Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 1 | // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "crypto/nss_util.h" |
| 6 | #include "crypto/nss_util_internal.h" |
| 7 | |
| 8 | #include <nss.h> |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 9 | #include <pk11pub.h> |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 10 | #include <plarena.h> |
| 11 | #include <prerror.h> |
| 12 | #include <prinit.h> |
| 13 | #include <prtime.h> |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 14 | #include <secmod.h> |
| 15 | |
| 16 | #if defined(OS_LINUX) |
| 17 | #include <linux/nfs_fs.h> |
| 18 | #include <sys/vfs.h> |
| 19 | #elif defined(OS_OPENBSD) |
| 20 | #include <sys/mount.h> |
| 21 | #include <sys/param.h> |
| 22 | #endif |
| 23 | |
| 24 | #include <vector> |
| 25 | |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 26 | #include "base/debug/alias.h" |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 27 | #include "base/environment.h" |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 28 | #include "base/file_util.h" |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 29 | #include "base/files/file_path.h" |
| 30 | #include "base/files/scoped_temp_dir.h" |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 31 | #include "base/lazy_instance.h" |
| 32 | #include "base/logging.h" |
| 33 | #include "base/memory/scoped_ptr.h" |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 34 | #include "base/metrics/histogram.h" |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 35 | #include "base/native_library.h" |
Torne (Richard Coles) | 868fa2f | 2013-06-11 10:57:03 +0100 | [diff] [blame] | 36 | #include "base/strings/stringprintf.h" |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 37 | #include "base/threading/thread_restrictions.h" |
| 38 | #include "build/build_config.h" |
| 39 | |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 40 | // USE_NSS means we use NSS for everything crypto-related. If USE_NSS is not |
| 41 | // defined, such as on Mac and Windows, we use NSS for SSL only -- we don't |
| 42 | // use NSS for crypto or certificate verification, and we don't use the NSS |
| 43 | // certificate and key databases. |
| 44 | #if defined(USE_NSS) |
| 45 | #include "base/synchronization/lock.h" |
| 46 | #include "crypto/crypto_module_blocking_password_delegate.h" |
| 47 | #endif // defined(USE_NSS) |
| 48 | |
| 49 | namespace crypto { |
| 50 | |
| 51 | namespace { |
| 52 | |
| 53 | #if defined(OS_CHROMEOS) |
| 54 | const char kNSSDatabaseName[] = "Real NSS database"; |
| 55 | |
| 56 | // Constants for loading the Chrome OS TPM-backed PKCS #11 library. |
| 57 | const char kChapsModuleName[] = "Chaps"; |
| 58 | const char kChapsPath[] = "libchaps.so"; |
| 59 | |
| 60 | // Fake certificate authority database used for testing. |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 61 | static const base::FilePath::CharType kReadOnlyCertDB[] = |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 62 | FILE_PATH_LITERAL("/etc/fake_root_ca/nssdb"); |
| 63 | #endif // defined(OS_CHROMEOS) |
| 64 | |
| 65 | std::string GetNSSErrorMessage() { |
| 66 | std::string result; |
| 67 | if (PR_GetErrorTextLength()) { |
Torne (Richard Coles) | c2e0dbd | 2013-05-09 18:35:53 +0100 | [diff] [blame] | 68 | scoped_ptr<char[]> error_text(new char[PR_GetErrorTextLength() + 1]); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 69 | PRInt32 copied = PR_GetErrorText(error_text.get()); |
| 70 | result = std::string(error_text.get(), copied); |
| 71 | } else { |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 72 | result = base::StringPrintf("NSS error code: %d", PR_GetError()); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 73 | } |
| 74 | return result; |
| 75 | } |
| 76 | |
| 77 | #if defined(USE_NSS) |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 78 | base::FilePath GetDefaultConfigDirectory() { |
| 79 | base::FilePath dir = file_util::GetHomeDir(); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 80 | if (dir.empty()) { |
| 81 | LOG(ERROR) << "Failed to get home directory."; |
| 82 | return dir; |
| 83 | } |
| 84 | dir = dir.AppendASCII(".pki").AppendASCII("nssdb"); |
| 85 | if (!file_util::CreateDirectory(dir)) { |
| 86 | LOG(ERROR) << "Failed to create " << dir.value() << " directory."; |
| 87 | dir.clear(); |
| 88 | } |
| 89 | return dir; |
| 90 | } |
| 91 | |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 92 | // On non-chromeos platforms, return the default config directory. |
| 93 | // On chromeos, return a read-only directory with fake root CA certs for testing |
| 94 | // (which will not exist on non-testing images). These root CA certs are used |
| 95 | // by the local Google Accounts server mock we use when testing our login code. |
| 96 | // If this directory is not present, NSS_Init() will fail. It is up to the |
| 97 | // caller to failover to NSS_NoDB_Init() at that point. |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 98 | base::FilePath GetInitialConfigDirectory() { |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 99 | #if defined(OS_CHROMEOS) |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 100 | return base::FilePath(kReadOnlyCertDB); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 101 | #else |
| 102 | return GetDefaultConfigDirectory(); |
| 103 | #endif // defined(OS_CHROMEOS) |
| 104 | } |
| 105 | |
| 106 | // This callback for NSS forwards all requests to a caller-specified |
| 107 | // CryptoModuleBlockingPasswordDelegate object. |
| 108 | char* PKCS11PasswordFunc(PK11SlotInfo* slot, PRBool retry, void* arg) { |
| 109 | #if defined(OS_CHROMEOS) |
| 110 | // If we get asked for a password for the TPM, then return the |
| 111 | // well known password we use, as long as the TPM slot has been |
| 112 | // initialized. |
| 113 | if (crypto::IsTPMTokenReady()) { |
| 114 | std::string token_name; |
| 115 | std::string user_pin; |
| 116 | crypto::GetTPMTokenInfo(&token_name, &user_pin); |
| 117 | if (PK11_GetTokenName(slot) == token_name) |
| 118 | return PORT_Strdup(user_pin.c_str()); |
| 119 | } |
| 120 | #endif |
| 121 | crypto::CryptoModuleBlockingPasswordDelegate* delegate = |
| 122 | reinterpret_cast<crypto::CryptoModuleBlockingPasswordDelegate*>(arg); |
| 123 | if (delegate) { |
| 124 | bool cancelled = false; |
| 125 | std::string password = delegate->RequestPassword(PK11_GetTokenName(slot), |
| 126 | retry != PR_FALSE, |
| 127 | &cancelled); |
| 128 | if (cancelled) |
| 129 | return NULL; |
| 130 | char* result = PORT_Strdup(password.c_str()); |
| 131 | password.replace(0, password.size(), password.size(), 0); |
| 132 | return result; |
| 133 | } |
| 134 | DLOG(ERROR) << "PK11 password requested with NULL arg"; |
| 135 | return NULL; |
| 136 | } |
| 137 | |
| 138 | // NSS creates a local cache of the sqlite database if it detects that the |
| 139 | // filesystem the database is on is much slower than the local disk. The |
| 140 | // detection doesn't work with the latest versions of sqlite, such as 3.6.22 |
| 141 | // (NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=578561). So we set |
| 142 | // the NSS environment variable NSS_SDB_USE_CACHE to "yes" to override NSS's |
| 143 | // detection when database_dir is on NFS. See http://crbug.com/48585. |
| 144 | // |
| 145 | // TODO(wtc): port this function to other USE_NSS platforms. It is defined |
| 146 | // only for OS_LINUX and OS_OPENBSD simply because the statfs structure |
| 147 | // is OS-specific. |
| 148 | // |
| 149 | // Because this function sets an environment variable it must be run before we |
| 150 | // go multi-threaded. |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 151 | void UseLocalCacheOfNSSDatabaseIfNFS(const base::FilePath& database_dir) { |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 152 | #if defined(OS_LINUX) || defined(OS_OPENBSD) |
| 153 | struct statfs buf; |
| 154 | if (statfs(database_dir.value().c_str(), &buf) == 0) { |
| 155 | #if defined(OS_LINUX) |
| 156 | if (buf.f_type == NFS_SUPER_MAGIC) { |
| 157 | #elif defined(OS_OPENBSD) |
| 158 | if (strcmp(buf.f_fstypename, MOUNT_NFS) == 0) { |
| 159 | #endif |
| 160 | scoped_ptr<base::Environment> env(base::Environment::Create()); |
| 161 | const char* use_cache_env_var = "NSS_SDB_USE_CACHE"; |
| 162 | if (!env->HasVar(use_cache_env_var)) |
| 163 | env->SetVar(use_cache_env_var, "yes"); |
| 164 | } |
| 165 | } |
| 166 | #endif // defined(OS_LINUX) || defined(OS_OPENBSD) |
| 167 | } |
| 168 | |
| 169 | PK11SlotInfo* FindSlotWithTokenName(const std::string& token_name) { |
| 170 | AutoSECMODListReadLock auto_lock; |
| 171 | SECMODModuleList* head = SECMOD_GetDefaultModuleList(); |
| 172 | for (SECMODModuleList* item = head; item != NULL; item = item->next) { |
| 173 | int slot_count = item->module->loaded ? item->module->slotCount : 0; |
| 174 | for (int i = 0; i < slot_count; i++) { |
| 175 | PK11SlotInfo* slot = item->module->slots[i]; |
| 176 | if (PK11_GetTokenName(slot) == token_name) |
| 177 | return PK11_ReferenceSlot(slot); |
| 178 | } |
| 179 | } |
| 180 | return NULL; |
| 181 | } |
| 182 | |
| 183 | #endif // defined(USE_NSS) |
| 184 | |
| 185 | // A singleton to initialize/deinitialize NSPR. |
| 186 | // Separate from the NSS singleton because we initialize NSPR on the UI thread. |
| 187 | // Now that we're leaking the singleton, we could merge back with the NSS |
| 188 | // singleton. |
| 189 | class NSPRInitSingleton { |
| 190 | private: |
| 191 | friend struct base::DefaultLazyInstanceTraits<NSPRInitSingleton>; |
| 192 | |
| 193 | NSPRInitSingleton() { |
| 194 | PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0); |
| 195 | } |
| 196 | |
| 197 | // NOTE(willchan): We don't actually execute this code since we leak NSS to |
| 198 | // prevent non-joinable threads from using NSS after it's already been shut |
| 199 | // down. |
| 200 | ~NSPRInitSingleton() { |
| 201 | PL_ArenaFinish(); |
| 202 | PRStatus prstatus = PR_Cleanup(); |
| 203 | if (prstatus != PR_SUCCESS) |
| 204 | LOG(ERROR) << "PR_Cleanup failed; was NSPR initialized on wrong thread?"; |
| 205 | } |
| 206 | }; |
| 207 | |
| 208 | base::LazyInstance<NSPRInitSingleton>::Leaky |
| 209 | g_nspr_singleton = LAZY_INSTANCE_INITIALIZER; |
| 210 | |
| 211 | // This is a LazyInstance so that it will be deleted automatically when the |
| 212 | // unittest exits. NSSInitSingleton is a LeakySingleton, so it would not be |
| 213 | // deleted if it were a regular member. |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 214 | base::LazyInstance<base::ScopedTempDir> g_test_nss_db_dir = |
| 215 | LAZY_INSTANCE_INITIALIZER; |
| 216 | |
| 217 | // Force a crash with error info on NSS_NoDB_Init failure. |
| 218 | void CrashOnNSSInitFailure() { |
| 219 | int nss_error = PR_GetError(); |
| 220 | int os_error = PR_GetOSError(); |
| 221 | base::debug::Alias(&nss_error); |
| 222 | base::debug::Alias(&os_error); |
| 223 | LOG(ERROR) << "Error initializing NSS without a persistent database: " |
| 224 | << GetNSSErrorMessage(); |
| 225 | LOG(FATAL) << "nss_error=" << nss_error << ", os_error=" << os_error; |
| 226 | } |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 227 | |
| 228 | class NSSInitSingleton { |
| 229 | public: |
| 230 | #if defined(OS_CHROMEOS) |
| 231 | void OpenPersistentNSSDB() { |
| 232 | if (!chromeos_user_logged_in_) { |
| 233 | // GetDefaultConfigDirectory causes us to do blocking IO on UI thread. |
| 234 | // Temporarily allow it until we fix http://crbug.com/70119 |
| 235 | base::ThreadRestrictions::ScopedAllowIO allow_io; |
| 236 | chromeos_user_logged_in_ = true; |
| 237 | |
| 238 | // This creates another DB slot in NSS that is read/write, unlike |
| 239 | // the fake root CA cert DB and the "default" crypto key |
| 240 | // provider, which are still read-only (because we initialized |
| 241 | // NSS before we had a cryptohome mounted). |
| 242 | software_slot_ = OpenUserDB(GetDefaultConfigDirectory(), |
| 243 | kNSSDatabaseName); |
| 244 | } |
| 245 | } |
| 246 | |
| 247 | void EnableTPMTokenForNSS() { |
| 248 | tpm_token_enabled_for_nss_ = true; |
| 249 | } |
| 250 | |
| 251 | bool InitializeTPMToken(const std::string& token_name, |
| 252 | const std::string& user_pin) { |
| 253 | // If EnableTPMTokenForNSS hasn't been called, return false. |
| 254 | if (!tpm_token_enabled_for_nss_) |
| 255 | return false; |
| 256 | |
| 257 | // If everything is already initialized, then return true. |
| 258 | if (chaps_module_ && tpm_slot_) |
| 259 | return true; |
| 260 | |
| 261 | tpm_token_name_ = token_name; |
| 262 | tpm_user_pin_ = user_pin; |
| 263 | |
| 264 | // This tries to load the Chaps module so NSS can talk to the hardware |
| 265 | // TPM. |
| 266 | if (!chaps_module_) { |
| 267 | chaps_module_ = LoadModule( |
| 268 | kChapsModuleName, |
| 269 | kChapsPath, |
| 270 | // For more details on these parameters, see: |
| 271 | // https://developer.mozilla.org/en/PKCS11_Module_Specs |
| 272 | // slotFlags=[PublicCerts] -- Certificates and public keys can be |
| 273 | // read from this slot without requiring a call to C_Login. |
| 274 | // askpw=only -- Only authenticate to the token when necessary. |
| 275 | "NSS=\"slotParams=(0={slotFlags=[PublicCerts] askpw=only})\""); |
| 276 | } |
| 277 | if (chaps_module_){ |
| 278 | // If this gets set, then we'll use the TPM for certs with |
| 279 | // private keys, otherwise we'll fall back to the software |
| 280 | // implementation. |
| 281 | tpm_slot_ = GetTPMSlot(); |
| 282 | |
| 283 | return tpm_slot_ != NULL; |
| 284 | } |
| 285 | return false; |
| 286 | } |
| 287 | |
| 288 | void GetTPMTokenInfo(std::string* token_name, std::string* user_pin) { |
| 289 | if (!tpm_token_enabled_for_nss_) { |
| 290 | LOG(ERROR) << "GetTPMTokenInfo called before TPM Token is ready."; |
| 291 | return; |
| 292 | } |
| 293 | if (token_name) |
| 294 | *token_name = tpm_token_name_; |
| 295 | if (user_pin) |
| 296 | *user_pin = tpm_user_pin_; |
| 297 | } |
| 298 | |
| 299 | bool IsTPMTokenReady() { |
| 300 | return tpm_slot_ != NULL; |
| 301 | } |
| 302 | |
| 303 | PK11SlotInfo* GetTPMSlot() { |
| 304 | std::string token_name; |
| 305 | GetTPMTokenInfo(&token_name, NULL); |
| 306 | return FindSlotWithTokenName(token_name); |
| 307 | } |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 308 | #endif // defined(OS_CHROMEOS) |
| 309 | |
| 310 | |
| 311 | bool OpenTestNSSDB() { |
| 312 | if (test_slot_) |
| 313 | return true; |
| 314 | if (!g_test_nss_db_dir.Get().CreateUniqueTempDir()) |
| 315 | return false; |
| 316 | test_slot_ = OpenUserDB(g_test_nss_db_dir.Get().path(), "Test DB"); |
| 317 | return !!test_slot_; |
| 318 | } |
| 319 | |
| 320 | void CloseTestNSSDB() { |
Ben Murdoch | eb525c5 | 2013-07-10 11:40:50 +0100 | [diff] [blame] | 321 | if (!test_slot_) |
| 322 | return; |
| 323 | SECStatus status = SECMOD_CloseUserDB(test_slot_); |
| 324 | if (status != SECSuccess) |
| 325 | PLOG(ERROR) << "SECMOD_CloseUserDB failed: " << PORT_GetError(); |
| 326 | PK11_FreeSlot(test_slot_); |
| 327 | test_slot_ = NULL; |
| 328 | ignore_result(g_test_nss_db_dir.Get().Delete()); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 329 | } |
| 330 | |
| 331 | PK11SlotInfo* GetPublicNSSKeySlot() { |
| 332 | if (test_slot_) |
| 333 | return PK11_ReferenceSlot(test_slot_); |
| 334 | if (software_slot_) |
| 335 | return PK11_ReferenceSlot(software_slot_); |
| 336 | return PK11_GetInternalKeySlot(); |
| 337 | } |
| 338 | |
| 339 | PK11SlotInfo* GetPrivateNSSKeySlot() { |
| 340 | if (test_slot_) |
| 341 | return PK11_ReferenceSlot(test_slot_); |
| 342 | |
| 343 | #if defined(OS_CHROMEOS) |
| 344 | if (tpm_token_enabled_for_nss_) { |
| 345 | if (IsTPMTokenReady()) { |
| 346 | return PK11_ReferenceSlot(tpm_slot_); |
| 347 | } else { |
| 348 | // If we were supposed to get the hardware token, but were |
| 349 | // unable to, return NULL rather than fall back to sofware. |
| 350 | return NULL; |
| 351 | } |
| 352 | } |
| 353 | #endif |
| 354 | // If we weren't supposed to enable the TPM for NSS, then return |
| 355 | // the software slot. |
| 356 | if (software_slot_) |
| 357 | return PK11_ReferenceSlot(software_slot_); |
| 358 | return PK11_GetInternalKeySlot(); |
| 359 | } |
| 360 | |
| 361 | #if defined(USE_NSS) |
| 362 | base::Lock* write_lock() { |
| 363 | return &write_lock_; |
| 364 | } |
| 365 | #endif // defined(USE_NSS) |
| 366 | |
| 367 | // This method is used to force NSS to be initialized without a DB. |
| 368 | // Call this method before NSSInitSingleton() is constructed. |
| 369 | static void ForceNoDBInit() { |
| 370 | force_nodb_init_ = true; |
| 371 | } |
| 372 | |
| 373 | private: |
| 374 | friend struct base::DefaultLazyInstanceTraits<NSSInitSingleton>; |
| 375 | |
| 376 | NSSInitSingleton() |
| 377 | : tpm_token_enabled_for_nss_(false), |
| 378 | chaps_module_(NULL), |
| 379 | software_slot_(NULL), |
| 380 | test_slot_(NULL), |
| 381 | tpm_slot_(NULL), |
| 382 | root_(NULL), |
| 383 | chromeos_user_logged_in_(false) { |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 384 | base::TimeTicks start_time = base::TimeTicks::Now(); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 385 | EnsureNSPRInit(); |
| 386 | |
Ben Murdoch | bb1529c | 2013-08-08 10:24:53 +0100 | [diff] [blame^] | 387 | // We *must* have NSS >= 3.14.3. |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 388 | COMPILE_ASSERT( |
Ben Murdoch | bb1529c | 2013-08-08 10:24:53 +0100 | [diff] [blame^] | 389 | (NSS_VMAJOR == 3 && NSS_VMINOR == 14 && NSS_VPATCH >= 3) || |
| 390 | (NSS_VMAJOR == 3 && NSS_VMINOR > 14) || |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 391 | (NSS_VMAJOR > 3), |
| 392 | nss_version_check_failed); |
| 393 | // Also check the run-time NSS version. |
| 394 | // NSS_VersionCheck is a >= check, not strict equality. |
Ben Murdoch | bb1529c | 2013-08-08 10:24:53 +0100 | [diff] [blame^] | 395 | if (!NSS_VersionCheck("3.14.3")) { |
| 396 | LOG(FATAL) << "NSS_VersionCheck(\"3.14.3\") failed. NSS >= 3.14.3 is " |
| 397 | "required. Please upgrade to the latest NSS, and if you " |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 398 | "still get this error, contact your distribution " |
| 399 | "maintainer."; |
| 400 | } |
| 401 | |
| 402 | SECStatus status = SECFailure; |
| 403 | bool nodb_init = force_nodb_init_; |
| 404 | |
| 405 | #if !defined(USE_NSS) |
| 406 | // Use the system certificate store, so initialize NSS without database. |
| 407 | nodb_init = true; |
| 408 | #endif |
| 409 | |
| 410 | if (nodb_init) { |
| 411 | status = NSS_NoDB_Init(NULL); |
| 412 | if (status != SECSuccess) { |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 413 | CrashOnNSSInitFailure(); |
| 414 | return; |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 415 | } |
| 416 | #if defined(OS_IOS) |
| 417 | root_ = InitDefaultRootCerts(); |
| 418 | #endif // defined(OS_IOS) |
| 419 | } else { |
| 420 | #if defined(USE_NSS) |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 421 | base::FilePath database_dir = GetInitialConfigDirectory(); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 422 | if (!database_dir.empty()) { |
| 423 | // This duplicates the work which should have been done in |
| 424 | // EarlySetupForNSSInit. However, this function is idempotent so |
| 425 | // there's no harm done. |
| 426 | UseLocalCacheOfNSSDatabaseIfNFS(database_dir); |
| 427 | |
| 428 | // Initialize with a persistent database (likely, ~/.pki/nssdb). |
| 429 | // Use "sql:" which can be shared by multiple processes safely. |
| 430 | std::string nss_config_dir = |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 431 | base::StringPrintf("sql:%s", database_dir.value().c_str()); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 432 | #if defined(OS_CHROMEOS) |
| 433 | status = NSS_Init(nss_config_dir.c_str()); |
| 434 | #else |
| 435 | status = NSS_InitReadWrite(nss_config_dir.c_str()); |
| 436 | #endif |
| 437 | if (status != SECSuccess) { |
| 438 | LOG(ERROR) << "Error initializing NSS with a persistent " |
| 439 | "database (" << nss_config_dir |
| 440 | << "): " << GetNSSErrorMessage(); |
| 441 | } |
| 442 | } |
| 443 | if (status != SECSuccess) { |
| 444 | VLOG(1) << "Initializing NSS without a persistent database."; |
| 445 | status = NSS_NoDB_Init(NULL); |
| 446 | if (status != SECSuccess) { |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 447 | CrashOnNSSInitFailure(); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 448 | return; |
| 449 | } |
| 450 | } |
| 451 | |
| 452 | PK11_SetPasswordFunc(PKCS11PasswordFunc); |
| 453 | |
| 454 | // If we haven't initialized the password for the NSS databases, |
| 455 | // initialize an empty-string password so that we don't need to |
| 456 | // log in. |
| 457 | PK11SlotInfo* slot = PK11_GetInternalKeySlot(); |
| 458 | if (slot) { |
| 459 | // PK11_InitPin may write to the keyDB, but no other thread can use NSS |
| 460 | // yet, so we don't need to lock. |
| 461 | if (PK11_NeedUserInit(slot)) |
| 462 | PK11_InitPin(slot, NULL, NULL); |
| 463 | PK11_FreeSlot(slot); |
| 464 | } |
| 465 | |
| 466 | root_ = InitDefaultRootCerts(); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 467 | #endif // defined(USE_NSS) |
| 468 | } |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 469 | |
| 470 | // Disable MD5 certificate signatures. (They are disabled by default in |
| 471 | // NSS 3.14.) |
| 472 | NSS_SetAlgorithmPolicy(SEC_OID_MD5, 0, NSS_USE_ALG_IN_CERT_SIGNATURE); |
| 473 | NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, |
| 474 | 0, NSS_USE_ALG_IN_CERT_SIGNATURE); |
| 475 | |
| 476 | // The UMA bit is conditionally set for this histogram in |
| 477 | // chrome/common/startup_metric_utils.cc . |
| 478 | HISTOGRAM_CUSTOM_TIMES("Startup.SlowStartupNSSInit", |
| 479 | base::TimeTicks::Now() - start_time, |
| 480 | base::TimeDelta::FromMilliseconds(10), |
| 481 | base::TimeDelta::FromHours(1), |
| 482 | 50); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 483 | } |
| 484 | |
| 485 | // NOTE(willchan): We don't actually execute this code since we leak NSS to |
| 486 | // prevent non-joinable threads from using NSS after it's already been shut |
| 487 | // down. |
| 488 | ~NSSInitSingleton() { |
| 489 | if (tpm_slot_) { |
| 490 | PK11_FreeSlot(tpm_slot_); |
| 491 | tpm_slot_ = NULL; |
| 492 | } |
| 493 | if (software_slot_) { |
| 494 | SECMOD_CloseUserDB(software_slot_); |
| 495 | PK11_FreeSlot(software_slot_); |
| 496 | software_slot_ = NULL; |
| 497 | } |
| 498 | CloseTestNSSDB(); |
| 499 | if (root_) { |
| 500 | SECMOD_UnloadUserModule(root_); |
| 501 | SECMOD_DestroyModule(root_); |
| 502 | root_ = NULL; |
| 503 | } |
| 504 | if (chaps_module_) { |
| 505 | SECMOD_UnloadUserModule(chaps_module_); |
| 506 | SECMOD_DestroyModule(chaps_module_); |
| 507 | chaps_module_ = NULL; |
| 508 | } |
| 509 | |
| 510 | SECStatus status = NSS_Shutdown(); |
| 511 | if (status != SECSuccess) { |
| 512 | // We VLOG(1) because this failure is relatively harmless (leaking, but |
| 513 | // we're shutting down anyway). |
| 514 | VLOG(1) << "NSS_Shutdown failed; see http://crbug.com/4609"; |
| 515 | } |
| 516 | } |
| 517 | |
| 518 | #if defined(USE_NSS) || defined(OS_IOS) |
| 519 | // Load nss's built-in root certs. |
| 520 | SECMODModule* InitDefaultRootCerts() { |
| 521 | SECMODModule* root = LoadModule("Root Certs", "libnssckbi.so", NULL); |
| 522 | if (root) |
| 523 | return root; |
| 524 | |
| 525 | // Aw, snap. Can't find/load root cert shared library. |
| 526 | // This will make it hard to talk to anybody via https. |
| 527 | NOTREACHED(); |
| 528 | return NULL; |
| 529 | } |
| 530 | |
| 531 | // Load the given module for this NSS session. |
| 532 | SECMODModule* LoadModule(const char* name, |
| 533 | const char* library_path, |
| 534 | const char* params) { |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 535 | std::string modparams = base::StringPrintf( |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 536 | "name=\"%s\" library=\"%s\" %s", |
| 537 | name, library_path, params ? params : ""); |
| 538 | |
| 539 | // Shouldn't need to const_cast here, but SECMOD doesn't properly |
| 540 | // declare input string arguments as const. Bug |
| 541 | // https://bugzilla.mozilla.org/show_bug.cgi?id=642546 was filed |
| 542 | // on NSS codebase to address this. |
| 543 | SECMODModule* module = SECMOD_LoadUserModule( |
| 544 | const_cast<char*>(modparams.c_str()), NULL, PR_FALSE); |
| 545 | if (!module) { |
| 546 | LOG(ERROR) << "Error loading " << name << " module into NSS: " |
| 547 | << GetNSSErrorMessage(); |
| 548 | return NULL; |
| 549 | } |
| 550 | return module; |
| 551 | } |
| 552 | #endif |
| 553 | |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 554 | static PK11SlotInfo* OpenUserDB(const base::FilePath& path, |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 555 | const char* description) { |
| 556 | const std::string modspec = |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 557 | base::StringPrintf("configDir='sql:%s' tokenDescription='%s'", |
| 558 | path.value().c_str(), description); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 559 | PK11SlotInfo* db_slot = SECMOD_OpenUserDB(modspec.c_str()); |
| 560 | if (db_slot) { |
| 561 | if (PK11_NeedUserInit(db_slot)) |
| 562 | PK11_InitPin(db_slot, NULL, NULL); |
| 563 | } |
| 564 | else { |
| 565 | LOG(ERROR) << "Error opening persistent database (" << modspec |
| 566 | << "): " << GetNSSErrorMessage(); |
| 567 | } |
| 568 | return db_slot; |
| 569 | } |
| 570 | |
| 571 | // If this is set to true NSS is forced to be initialized without a DB. |
| 572 | static bool force_nodb_init_; |
| 573 | |
| 574 | bool tpm_token_enabled_for_nss_; |
| 575 | std::string tpm_token_name_; |
| 576 | std::string tpm_user_pin_; |
| 577 | SECMODModule* chaps_module_; |
| 578 | PK11SlotInfo* software_slot_; |
| 579 | PK11SlotInfo* test_slot_; |
| 580 | PK11SlotInfo* tpm_slot_; |
| 581 | SECMODModule* root_; |
| 582 | bool chromeos_user_logged_in_; |
| 583 | #if defined(USE_NSS) |
| 584 | // TODO(davidben): When https://bugzilla.mozilla.org/show_bug.cgi?id=564011 |
| 585 | // is fixed, we will no longer need the lock. |
| 586 | base::Lock write_lock_; |
| 587 | #endif // defined(USE_NSS) |
| 588 | }; |
| 589 | |
| 590 | // static |
| 591 | bool NSSInitSingleton::force_nodb_init_ = false; |
| 592 | |
| 593 | base::LazyInstance<NSSInitSingleton>::Leaky |
| 594 | g_nss_singleton = LAZY_INSTANCE_INITIALIZER; |
| 595 | } // namespace |
| 596 | |
| 597 | #if defined(USE_NSS) |
| 598 | void EarlySetupForNSSInit() { |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 599 | base::FilePath database_dir = GetInitialConfigDirectory(); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 600 | if (!database_dir.empty()) |
| 601 | UseLocalCacheOfNSSDatabaseIfNFS(database_dir); |
| 602 | } |
| 603 | #endif |
| 604 | |
| 605 | void EnsureNSPRInit() { |
| 606 | g_nspr_singleton.Get(); |
| 607 | } |
| 608 | |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 609 | void InitNSSSafely() { |
| 610 | // We might fork, but we haven't loaded any security modules. |
| 611 | DisableNSSForkCheck(); |
| 612 | // If we're sandboxed, we shouldn't be able to open user security modules, |
| 613 | // but it's more correct to tell NSS to not even try. |
| 614 | // Loading user security modules would have security implications. |
| 615 | ForceNSSNoDBInit(); |
| 616 | // Initialize NSS. |
| 617 | EnsureNSSInit(); |
| 618 | } |
| 619 | |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 620 | void EnsureNSSInit() { |
| 621 | // Initializing SSL causes us to do blocking IO. |
| 622 | // Temporarily allow it until we fix |
| 623 | // http://code.google.com/p/chromium/issues/detail?id=59847 |
| 624 | base::ThreadRestrictions::ScopedAllowIO allow_io; |
| 625 | g_nss_singleton.Get(); |
| 626 | } |
| 627 | |
| 628 | void ForceNSSNoDBInit() { |
| 629 | NSSInitSingleton::ForceNoDBInit(); |
| 630 | } |
| 631 | |
| 632 | void DisableNSSForkCheck() { |
| 633 | scoped_ptr<base::Environment> env(base::Environment::Create()); |
| 634 | env->SetVar("NSS_STRICT_NOFORK", "DISABLED"); |
| 635 | } |
| 636 | |
| 637 | void LoadNSSLibraries() { |
| 638 | // Some NSS libraries are linked dynamically so load them here. |
| 639 | #if defined(USE_NSS) |
| 640 | // Try to search for multiple directories to load the libraries. |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 641 | std::vector<base::FilePath> paths; |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 642 | |
| 643 | // Use relative path to Search PATH for the library files. |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 644 | paths.push_back(base::FilePath()); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 645 | |
| 646 | // For Debian derivatives NSS libraries are located here. |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 647 | paths.push_back(base::FilePath("/usr/lib/nss")); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 648 | |
Torne (Richard Coles) | a36e592 | 2013-08-05 13:57:33 +0100 | [diff] [blame] | 649 | // Ubuntu 11.10 (Oneiric) and Debian Wheezy place the libraries here. |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 650 | #if defined(ARCH_CPU_X86_64) |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 651 | paths.push_back(base::FilePath("/usr/lib/x86_64-linux-gnu/nss")); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 652 | #elif defined(ARCH_CPU_X86) |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 653 | paths.push_back(base::FilePath("/usr/lib/i386-linux-gnu/nss")); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 654 | #elif defined(ARCH_CPU_ARMEL) |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 655 | paths.push_back(base::FilePath("/usr/lib/arm-linux-gnueabi/nss")); |
Torne (Richard Coles) | a36e592 | 2013-08-05 13:57:33 +0100 | [diff] [blame] | 656 | #elif defined(ARCH_CPU_MIPSEL) |
| 657 | paths.push_back(base::FilePath("/usr/lib/mipsel-linux-gnu/nss")); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 658 | #endif |
| 659 | |
| 660 | // A list of library files to load. |
| 661 | std::vector<std::string> libs; |
| 662 | libs.push_back("libsoftokn3.so"); |
| 663 | libs.push_back("libfreebl3.so"); |
| 664 | |
| 665 | // For each combination of library file and path, check for existence and |
| 666 | // then load. |
| 667 | size_t loaded = 0; |
| 668 | for (size_t i = 0; i < libs.size(); ++i) { |
| 669 | for (size_t j = 0; j < paths.size(); ++j) { |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 670 | base::FilePath path = paths[j].Append(libs[i]); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 671 | base::NativeLibrary lib = base::LoadNativeLibrary(path, NULL); |
| 672 | if (lib) { |
| 673 | ++loaded; |
| 674 | break; |
| 675 | } |
| 676 | } |
| 677 | } |
| 678 | |
| 679 | if (loaded == libs.size()) { |
| 680 | VLOG(3) << "NSS libraries loaded."; |
| 681 | } else { |
| 682 | LOG(ERROR) << "Failed to load NSS libraries."; |
| 683 | } |
| 684 | #endif |
| 685 | } |
| 686 | |
| 687 | bool CheckNSSVersion(const char* version) { |
| 688 | return !!NSS_VersionCheck(version); |
| 689 | } |
| 690 | |
| 691 | #if defined(USE_NSS) |
| 692 | ScopedTestNSSDB::ScopedTestNSSDB() |
| 693 | : is_open_(g_nss_singleton.Get().OpenTestNSSDB()) { |
| 694 | } |
| 695 | |
| 696 | ScopedTestNSSDB::~ScopedTestNSSDB() { |
Ben Murdoch | eb525c5 | 2013-07-10 11:40:50 +0100 | [diff] [blame] | 697 | // Don't close when NSS is < 3.15.1, because it would require an additional |
| 698 | // sleep for 1 second after closing the database, due to |
| 699 | // http://bugzil.la/875601. |
| 700 | if (NSS_VersionCheck("3.15.1")) { |
| 701 | g_nss_singleton.Get().CloseTestNSSDB(); |
| 702 | } |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 703 | } |
| 704 | |
| 705 | base::Lock* GetNSSWriteLock() { |
| 706 | return g_nss_singleton.Get().write_lock(); |
| 707 | } |
| 708 | |
| 709 | AutoNSSWriteLock::AutoNSSWriteLock() : lock_(GetNSSWriteLock()) { |
| 710 | // May be NULL if the lock is not needed in our version of NSS. |
| 711 | if (lock_) |
| 712 | lock_->Acquire(); |
| 713 | } |
| 714 | |
| 715 | AutoNSSWriteLock::~AutoNSSWriteLock() { |
| 716 | if (lock_) { |
| 717 | lock_->AssertAcquired(); |
| 718 | lock_->Release(); |
| 719 | } |
| 720 | } |
| 721 | |
| 722 | AutoSECMODListReadLock::AutoSECMODListReadLock() |
| 723 | : lock_(SECMOD_GetDefaultModuleListLock()) { |
| 724 | SECMOD_GetReadLock(lock_); |
| 725 | } |
| 726 | |
| 727 | AutoSECMODListReadLock::~AutoSECMODListReadLock() { |
| 728 | SECMOD_ReleaseReadLock(lock_); |
| 729 | } |
| 730 | |
| 731 | #endif // defined(USE_NSS) |
| 732 | |
| 733 | #if defined(OS_CHROMEOS) |
| 734 | void OpenPersistentNSSDB() { |
| 735 | g_nss_singleton.Get().OpenPersistentNSSDB(); |
| 736 | } |
| 737 | |
| 738 | void EnableTPMTokenForNSS() { |
| 739 | g_nss_singleton.Get().EnableTPMTokenForNSS(); |
| 740 | } |
| 741 | |
| 742 | void GetTPMTokenInfo(std::string* token_name, std::string* user_pin) { |
| 743 | g_nss_singleton.Get().GetTPMTokenInfo(token_name, user_pin); |
| 744 | } |
| 745 | |
| 746 | bool IsTPMTokenReady() { |
| 747 | return g_nss_singleton.Get().IsTPMTokenReady(); |
| 748 | } |
| 749 | |
| 750 | bool InitializeTPMToken(const std::string& token_name, |
| 751 | const std::string& user_pin) { |
| 752 | return g_nss_singleton.Get().InitializeTPMToken(token_name, user_pin); |
| 753 | } |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 754 | #endif // defined(OS_CHROMEOS) |
| 755 | |
| 756 | base::Time PRTimeToBaseTime(PRTime prtime) { |
| 757 | return base::Time::FromInternalValue( |
| 758 | prtime + base::Time::UnixEpoch().ToInternalValue()); |
| 759 | } |
| 760 | |
| 761 | PRTime BaseTimeToPRTime(base::Time time) { |
| 762 | return time.ToInternalValue() - base::Time::UnixEpoch().ToInternalValue(); |
| 763 | } |
| 764 | |
| 765 | PK11SlotInfo* GetPublicNSSKeySlot() { |
| 766 | return g_nss_singleton.Get().GetPublicNSSKeySlot(); |
| 767 | } |
| 768 | |
| 769 | PK11SlotInfo* GetPrivateNSSKeySlot() { |
| 770 | return g_nss_singleton.Get().GetPrivateNSSKeySlot(); |
| 771 | } |
| 772 | |
| 773 | } // namespace crypto |