| blob | 26626e7f7d5c5811ff386e4a8418953aae809b3c |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
8 #include <nss.h>
9 #include <plarena.h>
10 #include <prerror.h>
11 #include <prinit.h>
12 #include <prtime.h>
13 #include <pk11pub.h>
14 #include <secmod.h>
16 #if defined(OS_LINUX)
17 #include <linux/nfs_fs.h>
18 #include <sys/vfs.h>
19 #elif defined(OS_OPENBSD)
20 #include <sys/mount.h>
21 #include <sys/param.h>
22 #endif
24 #include <vector>
39 #if defined(OS_CHROMEOS)
41 #endif
43 // USE_NSS means we use NSS for everything crypto-related. If USE_NSS is not
44 // defined, such as on Mac and Windows, we use NSS for SSL only -- we don't
45 // use NSS for crypto or certificate verification, and we don't use the NSS
46 // certificate and key databases.
47 #if defined(USE_NSS)
56 #if defined(OS_CHROMEOS)
59 // Constants for loading the Chrome OS TPM-backed PKCS #11 library.
63 // Fake certificate authority database used for testing.
76 }
78 }
80 #if defined(USE_NSS)
86 }
91 }
93 }
95 #if defined(OS_CHROMEOS)
96 // Supplemental user key id.
100 };
104 // On non-chromeos platforms, return the default config directory.
105 // On chromeos, return a read-only directory with fake root CA certs for testing
106 // (which will not exist on non-testing images). These root CA certs are used
107 // by the local Google Accounts server mock we use when testing our login code.
108 // If this directory is not present, NSS_Init() will fail. It is up to the
109 // caller to failover to NSS_NoDB_Init() at that point.
111 #if defined(OS_CHROMEOS)
113 #else
116 }
118 // This callback for NSS forwards all requests to a caller-specified
119 // CryptoModuleBlockingPasswordDelegate object.
121 #if defined(OS_CHROMEOS)
122 // If we get asked for a password for the TPM, then return the
123 // well known password we use, as long as the TPM slot has been
124 // initialized.
131 }
132 #endif
145 }
148 }
150 // NSS creates a local cache of the sqlite database if it detects that the
151 // filesystem the database is on is much slower than the local disk. The
152 // detection doesn't work with the latest versions of sqlite, such as 3.6.22
153 // (NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=578561). So we set
154 // the NSS environment variable NSS_SDB_USE_CACHE to "yes" to override NSS's
155 // detection when database_dir is on NFS. See http://crbug.com/48585.
156 //
157 // TODO(wtc): port this function to other USE_NSS platforms. It is defined
158 // only for OS_LINUX and OS_OPENBSD simply because the statfs structure
159 // is OS-specific.
160 //
161 // Because this function sets an environment variable it must be run before we
162 // go multi-threaded.
164 #if defined(OS_LINUX) || defined(OS_OPENBSD)
167 #if defined(OS_LINUX)
169 #elif defined(OS_OPENBSD)
171 #endif
176 }
177 }
179 }
182 AutoSECMODListReadLock auto_lock;
190 }
191 }
193 }
197 // A singleton to initialize/deinitialize NSPR.
198 // Separate from the NSS singleton because we initialize NSPR on the UI thread.
199 // Now that we're leaking the singleton, we could merge back with the NSS
200 // singleton.
207 }
209 // NOTE(willchan): We don't actually execute this code since we leak NSS to
210 // prevent non-joinable threads from using NSS after it's already been shut
211 // down.
217 }
218 };
223 // This is a LazyInstance so that it will be deleted automatically when the
224 // unittest exits. NSSInitSingleton is a LeakySingleton, so it would not be
225 // deleted if it were a regular member.
228 // Force a crash to debug http://crbug.com/153281.
233 }
237 #if defined(OS_CHROMEOS)
240 // GetDefaultConfigDirectory causes us to do blocking IO on UI thread.
241 // Temporarily allow it until we fix http://crbug.com/70119
245 // This creates another DB slot in NSS that is read/write, unlike
246 // the fake root CA cert DB and the "default" crypto key
247 // provider, which are still read-only (because we initialized
248 // NSS before we had a cryptohome mounted).
250 kNSSDatabaseName);
251 }
252 }
256 }
260 // If EnableTPMTokenForNSS hasn't been called, return false.
264 // If everything is already initialized, then return true.
271 // This tries to load the Chaps module so NSS can talk to the hardware
272 // TPM.
275 kChapsModuleName,
276 kChapsPath,
277 // For more details on these parameters, see:
278 // https://developer.mozilla.org/en/PKCS11_Module_Specs
279 // slotFlags=[PublicCerts] -- Certificates and public keys can be
280 // read from this slot without requiring a call to C_Login.
281 // askpw=only -- Only authenticate to the token when necessary.
283 }
285 // If this gets set, then we'll use the TPM for certs with
286 // private keys, otherwise we'll fall back to the software
287 // implementation.
291 }
293 }
299 }
304 }
308 }
314 }
321 SECItem keyID;
335 // Find/generate AES key.
340 kKeySizeInBytes,
342 }
344 done:
349 }
360 }
370 }
371 }
379 }
385 #if defined(OS_CHROMEOS)
390 // If we were supposed to get the hardware token, but were
391 // unable to, return NULL rather than fall back to sofware.
393 }
394 }
395 #endif
396 // If we weren't supposed to enable the TPM for NSS, then return
397 // the software slot.
401 }
403 #if defined(USE_NSS)
406 }
409 // This method is used to force NSS to be initialized without a DB.
410 // Call this method before NSSInitSingleton() is constructed.
413 }
428 // We *must* have NSS >= 3.12.3. See bug 26448.
433 nss_version_check_failed);
434 // Also check the run-time NSS version.
435 // NSS_VersionCheck is a >= check, not strict equality.
437 // It turns out many people have misconfigured NSS setups, where
438 // their run-time NSPR doesn't match the one their NSS was compiled
439 // against. So rather than aborting, complain loudly.
441 "We depend on NSS >= 3.12.3, and this error is not fatal "
442 "only because many people have busted NSS setups (for "
443 "example, using the wrong version of NSPR). "
444 "Please upgrade to the latest NSS and NSPR, and if you "
445 "still get this error, contact your distribution "
447 }
452 #if !defined(USE_NSS)
453 // Use the system certificate store, so initialize NSS without database.
455 #endif
460 // Force a crash with error info to debug http://crbug.com/153281.
467 }
468 #if defined(OS_IOS)
472 #if defined(USE_NSS)
475 // This duplicates the work which should have been done in
476 // EarlySetupForNSSInit. However, this function is idempotent so
477 // there's no harm done.
480 // Initialize with a persistent database (likely, ~/.pki/nssdb).
481 // Use "sql:" which can be shared by multiple processes safely.
484 #if defined(OS_CHROMEOS)
486 #else
488 #endif
493 }
494 }
502 }
503 }
507 // If we haven't initialized the password for the NSS databases,
508 // initialize an empty-string password so that we don't need to
509 // log in.
512 // PK11_InitPin may write to the keyDB, but no other thread can use NSS
513 // yet, so we don't need to lock.
517 }
521 // MD5 certificate signatures are disabled by default in NSS 3.14.
522 // Enable MD5 certificate signatures until we figure out how to deal
523 // with the weak certificate signature unit tests.
526 }
527 }
529 // NOTE(willchan): We don't actually execute this code since we leak NSS to
530 // prevent non-joinable threads from using NSS after it's already been shut
531 // down.
536 }
541 }
547 }
552 }
556 // We VLOG(1) because this failure is relatively harmless (leaking, but
557 // we're shutting down anyway).
559 }
560 }
562 #if defined(USE_NSS) || defined(OS_IOS)
563 // Load nss's built-in root certs.
569 // Aw, snap. Can't find/load root cert shared library.
570 // This will make it hard to talk to anybody via https.
573 }
575 // Load the given module for this NSS session.
583 // Shouldn't need to const_cast here, but SECMOD doesn't properly
584 // declare input string arguments as const. Bug
585 // https://bugzilla.mozilla.org/show_bug.cgi?id=642546 was filed
586 // on NSS codebase to address this.
593 }
595 }
596 #endif
607 }
611 }
613 }
615 // If this is set to true NSS is forced to be initialized without a DB.
627 #if defined(USE_NSS)
628 // TODO(davidben): When https://bugzilla.mozilla.org/show_bug.cgi?id=564011
629 // is fixed, we will no longer need the lock.
632 };
634 // static
641 #if defined(USE_NSS)
646 }
647 #endif
651 }
654 // Initializing SSL causes us to do blocking IO.
655 // Temporarily allow it until we fix
656 // http://code.google.com/p/chromium/issues/detail?id=59847
659 }
663 }
668 }
671 // Some NSS libraries are linked dynamically so load them here.
672 #if defined(USE_NSS)
673 // Try to search for multiple directories to load the libraries.
676 // Use relative path to Search PATH for the library files.
679 // For Debian derivatives NSS libraries are located here.
682 // Ubuntu 11.10 (Oneiric) places the libraries here.
683 #if defined(ARCH_CPU_X86_64)
685 #elif defined(ARCH_CPU_X86)
687 #elif defined(ARCH_CPU_ARMEL)
689 #endif
691 // A list of library files to load.
696 // For each combination of library file and path, check for existence and
697 // then load.
706 }
707 }
708 }
714 }
715 #endif
716 }
720 }
722 #if defined(USE_NSS)
725 }
728 // TODO(mattm): Close the dababase once NSS 3.14 is required,
729 // which fixes https://bugzilla.mozilla.org/show_bug.cgi?id=588269
730 // Resource leaks are suppressed. http://crbug.com/156433 .
731 }
735 }
738 // May be NULL if the lock is not needed in our version of NSS.
741 }
747 }
748 }
753 }
757 }
761 #if defined(OS_CHROMEOS)
764 }
768 }
772 }
776 }
781 }
785 }
791 }
795 }
799 }
803 }