Bug 1312157 - Stop using Scoped.h NSS types in nsSyncJPAKE.(cpp|h). r=rnewman
authorCykesiopka <cykesiopka.bmo@gmail.com>
Sun, 23 Oct 2016 13:26:08 +0800
changeset 319286 dba96457edcdae832cb9e55fa17c80566a43e29f
parent 319285 35996f91e760b614ce2e3e5992968bc7465df4bc
child 319287 4117f4902103129ca0acdcef2b6df6dc7f22f1f0
push id30869
push userphilringnalda@gmail.com
push dateWed, 26 Oct 2016 04:57:48 +0000
treeherdermozilla-central@9471b3c49b2c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersrnewman
bugs1312157
milestone52.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1312157 - Stop using Scoped.h NSS types in nsSyncJPAKE.(cpp|h). r=rnewman Scoped.h is deprecated. MozReview-Commit-ID: AZ4MkXqirTc
services/crypto/component/nsSyncJPAKE.cpp
services/crypto/component/nsSyncJPAKE.h
--- a/services/crypto/component/nsSyncJPAKE.cpp
+++ b/services/crypto/component/nsSyncJPAKE.cpp
@@ -1,25 +1,27 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nsSyncJPAKE.h"
+
+#include "base64.h"
+#include "keyhi.h"
 #include "mozilla/ModuleUtils.h"
-#include <pk11pub.h>
-#include <keyhi.h>
-#include <pkcs11.h>
-#include <nscore.h>
-#include <secmodt.h>
-#include <secport.h>
-#include <secerr.h>
-#include <nsDebug.h>
-#include <nsError.h>
-#include <base64.h>
-#include <nsString.h>
+#include "mozilla/Move.h"
+#include "nsDebug.h"
+#include "nsError.h"
+#include "nsString.h"
+#include "nscore.h"
+#include "pk11pub.h"
+#include "pkcs11.h"
+#include "secerr.h"
+#include "secmodt.h"
+#include "secport.h"
 
 using mozilla::fallible;
 
 static bool
 hex_from_2char(const unsigned char *c2, unsigned char *byteval)
 {
   int i;
   unsigned char offset;
@@ -141,17 +143,17 @@ NS_IMETHODIMP nsSyncJPAKE::Round1(const 
   NS_ENSURE_STATE(key == nullptr);
 
   static CK_MECHANISM_TYPE mechanisms[] = {
     CKM_NSS_JPAKE_ROUND1_SHA256,
     CKM_NSS_JPAKE_ROUND2_SHA256,
     CKM_NSS_JPAKE_FINAL_SHA256
   };
 
-  ScopedPK11SlotInfo slot(PK11_GetBestSlotMultiple(mechanisms,
+  UniquePK11SlotInfo slot(PK11_GetBestSlotMultiple(mechanisms,
                                                    NUM_ELEM(mechanisms),
                                                    nullptr));
   NS_ENSURE_STATE(slot != nullptr);
     
   CK_BYTE pBuf[(NUM_ELEM(p) - 1) / 2];
   CK_BYTE qBuf[(NUM_ELEM(q) - 1) / 2];
   CK_BYTE gBuf[(NUM_ELEM(g) - 1) / 2];
     
@@ -176,20 +178,20 @@ NS_IMETHODIMP nsSyncJPAKE::Round1(const 
   CK_BYTE r2Buf [NUM_ELEM(p) / 2];
   CK_NSS_JPAKERound1Params rp = {
       { gx1Buf, sizeof gx1Buf, gv1Buf, sizeof gv1Buf, r1Buf, sizeof r1Buf },
       { gx2Buf, sizeof gx2Buf, gv2Buf, sizeof gv2Buf, r2Buf, sizeof r2Buf }
   };
   SECItem paramsItem;
   paramsItem.data = (unsigned char *) &rp;
   paramsItem.len = sizeof rp;
-  key = PK11_KeyGenWithTemplate(slot, CKM_NSS_JPAKE_ROUND1_SHA256,
-                                CKM_NSS_JPAKE_ROUND1_SHA256,
-                                &paramsItem, keyTemplate,
-                                NUM_ELEM(keyTemplate), nullptr);
+  key = UniquePK11SymKey(
+    PK11_KeyGenWithTemplate(slot.get(), CKM_NSS_JPAKE_ROUND1_SHA256,
+                            CKM_NSS_JPAKE_ROUND1_SHA256, &paramsItem,
+                            keyTemplate, NUM_ELEM(keyTemplate), nullptr));
   nsresult rv = key != nullptr
               ? NS_OK
               : mapErrno();
   if (rv == NS_OK) {
     NS_ENSURE_TRUE(toHexString(rp.gx1.pGX, rp.gx1.ulGXLen, aGX1) &&
                    toHexString(rp.gx1.pGV, rp.gx1.ulGVLen, aGV1) &&
                    toHexString(rp.gx1.pR,  rp.gx1.ulRLen,  aR1)  &&
                    toHexString(rp.gx2.pGX, rp.gx2.ulGXLen, aGX2) &&
@@ -272,30 +274,30 @@ NS_IMETHODIMP nsSyncJPAKE::Round2(const 
   SECItem paramsItem;
   paramsItem.data = (unsigned char *) &rp;
   paramsItem.len = sizeof rp;
   CK_KEY_TYPE keyType = CKK_NSS_JPAKE_ROUND2;
   CK_ATTRIBUTE keyTemplate[] = {
     { CKA_NSS_JPAKE_PEERID, (CK_BYTE *) aPeerID.Data(), aPeerID.Length(), },
     { CKA_KEY_TYPE, &keyType, sizeof keyType }
   };
-  ScopedPK11SymKey newKey(PK11_DeriveWithTemplate(key,
+  UniquePK11SymKey newKey(PK11_DeriveWithTemplate(key.get(),
                                                   CKM_NSS_JPAKE_ROUND2_SHA256,
                                                   &paramsItem,
                                                   CKM_NSS_JPAKE_FINAL_SHA256,
                                                   CKA_DERIVE, 0,
                                                   keyTemplate,
                                                   NUM_ELEM(keyTemplate),
                                                   false));
   if (newKey != nullptr) {
     if (toHexString(rp.A.pGX, rp.A.ulGXLen, aA) &&
         toHexString(rp.A.pGV, rp.A.ulGVLen, aGVA) &&
         toHexString(rp.A.pR, rp.A.ulRLen, aRA)) {
       round = JPAKEAfterRound2;
-      key = newKey.forget();
+      key = Move(newKey);
       return NS_OK;
     } else {
       rv = NS_ERROR_OUT_OF_MEMORY;
     }
   } else {
     rv = mapErrno();
   }
 
@@ -334,24 +336,24 @@ base64KeyValue(PK11SymKey * key, nsACStr
        : NS_ERROR_UNEXPECTED;
   } else {
     rv = mapErrno();
   }
   return rv;
 }
 
 static nsresult
-extractBase64KeyValue(PK11SymKey * keyBlock, CK_ULONG bitPosition,
+extractBase64KeyValue(UniquePK11SymKey & keyBlock, CK_ULONG bitPosition,
                       CK_MECHANISM_TYPE destMech, int keySize,
                       nsACString & keyString)
 {
   SECItem paramsItem;
   paramsItem.data = (CK_BYTE *) &bitPosition;
   paramsItem.len = sizeof bitPosition;
-  PK11SymKey * key = PK11_Derive(keyBlock, CKM_EXTRACT_KEY_FROM_KEY,
+  PK11SymKey * key = PK11_Derive(keyBlock.get(), CKM_EXTRACT_KEY_FROM_KEY,
                                  &paramsItem, destMech,
                                  CKA_SIGN, keySize);
   if (key == nullptr)
     return mapErrno();
   nsresult rv = base64KeyValue(key, keyString);
   PK11_FreeSymKey(key);
   return rv;
 }
@@ -386,54 +388,55 @@ NS_IMETHODIMP nsSyncJPAKE::Final(const n
 
   CK_NSS_JPAKEFinalParams rp;
   rp.B.pGX = gxBBuf; rp.B.ulGXLen = aB  .Length() / 2;
   rp.B.pGV = gvBBuf; rp.B.ulGVLen = aGVB.Length() / 2;
   rp.B.pR  = rBBuf;  rp.B.ulRLen  = aRB .Length() / 2;
   SECItem paramsItem;
   paramsItem.data = (unsigned char *) &rp;
   paramsItem.len = sizeof rp;
-  ScopedPK11SymKey keyMaterial(PK11_Derive(key, CKM_NSS_JPAKE_FINAL_SHA256,
+  UniquePK11SymKey keyMaterial(PK11_Derive(key.get(), CKM_NSS_JPAKE_FINAL_SHA256,
                                            &paramsItem, CKM_NSS_HKDF_SHA256,
                                            CKA_DERIVE, 0));
-  ScopedPK11SymKey keyBlock;
+  UniquePK11SymKey keyBlock;
 
   if (keyMaterial == nullptr)
     rv = mapErrno();
 
   if (rv == NS_OK) {
     CK_NSS_HKDFParams hkdfParams;
     hkdfParams.bExtract = CK_TRUE;
     hkdfParams.pSalt = nullptr;
     hkdfParams.ulSaltLen = 0;
     hkdfParams.bExpand = CK_TRUE;
     hkdfParams.pInfo = (CK_BYTE *) aHKDFInfo.Data();
     hkdfParams.ulInfoLen = aHKDFInfo.Length();
     paramsItem.data = (unsigned char *) &hkdfParams;
     paramsItem.len = sizeof hkdfParams;
-    keyBlock = PK11_Derive(keyMaterial, CKM_NSS_HKDF_SHA256,
-                           &paramsItem, CKM_EXTRACT_KEY_FROM_KEY,
-                           CKA_DERIVE, AES256_KEY_SIZE + HMAC_SHA256_KEY_SIZE);
+    keyBlock = UniquePK11SymKey(
+      PK11_Derive(keyMaterial.get(), CKM_NSS_HKDF_SHA256, &paramsItem,
+                  CKM_EXTRACT_KEY_FROM_KEY, CKA_DERIVE,
+                  AES256_KEY_SIZE + HMAC_SHA256_KEY_SIZE));
     if (keyBlock == nullptr)
       rv = mapErrno();
   }
 
   if (rv == NS_OK) {
     rv = extractBase64KeyValue(keyBlock, aesBitPosition, CKM_AES_CBC,
                                AES256_KEY_SIZE, aAES256Key);
   }
   if (rv == NS_OK) {
     rv = extractBase64KeyValue(keyBlock, hmacBitPosition, CKM_SHA256_HMAC,
                                HMAC_SHA256_KEY_SIZE, aHMAC256Key);
   }
 
   if (rv == NS_OK) {
-    SECStatus srv = PK11_ExtractKeyValue(keyMaterial);
+    SECStatus srv = PK11_ExtractKeyValue(keyMaterial.get());
     NS_ENSURE_TRUE(srv == SECSuccess, NS_ERROR_UNEXPECTED);
-    SECItem * keyMaterialBytes = PK11_GetKeyData(keyMaterial);
+    SECItem * keyMaterialBytes = PK11_GetKeyData(keyMaterial.get());
     NS_ENSURE_TRUE(keyMaterialBytes != nullptr, NS_ERROR_UNEXPECTED);
   }
 
   return rv;
 }
 
 NS_GENERIC_FACTORY_CONSTRUCTOR(nsSyncJPAKE)
 NS_DEFINE_NAMED_CID(NS_SYNCJPAKE_CID);
@@ -454,17 +457,17 @@ void
 nsSyncJPAKE::virtualDestroyNSSReference()
 {
   destructorSafeDestroyNSSReference();
 }
 
 void
 nsSyncJPAKE::destructorSafeDestroyNSSReference()
 {
-  key.dispose();
+  key = nullptr;
 }
 
 static const mozilla::Module::CIDEntry kServicesCryptoCIDs[] = {
   { &kNS_SYNCJPAKE_CID, false, nullptr, nsSyncJPAKEConstructor },
   { nullptr }
 };
 
 static const mozilla::Module::ContractIDEntry kServicesCryptoContracts[] = {
--- a/services/crypto/component/nsSyncJPAKE.h
+++ b/services/crypto/component/nsSyncJPAKE.h
@@ -25,14 +25,14 @@ public:
   nsSyncJPAKE();
 protected:
   virtual ~nsSyncJPAKE();
 private:
   virtual void virtualDestroyNSSReference() override;
   void destructorSafeDestroyNSSReference();
 
   enum { JPAKENotStarted, JPAKEBeforeRound2, JPAKEAfterRound2 } round;
-  ScopedPK11SymKey key;
+  UniquePK11SymKey key;
 };
 
 NS_IMPL_ISUPPORTS(nsSyncJPAKE, nsISyncJPAKE)
 
 #endif // nsSyncJPAKE_h__