Bug 1109235 - remove nsIStreamCipher and implementation r=keeler

2024-09-13 09:24:08 -07:00 · 2015-01-22 16:02:30 -08:00 · 2015-01-22 16:02:30 -08:00 · a11d7633b4
commit a11d7633b4
parent bca498247e
7 changed files with 1 additions and 298 deletions
--- a/2
+++ b/2
@ -22,4 +22,4 @@
 # changes to stick? As of bug 928195, this shouldn't be necessary! Please
 # don't change CLOBBER for WebIDL changes any more.

-Bugs 1101331 - See if a CLOBBER helps the situation any.
+bug 1114669 removes nsIStreamCipher.idl, which requires a clobber according to bug 1114669
--- a/security/manager/ssl/public/moz.build
+++ b/security/manager/ssl/public/moz.build
@ -31,7 +31,6 @@ XPIDL_SOURCES += [
    'nsIProtectedAuthThread.idl',
    'nsISSLErrorListener.idl',
    'nsISSLStatus.idl',
-    'nsIStreamCipher.idl',
    'nsITokenDialogs.idl',
    'nsITokenPasswordDialogs.idl',
    'nsIUserCertPicker.idl',
--- a/security/manager/ssl/public/nsIStreamCipher.idl
+++ b/security/manager/ssl/public/nsIStreamCipher.idl
@ -1,61 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "nsISupports.idl"
-#include "nsIKeyModule.idl"
-
-interface nsIInputStream;
-
-/**
- * Stream cipher interface.  We're basically copying the interface from
- * nsICryptoHash interface.
- */
-[scriptable, uuid(1d507cd6-1630-4710-af1b-4012dbcc514c)]
-interface nsIStreamCipher : nsISupports
-{
-    /**
-     * Initialize a stream cipher.
-     * @param aKey nsIKeyObject
-     */
-    void init(in nsIKeyObject aKey);
-
-    /**
-     * Initialize a stream cipher with an initialization vector.
-     * @param aKey nsIKeyObject
-     * @param aIV the initialization vector
-     * @param aIVLen the length of the initialization vector
-     */
-    void initWithIV(in nsIKeyObject aKey,
-                    [const, array, size_is(aIVLen)] in octet aIV,
-                    in unsigned long aIVLen);
-
-    /**
-     * Update from an array of bytes.
-     */
-    void update([const, array, size_is(aLen)] in octet aData, in unsigned long aLen);
-
-    /**
-     * Update from a stream.
-     */
-    void updateFromStream(in nsIInputStream aStream, in long aLen);
-
-    /**
-     * A more script friendly method (not in nsICryptoHash interface).
-     */
-    void updateFromString(in ACString aInput);
-
-    /**
-     * @param aASCII if true then the returned value is a base-64
-     *        encoded string.  if false, then the returned value is
-     *        binary data.
-     */
-    ACString finish(in boolean aASCII);
-
-    /**
-     * Discard aLen bytes of the keystream.
-     * These days 1536 is considered a decent amount to drop to get
-     * the key state warmed-up enough for secure usage.
-     */
-    void discard(in long aLen);
-};
--- a/security/manager/ssl/src/moz.build
+++ b/security/manager/ssl/src/moz.build
@ -58,7 +58,6 @@ UNIFIED_SOURCES += [
    'NSSErrorsService.cpp',
    'nsSSLSocketProvider.cpp',
    'nsSSLStatus.cpp',
-    'nsStreamCipher.cpp',
    'nsTLSSocketProvider.cpp',
    'nsUsageArrayHelper.cpp',
    'PSMRunnable.cpp',
--- a/security/manager/ssl/src/nsNSSModule.cpp
+++ b/security/manager/ssl/src/nsNSSModule.cpp
@ -31,7 +31,6 @@
 #include "nsCURILoader.h"
 #include "nsICategoryManager.h"
 #include "nsNTLMAuthModule.h"
-#include "nsStreamCipher.h"
 #include "nsKeyModule.h"
 #include "nsDataSignatureVerifier.h"
 #include "nsCertOverrideService.h"
@ -201,7 +200,6 @@ NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCertPicker)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssEnsure, nsNTLMAuthModule, InitTest)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureChromeOrContent, nsCryptoHash)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCryptoHMAC)
-NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsStreamCipher)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsKeyObject)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsKeyObjectFactory)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsDataSignatureVerifier)
@ -234,7 +232,6 @@ NS_DEFINE_NAMED_CID(NS_CRYPTO_HASH_CID);
 NS_DEFINE_NAMED_CID(NS_CRYPTO_HMAC_CID);
 NS_DEFINE_NAMED_CID(NS_CERT_PICKER_CID);
 NS_DEFINE_NAMED_CID(NS_NTLMAUTHMODULE_CID);
-NS_DEFINE_NAMED_CID(NS_STREAMCIPHER_CID);
 NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECT_CID);
 NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECTFACTORY_CID);
 NS_DEFINE_NAMED_CID(NS_DATASIGNATUREVERIFIER_CID);
@ -266,7 +263,6 @@ static const mozilla::Module::CIDEntry kNSSCIDs[] = {
  { &kNS_CRYPTO_HMAC_CID, false, nullptr, nsCryptoHMACConstructor },
  { &kNS_CERT_PICKER_CID, false, nullptr, nsCertPickerConstructor },
  { &kNS_NTLMAUTHMODULE_CID, false, nullptr, nsNTLMAuthModuleConstructor },
-  { &kNS_STREAMCIPHER_CID, false, nullptr, nsStreamCipherConstructor },
  { &kNS_KEYMODULEOBJECT_CID, false, nullptr, nsKeyObjectConstructor },
  { &kNS_KEYMODULEOBJECTFACTORY_CID, false, nullptr, nsKeyObjectFactoryConstructor },
  { &kNS_DATASIGNATUREVERIFIER_CID, false, nullptr, nsDataSignatureVerifierConstructor },
@ -303,7 +299,6 @@ static const mozilla::Module::ContractIDEntry kNSSContracts[] = {
  { "@mozilla.org/uriloader/psm-external-content-listener;1", &kNS_PSMCONTENTLISTEN_CID },
  { NS_CRYPTO_FIPSINFO_SERVICE_CONTRACTID, &kNS_PKCS11MODULEDB_CID },
  { NS_NTLMAUTHMODULE_CONTRACTID, &kNS_NTLMAUTHMODULE_CID },
-  { NS_STREAMCIPHER_CONTRACTID, &kNS_STREAMCIPHER_CID },
  { NS_KEYMODULEOBJECT_CONTRACTID, &kNS_KEYMODULEOBJECT_CID },
  { NS_KEYMODULEOBJECTFACTORY_CONTRACTID, &kNS_KEYMODULEOBJECTFACTORY_CID },
  { NS_DATASIGNATUREVERIFIER_CONTRACTID, &kNS_DATASIGNATUREVERIFIER_CID },
--- a/security/manager/ssl/src/nsStreamCipher.cpp
+++ b/security/manager/ssl/src/nsStreamCipher.cpp
@ -1,186 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "nsIKeyModule.h"
-#include "nsStreamCipher.h"
-#include "nsStreamUtils.h"
-#include "base64.h"
-
-NS_IMPL_ISUPPORTS(nsStreamCipher, nsIStreamCipher)
-
-nsStreamCipher::nsStreamCipher()
-  : mContext(nullptr)
-{
-}
-
-nsStreamCipher::~nsStreamCipher()
-{
-  if (mContext)
-    PK11_DestroyContext(mContext, true /* free sub-objects */);
-}
-
-nsresult
-nsStreamCipher::InitWithIV_(nsIKeyObject *aKey, SECItem* aIV)
-{
-  NS_ENSURE_ARG_POINTER(aKey);
-
-  // Make sure we have a SYM_KEY.
-  int16_t keyType;
-  nsresult rv = aKey->GetType(&keyType);
-  NS_ENSURE_SUCCESS(rv, rv);
-  if (keyType != nsIKeyObject::SYM_KEY)
-    return NS_ERROR_INVALID_ARG;
-
-  if (mContext)
-    PK11_DestroyContext(mContext, true /* free sub-objects */);
-
-  // Get the PK11SymKey out of the key object and create the PK11Context.
-  void* keyObj;
-  rv = aKey->GetKeyObj(&keyObj);
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  PK11SymKey *symkey = reinterpret_cast<PK11SymKey*>(keyObj);
-  if (!symkey)
-    return NS_ERROR_FAILURE;
-
-  CK_MECHANISM_TYPE cipherMech = PK11_GetMechanism(symkey);
-
-  SECItem *param = nullptr;
-  // aIV may be null
-  param = PK11_ParamFromIV(cipherMech, aIV);
-  if (!param)
-    return NS_ERROR_FAILURE;
-
-  mContext = PK11_CreateContextBySymKey(cipherMech, CKA_ENCRYPT,
-                                        symkey, param);
-
-  SECITEM_FreeItem(param, true);
-
-  // Something went wrong if mContext doesn't exist.
-  if (!mContext)
-    return NS_ERROR_FAILURE;
-
-  // Everything went ok.      
-  mValue.Truncate();
-  return NS_OK;
-}
-
-/////////////////////////////////////////////////////////////////////////////
-// nsIStreamCipher
-
-NS_IMETHODIMP nsStreamCipher::Init(nsIKeyObject *aKey)
-{
-  return InitWithIV_(aKey, nullptr);
-}
-
-NS_IMETHODIMP nsStreamCipher::InitWithIV(nsIKeyObject *aKey,
-                                         const uint8_t *aIV, uint32_t aIVLen)
-{
-  SECItem IV;
-  IV.data = (unsigned char*)aIV;
-  IV.len = aIVLen;
-  return InitWithIV_(aKey, &IV);
-}
-
-NS_IMETHODIMP nsStreamCipher::Update(const uint8_t *aData, uint32_t aLen)
-{
-  if (!mContext)
-    return NS_ERROR_NOT_INITIALIZED;
-
-  unsigned char* output = new unsigned char[aLen];
-  unsigned char* input = (unsigned char*)aData;
-  
-  int32_t setLen;
-
-#ifdef DEBUG
-  SECStatus rv =
-#endif
-    PK11_CipherOp(mContext, output, &setLen, aLen, input, aLen);
-  NS_ASSERTION(rv == SECSuccess, "failed to encrypt");
-  NS_ASSERTION((uint32_t)setLen == aLen, "data length should not change");
-
-  mValue.Append((const char*)output, aLen);
-
-  delete [] output;
-
-  return NS_OK;
-}
-
-NS_IMETHODIMP nsStreamCipher::UpdateFromStream(nsIInputStream *aStream,
-                                               int32_t aLen)
-{
-  if (!mContext)
-    return NS_ERROR_NOT_INITIALIZED;
-
-  nsCString inputString;
-  nsresult rv = NS_ConsumeStream(aStream, aLen, inputString);
-  NS_ENSURE_SUCCESS(rv, rv);
-  
-  return UpdateFromString(inputString);
-}
-
-NS_IMETHODIMP nsStreamCipher::UpdateFromString(const nsACString& aInput)
-{
-  if (!mContext)
-    return NS_ERROR_NOT_INITIALIZED;
-
-  const nsCString& flatInput = PromiseFlatCString(aInput);
-  unsigned char* input = (unsigned char*)flatInput.get();
-  uint32_t len = aInput.Length();
-
-  unsigned char* output = new unsigned char[len];
-
-  int32_t setLen;
-
-#ifdef DEBUG
-  SECStatus rv =
-#endif
-    PK11_CipherOp(mContext, output, &setLen, len, input, len);
-  NS_ASSERTION(rv == SECSuccess, "failed to encrypt");
-  NS_ASSERTION((uint32_t)setLen == len, "data length should not change");
-
-  mValue.Append((const char*)output, len);
-  delete [] output;
-
-  return NS_OK;
-}
-
-NS_IMETHODIMP nsStreamCipher::Finish(bool aASCII, nsACString & _retval)
-{
-  if (!mContext)
-    return NS_ERROR_NOT_INITIALIZED;
-
-  if (aASCII) {
-    char *asciiData = BTOA_DataToAscii((unsigned char*)(mValue.get()),
-                                       mValue.Length());
-    _retval.Assign(asciiData);
-    PORT_Free(asciiData);
-  } else {
-    _retval.Assign(mValue);
-  }
-
-  return NS_OK;
-}
-
-NS_IMETHODIMP nsStreamCipher::Discard(int32_t aLen)
-{
-  if (!mContext)
-    return NS_ERROR_NOT_INITIALIZED;
-
-  unsigned char* output = new unsigned char[aLen];
-  unsigned char* input = new unsigned char[aLen];
-
-  int32_t setLen;
-
-#ifdef DEBUG
-  SECStatus rv =
-#endif
-    PK11_CipherOp(mContext, output, &setLen, aLen, input, aLen);
-  NS_ASSERTION(rv == SECSuccess, "failed to encrypt");
-  NS_ASSERTION(setLen == aLen, "data length should not change");
-  
-  delete [] output;
-  delete [] input;
-  return NS_OK;
-}
--- a/security/manager/ssl/src/nsStreamCipher.h
+++ b/security/manager/ssl/src/nsStreamCipher.h
@ -1,43 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef _NS_STREAMCIPHER_H_
-#define _NS_STREAMCIPHER_H_
-
-#include "nsIStreamCipher.h"
-#include "nsString.h"
-#include "pk11func.h"
-#include "mozilla/Attributes.h"
-
-/* dbfcbe4a-10f7-4d6f-a481-68e6d6b71d21 */
-#define NS_STREAMCIPHER_CID   \
-{ 0xdbfcbe4a, 0x10f7, 0x4d6f, {0xa4, 0x81, 0x68, 0xe6, 0xd6, 0xb7, 0x1d, 0x21}}
-#define NS_STREAMCIPHER_CONTRACTID "@mozilla.org/security/streamcipher;1"
-
-class nsStreamCipher MOZ_FINAL : public nsIStreamCipher
-{
-public:
-  nsStreamCipher();
-
-  NS_DECL_ISUPPORTS
-  NS_DECL_NSISTREAMCIPHER
-
-private:
-  ~nsStreamCipher();
-
-  // Helper method for initializing this object.
-  // aIV may be null.
-  nsresult InitWithIV_(nsIKeyObject *aKey, SECItem* aIV);
-  
-  // Disallow copy constructor
-  nsStreamCipher(nsStreamCipher&);
-
-  // Holds our stream cipher context.
-  PK11Context* mContext;
-
-  // Holds the amount we've computed so far.
-  nsCString mValue;
-};
-
-#endif // _NS_STREAMCIPHER_H_