--- a/services/crypto/component/nsSyncJPAKE.cpp
+++ b/services/crypto/component/nsSyncJPAKE.cpp
@@ -1,25 +1,27 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsSyncJPAKE.h"
+
+#include "base64.h"
+#include "keyhi.h"
#include "mozilla/ModuleUtils.h"
-#include <pk11pub.h>
-#include <keyhi.h>
-#include <pkcs11.h>
-#include <nscore.h>
-#include <secmodt.h>
-#include <secport.h>
-#include <secerr.h>
-#include <nsDebug.h>
-#include <nsError.h>
-#include <base64.h>
-#include <nsString.h>
+#include "mozilla/Move.h"
+#include "nsDebug.h"
+#include "nsError.h"
+#include "nsString.h"
+#include "nscore.h"
+#include "pk11pub.h"
+#include "pkcs11.h"
+#include "secerr.h"
+#include "secmodt.h"
+#include "secport.h"
using mozilla::fallible;
static bool
hex_from_2char(const unsigned char *c2, unsigned char *byteval)
{
int i;
unsigned char offset;
@@ -141,17 +143,17 @@ NS_IMETHODIMP nsSyncJPAKE::Round1(const
NS_ENSURE_STATE(key == nullptr);
static CK_MECHANISM_TYPE mechanisms[] = {
CKM_NSS_JPAKE_ROUND1_SHA256,
CKM_NSS_JPAKE_ROUND2_SHA256,
CKM_NSS_JPAKE_FINAL_SHA256
};
- ScopedPK11SlotInfo slot(PK11_GetBestSlotMultiple(mechanisms,
+ UniquePK11SlotInfo slot(PK11_GetBestSlotMultiple(mechanisms,
NUM_ELEM(mechanisms),
nullptr));
NS_ENSURE_STATE(slot != nullptr);
CK_BYTE pBuf[(NUM_ELEM(p) - 1) / 2];
CK_BYTE qBuf[(NUM_ELEM(q) - 1) / 2];
CK_BYTE gBuf[(NUM_ELEM(g) - 1) / 2];
@@ -176,20 +178,20 @@ NS_IMETHODIMP nsSyncJPAKE::Round1(const
CK_BYTE r2Buf [NUM_ELEM(p) / 2];
CK_NSS_JPAKERound1Params rp = {
{ gx1Buf, sizeof gx1Buf, gv1Buf, sizeof gv1Buf, r1Buf, sizeof r1Buf },
{ gx2Buf, sizeof gx2Buf, gv2Buf, sizeof gv2Buf, r2Buf, sizeof r2Buf }
};
SECItem paramsItem;
paramsItem.data = (unsigned char *) &rp;
paramsItem.len = sizeof rp;
- key = PK11_KeyGenWithTemplate(slot, CKM_NSS_JPAKE_ROUND1_SHA256,
- CKM_NSS_JPAKE_ROUND1_SHA256,
- ¶msItem, keyTemplate,
- NUM_ELEM(keyTemplate), nullptr);
+ key = UniquePK11SymKey(
+ PK11_KeyGenWithTemplate(slot.get(), CKM_NSS_JPAKE_ROUND1_SHA256,
+ CKM_NSS_JPAKE_ROUND1_SHA256, ¶msItem,
+ keyTemplate, NUM_ELEM(keyTemplate), nullptr));
nsresult rv = key != nullptr
? NS_OK
: mapErrno();
if (rv == NS_OK) {
NS_ENSURE_TRUE(toHexString(rp.gx1.pGX, rp.gx1.ulGXLen, aGX1) &&
toHexString(rp.gx1.pGV, rp.gx1.ulGVLen, aGV1) &&
toHexString(rp.gx1.pR, rp.gx1.ulRLen, aR1) &&
toHexString(rp.gx2.pGX, rp.gx2.ulGXLen, aGX2) &&
@@ -272,30 +274,30 @@ NS_IMETHODIMP nsSyncJPAKE::Round2(const
SECItem paramsItem;
paramsItem.data = (unsigned char *) &rp;
paramsItem.len = sizeof rp;
CK_KEY_TYPE keyType = CKK_NSS_JPAKE_ROUND2;
CK_ATTRIBUTE keyTemplate[] = {
{ CKA_NSS_JPAKE_PEERID, (CK_BYTE *) aPeerID.Data(), aPeerID.Length(), },
{ CKA_KEY_TYPE, &keyType, sizeof keyType }
};
- ScopedPK11SymKey newKey(PK11_DeriveWithTemplate(key,
+ UniquePK11SymKey newKey(PK11_DeriveWithTemplate(key.get(),
CKM_NSS_JPAKE_ROUND2_SHA256,
¶msItem,
CKM_NSS_JPAKE_FINAL_SHA256,
CKA_DERIVE, 0,
keyTemplate,
NUM_ELEM(keyTemplate),
false));
if (newKey != nullptr) {
if (toHexString(rp.A.pGX, rp.A.ulGXLen, aA) &&
toHexString(rp.A.pGV, rp.A.ulGVLen, aGVA) &&
toHexString(rp.A.pR, rp.A.ulRLen, aRA)) {
round = JPAKEAfterRound2;
- key = newKey.forget();
+ key = Move(newKey);
return NS_OK;
} else {
rv = NS_ERROR_OUT_OF_MEMORY;
}
} else {
rv = mapErrno();
}
@@ -334,24 +336,24 @@ base64KeyValue(PK11SymKey * key, nsACStr
: NS_ERROR_UNEXPECTED;
} else {
rv = mapErrno();
}
return rv;
}
static nsresult
-extractBase64KeyValue(PK11SymKey * keyBlock, CK_ULONG bitPosition,
+extractBase64KeyValue(UniquePK11SymKey & keyBlock, CK_ULONG bitPosition,
CK_MECHANISM_TYPE destMech, int keySize,
nsACString & keyString)
{
SECItem paramsItem;
paramsItem.data = (CK_BYTE *) &bitPosition;
paramsItem.len = sizeof bitPosition;
- PK11SymKey * key = PK11_Derive(keyBlock, CKM_EXTRACT_KEY_FROM_KEY,
+ PK11SymKey * key = PK11_Derive(keyBlock.get(), CKM_EXTRACT_KEY_FROM_KEY,
¶msItem, destMech,
CKA_SIGN, keySize);
if (key == nullptr)
return mapErrno();
nsresult rv = base64KeyValue(key, keyString);
PK11_FreeSymKey(key);
return rv;
}
@@ -386,54 +388,55 @@ NS_IMETHODIMP nsSyncJPAKE::Final(const n
CK_NSS_JPAKEFinalParams rp;
rp.B.pGX = gxBBuf; rp.B.ulGXLen = aB .Length() / 2;
rp.B.pGV = gvBBuf; rp.B.ulGVLen = aGVB.Length() / 2;
rp.B.pR = rBBuf; rp.B.ulRLen = aRB .Length() / 2;
SECItem paramsItem;
paramsItem.data = (unsigned char *) &rp;
paramsItem.len = sizeof rp;
- ScopedPK11SymKey keyMaterial(PK11_Derive(key, CKM_NSS_JPAKE_FINAL_SHA256,
+ UniquePK11SymKey keyMaterial(PK11_Derive(key.get(), CKM_NSS_JPAKE_FINAL_SHA256,
¶msItem, CKM_NSS_HKDF_SHA256,
CKA_DERIVE, 0));
- ScopedPK11SymKey keyBlock;
+ UniquePK11SymKey keyBlock;
if (keyMaterial == nullptr)
rv = mapErrno();
if (rv == NS_OK) {
CK_NSS_HKDFParams hkdfParams;
hkdfParams.bExtract = CK_TRUE;
hkdfParams.pSalt = nullptr;
hkdfParams.ulSaltLen = 0;
hkdfParams.bExpand = CK_TRUE;
hkdfParams.pInfo = (CK_BYTE *) aHKDFInfo.Data();
hkdfParams.ulInfoLen = aHKDFInfo.Length();
paramsItem.data = (unsigned char *) &hkdfParams;
paramsItem.len = sizeof hkdfParams;
- keyBlock = PK11_Derive(keyMaterial, CKM_NSS_HKDF_SHA256,
- ¶msItem, CKM_EXTRACT_KEY_FROM_KEY,
- CKA_DERIVE, AES256_KEY_SIZE + HMAC_SHA256_KEY_SIZE);
+ keyBlock = UniquePK11SymKey(
+ PK11_Derive(keyMaterial.get(), CKM_NSS_HKDF_SHA256, ¶msItem,
+ CKM_EXTRACT_KEY_FROM_KEY, CKA_DERIVE,
+ AES256_KEY_SIZE + HMAC_SHA256_KEY_SIZE));
if (keyBlock == nullptr)
rv = mapErrno();
}
if (rv == NS_OK) {
rv = extractBase64KeyValue(keyBlock, aesBitPosition, CKM_AES_CBC,
AES256_KEY_SIZE, aAES256Key);
}
if (rv == NS_OK) {
rv = extractBase64KeyValue(keyBlock, hmacBitPosition, CKM_SHA256_HMAC,
HMAC_SHA256_KEY_SIZE, aHMAC256Key);
}
if (rv == NS_OK) {
- SECStatus srv = PK11_ExtractKeyValue(keyMaterial);
+ SECStatus srv = PK11_ExtractKeyValue(keyMaterial.get());
NS_ENSURE_TRUE(srv == SECSuccess, NS_ERROR_UNEXPECTED);
- SECItem * keyMaterialBytes = PK11_GetKeyData(keyMaterial);
+ SECItem * keyMaterialBytes = PK11_GetKeyData(keyMaterial.get());
NS_ENSURE_TRUE(keyMaterialBytes != nullptr, NS_ERROR_UNEXPECTED);
}
return rv;
}
NS_GENERIC_FACTORY_CONSTRUCTOR(nsSyncJPAKE)
NS_DEFINE_NAMED_CID(NS_SYNCJPAKE_CID);
@@ -454,17 +457,17 @@ void
nsSyncJPAKE::virtualDestroyNSSReference()
{
destructorSafeDestroyNSSReference();
}
void
nsSyncJPAKE::destructorSafeDestroyNSSReference()
{
- key.dispose();
+ key = nullptr;
}
static const mozilla::Module::CIDEntry kServicesCryptoCIDs[] = {
{ &kNS_SYNCJPAKE_CID, false, nullptr, nsSyncJPAKEConstructor },
{ nullptr }
};
static const mozilla::Module::ContractIDEntry kServicesCryptoContracts[] = {