
 #include "crypto/crypto_export.h"
 
 namespace base {
 class FilePath;
 class Lock;
 class Time;
 }  // namespace base
 
 // This file specifically doesn't depend on any NSS or NSPR headers because it
 // is included by various (non-crypto) parts of chrome to call the
@@ skipping 75 matching lines @@
 // Open the r/w nssdb that's stored inside the user's encrypted home
 // directory.  This is the default slot returned by
 // GetPublicNSSKeySlot().
 CRYPTO_EXPORT void OpenPersistentNSSDB();
 
 // Indicates that NSS should load the Chaps library so that we
 // can access the TPM through NSS.  Once this is called,
 // GetPrivateNSSKeySlot() will return the TPM slot if one was found.
 CRYPTO_EXPORT void EnableTPMTokenForNSS();
 
+// Returns true if EnableTPMTokenForNSS has been called.
+CRYPTO_EXPORT bool IsTPMTokenEnabledForNSS();
+
 // Get name and user PIN for the built-in TPM token on ChromeOS.
 // Either one can safely be NULL.  Should only be called after
 // EnableTPMTokenForNSS has been called with a non-null delegate.
 CRYPTO_EXPORT void GetTPMTokenInfo(std::string* token_name,
                                    std::string* user_pin);
 
 // Returns true if the TPM is owned and PKCS#11 initialized with the
 // user and security officer PINs, and has been enabled in NSS by
 // calling EnableTPMForNSS, and Chaps has been successfully
 // loaded into NSS.
 CRYPTO_EXPORT bool IsTPMTokenReady();
 
+// Register a callback to be run when the TPM module is loaded.
+// If the module is already loaded, the |callback| will be run synchronously.
+CRYPTO_EXPORT void OnTPMReady(const base::Closure& callback);

[Ryan Sleevi, 2013/11/27 00:24:11]

My perhaps incorrect believe is that "|callback| will be run synchronously" is
often an anti-pattern - or at least, a surprise to most people when writing
code.

It can have all sorts of unintended side-effects, from recursion issues to
premature deletion. I've seen enough code go by that uses this that ends up
being bugged that I wonder whether it makes more sense to use:

CRYPTO_EXPORT bool IsTPMModuleReady(const base::Closure& callback);

It's also not clear how this is different from line 115-119.

[mattm, 2013/11/27 04:12:23]

Ok. I guess I liked how it resulted in less duplication, but making it harder to
mess up is reasonable. Changed.

+
 // Initialize the TPM token.  Does nothing if it is already initialized.
 CRYPTO_EXPORT bool InitializeTPMToken(const std::string& token_name,
                                       int token_slot_id,
                                       const std::string& user_pin);
 #endif
 
 // Convert a NSS PRTime value into a base::Time object.
 // We use a int64 instead of PRTime here to avoid depending on NSPR headers.
 CRYPTO_EXPORT base::Time PRTimeToBaseTime(int64 prtime);
 
@@ skipping 38 matching lines @@
  private:
   base::Lock *lock_;
   DISALLOW_COPY_AND_ASSIGN(AutoNSSWriteLock);
 };
 
 #endif  // defined(USE_NSS)
 
 }  // namespace crypto
 
 #endif  // CRYPTO_NSS_UTIL_H_