Bug 1109235 - remove nsIStreamCipher and implementation r=keeler
authorRaymond Etornam Agbeame(:retornam) <mozbugs.retornam@gmail.com>
Thu, 22 Jan 2015 16:02:30 -0800
changeset 252614 f4ddeae5b6c4b5bfda50066386133e4346697e94
parent 252613 e18607ef70216797946bb205d099d72c28bb4115
child 252615 67d15be29a07bb76bbc7a3a05416c9743f0af732
push id4610
push userjlund@mozilla.com
push dateMon, 30 Mar 2015 18:32:55 +0000
treeherdermozilla-beta@4df54044d9ef [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler
bugs1109235
milestone38.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1109235 - remove nsIStreamCipher and implementation r=keeler
CLOBBER
security/manager/ssl/public/moz.build
security/manager/ssl/public/nsIStreamCipher.idl
security/manager/ssl/src/moz.build
security/manager/ssl/src/nsNSSModule.cpp
security/manager/ssl/src/nsStreamCipher.cpp
security/manager/ssl/src/nsStreamCipher.h
--- a/CLOBBER
+++ b/CLOBBER
@@ -17,9 +17,9 @@
 #
 # Modifying this file will now automatically clobber the buildbot machines \o/
 #
 
 # Are you updating CLOBBER because you think it's needed for your WebIDL
 # changes to stick? As of bug 928195, this shouldn't be necessary! Please
 # don't change CLOBBER for WebIDL changes any more.
 
-Bugs 1101331 - See if a CLOBBER helps the situation any.
+bug 1114669 removes nsIStreamCipher.idl, which requires a clobber according to bug 1114669
--- a/security/manager/ssl/public/moz.build
+++ b/security/manager/ssl/public/moz.build
@@ -26,17 +26,16 @@ XPIDL_SOURCES += [
     'nsIPK11TokenDB.idl',
     'nsIPKCS11.idl',
     'nsIPKCS11Module.idl',
     'nsIPKCS11ModuleDB.idl',
     'nsIPKCS11Slot.idl',
     'nsIProtectedAuthThread.idl',
     'nsISSLErrorListener.idl',
     'nsISSLStatus.idl',
-    'nsIStreamCipher.idl',
     'nsITokenDialogs.idl',
     'nsITokenPasswordDialogs.idl',
     'nsIUserCertPicker.idl',
     'nsIX509Cert.idl',
     'nsIX509CertDB.idl',
     'nsIX509CertList.idl',
     'nsIX509CertValidity.idl',
 ]
deleted file mode 100644
--- a/security/manager/ssl/public/nsIStreamCipher.idl
+++ /dev/null
@@ -1,61 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "nsISupports.idl"
-#include "nsIKeyModule.idl"
-
-interface nsIInputStream;
-
-/**
- * Stream cipher interface.  We're basically copying the interface from
- * nsICryptoHash interface.
- */
-[scriptable, uuid(1d507cd6-1630-4710-af1b-4012dbcc514c)]
-interface nsIStreamCipher : nsISupports
-{
-    /**
-     * Initialize a stream cipher.
-     * @param aKey nsIKeyObject
-     */
-    void init(in nsIKeyObject aKey);
-
-    /**
-     * Initialize a stream cipher with an initialization vector.
-     * @param aKey nsIKeyObject
-     * @param aIV the initialization vector
-     * @param aIVLen the length of the initialization vector
-     */
-    void initWithIV(in nsIKeyObject aKey,
-                    [const, array, size_is(aIVLen)] in octet aIV,
-                    in unsigned long aIVLen);
-
-    /**
-     * Update from an array of bytes.
-     */
-    void update([const, array, size_is(aLen)] in octet aData, in unsigned long aLen);
-
-    /**
-     * Update from a stream.
-     */
-    void updateFromStream(in nsIInputStream aStream, in long aLen);
-
-    /**
-     * A more script friendly method (not in nsICryptoHash interface).
-     */
-    void updateFromString(in ACString aInput);
-
-    /**
-     * @param aASCII if true then the returned value is a base-64
-     *        encoded string.  if false, then the returned value is
-     *        binary data.
-     */
-    ACString finish(in boolean aASCII);
-
-    /**
-     * Discard aLen bytes of the keystream.
-     * These days 1536 is considered a decent amount to drop to get
-     * the key state warmed-up enough for secure usage.
-     */
-    void discard(in long aLen);
-};
--- a/security/manager/ssl/src/moz.build
+++ b/security/manager/ssl/src/moz.build
@@ -53,17 +53,16 @@ UNIFIED_SOURCES += [
     'nsPKCS12Blob.cpp',
     'nsProtectedAuthThread.cpp',
     'nsPSMBackgroundThread.cpp',
     'nsRandomGenerator.cpp',
     'nsSDR.cpp',
     'NSSErrorsService.cpp',
     'nsSSLSocketProvider.cpp',
     'nsSSLStatus.cpp',
-    'nsStreamCipher.cpp',
     'nsTLSSocketProvider.cpp',
     'nsUsageArrayHelper.cpp',
     'PSMRunnable.cpp',
     'SharedSSLState.cpp',
     'SSLServerCertVerification.cpp',
     'TransportSecurityInfo.cpp',
 ]
 
--- a/security/manager/ssl/src/nsNSSModule.cpp
+++ b/security/manager/ssl/src/nsNSSModule.cpp
@@ -26,17 +26,16 @@
 #include "nsCryptoHash.h"
 //For the NS_CRYPTO_CONTRACTID define
 #include "nsDOMCID.h"
 #include "nsNetCID.h"
 #include "nsCertPicker.h"
 #include "nsCURILoader.h"
 #include "nsICategoryManager.h"
 #include "nsNTLMAuthModule.h"
-#include "nsStreamCipher.h"
 #include "nsKeyModule.h"
 #include "nsDataSignatureVerifier.h"
 #include "nsCertOverrideService.h"
 #include "nsRandomGenerator.h"
 #include "nsSSLStatus.h"
 #include "TransportSecurityInfo.h"
 #include "NSSErrorsService.h"
 #include "nsNSSVersion.h"
@@ -196,17 +195,16 @@ NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_BYPRO
 #ifdef MOZ_XUL
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCertTree)
 #endif
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsPkcs11)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCertPicker)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssEnsure, nsNTLMAuthModule, InitTest)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureChromeOrContent, nsCryptoHash)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCryptoHMAC)
-NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsStreamCipher)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsKeyObject)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsKeyObjectFactory)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsDataSignatureVerifier)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsRandomGenerator)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureOnChromeOnly, nsSSLStatus)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureOnChromeOnly, TransportSecurityInfo)
 
 typedef mozilla::psm::NSSErrorsService NSSErrorsService;
@@ -229,17 +227,16 @@ NS_DEFINE_NAMED_CID(NS_FORMPROCESSOR_CID
 #ifdef MOZ_XUL
 NS_DEFINE_NAMED_CID(NS_CERTTREE_CID);
 #endif
 NS_DEFINE_NAMED_CID(NS_PKCS11_CID);
 NS_DEFINE_NAMED_CID(NS_CRYPTO_HASH_CID);
 NS_DEFINE_NAMED_CID(NS_CRYPTO_HMAC_CID);
 NS_DEFINE_NAMED_CID(NS_CERT_PICKER_CID);
 NS_DEFINE_NAMED_CID(NS_NTLMAUTHMODULE_CID);
-NS_DEFINE_NAMED_CID(NS_STREAMCIPHER_CID);
 NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECT_CID);
 NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECTFACTORY_CID);
 NS_DEFINE_NAMED_CID(NS_DATASIGNATUREVERIFIER_CID);
 NS_DEFINE_NAMED_CID(NS_CERTOVERRIDE_CID);
 NS_DEFINE_NAMED_CID(NS_RANDOMGENERATOR_CID);
 NS_DEFINE_NAMED_CID(NS_SSLSTATUS_CID);
 NS_DEFINE_NAMED_CID(TRANSPORTSECURITYINFO_CID);
 NS_DEFINE_NAMED_CID(NS_NSSERRORSSERVICE_CID);
@@ -261,17 +258,16 @@ static const mozilla::Module::CIDEntry k
 #ifdef MOZ_XUL
   { &kNS_CERTTREE_CID, false, nullptr, nsCertTreeConstructor },
 #endif
   { &kNS_PKCS11_CID, false, nullptr, nsPkcs11Constructor },
   { &kNS_CRYPTO_HASH_CID, false, nullptr, nsCryptoHashConstructor },
   { &kNS_CRYPTO_HMAC_CID, false, nullptr, nsCryptoHMACConstructor },
   { &kNS_CERT_PICKER_CID, false, nullptr, nsCertPickerConstructor },
   { &kNS_NTLMAUTHMODULE_CID, false, nullptr, nsNTLMAuthModuleConstructor },
-  { &kNS_STREAMCIPHER_CID, false, nullptr, nsStreamCipherConstructor },
   { &kNS_KEYMODULEOBJECT_CID, false, nullptr, nsKeyObjectConstructor },
   { &kNS_KEYMODULEOBJECTFACTORY_CID, false, nullptr, nsKeyObjectFactoryConstructor },
   { &kNS_DATASIGNATUREVERIFIER_CID, false, nullptr, nsDataSignatureVerifierConstructor },
   { &kNS_CERTOVERRIDE_CID, false, nullptr, nsCertOverrideServiceConstructor },
   { &kNS_RANDOMGENERATOR_CID, false, nullptr, nsRandomGeneratorConstructor },
   { &kNS_SSLSTATUS_CID, false, nullptr, nsSSLStatusConstructor },
   { &kTRANSPORTSECURITYINFO_CID, false, nullptr, TransportSecurityInfoConstructor },
   { &kNS_NSSERRORSSERVICE_CID, false, nullptr, NSSErrorsServiceConstructor },
@@ -298,17 +294,16 @@ static const mozilla::Module::ContractID
 #endif
   { NS_PKCS11_CONTRACTID, &kNS_PKCS11_CID },
   { NS_CRYPTO_HASH_CONTRACTID, &kNS_CRYPTO_HASH_CID },
   { NS_CRYPTO_HMAC_CONTRACTID, &kNS_CRYPTO_HMAC_CID },
   { NS_CERT_PICKER_CONTRACTID, &kNS_CERT_PICKER_CID },
   { "@mozilla.org/uriloader/psm-external-content-listener;1", &kNS_PSMCONTENTLISTEN_CID },
   { NS_CRYPTO_FIPSINFO_SERVICE_CONTRACTID, &kNS_PKCS11MODULEDB_CID },
   { NS_NTLMAUTHMODULE_CONTRACTID, &kNS_NTLMAUTHMODULE_CID },
-  { NS_STREAMCIPHER_CONTRACTID, &kNS_STREAMCIPHER_CID },
   { NS_KEYMODULEOBJECT_CONTRACTID, &kNS_KEYMODULEOBJECT_CID },
   { NS_KEYMODULEOBJECTFACTORY_CONTRACTID, &kNS_KEYMODULEOBJECTFACTORY_CID },
   { NS_DATASIGNATUREVERIFIER_CONTRACTID, &kNS_DATASIGNATUREVERIFIER_CID },
   { NS_CERTOVERRIDE_CONTRACTID, &kNS_CERTOVERRIDE_CID },
   { NS_RANDOMGENERATOR_CONTRACTID, &kNS_RANDOMGENERATOR_CID },
   { nullptr }
 };
 
deleted file mode 100644
--- a/security/manager/ssl/src/nsStreamCipher.cpp
+++ /dev/null
@@ -1,186 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "nsIKeyModule.h"
-#include "nsStreamCipher.h"
-#include "nsStreamUtils.h"
-#include "base64.h"
-
-NS_IMPL_ISUPPORTS(nsStreamCipher, nsIStreamCipher)
-
-nsStreamCipher::nsStreamCipher()
-  : mContext(nullptr)
-{
-}
-
-nsStreamCipher::~nsStreamCipher()
-{
-  if (mContext)
-    PK11_DestroyContext(mContext, true /* free sub-objects */);
-}
-
-nsresult
-nsStreamCipher::InitWithIV_(nsIKeyObject *aKey, SECItem* aIV)
-{
-  NS_ENSURE_ARG_POINTER(aKey);
-
-  // Make sure we have a SYM_KEY.
-  int16_t keyType;
-  nsresult rv = aKey->GetType(&keyType);
-  NS_ENSURE_SUCCESS(rv, rv);
-  if (keyType != nsIKeyObject::SYM_KEY)
-    return NS_ERROR_INVALID_ARG;
-
-  if (mContext)
-    PK11_DestroyContext(mContext, true /* free sub-objects */);
-
-  // Get the PK11SymKey out of the key object and create the PK11Context.
-  void* keyObj;
-  rv = aKey->GetKeyObj(&keyObj);
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  PK11SymKey *symkey = reinterpret_cast<PK11SymKey*>(keyObj);
-  if (!symkey)
-    return NS_ERROR_FAILURE;
-
-  CK_MECHANISM_TYPE cipherMech = PK11_GetMechanism(symkey);
-
-  SECItem *param = nullptr;
-  // aIV may be null
-  param = PK11_ParamFromIV(cipherMech, aIV);
-  if (!param)
-    return NS_ERROR_FAILURE;
-
-  mContext = PK11_CreateContextBySymKey(cipherMech, CKA_ENCRYPT,
-                                        symkey, param);
-
-  SECITEM_FreeItem(param, true);
-
-  // Something went wrong if mContext doesn't exist.
-  if (!mContext)
-    return NS_ERROR_FAILURE;
-
-  // Everything went ok.      
-  mValue.Truncate();
-  return NS_OK;
-}
-
-/////////////////////////////////////////////////////////////////////////////
-// nsIStreamCipher
-
-NS_IMETHODIMP nsStreamCipher::Init(nsIKeyObject *aKey)
-{
-  return InitWithIV_(aKey, nullptr);
-}
-
-NS_IMETHODIMP nsStreamCipher::InitWithIV(nsIKeyObject *aKey,
-                                         const uint8_t *aIV, uint32_t aIVLen)
-{
-  SECItem IV;
-  IV.data = (unsigned char*)aIV;
-  IV.len = aIVLen;
-  return InitWithIV_(aKey, &IV);
-}
-
-NS_IMETHODIMP nsStreamCipher::Update(const uint8_t *aData, uint32_t aLen)
-{
-  if (!mContext)
-    return NS_ERROR_NOT_INITIALIZED;
-
-  unsigned char* output = new unsigned char[aLen];
-  unsigned char* input = (unsigned char*)aData;
-  
-  int32_t setLen;
-
-#ifdef DEBUG
-  SECStatus rv =
-#endif
-    PK11_CipherOp(mContext, output, &setLen, aLen, input, aLen);
-  NS_ASSERTION(rv == SECSuccess, "failed to encrypt");
-  NS_ASSERTION((uint32_t)setLen == aLen, "data length should not change");
-
-  mValue.Append((const char*)output, aLen);
-
-  delete [] output;
-
-  return NS_OK;
-}
-
-NS_IMETHODIMP nsStreamCipher::UpdateFromStream(nsIInputStream *aStream,
-                                               int32_t aLen)
-{
-  if (!mContext)
-    return NS_ERROR_NOT_INITIALIZED;
-
-  nsCString inputString;
-  nsresult rv = NS_ConsumeStream(aStream, aLen, inputString);
-  NS_ENSURE_SUCCESS(rv, rv);
-  
-  return UpdateFromString(inputString);
-}
-
-NS_IMETHODIMP nsStreamCipher::UpdateFromString(const nsACString& aInput)
-{
-  if (!mContext)
-    return NS_ERROR_NOT_INITIALIZED;
-
-  const nsCString& flatInput = PromiseFlatCString(aInput);
-  unsigned char* input = (unsigned char*)flatInput.get();
-  uint32_t len = aInput.Length();
-
-  unsigned char* output = new unsigned char[len];
-
-  int32_t setLen;
-
-#ifdef DEBUG
-  SECStatus rv =
-#endif
-    PK11_CipherOp(mContext, output, &setLen, len, input, len);
-  NS_ASSERTION(rv == SECSuccess, "failed to encrypt");
-  NS_ASSERTION((uint32_t)setLen == len, "data length should not change");
-
-  mValue.Append((const char*)output, len);
-  delete [] output;
-
-  return NS_OK;
-}
-
-NS_IMETHODIMP nsStreamCipher::Finish(bool aASCII, nsACString & _retval)
-{
-  if (!mContext)
-    return NS_ERROR_NOT_INITIALIZED;
-
-  if (aASCII) {
-    char *asciiData = BTOA_DataToAscii((unsigned char*)(mValue.get()),
-                                       mValue.Length());
-    _retval.Assign(asciiData);
-    PORT_Free(asciiData);
-  } else {
-    _retval.Assign(mValue);
-  }
-
-  return NS_OK;
-}
-
-NS_IMETHODIMP nsStreamCipher::Discard(int32_t aLen)
-{
-  if (!mContext)
-    return NS_ERROR_NOT_INITIALIZED;
-
-  unsigned char* output = new unsigned char[aLen];
-  unsigned char* input = new unsigned char[aLen];
-
-  int32_t setLen;
-
-#ifdef DEBUG
-  SECStatus rv =
-#endif
-    PK11_CipherOp(mContext, output, &setLen, aLen, input, aLen);
-  NS_ASSERTION(rv == SECSuccess, "failed to encrypt");
-  NS_ASSERTION(setLen == aLen, "data length should not change");
-  
-  delete [] output;
-  delete [] input;
-  return NS_OK;
-}
deleted file mode 100644
--- a/security/manager/ssl/src/nsStreamCipher.h
+++ /dev/null
@@ -1,43 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef _NS_STREAMCIPHER_H_
-#define _NS_STREAMCIPHER_H_
-
-#include "nsIStreamCipher.h"
-#include "nsString.h"
-#include "pk11func.h"
-#include "mozilla/Attributes.h"
-
-/* dbfcbe4a-10f7-4d6f-a481-68e6d6b71d21 */
-#define NS_STREAMCIPHER_CID   \
-{ 0xdbfcbe4a, 0x10f7, 0x4d6f, {0xa4, 0x81, 0x68, 0xe6, 0xd6, 0xb7, 0x1d, 0x21}}
-#define NS_STREAMCIPHER_CONTRACTID "@mozilla.org/security/streamcipher;1"
-
-class nsStreamCipher MOZ_FINAL : public nsIStreamCipher
-{
-public:
-  nsStreamCipher();
-
-  NS_DECL_ISUPPORTS
-  NS_DECL_NSISTREAMCIPHER
-
-private:
-  ~nsStreamCipher();
-
-  // Helper method for initializing this object.
-  // aIV may be null.
-  nsresult InitWithIV_(nsIKeyObject *aKey, SECItem* aIV);
-  
-  // Disallow copy constructor
-  nsStreamCipher(nsStreamCipher&);
-
-  // Holds our stream cipher context.
-  PK11Context* mContext;
-
-  // Holds the amount we've computed so far.
-  nsCString mValue;
-};
-
-#endif // _NS_STREAMCIPHER_H_