Bug 1867765 - Fix RnpPrivateKeyUnlockTracker.unprotect(). r=mkmelin

Differential Revision: https://phabricator.services.mozilla.com/D195904

Depends on D195903

mail/extensions/openpgp/content/modules/RNP.jsm

@@ -212,15 +212,25 @@ class RnpPrivateKeyUnlockTracker {
    * unlocked.
    */
   unprotect() {
-    if (
-      !this.#rnpKeyHandle ||
-      !this.#isLocked ||
-      !this.#wasUnlocked ||
-      !this.#rememberUnlockPasswordForUnprotect
-    ) {
+    if (!this.#rnpKeyHandle) {
       return;
     }
 
+    const is_protected = new lazy.ctypes.bool();
+    if (
+      RNPLib.rnp_key_is_protected(this.#rnpKeyHandle, is_protected.address())
+    ) {
+      throw new Error("rnp_key_is_protected failed");
+    }
+    if (!is_protected.value) {
+      return;
+    }
+
+    if (!this.#wasUnlocked || !this.#rememberUnlockPasswordForUnprotect) {
+      // This precondition ensures we have the correct password cached.
+      throw new Error("Key should have been unlocked already.");
+    }
+
     if (RNPLib.rnp_key_unprotect(this.#rnpKeyHandle, this.#unlockPassword)) {
       throw new Error(`Failed to unprotect private key ${this.#fingerprint}`);
     }

mail/extensions/openpgp/test/unit/rnp/test_secretKeys.js

@@ -336,6 +336,11 @@ add_task(async function testNoSecretForExistingPublicSubkey() {
   Assert.ok(importResult.exitCode == 0);
 });
 
+// Test that old ECC secret keys, which were created using older RNP
+// versions (as used in Thunderbird versions older then 91.8),
+// can be correctly backed up. This test ensures that we successfully
+// removed the key protection prior to the call to perform the
+// binary key tweaking.
 add_task(async function testImportAndBackupUntweakedECCKey() {
   const untweakedFile = do_get_file(`${keyDir}/untweaked-secret.asc`);
   const untweakedSecKey = await IOUtils.readUTF8(untweakedFile.path);