diff -up firefox-91.2.0/Cargo.toml.fips-quic firefox-91.2.0/Cargo.toml --- firefox-91.2.0/Cargo.toml.fips-quic 2021-10-21 09:40:17.235999423 +0200 +++ firefox-91.2.0/Cargo.toml 2021-10-21 11:21:06.746558028 +0200 @@ -109,3 +109,12 @@ path = "third_party/rust/failure" [patch.crates-io.prost-derive] path = "third_party/rust/prost-derive" + +[patch."https://github.com/mozilla/neqo"] +neqo-crypto = { path = "third_party/rust/neqo-crypto" } +neqo-transport = { path = "third_party/rust/neqo-transport" } +neqo-qpack = { path = "third_party/rust/neqo-qpack" } +neqo-common = { path = "third_party/rust/neqo-common" } + + + diff -up firefox-91.2.0/third_party/rust/neqo-crypto/bindings/bindings.toml.fips-quic firefox-91.2.0/third_party/rust/neqo-crypto/bindings/bindings.toml --- firefox-91.2.0/third_party/rust/neqo-crypto/bindings/bindings.toml.fips-quic 2021-09-28 18:41:34.000000000 +0200 +++ firefox-91.2.0/third_party/rust/neqo-crypto/bindings/bindings.toml 2021-10-21 08:49:01.762221759 +0200 @@ -163,7 +163,7 @@ functions = [ "PK11_GetKeyData", "PK11_GetMechanism", "PK11_HPKE_Serialize", - "PK11_ImportSymKey", + "PK11_ImportDataKey", "PK11_ReadRawAttribute", "PK11_ReferenceSymKey", "SECITEM_FreeItem", @@ -196,11 +196,10 @@ variables = [ "CKM_AES_ECB", "CKM_AES_GCM", "CKM_EC_KEY_PAIR_GEN", + "CKM_HKDF_DERIVE", "CKM_INVALID_MECHANISM", "CKM_NSS_CHACHA20_CTR", "CKM_NSS_CHACHA20_POLY1305", - "CKM_NSS_HKDF_SHA256", - "CKM_NSS_HKDF_SHA384", "PK11_ATTR_INSENSITIVE", "PK11_ATTR_PRIVATE", "PK11_ATTR_PUBLIC", diff -up firefox-91.2.0/third_party/rust/neqo-crypto/Cargo.toml.fips-quic firefox-91.2.0/third_party/rust/neqo-crypto/Cargo.toml diff -up firefox-91.2.0/third_party/rust/neqo-crypto/src/hkdf.rs.fips-quic firefox-91.2.0/third_party/rust/neqo-crypto/src/hkdf.rs --- firefox-91.2.0/third_party/rust/neqo-crypto/src/hkdf.rs.fips-quic 2021-09-28 18:41:44.000000000 +0200 +++ firefox-91.2.0/third_party/rust/neqo-crypto/src/hkdf.rs 2021-10-21 08:49:01.763221763 +0200 @@ -10,8 +10,8 @@ use crate::constants::{ }; use crate::err::{Error, Res}; use crate::p11::{ - random, Item, PK11Origin, PK11SymKey, PK11_ImportSymKey, Slot, SymKey, CKA_DERIVE, - CKM_NSS_HKDF_SHA256, CKM_NSS_HKDF_SHA384, CK_ATTRIBUTE_TYPE, CK_MECHANISM_TYPE, + random, Item, PK11Origin, PK11SymKey, PK11_ImportDataKey, Slot, SymKey, CKA_DERIVE, + CKM_HKDF_DERIVE, CK_ATTRIBUTE_TYPE, CK_MECHANISM_TYPE, }; use std::convert::TryFrom; @@ -52,27 +52,22 @@ fn key_size(version: Version, cipher: Ci /// # Errors /// Only if NSS fails. pub fn generate_key(version: Version, cipher: Cipher) -> Res { - import_key(version, cipher, &random(key_size(version, cipher)?)) + import_key(version, &random(key_size(version, cipher)?)) } /// Import a symmetric key for use with HKDF. /// /// # Errors /// Errors returned if the key buffer is an incompatible size or the NSS functions fail. -pub fn import_key(version: Version, cipher: Cipher, buf: &[u8]) -> Res { +pub fn import_key(version: Version, buf: &[u8]) -> Res { if version != TLS_VERSION_1_3 { return Err(Error::UnsupportedVersion); } - let mech = match cipher { - TLS_AES_128_GCM_SHA256 | TLS_CHACHA20_POLY1305_SHA256 => CKM_NSS_HKDF_SHA256, - TLS_AES_256_GCM_SHA384 => CKM_NSS_HKDF_SHA384, - _ => return Err(Error::UnsupportedCipher), - }; let slot = Slot::internal()?; let key_ptr = unsafe { - PK11_ImportSymKey( + PK11_ImportDataKey( *slot, - CK_MECHANISM_TYPE::from(mech), + CK_MECHANISM_TYPE::from(CKM_HKDF_DERIVE), PK11Origin::PK11_OriginUnwrap, CK_ATTRIBUTE_TYPE::from(CKA_DERIVE), &mut Item::wrap(buf), diff -up firefox-91.2.0/third_party/rust/neqo-crypto/src/selfencrypt.rs.fips-quic firefox-91.2.0/third_party/rust/neqo-crypto/src/selfencrypt.rs --- firefox-91.2.0/third_party/rust/neqo-crypto/src/selfencrypt.rs.fips-quic 2021-09-28 18:41:41.000000000 +0200 +++ firefox-91.2.0/third_party/rust/neqo-crypto/src/selfencrypt.rs 2021-10-21 08:49:01.763221763 +0200 @@ -41,7 +41,7 @@ impl SelfEncrypt { fn make_aead(&self, k: &SymKey, salt: &[u8]) -> Res { debug_assert_eq!(salt.len(), Self::SALT_LENGTH); - let salt = hkdf::import_key(self.version, self.cipher, salt)?; + let salt = hkdf::import_key(self.version, salt)?; let secret = hkdf::extract(self.version, self.cipher, Some(&salt), k)?; Aead::new(self.version, self.cipher, &secret, "neqo self") } diff -up firefox-91.2.0/third_party/rust/neqo-crypto/tests/aead.rs.fips-quic firefox-91.2.0/third_party/rust/neqo-crypto/tests/aead.rs --- firefox-91.2.0/third_party/rust/neqo-crypto/tests/aead.rs.fips-quic 2021-09-28 18:41:35.000000000 +0200 +++ firefox-91.2.0/third_party/rust/neqo-crypto/tests/aead.rs 2021-10-21 08:49:01.764221767 +0200 @@ -26,7 +26,6 @@ fn make_aead(cipher: Cipher) -> Aead { let secret = hkdf::import_key( TLS_VERSION_1_3, - cipher, &[ 0x47, 0xb2, 0xea, 0xea, 0x6c, 0x26, 0x6e, 0x32, 0xc0, 0x69, 0x7a, 0x9e, 0x2a, 0x89, 0x8b, 0xdf, 0x5c, 0x4f, 0xb3, 0xe5, 0xac, 0x34, 0xf0, 0xe5, 0x49, 0xbf, 0x2c, 0x58, diff -up firefox-91.2.0/third_party/rust/neqo-crypto/tests/hkdf.rs.fips-quic firefox-91.2.0/third_party/rust/neqo-crypto/tests/hkdf.rs --- firefox-91.2.0/third_party/rust/neqo-crypto/tests/hkdf.rs.fips-quic 2021-09-28 18:41:44.000000000 +0200 +++ firefox-91.2.0/third_party/rust/neqo-crypto/tests/hkdf.rs 2021-10-21 08:49:01.764221767 +0200 @@ -38,8 +38,8 @@ fn cipher_hash_len(cipher: Cipher) -> us fn import_keys(cipher: Cipher) -> (SymKey, SymKey) { let l = cipher_hash_len(cipher); ( - hkdf::import_key(TLS_VERSION_1_3, cipher, &SALT[0..l]).expect("import salt"), - hkdf::import_key(TLS_VERSION_1_3, cipher, &IKM[0..l]).expect("import IKM"), + hkdf::import_key(TLS_VERSION_1_3, &SALT[0..l]).expect("import salt"), + hkdf::import_key(TLS_VERSION_1_3, &IKM[0..l]).expect("import IKM"), ) } diff -up firefox-91.2.0/third_party/rust/neqo-crypto/tests/hp.rs.fips-quic firefox-91.2.0/third_party/rust/neqo-crypto/tests/hp.rs --- firefox-91.2.0/third_party/rust/neqo-crypto/tests/hp.rs.fips-quic 2021-09-28 18:41:44.000000000 +0200 +++ firefox-91.2.0/third_party/rust/neqo-crypto/tests/hp.rs 2021-10-21 08:49:01.764221767 +0200 @@ -9,7 +9,7 @@ use neqo_crypto::hp::HpKey; use test_fixture::fixture_init; fn make_hp(cipher: Cipher) -> HpKey { - let ikm = hkdf::import_key(TLS_VERSION_1_3, cipher, &[0; 16]).expect("import IKM"); + let ikm = hkdf::import_key(TLS_VERSION_1_3, &[0; 16]).expect("import IKM"); let prk = hkdf::extract(TLS_VERSION_1_3, cipher, None, &ikm).expect("extract works"); HpKey::extract(TLS_VERSION_1_3, cipher, &prk, "hp").expect("extract label works") } diff -up firefox-91.2.0/third_party/rust/neqo-http3/Cargo.toml.fips-quic firefox-91.2.0/third_party/rust/neqo-http3/Cargo.toml diff -up firefox-91.2.0/third_party/rust/neqo-qpack/Cargo.toml.fips-quic firefox-91.2.0/third_party/rust/neqo-qpack/Cargo.toml diff -up firefox-91.2.0/third_party/rust/neqo-transport/Cargo.toml.fips-quic firefox-91.2.0/third_party/rust/neqo-transport/Cargo.toml diff -up firefox-91.2.0/third_party/rust/neqo-transport/src/crypto.rs.fips-quic firefox-91.2.0/third_party/rust/neqo-transport/src/crypto.rs --- firefox-91.2.0/third_party/rust/neqo-transport/src/crypto.rs.fips-quic 2021-09-28 18:41:44.000000000 +0200 +++ firefox-91.2.0/third_party/rust/neqo-transport/src/crypto.rs 2021-10-21 08:49:01.765221771 +0200 @@ -432,14 +432,8 @@ impl CryptoDxState { let initial_secret = hkdf::extract( TLS_VERSION_1_3, cipher, - Some( - hkdf::import_key(TLS_VERSION_1_3, cipher, salt) - .as_ref() - .unwrap(), - ), - hkdf::import_key(TLS_VERSION_1_3, cipher, dcid) - .as_ref() - .unwrap(), + Some(hkdf::import_key(TLS_VERSION_1_3, salt).as_ref().unwrap()), + hkdf::import_key(TLS_VERSION_1_3, dcid).as_ref().unwrap(), ) .unwrap(); @@ -1094,8 +1088,7 @@ impl CryptoStates { let app_read = |epoch| CryptoDxAppData { dx: read(epoch), cipher: TLS_AES_128_GCM_SHA256, - next_secret: hkdf::import_key(TLS_VERSION_1_3, TLS_AES_128_GCM_SHA256, &[0xaa; 32]) - .unwrap(), + next_secret: hkdf::import_key(TLS_VERSION_1_3, &[0xaa; 32]).unwrap(), }; Self { initial: Some(CryptoState { @@ -1120,8 +1113,7 @@ impl CryptoStates { 0x00, 0xa1, 0x54, 0x43, 0xf1, 0x82, 0x03, 0xa0, 0x7d, 0x60, 0x60, 0xf6, 0x88, 0xf3, 0x0f, 0x21, 0x63, 0x2b, ]; - let secret = - hkdf::import_key(TLS_VERSION_1_3, TLS_CHACHA20_POLY1305_SHA256, SECRET).unwrap(); + let secret = hkdf::import_key(TLS_VERSION_1_3, SECRET).unwrap(); let app_read = |epoch| CryptoDxAppData { dx: CryptoDxState { direction: CryptoDxDirection::Read, diff -up firefox-91.2.0/third_party/rust/neqo-transport/src/packet/retry.rs.fips-quic firefox-91.2.0/third_party/rust/neqo-transport/src/packet/retry.rs --- firefox-91.2.0/third_party/rust/neqo-transport/src/packet/retry.rs.fips-quic 2021-09-28 18:41:34.000000000 +0200 +++ firefox-91.2.0/third_party/rust/neqo-transport/src/packet/retry.rs 2021-10-21 08:49:01.766221775 +0200 @@ -28,7 +28,7 @@ fn make_aead(secret: &[u8]) -> Aead { #[cfg(debug_assertions)] ::neqo_crypto::assert_initialized(); - let secret = hkdf::import_key(TLS_VERSION_1_3, TLS_AES_128_GCM_SHA256, secret).unwrap(); + let secret = hkdf::import_key(TLS_VERSION_1_3, secret).unwrap(); Aead::new(TLS_VERSION_1_3, TLS_AES_128_GCM_SHA256, &secret, "quic ").unwrap() } thread_local!(static RETRY_AEAD_29: RefCell = RefCell::new(make_aead(RETRY_SECRET_29))); diff -up firefox-91.2.0/third_party/rust/neqo-transport/tests/common/mod.rs.fips-quic firefox-91.2.0/third_party/rust/neqo-transport/tests/common/mod.rs --- firefox-91.2.0/third_party/rust/neqo-transport/tests/common/mod.rs.fips-quic 2021-09-28 18:41:34.000000000 +0200 +++ firefox-91.2.0/third_party/rust/neqo-transport/tests/common/mod.rs 2021-10-21 08:49:01.766221775 +0200 @@ -121,13 +121,11 @@ pub fn client_initial_aead_and_hp(dcid: TLS_VERSION_1_3, TLS_AES_128_GCM_SHA256, Some( - hkdf::import_key(TLS_VERSION_1_3, TLS_AES_128_GCM_SHA256, INITIAL_SALT) + hkdf::import_key(TLS_VERSION_1_3, INITIAL_SALT) .as_ref() .unwrap(), ), - hkdf::import_key(TLS_VERSION_1_3, TLS_AES_128_GCM_SHA256, dcid) - .as_ref() - .unwrap(), + hkdf::import_key(TLS_VERSION_1_3, dcid).as_ref().unwrap(), ) .unwrap();