1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/toolkit/components/passwordmgr/crypto-SDR.js Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,221 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +
1.9 +const Cc = Components.classes;
1.10 +const Ci = Components.interfaces;
1.11 +const Cr = Components.results;
1.12 +
1.13 +Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
1.14 +Components.utils.import("resource://gre/modules/Services.jsm");
1.15 +
1.16 +function LoginManagerCrypto_SDR() {
1.17 + this.init();
1.18 +};
1.19 +
1.20 +LoginManagerCrypto_SDR.prototype = {
1.21 +
1.22 + classID : Components.ID("{dc6c2976-0f73-4f1f-b9ff-3d72b4e28309}"),
1.23 + QueryInterface : XPCOMUtils.generateQI([Ci.nsILoginManagerCrypto]),
1.24 +
1.25 + __sdrSlot : null, // PKCS#11 slot being used by the SDR.
1.26 + get _sdrSlot() {
1.27 + if (!this.__sdrSlot) {
1.28 + let modules = Cc["@mozilla.org/security/pkcs11moduledb;1"].
1.29 + getService(Ci.nsIPKCS11ModuleDB);
1.30 + this.__sdrSlot = modules.findSlotByName("");
1.31 + }
1.32 + return this.__sdrSlot;
1.33 + },
1.34 +
1.35 + __decoderRing : null, // nsSecretDecoderRing service
1.36 + get _decoderRing() {
1.37 + if (!this.__decoderRing)
1.38 + this.__decoderRing = Cc["@mozilla.org/security/sdr;1"].
1.39 + getService(Ci.nsISecretDecoderRing);
1.40 + return this.__decoderRing;
1.41 + },
1.42 +
1.43 + __utfConverter : null, // UCS2 <--> UTF8 string conversion
1.44 + get _utfConverter() {
1.45 + if (!this.__utfConverter) {
1.46 + this.__utfConverter = Cc["@mozilla.org/intl/scriptableunicodeconverter"].
1.47 + createInstance(Ci.nsIScriptableUnicodeConverter);
1.48 + this.__utfConverter.charset = "UTF-8";
1.49 + }
1.50 + return this.__utfConverter;
1.51 + },
1.52 +
1.53 + _utfConverterReset : function() {
1.54 + this.__utfConverter = null;
1.55 + },
1.56 +
1.57 + _debug : false, // mirrors signon.debug
1.58 + _uiBusy : false,
1.59 +
1.60 +
1.61 + /*
1.62 + * log
1.63 + *
1.64 + * Internal function for logging debug messages to the Error Console.
1.65 + */
1.66 + log : function (message) {
1.67 + if (!this._debug)
1.68 + return;
1.69 + dump("PwMgr cryptoSDR: " + message + "\n");
1.70 + Services.console.logStringMessage("PwMgr cryptoSDR: " + message);
1.71 + },
1.72 +
1.73 +
1.74 + init : function () {
1.75 + // Connect to the correct preferences branch.
1.76 + this._prefBranch = Services.prefs.getBranch("signon.");
1.77 +
1.78 + this._debug = this._prefBranch.getBoolPref("debug");
1.79 +
1.80 + // Check to see if the internal PKCS#11 token has been initialized.
1.81 + // If not, set a blank password.
1.82 + let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"].
1.83 + getService(Ci.nsIPK11TokenDB);
1.84 +
1.85 + let token = tokenDB.getInternalKeyToken();
1.86 + if (token.needsUserInit) {
1.87 + this.log("Initializing key3.db with default blank password.");
1.88 + token.initPassword("");
1.89 + }
1.90 + },
1.91 +
1.92 +
1.93 + /*
1.94 + * encrypt
1.95 + *
1.96 + * Encrypts the specified string, using the SecretDecoderRing.
1.97 + *
1.98 + * Returns the encrypted string, or throws an exception if there was a
1.99 + * problem.
1.100 + */
1.101 + encrypt : function (plainText) {
1.102 + let cipherText = null;
1.103 +
1.104 + let wasLoggedIn = this.isLoggedIn;
1.105 + let canceledMP = false;
1.106 +
1.107 + this._uiBusy = true;
1.108 + try {
1.109 + let plainOctet = this._utfConverter.ConvertFromUnicode(plainText);
1.110 + plainOctet += this._utfConverter.Finish();
1.111 + cipherText = this._decoderRing.encryptString(plainOctet);
1.112 + } catch (e) {
1.113 + this.log("Failed to encrypt string. (" + e.name + ")");
1.114 + // If the user clicks Cancel, we get NS_ERROR_FAILURE.
1.115 + // (unlike decrypting, which gets NS_ERROR_NOT_AVAILABLE).
1.116 + if (e.result == Cr.NS_ERROR_FAILURE) {
1.117 + canceledMP = true;
1.118 + throw Components.Exception("User canceled master password entry", Cr.NS_ERROR_ABORT);
1.119 + } else {
1.120 + throw Components.Exception("Couldn't encrypt string", Cr.NS_ERROR_FAILURE);
1.121 + }
1.122 + } finally {
1.123 + this._uiBusy = false;
1.124 + // If we triggered a master password prompt, notify observers.
1.125 + if (!wasLoggedIn && this.isLoggedIn)
1.126 + this._notifyObservers("passwordmgr-crypto-login");
1.127 + else if (canceledMP)
1.128 + this._notifyObservers("passwordmgr-crypto-loginCanceled");
1.129 + }
1.130 + return cipherText;
1.131 + },
1.132 +
1.133 +
1.134 + /*
1.135 + * decrypt
1.136 + *
1.137 + * Decrypts the specified string, using the SecretDecoderRing.
1.138 + *
1.139 + * Returns the decrypted string, or throws an exception if there was a
1.140 + * problem.
1.141 + */
1.142 + decrypt : function (cipherText) {
1.143 + let plainText = null;
1.144 +
1.145 + let wasLoggedIn = this.isLoggedIn;
1.146 + let canceledMP = false;
1.147 +
1.148 + this._uiBusy = true;
1.149 + try {
1.150 + let plainOctet;
1.151 + plainOctet = this._decoderRing.decryptString(cipherText);
1.152 + plainText = this._utfConverter.ConvertToUnicode(plainOctet);
1.153 + } catch (e) {
1.154 + this.log("Failed to decrypt string: " + cipherText +
1.155 + " (" + e.name + ")");
1.156 +
1.157 + // In the unlikely event the converter threw, reset it.
1.158 + this._utfConverterReset();
1.159 +
1.160 + // If the user clicks Cancel, we get NS_ERROR_NOT_AVAILABLE.
1.161 + // If the cipherText is bad / wrong key, we get NS_ERROR_FAILURE
1.162 + // Wrong passwords are handled by the decoderRing reprompting;
1.163 + // we get no notification.
1.164 + if (e.result == Cr.NS_ERROR_NOT_AVAILABLE) {
1.165 + canceledMP = true;
1.166 + throw Components.Exception("User canceled master password entry", Cr.NS_ERROR_ABORT);
1.167 + } else {
1.168 + throw Components.Exception("Couldn't decrypt string", Cr.NS_ERROR_FAILURE);
1.169 + }
1.170 + } finally {
1.171 + this._uiBusy = false;
1.172 + // If we triggered a master password prompt, notify observers.
1.173 + if (!wasLoggedIn && this.isLoggedIn)
1.174 + this._notifyObservers("passwordmgr-crypto-login");
1.175 + else if (canceledMP)
1.176 + this._notifyObservers("passwordmgr-crypto-loginCanceled");
1.177 + }
1.178 +
1.179 + return plainText;
1.180 + },
1.181 +
1.182 +
1.183 + /*
1.184 + * uiBusy
1.185 + */
1.186 + get uiBusy() {
1.187 + return this._uiBusy;
1.188 + },
1.189 +
1.190 +
1.191 + /*
1.192 + * isLoggedIn
1.193 + */
1.194 + get isLoggedIn() {
1.195 + let status = this._sdrSlot.status;
1.196 + this.log("SDR slot status is " + status);
1.197 + if (status == Ci.nsIPKCS11Slot.SLOT_READY ||
1.198 + status == Ci.nsIPKCS11Slot.SLOT_LOGGED_IN)
1.199 + return true;
1.200 + if (status == Ci.nsIPKCS11Slot.SLOT_NOT_LOGGED_IN)
1.201 + return false;
1.202 + throw Components.Exception("unexpected slot status: " + status, Cr.NS_ERROR_FAILURE);
1.203 + },
1.204 +
1.205 +
1.206 + /*
1.207 + * defaultEncType
1.208 + */
1.209 + get defaultEncType() {
1.210 + return Ci.nsILoginManagerCrypto.ENCTYPE_SDR;
1.211 + },
1.212 +
1.213 +
1.214 + /*
1.215 + * _notifyObservers
1.216 + */
1.217 + _notifyObservers : function(topic) {
1.218 + this.log("Prompted for a master password, notifying for " + topic);
1.219 + Services.obs.notifyObservers(null, topic, null);
1.220 + },
1.221 +}; // end of nsLoginManagerCrypto_SDR implementation
1.222 +
1.223 +let component = [LoginManagerCrypto_SDR];
1.224 +this.NSGetFactory = XPCOMUtils.generateNSGetFactory(component);
