import nss-3.53.1-17.el8_3
This commit is contained in:
parent
523619f371
commit
02c51bd6bb
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,3 +1,4 @@
|
|||||||
|
SOURCES/PayPalEE.cert
|
||||||
SOURCES/blank-cert8.db
|
SOURCES/blank-cert8.db
|
||||||
SOURCES/blank-cert9.db
|
SOURCES/blank-cert9.db
|
||||||
SOURCES/blank-key3.db
|
SOURCES/blank-key3.db
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
bc5c03643bfa1a5ea8519b8e7e2d7d5e30abea30 SOURCES/PayPalEE.cert
|
||||||
d272a7b58364862613d44261c5744f7a336bf177 SOURCES/blank-cert8.db
|
d272a7b58364862613d44261c5744f7a336bf177 SOURCES/blank-cert8.db
|
||||||
b5570125fbf6bfb410705706af48217a0817c03a SOURCES/blank-cert9.db
|
b5570125fbf6bfb410705706af48217a0817c03a SOURCES/blank-cert9.db
|
||||||
7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 SOURCES/blank-key3.db
|
7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 SOURCES/blank-key3.db
|
||||||
|
74
SOURCES/nss-3.53.1-chacha-len.patch
Normal file
74
SOURCES/nss-3.53.1-chacha-len.patch
Normal file
@ -0,0 +1,74 @@
|
|||||||
|
|
||||||
|
# HG changeset patch
|
||||||
|
# User Benjamin Beurdouche <bbeurdouche@mozilla.com>
|
||||||
|
# Date 1595031218 0
|
||||||
|
# Node ID c25adfdfab34ddb08d3262aac3242e3399de1095
|
||||||
|
# Parent f282556e6cc7715f5754aeaadda6f902590e7e38
|
||||||
|
Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by PKCS11. r=jcj,kjacobs,rrelyea
|
||||||
|
|
||||||
|
Differential Revision: https://phabricator.services.mozilla.com/D74801
|
||||||
|
|
||||||
|
diff --git a/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc b/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
|
||||||
|
--- a/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
|
||||||
|
+++ b/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
|
||||||
|
@@ -40,28 +40,35 @@ class Pkcs11ChaCha20Poly1305Test
|
||||||
|
aead_params.ulNonceLen = iv_len;
|
||||||
|
aead_params.pAAD = toUcharPtr(aad);
|
||||||
|
aead_params.ulAADLen = aad_len;
|
||||||
|
aead_params.ulTagLen = 16;
|
||||||
|
|
||||||
|
SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&aead_params),
|
||||||
|
sizeof(aead_params)};
|
||||||
|
|
||||||
|
- // Encrypt with bad parameters.
|
||||||
|
+ // Encrypt with bad parameters (TagLen is too long).
|
||||||
|
unsigned int encrypted_len = 0;
|
||||||
|
std::vector<uint8_t> encrypted(data_len + aead_params.ulTagLen);
|
||||||
|
aead_params.ulTagLen = 158072;
|
||||||
|
SECStatus rv =
|
||||||
|
PK11_Encrypt(key.get(), kMech, ¶ms, encrypted.data(),
|
||||||
|
&encrypted_len, encrypted.size(), data, data_len);
|
||||||
|
EXPECT_EQ(SECFailure, rv);
|
||||||
|
EXPECT_EQ(0U, encrypted_len);
|
||||||
|
- aead_params.ulTagLen = 16;
|
||||||
|
+
|
||||||
|
+ // Encrypt with bad parameters (TagLen is too short).
|
||||||
|
+ aead_params.ulTagLen = 2;
|
||||||
|
+ rv = PK11_Encrypt(key.get(), kMech, ¶ms, encrypted.data(),
|
||||||
|
+ &encrypted_len, encrypted.size(), data, data_len);
|
||||||
|
+ EXPECT_EQ(SECFailure, rv);
|
||||||
|
+ EXPECT_EQ(0U, encrypted_len);
|
||||||
|
|
||||||
|
// Encrypt.
|
||||||
|
+ aead_params.ulTagLen = 16;
|
||||||
|
rv = PK11_Encrypt(key.get(), kMech, ¶ms, encrypted.data(),
|
||||||
|
&encrypted_len, encrypted.size(), data, data_len);
|
||||||
|
|
||||||
|
// Return if encryption failure was expected due to invalid IV.
|
||||||
|
// Without valid ciphertext, all further tests can be skipped.
|
||||||
|
if (invalid_iv) {
|
||||||
|
EXPECT_EQ(rv, SECFailure);
|
||||||
|
EXPECT_EQ(0U, encrypted_len)
|
||||||
|
diff --git a/lib/freebl/chacha20poly1305.c b/lib/freebl/chacha20poly1305.c
|
||||||
|
--- a/lib/freebl/chacha20poly1305.c
|
||||||
|
+++ b/lib/freebl/chacha20poly1305.c
|
||||||
|
@@ -76,17 +76,17 @@ ChaCha20Poly1305_InitContext(ChaCha20Pol
|
||||||
|
{
|
||||||
|
#ifdef NSS_DISABLE_CHACHAPOLY
|
||||||
|
return SECFailure;
|
||||||
|
#else
|
||||||
|
if (keyLen != 32) {
|
||||||
|
PORT_SetError(SEC_ERROR_BAD_KEY);
|
||||||
|
return SECFailure;
|
||||||
|
}
|
||||||
|
- if (tagLen == 0 || tagLen > 16) {
|
||||||
|
+ if (tagLen != 16) {
|
||||||
|
PORT_SetError(SEC_ERROR_INPUT_LEN);
|
||||||
|
return SECFailure;
|
||||||
|
}
|
||||||
|
|
||||||
|
PORT_Memcpy(ctx->key, key, sizeof(ctx->key));
|
||||||
|
ctx->tagLen = tagLen;
|
||||||
|
|
||||||
|
return SECSuccess;
|
||||||
|
|
96
SOURCES/nss-3.53.1-chacha-multi.patch
Normal file
96
SOURCES/nss-3.53.1-chacha-multi.patch
Normal file
@ -0,0 +1,96 @@
|
|||||||
|
|
||||||
|
# HG changeset patch
|
||||||
|
# User Benjamin Beurdouche <bbeurdouche@mozilla.com>
|
||||||
|
# Date 1595031194 0
|
||||||
|
# Node ID f282556e6cc7715f5754aeaadda6f902590e7e38
|
||||||
|
# Parent 89733253df83ef7fe8dd0d49f6370b857e93d325
|
||||||
|
Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20. r=kjacobs,rrelyea
|
||||||
|
|
||||||
|
Depends on D74801
|
||||||
|
|
||||||
|
Differential Revision: https://phabricator.services.mozilla.com/D83994
|
||||||
|
|
||||||
|
diff --git a/gtests/pk11_gtest/pk11_cipherop_unittest.cc b/gtests/pk11_gtest/pk11_cipherop_unittest.cc
|
||||||
|
--- a/gtests/pk11_gtest/pk11_cipherop_unittest.cc
|
||||||
|
+++ b/gtests/pk11_gtest/pk11_cipherop_unittest.cc
|
||||||
|
@@ -72,9 +72,58 @@ TEST(Pkcs11CipherOp, SingleCtxMultipleUn
|
||||||
|
ASSERT_EQ(GetBytes(ctx, outbuf, 17), SECSuccess);
|
||||||
|
|
||||||
|
PK11_FreeSymKey(key);
|
||||||
|
PK11_FreeSlot(slot);
|
||||||
|
PK11_DestroyContext(ctx, PR_TRUE);
|
||||||
|
NSS_ShutdownContext(globalctx);
|
||||||
|
}
|
||||||
|
|
||||||
|
+TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOpsChaCha20) {
|
||||||
|
+ PK11SlotInfo* slot;
|
||||||
|
+ PK11SymKey* key;
|
||||||
|
+ PK11Context* ctx;
|
||||||
|
+
|
||||||
|
+ NSSInitContext* globalctx =
|
||||||
|
+ NSS_InitContext("", "", "", "", NULL,
|
||||||
|
+ NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB |
|
||||||
|
+ NSS_INIT_FORCEOPEN | NSS_INIT_NOROOTINIT);
|
||||||
|
+
|
||||||
|
+ const CK_MECHANISM_TYPE cipher = CKM_NSS_CHACHA20_CTR;
|
||||||
|
+
|
||||||
|
+ slot = PK11_GetInternalSlot();
|
||||||
|
+ ASSERT_TRUE(slot);
|
||||||
|
+
|
||||||
|
+ // Use arbitrary bytes for the ChaCha20 key and IV
|
||||||
|
+ uint8_t key_bytes[32];
|
||||||
|
+ for (size_t i = 0; i < 32; i++) {
|
||||||
|
+ key_bytes[i] = i;
|
||||||
|
+ }
|
||||||
|
+ SECItem keyItem = {siBuffer, key_bytes, 32};
|
||||||
|
+
|
||||||
|
+ uint8_t iv_bytes[16];
|
||||||
|
+ for (size_t i = 0; i < 16; i++) {
|
||||||
|
+ key_bytes[i] = i;
|
||||||
|
+ }
|
||||||
|
+ SECItem ivItem = {siBuffer, iv_bytes, 16};
|
||||||
|
+
|
||||||
|
+ SECItem* param = PK11_ParamFromIV(cipher, &ivItem);
|
||||||
|
+
|
||||||
|
+ key = PK11_ImportSymKey(slot, cipher, PK11_OriginUnwrap, CKA_ENCRYPT,
|
||||||
|
+ &keyItem, NULL);
|
||||||
|
+ ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, key, param);
|
||||||
|
+ ASSERT_TRUE(key);
|
||||||
|
+ ASSERT_TRUE(ctx);
|
||||||
|
+
|
||||||
|
+ uint8_t outbuf[128];
|
||||||
|
+ // This is supposed to fail for Chacha20. This is because the underlying
|
||||||
|
+ // PK11_CipherOp operation is calling the C_EncryptUpdate function for
|
||||||
|
+ // which multi-part is disabled for ChaCha20 in counter mode.
|
||||||
|
+ ASSERT_EQ(GetBytes(ctx, outbuf, 7), SECFailure);
|
||||||
|
+
|
||||||
|
+ PK11_FreeSymKey(key);
|
||||||
|
+ PK11_FreeSlot(slot);
|
||||||
|
+ SECITEM_FreeItem(param, PR_TRUE);
|
||||||
|
+ PK11_DestroyContext(ctx, PR_TRUE);
|
||||||
|
+ NSS_ShutdownContext(globalctx);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
} // namespace nss_test
|
||||||
|
diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c
|
||||||
|
--- a/lib/softoken/pkcs11c.c
|
||||||
|
+++ b/lib/softoken/pkcs11c.c
|
||||||
|
@@ -1251,16 +1251,17 @@ sftk_CryptInit(CK_SESSION_HANDLE hSessio
|
||||||
|
|
||||||
|
case CKM_NSS_CHACHA20_CTR: /* old NSS private version */
|
||||||
|
case CKM_CHACHA20: /* PKCS #11 v3 version */
|
||||||
|
{
|
||||||
|
unsigned char *counter;
|
||||||
|
unsigned char *nonce;
|
||||||
|
unsigned long counter_len;
|
||||||
|
unsigned long nonce_len;
|
||||||
|
+ context->multi = PR_FALSE;
|
||||||
|
if (pMechanism->mechanism == CKM_NSS_CHACHA20_CTR) {
|
||||||
|
if (key_type != CKK_NSS_CHACHA20) {
|
||||||
|
crv = CKR_KEY_TYPE_INCONSISTENT;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
if (pMechanism->pParameter == NULL || pMechanism->ulParameterLen != 16) {
|
||||||
|
crv = CKR_MECHANISM_PARAM_INVALID;
|
||||||
|
break;
|
||||||
|
|
1271
SOURCES/nss-3.53.1-cmac-kdf-selftests.patch
Normal file
1271
SOURCES/nss-3.53.1-cmac-kdf-selftests.patch
Normal file
File diff suppressed because it is too large
Load Diff
19783
SOURCES/nss-3.53.1-constant-time-p384.patch
Normal file
19783
SOURCES/nss-3.53.1-constant-time-p384.patch
Normal file
File diff suppressed because it is too large
Load Diff
11923
SOURCES/nss-3.53.1-constant-time-p521.patch
Normal file
11923
SOURCES/nss-3.53.1-constant-time-p521.patch
Normal file
File diff suppressed because it is too large
Load Diff
899
SOURCES/nss-3.53.1-enable-disable-policy.patch
Normal file
899
SOURCES/nss-3.53.1-enable-disable-policy.patch
Normal file
@ -0,0 +1,899 @@
|
|||||||
|
diff -up ./lib/nss/nss.h.orig ./lib/nss/nss.h
|
||||||
|
--- ./lib/nss/nss.h.orig 2020-06-16 15:50:59.000000000 -0700
|
||||||
|
+++ ./lib/nss/nss.h 2020-10-29 13:17:16.386664203 -0700
|
||||||
|
@@ -299,6 +299,8 @@ SECStatus NSS_UnregisterShutdown(NSS_Shu
|
||||||
|
* old NSS versions. This option might be removed in the future NSS
|
||||||
|
* releases; don't rely on it. */
|
||||||
|
#define __NSS_PKCS12_DECODE_FORCE_UNICODE 0x00c
|
||||||
|
+#define NSS_DEFAULT_LOCKS 0x00d /* lock default values */
|
||||||
|
+#define NSS_DEFAULT_SSL_LOCK 1 /* lock the ssl default values */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Set and get global options for the NSS library.
|
||||||
|
diff -up ./lib/nss/nssoptions.c.orig ./lib/nss/nssoptions.c
|
||||||
|
--- ./lib/nss/nssoptions.c.orig 2020-06-16 15:50:59.000000000 -0700
|
||||||
|
+++ ./lib/nss/nssoptions.c 2020-10-29 13:17:16.386664203 -0700
|
||||||
|
@@ -14,6 +14,7 @@
|
||||||
|
#include "secoid.h"
|
||||||
|
#include "nss.h"
|
||||||
|
#include "nssoptions.h"
|
||||||
|
+#include "secerr.h"
|
||||||
|
|
||||||
|
struct nssOps {
|
||||||
|
PRInt32 rsaMinKeySize;
|
||||||
|
@@ -24,6 +25,7 @@ struct nssOps {
|
||||||
|
PRInt32 dtlsVersionMinPolicy;
|
||||||
|
PRInt32 dtlsVersionMaxPolicy;
|
||||||
|
PRInt32 pkcs12DecodeForceUnicode;
|
||||||
|
+ PRInt32 defaultLocks;
|
||||||
|
};
|
||||||
|
|
||||||
|
static struct nssOps nss_ops = {
|
||||||
|
@@ -34,7 +36,8 @@ static struct nssOps nss_ops = {
|
||||||
|
0xffff, /* set TLS max to more than the largest legal SSL value */
|
||||||
|
1,
|
||||||
|
0xffff,
|
||||||
|
- PR_FALSE
|
||||||
|
+ PR_FALSE,
|
||||||
|
+ 0
|
||||||
|
};
|
||||||
|
|
||||||
|
SECStatus
|
||||||
|
@@ -42,6 +45,11 @@ NSS_OptionSet(PRInt32 which, PRInt32 val
|
||||||
|
{
|
||||||
|
SECStatus rv = SECSuccess;
|
||||||
|
|
||||||
|
+ if (NSS_IsPolicyLocked()) {
|
||||||
|
+ PORT_SetError(SEC_ERROR_POLICY_LOCKED);
|
||||||
|
+ return SECFailure;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
switch (which) {
|
||||||
|
case NSS_RSA_MIN_KEY_SIZE:
|
||||||
|
nss_ops.rsaMinKeySize = value;
|
||||||
|
@@ -67,7 +75,11 @@ NSS_OptionSet(PRInt32 which, PRInt32 val
|
||||||
|
case __NSS_PKCS12_DECODE_FORCE_UNICODE:
|
||||||
|
nss_ops.pkcs12DecodeForceUnicode = value;
|
||||||
|
break;
|
||||||
|
+ case NSS_DEFAULT_LOCKS:
|
||||||
|
+ nss_ops.defaultLocks = value;
|
||||||
|
+ break;
|
||||||
|
default:
|
||||||
|
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||||
|
rv = SECFailure;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -104,6 +116,9 @@ NSS_OptionGet(PRInt32 which, PRInt32 *va
|
||||||
|
case __NSS_PKCS12_DECODE_FORCE_UNICODE:
|
||||||
|
*value = nss_ops.pkcs12DecodeForceUnicode;
|
||||||
|
break;
|
||||||
|
+ case NSS_DEFAULT_LOCKS:
|
||||||
|
+ *value = nss_ops.defaultLocks;
|
||||||
|
+ break;
|
||||||
|
default:
|
||||||
|
rv = SECFailure;
|
||||||
|
}
|
||||||
|
diff -up ./lib/pk11wrap/pk11pars.c.orig ./lib/pk11wrap/pk11pars.c
|
||||||
|
--- ./lib/pk11wrap/pk11pars.c.orig 2020-10-29 13:14:14.119727304 -0700
|
||||||
|
+++ ./lib/pk11wrap/pk11pars.c 2020-10-29 13:17:16.387664208 -0700
|
||||||
|
@@ -158,16 +158,17 @@ SECMOD_CreateModule(const char *library,
|
||||||
|
* Disallow values are parsed first, then allow values, independent of the
|
||||||
|
* order they appear.
|
||||||
|
*
|
||||||
|
- * Future key words (not yet implemented):
|
||||||
|
+ * flags: turn on the following flags:
|
||||||
|
+ * policy-lock: turn off the ability for applications to change policy with
|
||||||
|
+ * the call NSS_SetAlgorithmPolicy or the other system policy
|
||||||
|
+ * calls (SSL_SetPolicy, etc.)
|
||||||
|
+ * ssl-lock: turn off the ability to change the ssl defaults.
|
||||||
|
+ *
|
||||||
|
+ * The following only apply to ssl cipher suites (future smime)
|
||||||
|
+ *
|
||||||
|
* enable: turn on ciphersuites by default.
|
||||||
|
* disable: turn off ciphersuites by default without disallowing them by policy.
|
||||||
|
- * flags: turn on the following flags:
|
||||||
|
- * ssl-lock: turn off the ability for applications to change policy with
|
||||||
|
- * the SSL_SetCipherPolicy (or SSL_SetPolicy).
|
||||||
|
- * policy-lock: turn off the ability for applications to change policy with
|
||||||
|
- * the call NSS_SetAlgorithmPolicy.
|
||||||
|
- * ssl-default-lock: turn off the ability for applications to change cipher
|
||||||
|
- * suite states with SSL_EnableCipher, SSL_DisableCipher.
|
||||||
|
+ *
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
@@ -389,7 +390,13 @@ static const oidValDef kxOptList[] = {
|
||||||
|
static const oidValDef signOptList[] = {
|
||||||
|
/* Signatures */
|
||||||
|
{ CIPHER_NAME("DSA"), SEC_OID_ANSIX9_DSA_SIGNATURE,
|
||||||
|
- NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
|
||||||
|
+ NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE },
|
||||||
|
+ { CIPHER_NAME("RSA-PKCS"), SEC_OID_PKCS1_RSA_ENCRYPTION,
|
||||||
|
+ NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE },
|
||||||
|
+ { CIPHER_NAME("RSA-PSS"), SEC_OID_PKCS1_RSA_PSS_SIGNATURE,
|
||||||
|
+ NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE },
|
||||||
|
+ { CIPHER_NAME("ECDSA"), SEC_OID_ANSIX962_EC_PUBLIC_KEY,
|
||||||
|
+ NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE },
|
||||||
|
};
|
||||||
|
|
||||||
|
typedef struct {
|
||||||
|
@@ -405,7 +412,7 @@ static const algListsDef algOptLists[] =
|
||||||
|
{ macOptList, PR_ARRAY_SIZE(macOptList), "MAC", PR_FALSE },
|
||||||
|
{ cipherOptList, PR_ARRAY_SIZE(cipherOptList), "CIPHER", PR_FALSE },
|
||||||
|
{ kxOptList, PR_ARRAY_SIZE(kxOptList), "OTHER-KX", PR_FALSE },
|
||||||
|
- { signOptList, PR_ARRAY_SIZE(signOptList), "OTHER-SIGN", PR_TRUE },
|
||||||
|
+ { signOptList, PR_ARRAY_SIZE(signOptList), "OTHER-SIGN", PR_FALSE },
|
||||||
|
};
|
||||||
|
|
||||||
|
static const optionFreeDef sslOptList[] = {
|
||||||
|
@@ -443,10 +450,19 @@ static const policyFlagDef policyFlagLis
|
||||||
|
/* add other key exhanges in the future */
|
||||||
|
{ CIPHER_NAME("KEY-EXCHANGE"), NSS_USE_ALG_IN_SSL_KX },
|
||||||
|
{ CIPHER_NAME("CERT-SIGNATURE"), NSS_USE_ALG_IN_CERT_SIGNATURE },
|
||||||
|
- /* add other signatures in the future */
|
||||||
|
- { CIPHER_NAME("SIGNATURE"), NSS_USE_ALG_IN_CERT_SIGNATURE },
|
||||||
|
- /* enable everything */
|
||||||
|
- { CIPHER_NAME("ALL"), NSS_USE_ALG_IN_SSL | NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
|
||||||
|
+ { CIPHER_NAME("CMS-SIGNATURE"), NSS_USE_ALG_IN_CMS_SIGNATURE },
|
||||||
|
+ { CIPHER_NAME("ALL-SIGNATURE"), NSS_USE_ALG_IN_SIGNATURE },
|
||||||
|
+ /* sign turns off all signatures, but doesn't change the
|
||||||
|
+ * allowance for specific sigantures... for example:
|
||||||
|
+ * disallow=sha256/all allow=sha256/signature doesn't allow
|
||||||
|
+ * cert-sigantures, where disallow=sha256/all allow=sha256/all-signature
|
||||||
|
+ * does.
|
||||||
|
+ * however, disallow=sha356/signature and disallow=sha256/all-siganture are
|
||||||
|
+ * equivalent in effect */
|
||||||
|
+ { CIPHER_NAME("SIGNATURE"), NSS_USE_ALG_IN_ANY_SIGNATURE },
|
||||||
|
+ /* enable/disable everything */
|
||||||
|
+ { CIPHER_NAME("ALL"), NSS_USE_ALG_IN_SSL | NSS_USE_ALG_IN_SSL_KX |
|
||||||
|
+ NSS_USE_ALG_IN_SIGNATURE },
|
||||||
|
{ CIPHER_NAME("NONE"), 0 }
|
||||||
|
};
|
||||||
|
|
||||||
|
@@ -538,8 +554,82 @@ secmod_getPolicyOptValue(const char *pol
|
||||||
|
return SECFailure;
|
||||||
|
}
|
||||||
|
|
||||||
|
+/* Policy operations:
|
||||||
|
+ * Disallow: operation is disallowed by policy. Implies disabled.
|
||||||
|
+ * Allow: operation is allowed by policy (but could be disabled).
|
||||||
|
+ * Disable: operation is turned off by default (but could be allowed).
|
||||||
|
+ * Enable: operation is enabled by default. Implies allowed.
|
||||||
|
+ */
|
||||||
|
+typedef enum {
|
||||||
|
+ NSS_DISALLOW,
|
||||||
|
+ NSS_ALLOW,
|
||||||
|
+ NSS_DISABLE,
|
||||||
|
+ NSS_ENABLE
|
||||||
|
+} NSSPolicyOperation;
|
||||||
|
+
|
||||||
|
+/* apply the operator specific policy */
|
||||||
|
+SECStatus
|
||||||
|
+secmod_setPolicyOperation(SECOidTag oid, NSSPolicyOperation operation,
|
||||||
|
+ PRUint32 value)
|
||||||
|
+{
|
||||||
|
+ SECStatus rv = SECSuccess;
|
||||||
|
+ switch (operation) {
|
||||||
|
+ case NSS_DISALLOW:
|
||||||
|
+ /* clear the requested policy bits */
|
||||||
|
+ rv = NSS_SetAlgorithmPolicy(oid, 0, value);
|
||||||
|
+ break;
|
||||||
|
+ case NSS_ALLOW:
|
||||||
|
+ /* set the requested policy bits */
|
||||||
|
+ rv = NSS_SetAlgorithmPolicy(oid, value, 0);
|
||||||
|
+ break;
|
||||||
|
+ /* enable/disable only apply to SSL cipher suites (future S/MIME).
|
||||||
|
+ * Enable/disable is implemented by clearing the DEFAULT_NOT_VALID
|
||||||
|
+ * flag, then setting the NSS_USE_DEFAULT_SSL_ENABLE flag to the
|
||||||
|
+ * correct value. The ssl policy code will then sort out what to
|
||||||
|
+ * set based on ciphers and cipher suite values.*/
|
||||||
|
+ case NSS_DISABLE:
|
||||||
|
+ if (value & (NSS_USE_ALG_IN_SSL | NSS_USE_ALG_IN_SSL_KX)) {
|
||||||
|
+ /* clear not valid and enable */
|
||||||
|
+ rv = NSS_SetAlgorithmPolicy(oid, 0,
|
||||||
|
+ NSS_USE_DEFAULT_NOT_VALID |
|
||||||
|
+ NSS_USE_DEFAULT_SSL_ENABLE);
|
||||||
|
+ }
|
||||||
|
+ break;
|
||||||
|
+ case NSS_ENABLE:
|
||||||
|
+ if (value & (NSS_USE_ALG_IN_SSL | NSS_USE_ALG_IN_SSL_KX)) {
|
||||||
|
+ /* set enable, clear not valid. NOTE: enable implies allow! */
|
||||||
|
+ rv = NSS_SetAlgorithmPolicy(oid, value | NSS_USE_DEFAULT_SSL_ENABLE,
|
||||||
|
+ NSS_USE_DEFAULT_NOT_VALID);
|
||||||
|
+ }
|
||||||
|
+ break;
|
||||||
|
+ default:
|
||||||
|
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
||||||
|
+ rv = SECFailure;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ return rv;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+const char *
|
||||||
|
+secmod_getOperationString(NSSPolicyOperation operation)
|
||||||
|
+{
|
||||||
|
+ switch (operation) {
|
||||||
|
+ case NSS_DISALLOW:
|
||||||
|
+ return "disallow";
|
||||||
|
+ case NSS_ALLOW:
|
||||||
|
+ return "allow";
|
||||||
|
+ case NSS_DISABLE:
|
||||||
|
+ return "disable";
|
||||||
|
+ case NSS_ENABLE:
|
||||||
|
+ return "enable";
|
||||||
|
+ default:
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ return "invalid";
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static SECStatus
|
||||||
|
-secmod_applyCryptoPolicy(const char *policyString, PRBool allow,
|
||||||
|
+secmod_applyCryptoPolicy(const char *policyString, NSSPolicyOperation operation,
|
||||||
|
PRBool printPolicyFeedback)
|
||||||
|
{
|
||||||
|
const char *cipher, *currentString;
|
||||||
|
@@ -573,18 +663,10 @@ secmod_applyCryptoPolicy(const char *pol
|
||||||
|
for (i = 0; i < PR_ARRAY_SIZE(algOptLists); i++) {
|
||||||
|
const algListsDef *algOptList = &algOptLists[i];
|
||||||
|
for (j = 0; j < algOptList->entries; j++) {
|
||||||
|
- PRUint32 enable, disable;
|
||||||
|
if (!newValue) {
|
||||||
|
value = algOptList->list[j].val;
|
||||||
|
}
|
||||||
|
- if (allow) {
|
||||||
|
- enable = value;
|
||||||
|
- disable = 0;
|
||||||
|
- } else {
|
||||||
|
- enable = 0;
|
||||||
|
- disable = value;
|
||||||
|
- }
|
||||||
|
- NSS_SetAlgorithmPolicy(algOptList->list[j].oid, enable, disable);
|
||||||
|
+ secmod_setPolicyOperation(algOptList->list[j].oid, operation, value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
continue;
|
||||||
|
@@ -603,20 +685,12 @@ secmod_applyCryptoPolicy(const char *pol
|
||||||
|
if ((newOption || algOpt->name_size == length) &&
|
||||||
|
PORT_Strncasecmp(algOpt->name, cipher, name_size) == 0) {
|
||||||
|
PRUint32 value = algOpt->val;
|
||||||
|
- PRUint32 enable, disable;
|
||||||
|
if (newOption) {
|
||||||
|
value = secmod_parsePolicyValue(&cipher[name_size] + 1,
|
||||||
|
length - name_size - 1,
|
||||||
|
printPolicyFeedback);
|
||||||
|
}
|
||||||
|
- if (allow) {
|
||||||
|
- enable = value;
|
||||||
|
- disable = 0;
|
||||||
|
- } else {
|
||||||
|
- enable = 0;
|
||||||
|
- disable = value;
|
||||||
|
- }
|
||||||
|
- rv = NSS_SetAlgorithmPolicy(algOpt->oid, enable, disable);
|
||||||
|
+ rv = secmod_setPolicyOperation(algOptList->list[j].oid, operation, value);
|
||||||
|
if (rv != SECSuccess) {
|
||||||
|
/* could not enable option */
|
||||||
|
/* NSS_SetAlgorithPolicy should have set the error code */
|
||||||
|
@@ -666,7 +740,7 @@ secmod_applyCryptoPolicy(const char *pol
|
||||||
|
if (unknown && printPolicyFeedback) {
|
||||||
|
PR_SetEnv("NSS_POLICY_FAIL=1");
|
||||||
|
fprintf(stderr, "NSS-POLICY-FAIL %s: unknown identifier: %.*s\n",
|
||||||
|
- allow ? "allow" : "disallow", length, cipher);
|
||||||
|
+ secmod_getOperationString(operation), length, cipher);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return rv;
|
||||||
|
@@ -709,7 +783,8 @@ secmod_sanityCheckCryptoPolicy(void)
|
||||||
|
anyEnabled = PR_TRUE;
|
||||||
|
fprintf(stderr, "NSS-POLICY-INFO: %s is enabled for SSL\n", algOpt->name);
|
||||||
|
}
|
||||||
|
- if ((algOpt->val & NSS_USE_ALG_IN_CERT_SIGNATURE) && (value & NSS_USE_ALG_IN_CERT_SIGNATURE)) {
|
||||||
|
+ if ((algOpt->val & NSS_USE_ALG_IN_CERT_SIGNATURE) &&
|
||||||
|
+ ((value & NSS_USE_CERT_SIGNATURE_OK) == NSS_USE_CERT_SIGNATURE_OK)) {
|
||||||
|
++num_sig_enabled;
|
||||||
|
anyEnabled = PR_TRUE;
|
||||||
|
fprintf(stderr, "NSS-POLICY-INFO: %s is enabled for CERT-SIGNATURE\n", algOpt->name);
|
||||||
|
@@ -740,7 +815,7 @@ secmod_sanityCheckCryptoPolicy(void)
|
||||||
|
static SECStatus
|
||||||
|
secmod_parseCryptoPolicy(const char *policyConfig, PRBool printPolicyFeedback)
|
||||||
|
{
|
||||||
|
- char *disallow, *allow;
|
||||||
|
+ char *args;
|
||||||
|
SECStatus rv;
|
||||||
|
|
||||||
|
if (policyConfig == NULL) {
|
||||||
|
@@ -752,20 +827,46 @@ secmod_parseCryptoPolicy(const char *pol
|
||||||
|
if (rv != SECSuccess) {
|
||||||
|
return rv;
|
||||||
|
}
|
||||||
|
- disallow = NSSUTIL_ArgGetParamValue("disallow", policyConfig);
|
||||||
|
- rv = secmod_applyCryptoPolicy(disallow, PR_FALSE, printPolicyFeedback);
|
||||||
|
- if (disallow)
|
||||||
|
- PORT_Free(disallow);
|
||||||
|
+ args = NSSUTIL_ArgGetParamValue("disallow", policyConfig);
|
||||||
|
+ rv = secmod_applyCryptoPolicy(args, NSS_DISALLOW, printPolicyFeedback);
|
||||||
|
+ if (args)
|
||||||
|
+ PORT_Free(args);
|
||||||
|
if (rv != SECSuccess) {
|
||||||
|
return rv;
|
||||||
|
}
|
||||||
|
- allow = NSSUTIL_ArgGetParamValue("allow", policyConfig);
|
||||||
|
- rv = secmod_applyCryptoPolicy(allow, PR_TRUE, printPolicyFeedback);
|
||||||
|
- if (allow)
|
||||||
|
- PORT_Free(allow);
|
||||||
|
+ args = NSSUTIL_ArgGetParamValue("allow", policyConfig);
|
||||||
|
+ rv = secmod_applyCryptoPolicy(args, NSS_ALLOW, printPolicyFeedback);
|
||||||
|
+ if (args)
|
||||||
|
+ PORT_Free(args);
|
||||||
|
if (rv != SECSuccess) {
|
||||||
|
return rv;
|
||||||
|
}
|
||||||
|
+ args = NSSUTIL_ArgGetParamValue("disable", policyConfig);
|
||||||
|
+ rv = secmod_applyCryptoPolicy(args, NSS_DISABLE, printPolicyFeedback);
|
||||||
|
+ if (args)
|
||||||
|
+ PORT_Free(args);
|
||||||
|
+ if (rv != SECSuccess) {
|
||||||
|
+ return rv;
|
||||||
|
+ }
|
||||||
|
+ args = NSSUTIL_ArgGetParamValue("enable", policyConfig);
|
||||||
|
+ rv = secmod_applyCryptoPolicy(args, NSS_ENABLE, printPolicyFeedback);
|
||||||
|
+ if (args)
|
||||||
|
+ PORT_Free(args);
|
||||||
|
+ if (rv != SECSuccess) {
|
||||||
|
+ return rv;
|
||||||
|
+ }
|
||||||
|
+ /* this has to be last. Everything after this will be a noop */
|
||||||
|
+ if (NSSUTIL_ArgHasFlag("flags", "ssl-lock", policyConfig)) {
|
||||||
|
+ PRInt32 locks;
|
||||||
|
+ /* don't overwrite other (future) lock flags */
|
||||||
|
+ rv = NSS_OptionGet(NSS_DEFAULT_LOCKS, &locks);
|
||||||
|
+ if (rv == SECSuccess) {
|
||||||
|
+ NSS_OptionSet(NSS_DEFAULT_LOCKS, locks | NSS_DEFAULT_SSL_LOCK);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ if (NSSUTIL_ArgHasFlag("flags", "policy-lock", policyConfig)) {
|
||||||
|
+ NSS_LockPolicy();
|
||||||
|
+ }
|
||||||
|
if (printPolicyFeedback) {
|
||||||
|
/* This helps to distinguish configurations that don't contain any
|
||||||
|
* policy config= statement. */
|
||||||
|
diff -up ./lib/ssl/ssl3con.c.orig ./lib/ssl/ssl3con.c
|
||||||
|
--- ./lib/ssl/ssl3con.c.orig 2020-10-29 13:14:14.122727319 -0700
|
||||||
|
+++ ./lib/ssl/ssl3con.c 2020-10-29 13:23:11.101487525 -0700
|
||||||
|
@@ -13534,6 +13534,61 @@ ssl3_DestroySSL3Info(sslSocket *ss)
|
||||||
|
tls13_DestroyEarlyData(&ss->ssl3.hs.bufferedEarlyData);
|
||||||
|
}
|
||||||
|
|
||||||
|
+/*
|
||||||
|
+ * parse the policy value for a single algorithm in a cipher_suite,
|
||||||
|
+ * return TRUE if we disallow by the cipher suite by policy
|
||||||
|
+ * (we don't have to parse any more algorithm policies on this cipher suite),
|
||||||
|
+ * otherwise return FALSE.
|
||||||
|
+ * 1. If we don't have the required policy, disable by default, disallow by
|
||||||
|
+ * policy and return TRUE (no more processing needed).
|
||||||
|
+ * 2. If we have the required policy, and we are disabled, return FALSE,
|
||||||
|
+ * (if we are disabled, we only need to parse policy, not default).
|
||||||
|
+ * 3. If we have the required policy, and we aren't adjusting the defaults
|
||||||
|
+ * return FALSE. (only parsing the policy, not default).
|
||||||
|
+ * 4. We have the required policy and we are adjusting the defaults.
|
||||||
|
+ * If we are setting default = FALSE, set isDisabled to true so that
|
||||||
|
+ * we don't try to re-enable the cipher suite based on a different
|
||||||
|
+ * algorithm.
|
||||||
|
+ */
|
||||||
|
+PRBool
|
||||||
|
+ssl_HandlePolicy(int cipher_suite, SECOidTag policyOid,
|
||||||
|
+ PRUint32 requiredPolicy, PRBool *isDisabled)
|
||||||
|
+{
|
||||||
|
+ PRUint32 policy;
|
||||||
|
+ SECStatus rv;
|
||||||
|
+
|
||||||
|
+ /* first fetch the policy for this algorithm */
|
||||||
|
+ rv = NSS_GetAlgorithmPolicy(policyOid, &policy);
|
||||||
|
+ if (rv != SECSuccess) {
|
||||||
|
+ return PR_FALSE; /* no policy value, continue to the next algorithm */
|
||||||
|
+ }
|
||||||
|
+ /* first, are we allowed by policy, if not turn off allow and disable */
|
||||||
|
+ if (!(policy & requiredPolicy)) {
|
||||||
|
+ ssl_CipherPrefSetDefault(cipher_suite, PR_FALSE);
|
||||||
|
+ ssl_CipherPolicySet(cipher_suite, SSL_NOT_ALLOWED);
|
||||||
|
+ return PR_TRUE;
|
||||||
|
+ }
|
||||||
|
+ /* If we are already disabled, or the policy isn't setting a default
|
||||||
|
+ * we are done processing this algorithm */
|
||||||
|
+ if (*isDisabled || (policy & NSS_USE_DEFAULT_NOT_VALID)) {
|
||||||
|
+ return PR_FALSE;
|
||||||
|
+ }
|
||||||
|
+ /* set the default value for the cipher suite. If we disable the cipher
|
||||||
|
+ * suite, remember that so we don't process the next default. This has
|
||||||
|
+ * the effect of disabling the whole cipher suite if any of the
|
||||||
|
+ * algorithms it uses are disabled by default. We still have to
|
||||||
|
+ * process the upper level because the cipher suite is still allowed
|
||||||
|
+ * by policy, and we may still have to disallow it based on other
|
||||||
|
+ * algorithms in the cipher suite. */
|
||||||
|
+ if (policy & NSS_USE_DEFAULT_SSL_ENABLE) {
|
||||||
|
+ ssl_CipherPrefSetDefault(cipher_suite, PR_TRUE);
|
||||||
|
+ } else {
|
||||||
|
+ *isDisabled = PR_TRUE;
|
||||||
|
+ ssl_CipherPrefSetDefault(cipher_suite, PR_FALSE);
|
||||||
|
+ }
|
||||||
|
+ return PR_FALSE;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
#define MAP_NULL(x) (((x) != 0) ? (x) : SEC_OID_NULL_CIPHER)
|
||||||
|
|
||||||
|
SECStatus
|
||||||
|
@@ -13552,30 +13607,30 @@ ssl3_ApplyNSSPolicy(void)
|
||||||
|
for (i = 1; i < PR_ARRAY_SIZE(cipher_suite_defs); ++i) {
|
||||||
|
const ssl3CipherSuiteDef *suite = &cipher_suite_defs[i];
|
||||||
|
SECOidTag policyOid;
|
||||||
|
+ PRBool isDisabled = PR_FALSE;
|
||||||
|
+
|
||||||
|
+ /* if we haven't explicitly disabled it below enable by policy */
|
||||||
|
+ ssl_CipherPolicySet(suite->cipher_suite, SSL_ALLOWED);
|
||||||
|
|
||||||
|
+ /* now check the various key exchange, ciphers and macs and
|
||||||
|
+ * if we ever disallow by policy, we are done, go to the next cipher
|
||||||
|
+ */
|
||||||
|
policyOid = MAP_NULL(kea_defs[suite->key_exchange_alg].oid);
|
||||||
|
- rv = NSS_GetAlgorithmPolicy(policyOid, &policy);
|
||||||
|
- if (rv == SECSuccess && !(policy & NSS_USE_ALG_IN_SSL_KX)) {
|
||||||
|
- ssl_CipherPrefSetDefault(suite->cipher_suite, PR_FALSE);
|
||||||
|
- ssl_CipherPolicySet(suite->cipher_suite, SSL_NOT_ALLOWED);
|
||||||
|
+ if (ssl_HandlePolicy(suite->cipher_suite, policyOid,
|
||||||
|
+ NSS_USE_ALG_IN_SSL_KX, &isDisabled)) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
policyOid = MAP_NULL(ssl_GetBulkCipherDef(suite)->oid);
|
||||||
|
- rv = NSS_GetAlgorithmPolicy(policyOid, &policy);
|
||||||
|
- if (rv == SECSuccess && !(policy & NSS_USE_ALG_IN_SSL)) {
|
||||||
|
- ssl_CipherPrefSetDefault(suite->cipher_suite, PR_FALSE);
|
||||||
|
- ssl_CipherPolicySet(suite->cipher_suite, SSL_NOT_ALLOWED);
|
||||||
|
+ if (ssl_HandlePolicy(suite->cipher_suite, policyOid,
|
||||||
|
+ NSS_USE_ALG_IN_SSL, &isDisabled)) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (ssl_GetBulkCipherDef(suite)->type != type_aead) {
|
||||||
|
policyOid = MAP_NULL(ssl_GetMacDefByAlg(suite->mac_alg)->oid);
|
||||||
|
- rv = NSS_GetAlgorithmPolicy(policyOid, &policy);
|
||||||
|
- if (rv == SECSuccess && !(policy & NSS_USE_ALG_IN_SSL)) {
|
||||||
|
- ssl_CipherPrefSetDefault(suite->cipher_suite, PR_FALSE);
|
||||||
|
- ssl_CipherPolicySet(suite->cipher_suite,
|
||||||
|
- SSL_NOT_ALLOWED);
|
||||||
|
+ if (ssl_HandlePolicy(suite->cipher_suite, policyOid,
|
||||||
|
+ NSS_USE_ALG_IN_SSL, &isDisabled)) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
diff -up ./lib/ssl/sslsock.c.orig ./lib/ssl/sslsock.c
|
||||||
|
--- ./lib/ssl/sslsock.c.orig 2020-10-29 13:14:14.201727725 -0700
|
||||||
|
+++ ./lib/ssl/sslsock.c 2020-10-29 13:17:16.389664218 -0700
|
||||||
|
@@ -1447,6 +1447,10 @@ SSL_CipherPolicySet(PRInt32 which, PRInt
|
||||||
|
if (rv != SECSuccess) {
|
||||||
|
return rv;
|
||||||
|
}
|
||||||
|
+ if (NSS_IsPolicyLocked()) {
|
||||||
|
+ PORT_SetError(SEC_ERROR_POLICY_LOCKED);
|
||||||
|
+ return SECFailure;
|
||||||
|
+ }
|
||||||
|
return ssl_CipherPolicySet(which, policy);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -1493,10 +1497,15 @@ SECStatus
|
||||||
|
SSL_CipherPrefSetDefault(PRInt32 which, PRBool enabled)
|
||||||
|
{
|
||||||
|
SECStatus rv = ssl_Init();
|
||||||
|
+ PRInt32 locks;
|
||||||
|
|
||||||
|
if (rv != SECSuccess) {
|
||||||
|
return rv;
|
||||||
|
}
|
||||||
|
+ rv = NSS_OptionGet(NSS_DEFAULT_LOCKS, &locks);
|
||||||
|
+ if ((rv == SECSuccess) && (locks & NSS_DEFAULT_SSL_LOCK)) {
|
||||||
|
+ return SECSuccess;
|
||||||
|
+ }
|
||||||
|
return ssl_CipherPrefSetDefault(which, enabled);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -1522,11 +1531,17 @@ SECStatus
|
||||||
|
SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled)
|
||||||
|
{
|
||||||
|
sslSocket *ss = ssl_FindSocket(fd);
|
||||||
|
+ PRInt32 locks;
|
||||||
|
+ SECStatus rv;
|
||||||
|
|
||||||
|
if (!ss) {
|
||||||
|
SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefSet", SSL_GETPID(), fd));
|
||||||
|
return SECFailure;
|
||||||
|
}
|
||||||
|
+ rv = NSS_OptionGet(NSS_DEFAULT_LOCKS, &locks);
|
||||||
|
+ if ((rv == SECSuccess) && (locks & NSS_DEFAULT_SSL_LOCK)) {
|
||||||
|
+ return SECSuccess;
|
||||||
|
+ }
|
||||||
|
if (ssl_IsRemovedCipherSuite(which))
|
||||||
|
return SECSuccess;
|
||||||
|
return ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled);
|
||||||
|
diff -up ./lib/util/nssutil.def.orig ./lib/util/nssutil.def
|
||||||
|
--- ./lib/util/nssutil.def.orig 2020-06-16 15:50:59.000000000 -0700
|
||||||
|
+++ ./lib/util/nssutil.def 2020-10-29 13:17:16.390664223 -0700
|
||||||
|
@@ -334,3 +334,10 @@ NSSUTIL_AddNSSFlagToModuleSpec;
|
||||||
|
;+ local:
|
||||||
|
;+ *;
|
||||||
|
;+};
|
||||||
|
+;+NSSUTIL_3.59 { # NSS Utilities 3.59 release
|
||||||
|
+;+ global:
|
||||||
|
+NSS_IsPolicyLocked;
|
||||||
|
+NSS_LockPolicy;
|
||||||
|
+;+ local:
|
||||||
|
+;+ *;
|
||||||
|
+;+};
|
||||||
|
diff -up ./lib/util/secerr.h.orig ./lib/util/secerr.h
|
||||||
|
--- ./lib/util/secerr.h.orig 2020-10-29 13:17:16.390664223 -0700
|
||||||
|
+++ ./lib/util/secerr.h 2020-10-29 13:28:22.701093270 -0700
|
||||||
|
@@ -210,6 +210,11 @@ typedef enum {
|
||||||
|
|
||||||
|
SEC_ERROR_APPLICATION_CALLBACK_ERROR = (SEC_ERROR_BASE + 178),
|
||||||
|
|
||||||
|
+ SEC_ERROR_INVALID_STATE = (SEC_ERROR_BASE + 179),
|
||||||
|
+
|
||||||
|
+ SEC_ERROR_POLICY_LOCKED = (SEC_ERROR_BASE + 180),
|
||||||
|
+ SEC_ERROR_SIGNATURE_ALGORITHM_DISABLED = (SEC_ERROR_BASE + 181),
|
||||||
|
+
|
||||||
|
/* Add new error codes above here. */
|
||||||
|
SEC_ERROR_END_OF_LIST
|
||||||
|
} SECErrorCodes;
|
||||||
|
diff -up ./lib/util/SECerrs.h.orig ./lib/util/SECerrs.h
|
||||||
|
--- ./lib/util/SECerrs.h.orig 2020-10-29 13:17:16.389664218 -0700
|
||||||
|
+++ ./lib/util/SECerrs.h 2020-10-29 13:26:46.960599243 -0700
|
||||||
|
@@ -549,3 +549,12 @@ ER3(SEC_ERROR_LEGACY_DATABASE, (SEC_ERRO
|
||||||
|
|
||||||
|
ER3(SEC_ERROR_APPLICATION_CALLBACK_ERROR, (SEC_ERROR_BASE + 178),
|
||||||
|
"The certificate was rejected by extra checks in the application.")
|
||||||
|
+
|
||||||
|
+ER3(SEC_ERROR_INVALID_STATE, (SEC_ERROR_BASE + 179),
|
||||||
|
+ "The attempted operation is invalid for the current state.")
|
||||||
|
+
|
||||||
|
+ER3(SEC_ERROR_POLICY_LOCKED, (SEC_ERROR_BASE + 180),
|
||||||
|
+ "Could not change the policy because the policy is now locked.")
|
||||||
|
+
|
||||||
|
+ER3(SEC_ERROR_SIGNATURE_ALGORITHM_DISABLED, (SEC_ERROR_BASE + 181),
|
||||||
|
+ "Could not create or verify a signature using a signature algorithm that is disabled because it is not secure.")
|
||||||
|
diff -up ./lib/util/secoid.c.orig ./lib/util/secoid.c
|
||||||
|
--- ./lib/util/secoid.c.orig 2020-10-29 13:14:14.119727304 -0700
|
||||||
|
+++ ./lib/util/secoid.c 2020-10-29 13:17:16.390664223 -0700
|
||||||
|
@@ -2257,6 +2257,8 @@ NSS_GetAlgorithmPolicy(SECOidTag tag, PR
|
||||||
|
return SECSuccess;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static PRBool nss_policy_locked = PR_FALSE;
|
||||||
|
+
|
||||||
|
/* The Set function modifies the stored value according to the following
|
||||||
|
* algorithm:
|
||||||
|
* policy[tag] = (policy[tag] & ~clearBits) | setBits;
|
||||||
|
@@ -2268,6 +2270,11 @@ NSS_SetAlgorithmPolicy(SECOidTag tag, PR
|
||||||
|
PRUint32 policyFlags;
|
||||||
|
if (!pxo)
|
||||||
|
return SECFailure;
|
||||||
|
+
|
||||||
|
+ if (nss_policy_locked) {
|
||||||
|
+ PORT_SetError(SEC_ERROR_POLICY_LOCKED);
|
||||||
|
+ return SECFailure;
|
||||||
|
+ }
|
||||||
|
/* The stored policy flags are the ones complement of the flags as
|
||||||
|
* seen by the user. This is not atomic, but these changes should
|
||||||
|
* be done rarely, e.g. at initialization time.
|
||||||
|
@@ -2278,6 +2285,20 @@ NSS_SetAlgorithmPolicy(SECOidTag tag, PR
|
||||||
|
return SECSuccess;
|
||||||
|
}
|
||||||
|
|
||||||
|
+/* Get the state of nss_policy_locked */
|
||||||
|
+PRBool
|
||||||
|
+NSS_IsPolicyLocked(void)
|
||||||
|
+{
|
||||||
|
+ return nss_policy_locked;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/* Once the policy is locked, it can't be unlocked */
|
||||||
|
+void
|
||||||
|
+NSS_LockPolicy(void)
|
||||||
|
+{
|
||||||
|
+ nss_policy_locked = PR_TRUE;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/* --------- END OF opaque extended OID table accessor functions ---------*/
|
||||||
|
|
||||||
|
/* for now, this is only used in a single place, so it can remain static */
|
||||||
|
@@ -2339,6 +2360,9 @@ SECOID_Shutdown(void)
|
||||||
|
dynOidEntriesAllocated = 0;
|
||||||
|
dynOidEntriesUsed = 0;
|
||||||
|
}
|
||||||
|
+ /* we are trashing the old policy state now, also reenable changing
|
||||||
|
+ * the policy as well */
|
||||||
|
+ nss_policy_locked = PR_FALSE;
|
||||||
|
memset(xOids, 0, sizeof xOids);
|
||||||
|
return SECSuccess;
|
||||||
|
}
|
||||||
|
diff -up ./lib/util/secoid.h.orig ./lib/util/secoid.h
|
||||||
|
--- ./lib/util/secoid.h.orig 2020-06-16 15:50:59.000000000 -0700
|
||||||
|
+++ ./lib/util/secoid.h 2020-10-29 13:17:16.390664223 -0700
|
||||||
|
@@ -135,6 +135,15 @@ extern SECStatus NSS_GetAlgorithmPolicy(
|
||||||
|
extern SECStatus
|
||||||
|
NSS_SetAlgorithmPolicy(SECOidTag tag, PRUint32 setBits, PRUint32 clearBits);
|
||||||
|
|
||||||
|
+/* Lock the policy so NSS_SetAlgorithmPolicy (and other policy functions)
|
||||||
|
+ * No longer function */
|
||||||
|
+void
|
||||||
|
+NSS_LockPolicy(void);
|
||||||
|
+
|
||||||
|
+/* return true if policy changes are now locked out */
|
||||||
|
+PRBool
|
||||||
|
+NSS_IsPolicyLocked(void);
|
||||||
|
+
|
||||||
|
SEC_END_PROTOS
|
||||||
|
|
||||||
|
#endif /* _SECOID_H_ */
|
||||||
|
diff -up ./lib/util/secoidt.h.orig ./lib/util/secoidt.h
|
||||||
|
--- ./lib/util/secoidt.h.orig 2020-06-16 15:50:59.000000000 -0700
|
||||||
|
+++ ./lib/util/secoidt.h 2020-10-29 13:17:16.390664223 -0700
|
||||||
|
@@ -538,7 +538,24 @@ struct SECOidDataStr {
|
||||||
|
#define NSS_USE_ALG_IN_SSL_KX 0x00000004 /* used in SSL key exchange */
|
||||||
|
#define NSS_USE_ALG_IN_SSL 0x00000008 /* used in SSL record protocol */
|
||||||
|
#define NSS_USE_POLICY_IN_SSL 0x00000010 /* enable policy in SSL protocol */
|
||||||
|
-#define NSS_USE_ALG_RESERVED 0xfffffffc /* may be used in future */
|
||||||
|
+#define NSS_USE_ALG_IN_ANY_SIGNATURE 0x00000020 /* used in S/MIME */
|
||||||
|
+#define NSS_USE_DEFAULT_NOT_VALID 0x80000000 /* clear to make the default flag valid */
|
||||||
|
+#define NSS_USE_DEFAULT_SSL_ENABLE 0x40000000 /* default cipher suite setting 1=enable */
|
||||||
|
+
|
||||||
|
+/* Combo policy bites */
|
||||||
|
+#define NSS_USE_ALG_RESERVED 0x3fffffc0 /* may be used in future */
|
||||||
|
+/* Alias of all the signature values. */
|
||||||
|
+#define NSS_USE_ALG_IN_SIGNATURE (NSS_USE_ALG_IN_CERT_SIGNATURE | \
|
||||||
|
+ NSS_USE_ALG_IN_CMS_SIGNATURE | \
|
||||||
|
+ NSS_USE_ALG_IN_ANY_SIGNATURE)
|
||||||
|
+/* all the bits needed for a certificate signature
|
||||||
|
+ * and only the bits needed for a certificate signature */
|
||||||
|
+#define NSS_USE_CERT_SIGNATURE_OK (NSS_USE_ALG_IN_CERT_SIGNATURE | \
|
||||||
|
+ NSS_USE_ALG_IN_ANY_SIGNATURE)
|
||||||
|
+/* all the bits needed for an SMIME signature
|
||||||
|
+ * and only the bits needed for an SMIME signature */
|
||||||
|
+#define NSS_USE_CMS_SIGNATURE_OK (NSS_USE_ALG_IN_CMS_SIGNATURE | \
|
||||||
|
+ NSS_USE_ALG_IN_ANY_SIGNATURE)
|
||||||
|
|
||||||
|
/* Code MUST NOT SET or CLEAR reserved bits, and must NOT depend on them
|
||||||
|
* being all zeros or having any other known value. The reserved bits
|
||||||
|
diff -up ./tests/policy/crypto-policy.txt.orig ./tests/policy/crypto-policy.txt
|
||||||
|
--- ./tests/policy/crypto-policy.txt.orig 2020-06-16 15:50:59.000000000 -0700
|
||||||
|
+++ ./tests/policy/crypto-policy.txt 2020-10-29 13:17:16.390664223 -0700
|
||||||
|
@@ -3,14 +3,15 @@
|
||||||
|
# col 3: an extended regular expression, expected to match the output
|
||||||
|
# col 4: description of the test
|
||||||
|
#
|
||||||
|
-0 disallow=ALL_allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:SECP256R1:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:aes256-cbc:camellia256-cbc:aes128-gcm:aes128-cbc:camellia128-cbc:SHA256:SHA384:SHA512:SHA1:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:tls-version-min=tls1.0:dtls-version-min=dtls1.0:DH-MIN=1023:DSA-MIN=2048:RSA-MIN=2048 NSS-POLICY-INFO.*LOADED-SUCCESSFULLY Standard policy
|
||||||
|
-0 disallow=ALL_allow=HMAC-SHA1:HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:SECP256R1:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:aes256-cbc:camellia256-cbc:aes128-gcm:aes128-cbc:camellia128-cbc:des-ede3-cbc:rc4:SHA256:SHA384:SHA512:SHA1:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:DHE-DSS:tls-version-min=tls1.0:dtls-version-min=tls1.0:DH-MIN=1023:DSA-MIN=1023:RSA-MIN=1023 NSS-POLICY-INFO.*LOADED-SUCCESSFULLY Legacy policy
|
||||||
|
-0 disallow=ALL_allow=HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:SHA384:SHA512:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=3072:DSA-MIN=3072:RSA-MIN=3072 NSS-POLICY-INFO.*LOADED-SUCCESSFULLY Reduced policy
|
||||||
|
+0 disallow=ALL_allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:SECP256R1:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:aes256-cbc:camellia256-cbc:aes128-gcm:aes128-cbc:camellia128-cbc:SHA256:SHA384:SHA512:SHA1:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:rsa-pkcs:rsa-pss:ecdsa:tls-version-min=tls1.0:dtls-version-min=dtls1.0:DH-MIN=1023:DSA-MIN=2048:RSA-MIN=2048 NSS-POLICY-INFO.*LOADED-SUCCESSFULLY Standard policy
|
||||||
|
+0 disallow=ALL_allow=HMAC-SHA1:HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:SECP256R1:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:aes256-cbc:camellia256-cbc:aes128-gcm:aes128-cbc:camellia128-cbc:des-ede3-cbc:rc4:SHA256:SHA384:SHA512:SHA1:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:DHE-DSS:rsa-pkcs:rsa-pss:ecdsa:tls-version-min=tls1.0:dtls-version-min=tls1.0:DH-MIN=1023:DSA-MIN=1023:RSA-MIN=1023 NSS-POLICY-INFO.*LOADED-SUCCESSFULLY Legacy policy
|
||||||
|
+0 disallow=ALL_allow=HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:SHA384:SHA512:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:rsa-pkcs:rsa-pss:ecdsa:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=3072:DSA-MIN=3072:RSA-MIN=3072 NSS-POLICY-INFO.*LOADED-SUCCESSFULLY Reduced policy
|
||||||
|
2 disallow=ALL_allow=dtls-version-min=:dtls-version-max= NSS-POLICY-FAIL Missing value
|
||||||
|
2 disallow=ALL_allow=RSA-MIN=whatever NSS-POLICY-FAIL Invalid value
|
||||||
|
2 disallow=ALL_allow=flower NSS-POLICY-FAIL Invalid identifier
|
||||||
|
1 disallow=all NSS-POLICY-WARN.*NUMBER-OF-CERT-SIG disallow all
|
||||||
|
-1 disallow=ALL_allow=HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=3072:DSA-MIN=3072:RSA-MIN=3072 NSS-POLICY-WARN.*NUMBER-OF-HASH No Hashes
|
||||||
|
+1 disallow=all/signature NSS-POLICY-WARN.*NUMBER-OF-CERT-SIG disallow all signatures
|
||||||
|
+1 disallow=ALL_allow=HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:rsa-pkcs:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=3072:DSA-MIN=3072:RSA-MIN=3072 NSS-POLICY-WARN.*NUMBER-OF-HASH No Hashes
|
||||||
|
1 disallow=ALL_allow=tls-version-min=0:tls-version-max=0 NSS-POLICY-WARN.*NUMBER-OF-TLS-VERSIONS All TLS versions disabled
|
||||||
|
1 disallow=ALL_allow=dtls-version-min=0:dtls-version-max=0 NSS-POLICY-WARN.*NUMBER-OF-DTLS-VERSIONS All DTLS versions disabled
|
||||||
|
1 disallow=ALL_allow=tls-version-min=tls1.2:tls-version-max=tls1.1 NSS-POLICY-WARN.*NUMBER-OF-TLS-VERSIONS Invalid range of TLS versions
|
||||||
|
diff -up ./tests/policy/policy.sh.orig ./tests/policy/policy.sh
|
||||||
|
--- ./tests/policy/policy.sh.orig 2020-06-16 15:50:59.000000000 -0700
|
||||||
|
+++ ./tests/policy/policy.sh 2020-10-29 13:17:16.391664228 -0700
|
||||||
|
@@ -12,6 +12,28 @@
|
||||||
|
#
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
+policy_init()
|
||||||
|
+{
|
||||||
|
+ SCRIPTNAME=policy.sh # sourced - $0 would point to all.sh
|
||||||
|
+
|
||||||
|
+ if [ -z "${CLEANUP}" ] ; then # if nobody else is responsible for
|
||||||
|
+ CLEANUP="${SCRIPTNAME}" # cleaning this script will do it
|
||||||
|
+ fi
|
||||||
|
+
|
||||||
|
+ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
|
||||||
|
+ cd ../common
|
||||||
|
+ . ./init.sh
|
||||||
|
+ fi
|
||||||
|
+ SCRIPTNAME=policy.sh
|
||||||
|
+
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+policy_cleanup()
|
||||||
|
+{
|
||||||
|
+ cd ${QADIR}
|
||||||
|
+ . common/cleanup.sh
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
ignore_blank_lines()
|
||||||
|
{
|
||||||
|
LC_ALL=C egrep -v '^[[:space:]]*(#|$)' "$1"
|
||||||
|
@@ -53,6 +75,9 @@ NSS=flags=policyOnly,moduleDB
|
||||||
|
html_msg $ret 0 "\"${testname}\" output is expected to match \"${match}\""
|
||||||
|
|
||||||
|
done
|
||||||
|
+ html "</TABLE><BR>"
|
||||||
|
}
|
||||||
|
|
||||||
|
+policy_init
|
||||||
|
policy_run_tests
|
||||||
|
+policy_cleanup
|
||||||
|
diff -up ./tests/ssl/sslpolicy.txt.orig ./tests/ssl/sslpolicy.txt
|
||||||
|
--- ./tests/ssl/sslpolicy.txt.orig 2020-06-16 15:50:59.000000000 -0700
|
||||||
|
+++ ./tests/ssl/sslpolicy.txt 2020-10-29 13:17:16.391664228 -0700
|
||||||
|
@@ -7,8 +7,14 @@
|
||||||
|
# The policy string is set to the config= line in the pkcs11.txt
|
||||||
|
# it currently has 2 keywords:
|
||||||
|
#
|
||||||
|
-# disallow= turn off the use of this algorithm by policy.
|
||||||
|
+# disallow= turn off the use of this algorithm by policy. (implies disable)
|
||||||
|
# allow= allow this algorithm to by used if selected by policy.
|
||||||
|
+# disable= turn off the use of this algorithm even if allowed by policy
|
||||||
|
+# (application can override)
|
||||||
|
+# enable= turn off this algorithm by default (implies allow)
|
||||||
|
+# flags= policy-lock: can't change policy with NSS_SetAlgorithmPolicy,
|
||||||
|
+# NSS_SetOption, or SSL_SetCipherPolicy
|
||||||
|
+# ssl-lock: can't change the cipher suite settings with the application.
|
||||||
|
#
|
||||||
|
# The syntax is disallow=algorithm{/uses}:algorithm{/uses}
|
||||||
|
# where {} signifies an optional element
|
||||||
|
@@ -76,6 +82,9 @@
|
||||||
|
# SECT571R1
|
||||||
|
# Signatures:
|
||||||
|
# DSA
|
||||||
|
+# RSA-PKCS
|
||||||
|
+# RSA-PSS
|
||||||
|
+# ECDSA
|
||||||
|
# Hashes:
|
||||||
|
# MD2
|
||||||
|
# MD4
|
||||||
|
@@ -137,7 +146,8 @@
|
||||||
|
# ssl-key-exchange
|
||||||
|
# key-exchange (includes ssl-key-exchange)
|
||||||
|
# cert-signature
|
||||||
|
-# signature (includes cert-signature)
|
||||||
|
+# all-signature (includes cert-signature)
|
||||||
|
+# signature (all signatures off, some signature allowed based on other option)
|
||||||
|
# all (includes all of the above)
|
||||||
|
#-----------------------------------------------
|
||||||
|
# In addition there are the following options:
|
||||||
|
@@ -147,31 +157,48 @@
|
||||||
|
# they have the following syntax:
|
||||||
|
# allow=min-rsa=512:min-dh=1024
|
||||||
|
#
|
||||||
|
+# in the following tests, we use the cipher suite 'd':
|
||||||
|
+# d SSL3 RSA WITH 3DES EDE CBC SHA (=:000a).
|
||||||
|
+# NOTE: the certificates used in validation are rsa-pkcs1/sha256 signed.
|
||||||
|
+#
|
||||||
|
# Exp Enable Enable Cipher Config Policy Test Name
|
||||||
|
# Ret EC TLS
|
||||||
|
# turn on single cipher
|
||||||
|
- 0 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Allowed by Narrow Policy
|
||||||
|
- 0 noECC SSL3 d disallow=all_allow=hmac-sha1/ssl,ssl-key-exchange:sha256/cert-signature:rsa/ssl-key-exchange:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Allowed by Strict Policy
|
||||||
|
- 0 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Allow All Explicitly
|
||||||
|
- 1 noECC SSL3 d disallow=all Disallow All Explicitly.
|
||||||
|
+ 0 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa-pkcs:rsa:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Allowed by Narrow Policy
|
||||||
|
+ 0 noECC SSL3 d disallow=all_allow=hmac-sha1/ssl,ssl-key-exchange:sha256/all-signature:rsa-pkcs/all-signature:rsa/ssl-key-exchange:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Allowed by Strict Policy
|
||||||
|
+ 0 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:rsa-pkcs/all:dsa/all:rsa-pss/all:ecdsa/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Allow All Explicitly
|
||||||
|
+ 1 noECC SSL3 d disallow=all Disallow All Explicitly
|
||||||
|
# turn off signature only
|
||||||
|
- 1 noECC SSL3 d disallow=sha256 Disallow SHA256 Signatures Explicitly.
|
||||||
|
- 1 noECC SSL3 d disallow=all_allow=hmac-sha1:rsa/ssl-key-exchange:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow SHA256 Signatures Implicitly Narrow.
|
||||||
|
- 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow SHA256 Signatures Implicitly.
|
||||||
|
+ 0 noECC SSL3 d disallow=all/signature Disallow all signatures with Explicitly
|
||||||
|
+ 1 noECC SSL3 d disallow=sha256 Disallow SHA256 Explicitly
|
||||||
|
+ 1 noECC SSL3 d disallow=sha256/cert-signature Disallow SHA256 Certificate signature Explicitly
|
||||||
|
+ 0 noECC SSL3 d disallow=sha256/signature Disallow All SHA256 signatures Explicitly
|
||||||
|
+ 1 noECC SSL3 d disallow=sha256/all-signature Disallow Any SHA256 signature Explicitly
|
||||||
|
+ 1 noECC SSL3 d disallow=all_allow=hmac-sha1:rsa/ssl-key-exchange:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow SHA256 Signatures Implicitly Narrow
|
||||||
|
+ 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha384/all:sha512/all:rsa-pkcs/all:rsa-pss/all:dsa/all:ecdsa/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow SHA256 Signatures Implicitly
|
||||||
|
# turn off single cipher
|
||||||
|
1 noECC SSL3 d disallow=des-ede3-cbc Disallow Cipher Explicitly
|
||||||
|
- 1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa:des-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow Cipher Implicitly Narrow.
|
||||||
|
- 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-verion-max=tls1.2 Disallow Cipher Implicitly.
|
||||||
|
+ 1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa-pkcs:rsa:des-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow Cipher Implicitly Narrow
|
||||||
|
+ 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:rsa-pkcs/all:rsa-pss/all:ecdsa/all:dsa/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-verion-max=tls1.2 Disallow Cipher Implicitly
|
||||||
|
# turn off H-Mac
|
||||||
|
1 noECC SSL3 d disallow=hmac-sha1 Disallow HMAC Explicitly
|
||||||
|
- 1 noECC SSL3 d disallow=all_allow=md5:sha256:rsa:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow HMAC Implicitly Narrow.
|
||||||
|
- 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow HMAC Signatures Implicitly.
|
||||||
|
+ 1 noECC SSL3 d disallow=all_allow=md5:sha256:rsa:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow HMAC Implicitly Narrow
|
||||||
|
+ 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow HMAC Signatures Implicitly
|
||||||
|
# turn off key exchange
|
||||||
|
- 1 noECC SSL3 d disallow=rsa/ssl-key-exchange Disallow Key Exchange Explicitly.
|
||||||
|
- 1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:dh-dss:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow Key Exchange Implicitly Narrow.
|
||||||
|
- 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow Key Exchnage Signatures Implicitly.
|
||||||
|
+ 1 noECC SSL3 d disallow=rsa/ssl-key-exchange Disallow Key Exchange Explicitly
|
||||||
|
+ 1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa-pkcs:dh-dss:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow Key Exchange Implicitly Narrow
|
||||||
|
+ 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:rsa-pkcs/all:rsa-pss/all:ecdsa/all:dsa/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow Key Exchange Signatures Implicitly
|
||||||
|
# turn off version
|
||||||
|
1 noECC SSL3 d allow=tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Exlicitly
|
||||||
|
- 1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa:des-ede3-cbc:tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Implicitly Narrow.
|
||||||
|
- 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Implicitly.
|
||||||
|
- 0 noECC SSL3 d disallow=dsa Disallow DSA Signatures Explicitly.
|
||||||
|
+ 1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa-pkcs:rsa:des-ede3-cbc:tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Implicitly Narrow
|
||||||
|
+ 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:rsa-pkcs/all:rsa-pss/all:ecdsa/all:dsa/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Implicitly
|
||||||
|
+ 0 noECC SSL3 d disallow=dsa Disallow DSA Signatures Explicitly
|
||||||
|
+ 1 noECC SSL3 d disallow=rsa-pkcs Disallow RSA PKCS 1 Signatures Explicitly
|
||||||
|
+# test default settings
|
||||||
|
+# NOTE: tstclient will attempt to overide the defaults, so we detect we
|
||||||
|
+# were successful by locking in our settings
|
||||||
|
+ 0 noECC SSL3 d allow=all_disable=all Disable all by default, application override
|
||||||
|
+ 1 noECC SSL3 d allow=all_disable=all_flags=ssl-lock,policy-lock Disable all by default, prevent application from enabling
|
||||||
|
+ 0 noECC SSL3 d allow=all_disable=all_flags=policy-lock Disable all by default, lock policy (application can still change the ciphers)
|
||||||
|
+# explicitly enable :002f RSA_AES_128_CBC_SHA1 and lock it in
|
||||||
|
+ 0 noECC SSL3 d allow=all_disable=all_enable=hmac-sha1:sha256:rsa-pkcs:rsa:aes128-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0_flags=ssl-lock Lock in a different ciphersuite that the one the application asks for
|
||||||
|
diff -up ./tests/ssl/ssl.sh.orig ./tests/ssl/ssl.sh
|
||||||
|
--- ./tests/ssl/ssl.sh.orig 2020-06-16 15:50:59.000000000 -0700
|
||||||
|
+++ ./tests/ssl/ssl.sh 2020-10-29 13:17:16.391664228 -0700
|
||||||
|
@@ -886,6 +886,7 @@ ssl_policy_listsuites()
|
||||||
|
cp ${P_R_CLIENTDIR}/pkcs11.txt ${P_R_CLIENTDIR}/pkcs11.txt.sav
|
||||||
|
|
||||||
|
# Disallow all explicitly
|
||||||
|
+ testname="listsuites with all cipher disallowed by policy"
|
||||||
|
setup_policy "disallow=all" ${P_R_CLIENTDIR}
|
||||||
|
RET_EXP=1
|
||||||
|
list_enabled_suites | grep '^TLS_'
|
||||||
|
@@ -894,6 +895,7 @@ ssl_policy_listsuites()
|
||||||
|
"produced a returncode of $RET, expected is $RET_EXP"
|
||||||
|
|
||||||
|
# Disallow RSA in key exchange explicitly
|
||||||
|
+ testname="listsuites with rsa cipher disallowed by policy"
|
||||||
|
setup_policy "disallow=rsa/ssl-key-exchange" ${P_R_CLIENTDIR}
|
||||||
|
RET_EXP=1
|
||||||
|
list_enabled_suites | grep '^TLS_RSA_'
|
||||||
|
@@ -901,6 +903,34 @@ ssl_policy_listsuites()
|
||||||
|
html_msg $RET $RET_EXP "${testname}" \
|
||||||
|
"produced a returncode of $RET, expected is $RET_EXP"
|
||||||
|
|
||||||
|
+ # allow by policy, but disable by default
|
||||||
|
+ testname="listsuites with all ciphers enabled by policy but disabled by default"
|
||||||
|
+ setup_policy "allow=all disable=all" ${P_R_CLIENTDIR}
|
||||||
|
+ RET_EXP=1
|
||||||
|
+ list_enabled_suites | grep '^TLS_'
|
||||||
|
+ RET=$?
|
||||||
|
+ html_msg $RET $RET_EXP "${testname}" \
|
||||||
|
+ "produced a returncode of $RET, expected is $RET_EXP"
|
||||||
|
+
|
||||||
|
+ # allow by policy, but disable by default just rsa-kea
|
||||||
|
+ testname="listsuites with all ciphers enabled by policy but rsa disabled by default"
|
||||||
|
+ setup_policy "allow=all disable=rsa/ssl-key-exchange" ${P_R_CLIENTDIR}
|
||||||
|
+ RET_EXP=1
|
||||||
|
+ list_enabled_suites | grep '^TLS_RSA_'
|
||||||
|
+ RET=$?
|
||||||
|
+ html_msg $RET $RET_EXP "${testname}" \
|
||||||
|
+ "produced a returncode of $RET, expected is $RET_EXP"
|
||||||
|
+
|
||||||
|
+ # list_enabled_suites tries to set a policy value explicitly, This will
|
||||||
|
+ # cause list_enabled_suites to fail if we lock the policy
|
||||||
|
+ testname="listsuites with policy locked"
|
||||||
|
+ setup_policy "allow=all flags=policy-lock" ${P_R_CLIENTDIR}
|
||||||
|
+ RET_EXP=1
|
||||||
|
+ SSL_DIR="${P_R_CLIENTDIR}" ${BINDIR}/listsuites
|
||||||
|
+ RET=$?
|
||||||
|
+ html_msg $RET $RET_EXP "${testname}" \
|
||||||
|
+ "produced a returncode of $RET, expected is $RET_EXP"
|
||||||
|
+
|
||||||
|
cp ${P_R_CLIENTDIR}/pkcs11.txt.sav ${P_R_CLIENTDIR}/pkcs11.txt
|
||||||
|
|
||||||
|
html "</TABLE><BR>"
|
||||||
|
@@ -925,6 +955,7 @@ ssl_policy_selfserv()
|
||||||
|
cp ${P_R_SERVERDIR}/pkcs11.txt ${P_R_SERVERDIR}/pkcs11.txt.sav
|
||||||
|
|
||||||
|
# Disallow RSA in key exchange explicitly
|
||||||
|
+ testname="Disallow RSA key exchange explicitly"
|
||||||
|
setup_policy "disallow=rsa/ssl-key-exchange" ${P_R_SERVERDIR}
|
||||||
|
|
||||||
|
SAVE_SERVER_OPTIONS=${SERVER_OPTIONS}
|
||||||
|
|
417
SOURCES/nss-3.53.1-ike-app-b-fix.patch
Normal file
417
SOURCES/nss-3.53.1-ike-app-b-fix.patch
Normal file
@ -0,0 +1,417 @@
|
|||||||
|
diff -up ./gtests/common/testvectors_base/test-structs.h.orig ./gtests/common/testvectors_base/test-structs.h
|
||||||
|
--- ./gtests/common/testvectors_base/test-structs.h.orig 2020-06-16 15:50:59.000000000 -0700
|
||||||
|
+++ ./gtests/common/testvectors_base/test-structs.h 2020-12-05 10:54:36.648849921 -0800
|
||||||
|
@@ -66,6 +66,31 @@ typedef struct EcdhTestVectorStr {
|
||||||
|
bool valid;
|
||||||
|
} EcdhTestVector;
|
||||||
|
|
||||||
|
+enum class IkeTestType {
|
||||||
|
+ ikeGxy, /* CKM_NSS_IKE_PRF_DERIVE case 1 */
|
||||||
|
+ ikeV1Psk, /* CKM_NSS_IKE_PRF_DERIVE case 2 */
|
||||||
|
+ ikeV2Rekey, /* CKM_NSS_IKE_PRF_DERIVE case 3 */
|
||||||
|
+ ikeV1, /* CKM_NSS_IKE1_PRF_DERIVE */
|
||||||
|
+ ikeV1AppB, /* CKM_NSS_IKE1_PRF_APP_B_DERIVE base mode */
|
||||||
|
+ ikeV1AppBQuick, /* CKM_NSS_IKE1_PRF_APP_B_DERIVE quick mode */
|
||||||
|
+ ikePlus /* CKM_NSS_IKE_PRF_DERIVE */
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+typedef struct IkeTestVectorStr {
|
||||||
|
+ uint32_t id;
|
||||||
|
+ IkeTestType test_type;
|
||||||
|
+ std::string ikm;
|
||||||
|
+ std::string gxykm;
|
||||||
|
+ std::string prevkm;
|
||||||
|
+ std::string okm;
|
||||||
|
+ std::string Ni;
|
||||||
|
+ std::string Nr;
|
||||||
|
+ std::string seed_data;
|
||||||
|
+ uint8_t key_number;
|
||||||
|
+ uint32_t size;
|
||||||
|
+ bool valid;
|
||||||
|
+} IkeTestVector;
|
||||||
|
+
|
||||||
|
typedef struct RsaSignatureTestVectorStr {
|
||||||
|
SECOidTag hash_oid;
|
||||||
|
uint32_t id;
|
||||||
|
diff -up ./gtests/common/testvectors/ike-sha1-vectors.h.orig ./gtests/common/testvectors/ike-sha1-vectors.h
|
||||||
|
--- ./gtests/common/testvectors/ike-sha1-vectors.h.orig 2020-12-05 10:54:36.649849926 -0800
|
||||||
|
+++ ./gtests/common/testvectors/ike-sha1-vectors.h 2020-12-05 11:01:09.170017713 -0800
|
||||||
|
@@ -0,0 +1,114 @@
|
||||||
|
+/* vim: set ts=2 et sw=2 tw=80: */
|
||||||
|
+/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||||
|
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
||||||
|
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||||
|
+
|
||||||
|
+/* This file is generated from sources in nss/gtests/common/wycheproof
|
||||||
|
+ * automatically and should not be touched manually.
|
||||||
|
+ * Generation is trigged by calling python3 genTestVectors.py */
|
||||||
|
+
|
||||||
|
+#ifndef ike_sha1_vectors_h__
|
||||||
|
+#define ike_sha1_vectors_h__
|
||||||
|
+
|
||||||
|
+#include "testvectors_base/test-structs.h"
|
||||||
|
+
|
||||||
|
+const IkeTestVector kIkeSha1ProofVectors[] = {
|
||||||
|
+ // these vectors are from this NIST samples
|
||||||
|
+ {1, IkeTestType::ikeGxy,
|
||||||
|
+ "8ba4cbc73c0187301dc19a975823854dbd641c597f637f8d053a83b9514673eb",
|
||||||
|
+ "", "", "707197817fb2d90cf54d1842606bdea59b9f4823",
|
||||||
|
+ "69a62284195f1680", "80c94ba25c8abda5",
|
||||||
|
+ "", 0, 0, true },
|
||||||
|
+ {2, IkeTestType::ikeV1,
|
||||||
|
+ "707197817fb2d90cf54d1842606bdea59b9f4823",
|
||||||
|
+ "8ba4cbc73c0187301dc19a975823854dbd641c597f637f8d053a83b9514673eb",
|
||||||
|
+ "", "384be709a8a5e63c3ed160cfe3921c4b37d5b32d",
|
||||||
|
+ "8c3bcd3a69831d7f", "d2d9a7ff4fbe95a7",
|
||||||
|
+ "", 0, 0, true },
|
||||||
|
+ {3, IkeTestType::ikeV1,
|
||||||
|
+ "707197817fb2d90cf54d1842606bdea59b9f4823",
|
||||||
|
+ "8ba4cbc73c0187301dc19a975823854dbd641c597f637f8d053a83b9514673eb",
|
||||||
|
+ "384be709a8a5e63c3ed160cfe3921c4b37d5b32d",
|
||||||
|
+ "48b327575abe3adba0f279849e289022a13e2b47",
|
||||||
|
+ "8c3bcd3a69831d7f", "d2d9a7ff4fbe95a7",
|
||||||
|
+ "", 1, 0, true },
|
||||||
|
+ {4, IkeTestType::ikeV1,
|
||||||
|
+ "707197817fb2d90cf54d1842606bdea59b9f4823",
|
||||||
|
+ "8ba4cbc73c0187301dc19a975823854dbd641c597f637f8d053a83b9514673eb",
|
||||||
|
+ "48b327575abe3adba0f279849e289022a13e2b47",
|
||||||
|
+ "a4a415c8e0c38c0da847c356cc61c24df8025560",
|
||||||
|
+ "8c3bcd3a69831d7f", "d2d9a7ff4fbe95a7",
|
||||||
|
+ "", 2, 0, true },
|
||||||
|
+ {5, IkeTestType::ikeV1Psk, "c0", "", "",
|
||||||
|
+ "ab3be41bc62f2ef0c41a3076d58768be77fadd2e",
|
||||||
|
+ "03a6f25a83c8c2a3", "9d958a6618f77e7f",
|
||||||
|
+ "", 0, 0, true },
|
||||||
|
+ {6, IkeTestType::ikeGxy,
|
||||||
|
+ "4b2c1f971981a8ad8d0abeafabf38cf75fc8349c148142465ed9c8b516b8be52",
|
||||||
|
+ "", "", "a9a7b222b59f8f48645f28a1db5b5f5d7479cba7",
|
||||||
|
+ "32b50d5f4a3763f3", "9206a04b26564cb1",
|
||||||
|
+ "", 0, 0, true },
|
||||||
|
+ {7, IkeTestType::ikeV2Rekey,
|
||||||
|
+ "a14293677cc80ff8f9cc0eee30d895da9d8f4056",
|
||||||
|
+ "863f3c9d06efd39d2b907b97f8699e5dd5251ef64a2a176f36ee40c87d4f9330",
|
||||||
|
+ "", "63e81194946ebd05df7df5ebf5d8750056bf1f1d",
|
||||||
|
+ "32b50d5f4a3763f3", "9206a04b26564cb1",
|
||||||
|
+ "", 0, 0, true },
|
||||||
|
+ {8, IkeTestType::ikePlus,
|
||||||
|
+ "a9a7b222b59f8f48645f28a1db5b5f5d7479cba7", "", "",
|
||||||
|
+ "a14293677cc80ff8f9cc0eee30d895da9d8f405666e30ef0dfcb63c634a46002a2a63080e514a062768b76606f9fa5e992204fc5a670bde3f10d6b027113936a5c55b648a194ae587b0088d52204b702c979fa280870d2ed41efa9c549fd11198af1670b143d384bd275c5f594cf266b05ebadca855e4249520a441a81157435a7a56cc4", "", "",
|
||||||
|
+ // seed_data is Ni || Nr || SPIi || SPIr
|
||||||
|
+ // NOTE: there is no comma so the strings are concatenated together.
|
||||||
|
+ "32b50d5f4a3763f3" // Ni
|
||||||
|
+ "9206a04b26564cb1" // Nr
|
||||||
|
+ "34c9e7c188868785" // SPIi
|
||||||
|
+ "3ff77d760d2b2199", // SPIr
|
||||||
|
+ 0, 132, true },
|
||||||
|
+ {9, IkeTestType::ikePlus,
|
||||||
|
+ "a9a7b222b59f8f48645f28a1db5b5f5d7479cba7", "", "",
|
||||||
|
+ "a14293677cc80ff8f9cc0eee30d895da9d8f405666e30ef0dfcb63c634a46002a2a63080e514a062", "", "",
|
||||||
|
+ // seed_data is Ni || Nr || SPIi || SPIr
|
||||||
|
+ // NOTE: there is no comma so the strings are concatenated together.
|
||||||
|
+ "32b50d5f4a3763f3" // Ni
|
||||||
|
+ "9206a04b26564cb1" // Nr
|
||||||
|
+ "34c9e7c188868785" // SPIi
|
||||||
|
+ "3ff77d760d2b2199", // SPIr
|
||||||
|
+ 0, 40, true },
|
||||||
|
+ {10, IkeTestType::ikePlus,
|
||||||
|
+ "a9a7b222b59f8f48645f28a1db5b5f5d7479cba7", "", "",
|
||||||
|
+ "a14293677cc80ff8f9cc0eee30d895", "", "",
|
||||||
|
+ // seed_data is Ni || Nr || SPIi || SPIr
|
||||||
|
+ // NOTE: there is no comma so the strings are concatenated together.
|
||||||
|
+ "32b50d5f4a3763f3" // Ni
|
||||||
|
+ "9206a04b26564cb1" // Nr
|
||||||
|
+ "34c9e7c188868785" // SPIi
|
||||||
|
+ "3ff77d760d2b2199", // SPIr
|
||||||
|
+ 0, 15, true },
|
||||||
|
+ // these vectors are self-generated
|
||||||
|
+ {11, IkeTestType::ikeV1AppB,
|
||||||
|
+ "63e81194946ebd05df7df5ebf5d8750056bf1f1d", "", "",
|
||||||
|
+ "933347a07de5782247dd36d1562ffe0eecade1eb4134165257e3af1000af8ae3f165063828cbb60d910b7db38fa3c7f62c4afaaf3203da065c841729853edb23e9e7ac8286ae65c8cb6c667d79268c0bd6705abb9131698eb822b1c1f9dd142fc7be2c1010ee0152e10195add98999c6b6d42c8fe9c1b134d56ad5f2c6f20e815bd25c52",
|
||||||
|
+ "", "", "", 0, 132, true },
|
||||||
|
+ {12, IkeTestType::ikeV1AppB,
|
||||||
|
+ "63e81194946ebd05df7df5ebf5d8750056bf1f1d", "", "",
|
||||||
|
+ "933347a07de5782247dd36d1562ffe0eecade1eb4134165257e3af1000af8ae3f165063828cbb60d",
|
||||||
|
+ "", "", "", 0, 40, true },
|
||||||
|
+ {13, IkeTestType::ikeV1AppB,
|
||||||
|
+ "63e81194946ebd05df7df5ebf5d8750056bf1f1d", "", "",
|
||||||
|
+ "63e81194946ebd05df7df5ebf5d875",
|
||||||
|
+ "", "", "", 0, 15, true },
|
||||||
|
+ {14, IkeTestType::ikeV1AppBQuick,
|
||||||
|
+ "63e81194946ebd05df7df5ebf5d8750056bf1f1d", "", "",
|
||||||
|
+ "933347a07de5782247dd36d1562ffe0eecade1ebaeaa476a5f578c34a9b2b7101a621202f61db924c5ef9efa3bb2698095841603b7ac8a880329a927ecd4ad53a944b607a5ac2f3d154e2748c188d7370d76be83fc204fdacf0f66b99dd760ba619ffac65eda1420c8a936dac5a599afaf4043b29ef2b65dc042724355b550875316c6fd",
|
||||||
|
+ "", "", "0", 0, 132, true },
|
||||||
|
+ {15, IkeTestType::ikeV1AppBQuick,
|
||||||
|
+ "63e81194946ebd05df7df5ebf5d8750056bf1f1d", "", "",
|
||||||
|
+ "933347a07de5782247dd36d1562ffe0eecade1ebaeaa476a5f578c34a9b2b7101a621202f61db924",
|
||||||
|
+ "", "", "0", 0, 40, true },
|
||||||
|
+ {16, IkeTestType::ikeV1AppBQuick,
|
||||||
|
+ "63e81194946ebd05df7df5ebf5d8750056bf1f1d", "", "",
|
||||||
|
+ "933347a07de5782247dd36d1562ffe",
|
||||||
|
+ "", "", "0", 0, 15, true },
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+#endif // ike_sha1_vectors_h__
|
||||||
|
diff -up ./gtests/pk11_gtest/manifest.mn.orig ./gtests/pk11_gtest/manifest.mn
|
||||||
|
--- ./gtests/pk11_gtest/manifest.mn.orig 2020-12-05 10:53:12.529385354 -0800
|
||||||
|
+++ ./gtests/pk11_gtest/manifest.mn 2020-12-05 10:54:36.649849926 -0800
|
||||||
|
@@ -22,6 +22,7 @@ CPPSRCS = \
|
||||||
|
pk11_export_unittest.cc \
|
||||||
|
pk11_find_certs_unittest.cc \
|
||||||
|
pk11_hkdf_unittest.cc \
|
||||||
|
+ pk11_ike_unittest.cc \
|
||||||
|
pk11_import_unittest.cc \
|
||||||
|
pk11_kdf_unittest.cc \
|
||||||
|
pk11_kbkdf.cc \
|
||||||
|
diff -up ./gtests/pk11_gtest/pk11_gtest.gyp.orig ./gtests/pk11_gtest/pk11_gtest.gyp
|
||||||
|
--- ./gtests/pk11_gtest/pk11_gtest.gyp.orig 2020-06-16 15:50:59.000000000 -0700
|
||||||
|
+++ ./gtests/pk11_gtest/pk11_gtest.gyp 2020-12-05 10:54:36.649849926 -0800
|
||||||
|
@@ -27,6 +27,7 @@
|
||||||
|
'pk11_encrypt_derive_unittest.cc',
|
||||||
|
'pk11_find_certs_unittest.cc',
|
||||||
|
'pk11_hkdf_unittest.cc',
|
||||||
|
+ 'pk11_ike_unittest.cc',
|
||||||
|
'pk11_import_unittest.cc',
|
||||||
|
'pk11_kbkdf.cc',
|
||||||
|
'pk11_keygen.cc',
|
||||||
|
diff -up ./gtests/pk11_gtest/pk11_ike_unittest.cc.orig ./gtests/pk11_gtest/pk11_ike_unittest.cc
|
||||||
|
--- ./gtests/pk11_gtest/pk11_ike_unittest.cc.orig 2020-12-05 10:54:36.649849926 -0800
|
||||||
|
+++ ./gtests/pk11_gtest/pk11_ike_unittest.cc 2020-12-05 10:54:36.649849926 -0800
|
||||||
|
@@ -0,0 +1,197 @@
|
||||||
|
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
||||||
|
+/* vim: set ts=2 et sw=2 tw=80: */
|
||||||
|
+/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||||
|
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
||||||
|
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||||
|
+
|
||||||
|
+#include <memory>
|
||||||
|
+#include "blapi.h"
|
||||||
|
+#include "gtest/gtest.h"
|
||||||
|
+#include "nss.h"
|
||||||
|
+#include "nss_scoped_ptrs.h"
|
||||||
|
+#include "pk11pub.h"
|
||||||
|
+#include "secerr.h"
|
||||||
|
+#include "sechash.h"
|
||||||
|
+#include "util.h"
|
||||||
|
+
|
||||||
|
+#include "testvectors/ike-sha1-vectors.h"
|
||||||
|
+#ifdef notdef
|
||||||
|
+#include "testvectors/ike-sha256-vectors.h"
|
||||||
|
+#include "testvectors/ike-aesxcbc-vectors.h"
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+namespace nss_test {
|
||||||
|
+
|
||||||
|
+class Pkcs11IkeTest
|
||||||
|
+ : public ::testing::TestWithParam<
|
||||||
|
+ std::tuple<IkeTestVector, CK_MECHANISM_TYPE>> {
|
||||||
|
+ protected:
|
||||||
|
+ void dump_item(const char *label, SECItem *item) {
|
||||||
|
+ printf("%s: %d bytes { \"",label, item->len);
|
||||||
|
+ unsigned int i;
|
||||||
|
+ for (i=0; i < item->len; i++) {
|
||||||
|
+ printf("%02x",item->data[i]);
|
||||||
|
+ }
|
||||||
|
+ printf("\"\n");
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ ScopedPK11SymKey ImportKey(SECItem &ikm_item) {
|
||||||
|
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
|
||||||
|
+ if (!slot) {
|
||||||
|
+ ADD_FAILURE() << "Can't get slot";
|
||||||
|
+ return nullptr;
|
||||||
|
+ }
|
||||||
|
+ ScopedPK11SymKey ikm(PK11_ImportSymKey(slot.get(),
|
||||||
|
+ CKM_GENERIC_SECRET_KEY_GEN,
|
||||||
|
+ PK11_OriginUnwrap, CKA_DERIVE, &ikm_item,
|
||||||
|
+ nullptr));
|
||||||
|
+ return ikm;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ void RunVectorTest(const IkeTestVector &vec, CK_MECHANISM_TYPE prf_mech) {
|
||||||
|
+ std::string msg = "Test #" + std::to_string(vec.id) + " failed";
|
||||||
|
+ std::vector<uint8_t> vec_ikm = hex_string_to_bytes(vec.ikm);
|
||||||
|
+ std::vector<uint8_t> vec_okm = hex_string_to_bytes(vec.okm);
|
||||||
|
+ std::vector<uint8_t> vec_gxykm = hex_string_to_bytes(vec.gxykm);
|
||||||
|
+ std::vector<uint8_t> vec_prevkm = hex_string_to_bytes(vec.prevkm);
|
||||||
|
+ std::vector<uint8_t> vec_Ni = hex_string_to_bytes(vec.Ni);
|
||||||
|
+ std::vector<uint8_t> vec_Nr = hex_string_to_bytes(vec.Nr);
|
||||||
|
+ std::vector<uint8_t> vec_seed_data = hex_string_to_bytes(vec.seed_data);
|
||||||
|
+ SECItem ikm_item = {siBuffer, vec_ikm.data(),
|
||||||
|
+ static_cast<unsigned int>(vec_ikm.size())};
|
||||||
|
+ SECItem okm_item = {siBuffer, vec_okm.data(),
|
||||||
|
+ static_cast<unsigned int>(vec_okm.size())};
|
||||||
|
+ SECItem prevkm_item = {siBuffer, vec_prevkm.data(),
|
||||||
|
+ static_cast<unsigned int>(vec_prevkm.size())};
|
||||||
|
+ SECItem gxykm_item = {siBuffer, vec_gxykm.data(),
|
||||||
|
+ static_cast<unsigned int>(vec_gxykm.size())};
|
||||||
|
+ CK_MECHANISM_TYPE derive_mech = CKM_NSS_IKE_PRF_DERIVE;
|
||||||
|
+ ScopedPK11SymKey gxy_key= nullptr;
|
||||||
|
+ ScopedPK11SymKey prev_key= nullptr;
|
||||||
|
+ ScopedPK11SymKey ikm = ImportKey(ikm_item);
|
||||||
|
+
|
||||||
|
+ // IKE_PRF structure (used in cases 1, 2 and 3)
|
||||||
|
+ CK_NSS_IKE_PRF_DERIVE_PARAMS nss_ike_prf_params = {
|
||||||
|
+ prf_mech, false, false,
|
||||||
|
+ vec_Ni.data(), static_cast<CK_ULONG>(vec_Ni.size()),
|
||||||
|
+ vec_Nr.data(), static_cast<CK_ULONG>(vec_Nr.size()),
|
||||||
|
+ CK_INVALID_HANDLE
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ // IKE_V1_PRF, used to derive session keys.
|
||||||
|
+ CK_NSS_IKE1_PRF_DERIVE_PARAMS nss_ike_v1_prf_params = {
|
||||||
|
+ prf_mech, false, CK_INVALID_HANDLE, CK_INVALID_HANDLE,
|
||||||
|
+ vec_Ni.data(), static_cast<CK_ULONG>(vec_Ni.size()),
|
||||||
|
+ vec_Nr.data(), static_cast<CK_ULONG>(vec_Nr.size()),
|
||||||
|
+ vec.key_number
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ // IKE_V1_APP_B, do quick mode (all session keys in one call).
|
||||||
|
+ CK_NSS_IKE1_APP_B_PRF_DERIVE_PARAMS nss_ike_app_b_prf_params_quick = {
|
||||||
|
+ prf_mech, false, CK_INVALID_HANDLE,
|
||||||
|
+ vec_seed_data.data(), static_cast<CK_ULONG>(vec_seed_data.size())
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ // IKE_V1_APP_B, used for long session keys in ike_v1
|
||||||
|
+ CK_MECHANISM_TYPE nss_ike_app_b_prf_params = prf_mech;
|
||||||
|
+
|
||||||
|
+ // IKE_PRF_PLUS, used to generate session keys in ike v2
|
||||||
|
+ CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS nss_ike_prf_plus_params = {
|
||||||
|
+ prf_mech, false, CK_INVALID_HANDLE,
|
||||||
|
+ vec_seed_data.data(), static_cast<CK_ULONG>(vec_seed_data.size())
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+ SECItem params_item = {siBuffer, (unsigned char *)&nss_ike_prf_params,
|
||||||
|
+ sizeof(nss_ike_prf_params)};
|
||||||
|
+
|
||||||
|
+ switch (vec.test_type) {
|
||||||
|
+ case IkeTestType::ikeGxy:
|
||||||
|
+ nss_ike_prf_params.bDataAsKey = true;
|
||||||
|
+ break;
|
||||||
|
+ case IkeTestType::ikeV1Psk:
|
||||||
|
+ break;
|
||||||
|
+ case IkeTestType::ikeV2Rekey:
|
||||||
|
+ nss_ike_prf_params.bRekey = true;
|
||||||
|
+ gxy_key = ImportKey(gxykm_item);
|
||||||
|
+ nss_ike_prf_params.hNewKey = PK11_GetSymKeyHandle(gxy_key.get());
|
||||||
|
+ break;
|
||||||
|
+ case IkeTestType::ikeV1:
|
||||||
|
+ derive_mech = CKM_NSS_IKE1_PRF_DERIVE;
|
||||||
|
+ params_item.data = (unsigned char *) &nss_ike_v1_prf_params;
|
||||||
|
+ params_item.len = sizeof(nss_ike_v1_prf_params);
|
||||||
|
+ gxy_key = ImportKey(gxykm_item);
|
||||||
|
+ nss_ike_v1_prf_params.hKeygxy = PK11_GetSymKeyHandle(gxy_key.get());
|
||||||
|
+ if (prevkm_item.len != 0) {
|
||||||
|
+ prev_key = ImportKey(prevkm_item);
|
||||||
|
+ nss_ike_v1_prf_params.bHasPrevKey = true;
|
||||||
|
+ nss_ike_v1_prf_params.hPrevKey = PK11_GetSymKeyHandle(prev_key.get());
|
||||||
|
+ }
|
||||||
|
+ break;
|
||||||
|
+ case IkeTestType::ikeV1AppB:
|
||||||
|
+ derive_mech = CKM_NSS_IKE1_APP_B_PRF_DERIVE;
|
||||||
|
+ params_item.data = (unsigned char *) &nss_ike_app_b_prf_params;
|
||||||
|
+ params_item.len = sizeof(nss_ike_app_b_prf_params);
|
||||||
|
+ break;
|
||||||
|
+ case IkeTestType::ikeV1AppBQuick:
|
||||||
|
+ derive_mech = CKM_NSS_IKE1_APP_B_PRF_DERIVE;
|
||||||
|
+ params_item.data = (unsigned char *) &nss_ike_app_b_prf_params_quick;
|
||||||
|
+ params_item.len = sizeof(nss_ike_app_b_prf_params_quick);
|
||||||
|
+ if (gxykm_item.len != 0) {
|
||||||
|
+ gxy_key = ImportKey(gxykm_item);
|
||||||
|
+ nss_ike_app_b_prf_params_quick.bHasKeygxy = true;
|
||||||
|
+ nss_ike_app_b_prf_params_quick.hKeygxy =
|
||||||
|
+ PK11_GetSymKeyHandle(gxy_key.get());
|
||||||
|
+ }
|
||||||
|
+ break;
|
||||||
|
+ case IkeTestType::ikePlus:
|
||||||
|
+ derive_mech = CKM_NSS_IKE_PRF_PLUS_DERIVE;
|
||||||
|
+ params_item.data = (unsigned char *) &nss_ike_prf_plus_params;
|
||||||
|
+ params_item.len = sizeof(nss_ike_prf_plus_params);
|
||||||
|
+ break;
|
||||||
|
+ default:
|
||||||
|
+ ADD_FAILURE() << msg;
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+ ASSERT_NE(nullptr, ikm) << msg;
|
||||||
|
+
|
||||||
|
+ ScopedPK11SymKey okm = ScopedPK11SymKey(
|
||||||
|
+ PK11_Derive(ikm.get(), derive_mech, ¶ms_item,
|
||||||
|
+ CKM_GENERIC_SECRET_KEY_GEN, CKA_DERIVE, vec.size));
|
||||||
|
+ if (vec.valid) {
|
||||||
|
+ ASSERT_NE(nullptr, okm.get()) << msg;
|
||||||
|
+ ASSERT_EQ(SECSuccess, PK11_ExtractKeyValue(okm.get())) << msg;
|
||||||
|
+ SECItem *outItem = PK11_GetKeyData(okm.get());
|
||||||
|
+ if (SECITEM_CompareItem(&okm_item, outItem) != 0) {
|
||||||
|
+ dump_item("expected key:", &okm_item);
|
||||||
|
+ dump_item("calculated key:", outItem);
|
||||||
|
+ }
|
||||||
|
+ ASSERT_EQ(0, SECITEM_CompareItem(&okm_item, PK11_GetKeyData(okm.get())))
|
||||||
|
+ << msg;
|
||||||
|
+ } else {
|
||||||
|
+ ASSERT_EQ(nullptr, okm.get()) << msg;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+TEST_P(Pkcs11IkeTest, IkeproofVectors) {
|
||||||
|
+ RunVectorTest(std::get<0>(GetParam()), std::get<1>(GetParam()));
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+INSTANTIATE_TEST_CASE_P(
|
||||||
|
+ IkeSha1, Pkcs11IkeTest,
|
||||||
|
+ ::testing::Combine(::testing::ValuesIn(kIkeSha1ProofVectors),
|
||||||
|
+ ::testing::Values(CKM_SHA_1_HMAC)));
|
||||||
|
+#ifdef notdef
|
||||||
|
+INSTANTIATE_TEST_CASE_P(
|
||||||
|
+ IkeSha256, Pkcs11IkeTest,
|
||||||
|
+ ::testing::Combine(::testing::ValuesIn(kIkeSha256ProofVectors),
|
||||||
|
+ ::testing::Values(CKM_SHA256_HMAC)));
|
||||||
|
+
|
||||||
|
+INSTANTIATE_TEST_CASE_P(
|
||||||
|
+ IkeAESXCBC, Pkcs11IkeTest,
|
||||||
|
+ ::testing::Combine(::testing::ValuesIn(kIkeAesXcbcProofVectors),
|
||||||
|
+ ::testing::Values(CKM_AES_XCBC_MAC)));
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+} // namespace nss_test
|
||||||
|
diff -up ./lib/softoken/sftkike.c.orig ./lib/softoken/sftkike.c
|
||||||
|
--- ./lib/softoken/sftkike.c.orig 2020-12-05 10:53:12.629385906 -0800
|
||||||
|
+++ ./lib/softoken/sftkike.c 2020-12-05 10:59:16.073393113 -0800
|
||||||
|
@@ -720,6 +720,7 @@ sftk_ike1_appendix_b_prf(CK_SESSION_HAND
|
||||||
|
unsigned int macSize;
|
||||||
|
unsigned int outKeySize;
|
||||||
|
unsigned int genKeySize;
|
||||||
|
+ PRBool quickMode = PR_FALSE;
|
||||||
|
CK_RV crv;
|
||||||
|
prfContext context;
|
||||||
|
|
||||||
|
@@ -748,6 +749,11 @@ sftk_ike1_appendix_b_prf(CK_SESSION_HAND
|
||||||
|
crv = CKR_KEY_HANDLE_INVALID;
|
||||||
|
goto fail;
|
||||||
|
}
|
||||||
|
+ quickMode = PR_TRUE;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (params->ulExtraDataLen !=0) {
|
||||||
|
+ quickMode = PR_TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
macSize = prf_length(&context);
|
||||||
|
@@ -756,10 +762,16 @@ sftk_ike1_appendix_b_prf(CK_SESSION_HAND
|
||||||
|
keySize = macSize;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (keySize <= inKey->attrib.ulValueLen) {
|
||||||
|
+ /* In appendix B, we are just expanding or contracting a single key.
|
||||||
|
+ * If the input key is less than equal the the key size we want, just
|
||||||
|
+ * subset the original key. In quick mode we are actually getting new
|
||||||
|
+ * keys (salted with our seed data and our gxy key), so we want to run
|
||||||
|
+ * through our algorithm */
|
||||||
|
+ if ((!quickMode) && (keySize <= inKey->attrib.ulValueLen)) {
|
||||||
|
return sftk_forceAttribute(outKey, CKA_VALUE,
|
||||||
|
inKey->attrib.pValue, keySize);
|
||||||
|
}
|
||||||
|
+
|
||||||
|
outKeySize = PR_ROUNDUP(keySize, macSize);
|
||||||
|
outKeyData = PORT_Alloc(outKeySize);
|
||||||
|
if (outKeyData == NULL) {
|
24
SOURCES/nss-3.53.1-measure-fix.patch
Normal file
24
SOURCES/nss-3.53.1-measure-fix.patch
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
diff -up ./coreconf/config.gypi.orig ./coreconf/config.gypi
|
||||||
|
--- ./coreconf/config.gypi.orig 2020-06-16 15:50:59.000000000 -0700
|
||||||
|
+++ ./coreconf/config.gypi 2020-10-15 16:05:37.542761192 -0700
|
||||||
|
@@ -363,7 +363,7 @@
|
||||||
|
'_DEFAULT_SOURCE', # for <endian.h> functions, strdup, realpath, and getentropy
|
||||||
|
'_BSD_SOURCE', # for the above in glibc <= 2.19
|
||||||
|
'_POSIX_SOURCE', # for <signal.h>
|
||||||
|
- 'SQL_MEASURE_USE_TEMP_DIR', # use tmpdir for the access calls
|
||||||
|
+ 'SDB_MEASURE_USE_TEMP_DIR', # use tmpdir for the access calls
|
||||||
|
],
|
||||||
|
}],
|
||||||
|
[ 'OS=="dragonfly" or OS=="freebsd"', {
|
||||||
|
diff -up ./coreconf/Linux.mk.orig ./coreconf/Linux.mk
|
||||||
|
--- ./coreconf/Linux.mk.orig 2020-10-15 16:05:04.794591674 -0700
|
||||||
|
+++ ./coreconf/Linux.mk 2020-10-15 16:05:37.543761197 -0700
|
||||||
|
@@ -21,7 +21,7 @@ ifeq ($(USE_PTHREADS),1)
|
||||||
|
endif
|
||||||
|
|
||||||
|
DEFAULT_COMPILER = gcc
|
||||||
|
-DEFINES += -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -DSQL_MEASURE_USE_TEMP_DIR
|
||||||
|
+DEFINES += -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -DSDB_MEASURE_USE_TEMP_DIR
|
||||||
|
|
||||||
|
ifeq ($(OS_TARGET),Android)
|
||||||
|
ifndef ANDROID_NDK
|
21
SOURCES/nss-3.53.1-no-small-primes-tests.patch
Normal file
21
SOURCES/nss-3.53.1-no-small-primes-tests.patch
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
diff -up ./gtests/softoken_gtest/softoken_dh_vectors.h.no-small-primes ./gtests/softoken_gtest/softoken_dh_vectors.h
|
||||||
|
--- ./gtests/softoken_gtest/softoken_dh_vectors.h.no-small-primes 2020-10-04 00:52:25.008998541 +0300
|
||||||
|
+++ ./gtests/softoken_gtest/softoken_dh_vectors.h 2020-10-04 00:54:50.095503256 +0300
|
||||||
|
@@ -2869,7 +2869,7 @@ static const DhTestVector DH_TEST_VECTOR
|
||||||
|
{siBuffer, (unsigned char *)g2, sizeof(g2)},
|
||||||
|
{siBuffer, NULL, 0},
|
||||||
|
{siBuffer, NULL, 0},
|
||||||
|
- IKE_APPROVED,
|
||||||
|
+ SAFE_PRIME,
|
||||||
|
CLASS_1536},
|
||||||
|
{"IKE 2048",
|
||||||
|
{siBuffer, (unsigned char *)prime_ike_2048, sizeof(prime_ike_2048)},
|
||||||
|
@@ -2949,7 +2949,7 @@ static const DhTestVector DH_TEST_VECTOR
|
||||||
|
{siBuffer, (unsigned char *)sub2_prime_ike_1536,
|
||||||
|
sizeof(sub2_prime_ike_1536)},
|
||||||
|
{siBuffer, NULL, 0},
|
||||||
|
- IKE_APPROVED,
|
||||||
|
+ SAFE_PRIME,
|
||||||
|
CLASS_1536},
|
||||||
|
{"IKE 2048 with subprime",
|
||||||
|
{siBuffer, (unsigned char *)prime_ike_2048, sizeof(prime_ike_2048)},
|
53
SOURCES/nss-3.53.1-no-small-primes.patch
Normal file
53
SOURCES/nss-3.53.1-no-small-primes.patch
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
diff -up ./lib/softoken/pkcs11c.c.orig ./lib/softoken/pkcs11c.c
|
||||||
|
--- ./lib/softoken/pkcs11c.c.orig 2020-10-15 16:06:47.380122702 -0700
|
||||||
|
+++ ./lib/softoken/pkcs11c.c 2020-10-15 16:07:56.891482521 -0700
|
||||||
|
@@ -5101,7 +5101,7 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
|
||||||
|
/* subprime not supplied, In this case look it up.
|
||||||
|
* This only works with approved primes, but in FIPS mode
|
||||||
|
* that's the only kine of prime that will get here */
|
||||||
|
- subPrimePtr = sftk_VerifyDH_Prime(&prime);
|
||||||
|
+ subPrimePtr = sftk_VerifyDH_Prime(&prime,isFIPS);
|
||||||
|
if (subPrimePtr == NULL) {
|
||||||
|
crv = CKR_GENERAL_ERROR;
|
||||||
|
goto done;
|
||||||
|
@@ -8293,7 +8293,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
|
||||||
|
|
||||||
|
/* if the prime is an approved prime, we can skip all the other
|
||||||
|
* checks. */
|
||||||
|
- subPrime = sftk_VerifyDH_Prime(&dhPrime);
|
||||||
|
+ subPrime = sftk_VerifyDH_Prime(&dhPrime,isFIPS);
|
||||||
|
if (subPrime == NULL) {
|
||||||
|
SECItem dhSubPrime;
|
||||||
|
/* In FIPS mode we only accept approved primes */
|
||||||
|
diff -up ./lib/softoken/pkcs11i.h.orig ./lib/softoken/pkcs11i.h
|
||||||
|
--- ./lib/softoken/pkcs11i.h.orig 2020-10-15 16:06:47.380122702 -0700
|
||||||
|
+++ ./lib/softoken/pkcs11i.h 2020-10-15 16:07:56.892482526 -0700
|
||||||
|
@@ -926,7 +926,7 @@ char **NSC_ModuleDBFunc(unsigned long fu
|
||||||
|
/* dh verify functions */
|
||||||
|
/* verify that dhPrime matches one of our known primes, and if so return
|
||||||
|
* it's subprime value */
|
||||||
|
-const SECItem *sftk_VerifyDH_Prime(SECItem *dhPrime);
|
||||||
|
+const SECItem *sftk_VerifyDH_Prime(SECItem *dhPrime, PRBool isFIPS);
|
||||||
|
/* check if dhSubPrime claims dhPrime is a safe prime. */
|
||||||
|
SECStatus sftk_IsSafePrime(SECItem *dhPrime, SECItem *dhSubPrime, PRBool *isSafe);
|
||||||
|
|
||||||
|
diff -up ./lib/softoken/sftkdhverify.c.orig ./lib/softoken/sftkdhverify.c
|
||||||
|
--- ./lib/softoken/sftkdhverify.c.orig 2020-10-15 16:06:47.370122650 -0700
|
||||||
|
+++ ./lib/softoken/sftkdhverify.c 2020-10-15 16:07:56.893482531 -0700
|
||||||
|
@@ -1171,11 +1171,15 @@ static const SECItem subprime_tls_8192=
|
||||||
|
* verify that dhPrime matches one of our known primes
|
||||||
|
*/
|
||||||
|
const SECItem *
|
||||||
|
-sftk_VerifyDH_Prime(SECItem *dhPrime)
|
||||||
|
+sftk_VerifyDH_Prime(SECItem *dhPrime, PRBool isFIPS)
|
||||||
|
{
|
||||||
|
/* use the length to decide which primes to check */
|
||||||
|
switch (dhPrime->len) {
|
||||||
|
case 1536 / PR_BITS_PER_BYTE:
|
||||||
|
+ /* don't accept 1536 bit primes in FIPS mode */
|
||||||
|
+ if (isFIPS) {
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
if (PORT_Memcmp(dhPrime->data, prime_ike_1536,
|
||||||
|
sizeof(prime_ike_1536)) == 0) {
|
||||||
|
return &subprime_ike_1536;
|
305
SOURCES/nss-3.53.1-oaep-api.patch
Normal file
305
SOURCES/nss-3.53.1-oaep-api.patch
Normal file
@ -0,0 +1,305 @@
|
|||||||
|
|
||||||
|
# HG changeset patch
|
||||||
|
# User Robert Relyea <rrelyea@redhat.com>
|
||||||
|
# Date 1603492441 25200
|
||||||
|
# Node ID 33f920fcd1753d2b8f4a5e4f31e317c102d8cbfe
|
||||||
|
# Parent e3bd9c2f925932b301440fb07ea1228f2d4e39ac
|
||||||
|
Bug 1666891 - Add PK11_Pub{Wrap,Unwrap}SymKeyWithMechanism r=mt,rrelyea
|
||||||
|
|
||||||
|
Summary
|
||||||
|
|
||||||
|
This is useful for RSA-OAEP support.
|
||||||
|
|
||||||
|
The CKM_RSA_PKCS_OAEP mechanism requires a CK_RSA_PKCS_OAEP_PARAMS
|
||||||
|
be present for PKCS#11 calls. This provides required context for OAEP.
|
||||||
|
However, PK11_PubWrapSymKey lacks a way of providing this context and
|
||||||
|
historically silently converted CKM_RSA_PKCS_OAEP to CKM_RSA_PKCS when
|
||||||
|
a RSA key is provided. Introducing a new call will let us indicate
|
||||||
|
parameters and potentially support other mechanisms in the future.
|
||||||
|
This call mirrors the earlier calls introduced for RSA-PSS:
|
||||||
|
PK11_SignWithMechanism and PK11_VerifyWithMechanism.
|
||||||
|
|
||||||
|
The CKM_RSA_PKCS_OAEP mechanism requires a CK_RSA_PKCS_OAEP_PARAMS
|
||||||
|
be present for PKCS#11 calls. This provides required context for OAEP.
|
||||||
|
However, PK11_PubUnwrapSymKey lacks a way of providing this context,
|
||||||
|
and additionally lacked a way of indicating which mechanism type to use
|
||||||
|
for the unwrap operation (instead detecting it by key type). Introducing
|
||||||
|
a new call will let us indicate parameters and potentially support other
|
||||||
|
mechanisms in the future.
|
||||||
|
|
||||||
|
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
|
||||||
|
|
||||||
|
Differential Revision: https://phabricator.services.mozilla.com/D93424
|
||||||
|
|
||||||
|
diff --git a/gtests/pk11_gtest/pk11_rsaoaep_unittest.cc b/gtests/pk11_gtest/pk11_rsaoaep_unittest.cc
|
||||||
|
--- a/gtests/pk11_gtest/pk11_rsaoaep_unittest.cc
|
||||||
|
+++ b/gtests/pk11_gtest/pk11_rsaoaep_unittest.cc
|
||||||
|
@@ -111,9 +111,76 @@ INSTANTIATE_TEST_CASE_P(
|
||||||
|
|
||||||
|
INSTANTIATE_TEST_CASE_P(
|
||||||
|
WycheproofOaep2048Sha512Sha1Test, RsaOaepWycheproofTest,
|
||||||
|
::testing::ValuesIn(kRsaOaep2048Sha512Mgf1Sha1WycheproofVectors));
|
||||||
|
|
||||||
|
INSTANTIATE_TEST_CASE_P(
|
||||||
|
WycheproofOaep2048Sha512Sha512Test, RsaOaepWycheproofTest,
|
||||||
|
::testing::ValuesIn(kRsaOaep2048Sha512Mgf1Sha512WycheproofVectors));
|
||||||
|
+
|
||||||
|
+TEST(Pkcs11RsaOaepTest, TestOaepWrapUnwrap) {
|
||||||
|
+ const size_t kRsaKeyBits = 2048;
|
||||||
|
+ const size_t kwrappedBufLen = 4096;
|
||||||
|
+
|
||||||
|
+ SECStatus rv = SECFailure;
|
||||||
|
+
|
||||||
|
+ ScopedSECKEYPrivateKey priv;
|
||||||
|
+ ScopedSECKEYPublicKey pub;
|
||||||
|
+ PK11RSAGenParams rsa_params;
|
||||||
|
+ rsa_params.keySizeInBits = kRsaKeyBits;
|
||||||
|
+ rsa_params.pe = 65537;
|
||||||
|
+
|
||||||
|
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
|
||||||
|
+ ASSERT_NE(slot, nullptr);
|
||||||
|
+
|
||||||
|
+ SECKEYPublicKey* p_pub_tmp = nullptr;
|
||||||
|
+ priv.reset(PK11_GenerateKeyPair(slot.get(), CKM_RSA_PKCS_KEY_PAIR_GEN,
|
||||||
|
+ &rsa_params, &p_pub_tmp, false, false,
|
||||||
|
+ nullptr));
|
||||||
|
+ pub.reset(p_pub_tmp);
|
||||||
|
+
|
||||||
|
+ ASSERT_NE(priv.get(), nullptr);
|
||||||
|
+ ASSERT_NE(pub.get(), nullptr);
|
||||||
|
+
|
||||||
|
+ ScopedPK11SymKey to_wrap(
|
||||||
|
+ PK11_KeyGen(slot.get(), CKM_AES_CBC, nullptr, 16, nullptr));
|
||||||
|
+
|
||||||
|
+ CK_RSA_PKCS_OAEP_PARAMS oaep_params = {CKM_SHA256, CKG_MGF1_SHA256,
|
||||||
|
+ CKZ_DATA_SPECIFIED, NULL, 0};
|
||||||
|
+
|
||||||
|
+ SECItem param = {siBuffer, (unsigned char*)&oaep_params, sizeof(oaep_params)};
|
||||||
|
+
|
||||||
|
+ ScopedSECItem wrapped(SECITEM_AllocItem(nullptr, nullptr, kwrappedBufLen));
|
||||||
|
+ rv = PK11_PubWrapSymKeyWithMechanism(pub.get(), CKM_RSA_PKCS_OAEP, ¶m,
|
||||||
|
+ to_wrap.get(), wrapped.get());
|
||||||
|
+ ASSERT_EQ(rv, SECSuccess);
|
||||||
|
+
|
||||||
|
+ PK11SymKey* p_unwrapped_tmp = nullptr;
|
||||||
|
+
|
||||||
|
+ // This fails because this method is broken and assumes CKM_RSA_PKCS and
|
||||||
|
+ // doesn't understand OAEP.
|
||||||
|
+ p_unwrapped_tmp = PK11_PubUnwrapSymKey(priv.get(), wrapped.get(), CKM_AES_CBC,
|
||||||
|
+ CKA_DECRYPT, 16);
|
||||||
|
+ ASSERT_EQ(p_unwrapped_tmp, nullptr);
|
||||||
|
+
|
||||||
|
+ ScopedPK11SymKey unwrapped;
|
||||||
|
+ p_unwrapped_tmp = PK11_PubUnwrapSymKeyWithMechanism(
|
||||||
|
+ priv.get(), CKM_RSA_PKCS_OAEP, ¶m, wrapped.get(), CKM_AES_CBC,
|
||||||
|
+ CKA_DECRYPT, 16);
|
||||||
|
+ ASSERT_NE(p_unwrapped_tmp, nullptr);
|
||||||
|
+
|
||||||
|
+ unwrapped.reset(p_unwrapped_tmp);
|
||||||
|
+
|
||||||
|
+ // Extract key's value in order to validate decryption worked.
|
||||||
|
+ rv = PK11_ExtractKeyValue(to_wrap.get());
|
||||||
|
+ ASSERT_EQ(rv, SECSuccess);
|
||||||
|
+
|
||||||
|
+ rv = PK11_ExtractKeyValue(unwrapped.get());
|
||||||
|
+ ASSERT_EQ(rv, SECSuccess);
|
||||||
|
+
|
||||||
|
+ // References owned by PKCS#11 layer; no need to scope and free.
|
||||||
|
+ SECItem* expectedItem = PK11_GetKeyData(to_wrap.get());
|
||||||
|
+ SECItem* actualItem = PK11_GetKeyData(unwrapped.get());
|
||||||
|
+
|
||||||
|
+ ASSERT_EQ(SECITEM_CompareItem(actualItem, expectedItem), 0);
|
||||||
|
+}
|
||||||
|
} // namespace nss_test
|
||||||
|
diff --git a/lib/nss/nss.def b/lib/nss/nss.def
|
||||||
|
--- a/lib/nss/nss.def
|
||||||
|
+++ b/lib/nss/nss.def
|
||||||
|
@@ -1181,3 +1181,10 @@ SECMOD_GetSystemFIPSEnabled;
|
||||||
|
;+ local:
|
||||||
|
;+ *;
|
||||||
|
;+};
|
||||||
|
+;+NSS_3.59 { # NSS 3.59 release
|
||||||
|
+;+ global:
|
||||||
|
+PK11_PubWrapSymKeyWithMechanism;
|
||||||
|
+PK11_PubUnwrapSymKeyWithMechanism;
|
||||||
|
+;+ local:
|
||||||
|
+;+ *;
|
||||||
|
+;+};
|
||||||
|
diff --git a/lib/pk11wrap/pk11pub.h b/lib/pk11wrap/pk11pub.h
|
||||||
|
--- a/lib/pk11wrap/pk11pub.h
|
||||||
|
+++ b/lib/pk11wrap/pk11pub.h
|
||||||
|
@@ -352,16 +352,21 @@ void PK11_SetSymKeyUserData(PK11SymKey *
|
||||||
|
* will return NULL. Returned data is still owned and managed by the SymKey,
|
||||||
|
* the caller should not free the data.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
void *PK11_GetSymKeyUserData(PK11SymKey *symKey);
|
||||||
|
|
||||||
|
SECStatus PK11_PubWrapSymKey(CK_MECHANISM_TYPE type, SECKEYPublicKey *pubKey,
|
||||||
|
PK11SymKey *symKey, SECItem *wrappedKey);
|
||||||
|
+SECStatus PK11_PubWrapSymKeyWithMechanism(SECKEYPublicKey *pubKey,
|
||||||
|
+ CK_MECHANISM_TYPE mechType,
|
||||||
|
+ SECItem *param,
|
||||||
|
+ PK11SymKey *symKey,
|
||||||
|
+ SECItem *wrappedKey);
|
||||||
|
SECStatus PK11_WrapSymKey(CK_MECHANISM_TYPE type, SECItem *params,
|
||||||
|
PK11SymKey *wrappingKey, PK11SymKey *symKey, SECItem *wrappedKey);
|
||||||
|
/* move a key to 'slot' optionally set the key attributes according to either
|
||||||
|
* operation or the flags and making the key permanent at the same time.
|
||||||
|
* If the key is moved to the same slot, operation and flags values are
|
||||||
|
* currently ignored */
|
||||||
|
PK11SymKey *PK11_MoveSymKey(PK11SlotInfo *slot, CK_ATTRIBUTE_TYPE operation,
|
||||||
|
CK_FLAGS flags, PRBool perm, PK11SymKey *symKey);
|
||||||
|
@@ -446,16 +451,23 @@ PK11SymKey *PK11_UnwrapSymKeyWithFlagsPe
|
||||||
|
* PK11_PubUnwrap returns a key which can do exactly one operation, and is
|
||||||
|
* ephemeral (session key).
|
||||||
|
* PK11_PubUnwrapWithFlagsPerm is the same as PK11_PubUnwrap except you can
|
||||||
|
* use * CKF_ flags to enable more than one operation, and optionally make
|
||||||
|
* the key permanent (token key).
|
||||||
|
*/
|
||||||
|
PK11SymKey *PK11_PubUnwrapSymKey(SECKEYPrivateKey *key, SECItem *wrapppedKey,
|
||||||
|
CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize);
|
||||||
|
+PK11SymKey *PK11_PubUnwrapSymKeyWithMechanism(SECKEYPrivateKey *key,
|
||||||
|
+ CK_MECHANISM_TYPE mechType,
|
||||||
|
+ SECItem *param,
|
||||||
|
+ SECItem *wrapppedKey,
|
||||||
|
+ CK_MECHANISM_TYPE target,
|
||||||
|
+ CK_ATTRIBUTE_TYPE operation,
|
||||||
|
+ int keySize);
|
||||||
|
PK11SymKey *PK11_PubUnwrapSymKeyWithFlagsPerm(SECKEYPrivateKey *wrappingKey,
|
||||||
|
SECItem *wrappedKey, CK_MECHANISM_TYPE target,
|
||||||
|
CK_ATTRIBUTE_TYPE operation, int keySize,
|
||||||
|
CK_FLAGS flags, PRBool isPerm);
|
||||||
|
PK11SymKey *PK11_FindFixedKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
|
||||||
|
SECItem *keyID, void *wincx);
|
||||||
|
SECStatus PK11_DeleteTokenPrivateKey(SECKEYPrivateKey *privKey, PRBool force);
|
||||||
|
SECStatus PK11_DeleteTokenPublicKey(SECKEYPublicKey *pubKey);
|
||||||
|
diff --git a/lib/pk11wrap/pk11skey.c b/lib/pk11wrap/pk11skey.c
|
||||||
|
--- a/lib/pk11wrap/pk11skey.c
|
||||||
|
+++ b/lib/pk11wrap/pk11skey.c
|
||||||
|
@@ -1270,53 +1270,69 @@ PK11_ConvertSessionSymKeyToTokenSymKey(P
|
||||||
|
PORT_SetError(PK11_MapError(crv));
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
return PK11_SymKeyFromHandle(slot, NULL /*parent*/, symk->origin,
|
||||||
|
symk->type, newKeyID, PR_FALSE /*owner*/, NULL /*wincx*/);
|
||||||
|
}
|
||||||
|
|
||||||
|
-/*
|
||||||
|
- * This function does a straight public key wrap (which only RSA can do).
|
||||||
|
- * Use PK11_PubGenKey and PK11_WrapSymKey to implement the FORTEZZA and
|
||||||
|
- * Diffie-Hellman Ciphers. */
|
||||||
|
+/* This function does a straight public key wrap with the CKM_RSA_PKCS
|
||||||
|
+ * mechanism. */
|
||||||
|
SECStatus
|
||||||
|
PK11_PubWrapSymKey(CK_MECHANISM_TYPE type, SECKEYPublicKey *pubKey,
|
||||||
|
PK11SymKey *symKey, SECItem *wrappedKey)
|
||||||
|
{
|
||||||
|
+ CK_MECHANISM_TYPE inferred = pk11_mapWrapKeyType(pubKey->keyType);
|
||||||
|
+ return PK11_PubWrapSymKeyWithMechanism(pubKey, inferred, NULL, symKey,
|
||||||
|
+ wrappedKey);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/* This function wraps a symmetric key with a public key, such as with the
|
||||||
|
+ * CKM_RSA_PKCS and CKM_RSA_PKCS_OAEP mechanisms. */
|
||||||
|
+SECStatus
|
||||||
|
+PK11_PubWrapSymKeyWithMechanism(SECKEYPublicKey *pubKey,
|
||||||
|
+ CK_MECHANISM_TYPE mechType, SECItem *param,
|
||||||
|
+ PK11SymKey *symKey, SECItem *wrappedKey)
|
||||||
|
+{
|
||||||
|
PK11SlotInfo *slot;
|
||||||
|
CK_ULONG len = wrappedKey->len;
|
||||||
|
PK11SymKey *newKey = NULL;
|
||||||
|
CK_OBJECT_HANDLE id;
|
||||||
|
CK_MECHANISM mechanism;
|
||||||
|
PRBool owner = PR_TRUE;
|
||||||
|
CK_SESSION_HANDLE session;
|
||||||
|
CK_RV crv;
|
||||||
|
|
||||||
|
if (symKey == NULL) {
|
||||||
|
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||||
|
return SECFailure;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* if this slot doesn't support the mechanism, go to a slot that does */
|
||||||
|
- newKey = pk11_ForceSlot(symKey, type, CKA_ENCRYPT);
|
||||||
|
+ newKey = pk11_ForceSlot(symKey, mechType, CKA_ENCRYPT);
|
||||||
|
if (newKey != NULL) {
|
||||||
|
symKey = newKey;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (symKey->slot == NULL) {
|
||||||
|
PORT_SetError(SEC_ERROR_NO_MODULE);
|
||||||
|
return SECFailure;
|
||||||
|
}
|
||||||
|
|
||||||
|
slot = symKey->slot;
|
||||||
|
- mechanism.mechanism = pk11_mapWrapKeyType(pubKey->keyType);
|
||||||
|
- mechanism.pParameter = NULL;
|
||||||
|
- mechanism.ulParameterLen = 0;
|
||||||
|
+
|
||||||
|
+ mechanism.mechanism = mechType;
|
||||||
|
+ if (param == NULL) {
|
||||||
|
+ mechanism.pParameter = NULL;
|
||||||
|
+ mechanism.ulParameterLen = 0;
|
||||||
|
+ } else {
|
||||||
|
+ mechanism.pParameter = param->data;
|
||||||
|
+ mechanism.ulParameterLen = param->len;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
id = PK11_ImportPublicKey(slot, pubKey, PR_FALSE);
|
||||||
|
if (id == CK_INVALID_HANDLE) {
|
||||||
|
if (newKey) {
|
||||||
|
PK11_FreeSymKey(newKey);
|
||||||
|
}
|
||||||
|
return SECFailure; /* Error code has been set. */
|
||||||
|
}
|
||||||
|
@@ -2878,30 +2894,43 @@ PK11_UnwrapSymKeyWithFlagsPerm(PK11SymKe
|
||||||
|
templateCount = attrs - keyTemplate;
|
||||||
|
templateCount += pk11_OpFlagsToAttributes(flags, attrs, &cktrue);
|
||||||
|
|
||||||
|
return pk11_AnyUnwrapKey(wrappingKey->slot, wrappingKey->objectID,
|
||||||
|
wrapType, param, wrappedKey, target, operation, keySize,
|
||||||
|
wrappingKey->cx, keyTemplate, templateCount, isPerm);
|
||||||
|
}
|
||||||
|
|
||||||
|
-/* unwrap a symetric key with a private key. */
|
||||||
|
+/* unwrap a symmetric key with a private key. Only supports CKM_RSA_PKCS. */
|
||||||
|
PK11SymKey *
|
||||||
|
PK11_PubUnwrapSymKey(SECKEYPrivateKey *wrappingKey, SECItem *wrappedKey,
|
||||||
|
CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize)
|
||||||
|
{
|
||||||
|
CK_MECHANISM_TYPE wrapType = pk11_mapWrapKeyType(wrappingKey->keyType);
|
||||||
|
+
|
||||||
|
+ return PK11_PubUnwrapSymKeyWithMechanism(wrappingKey, wrapType, NULL,
|
||||||
|
+ wrappedKey, target, operation,
|
||||||
|
+ keySize);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/* unwrap a symmetric key with a private key with the given parameters. */
|
||||||
|
+PK11SymKey *
|
||||||
|
+PK11_PubUnwrapSymKeyWithMechanism(SECKEYPrivateKey *wrappingKey,
|
||||||
|
+ CK_MECHANISM_TYPE mechType, SECItem *param,
|
||||||
|
+ SECItem *wrappedKey, CK_MECHANISM_TYPE target,
|
||||||
|
+ CK_ATTRIBUTE_TYPE operation, int keySize)
|
||||||
|
+{
|
||||||
|
PK11SlotInfo *slot = wrappingKey->pkcs11Slot;
|
||||||
|
|
||||||
|
if (SECKEY_HAS_ATTRIBUTE_SET(wrappingKey, CKA_PRIVATE)) {
|
||||||
|
PK11_HandlePasswordCheck(slot, wrappingKey->wincx);
|
||||||
|
}
|
||||||
|
|
||||||
|
- return pk11_AnyUnwrapKey(slot, wrappingKey->pkcs11ID,
|
||||||
|
- wrapType, NULL, wrappedKey, target, operation, keySize,
|
||||||
|
+ return pk11_AnyUnwrapKey(slot, wrappingKey->pkcs11ID, mechType, param,
|
||||||
|
+ wrappedKey, target, operation, keySize,
|
||||||
|
wrappingKey->wincx, NULL, 0, PR_FALSE);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* unwrap a symetric key with a private key. */
|
||||||
|
PK11SymKey *
|
||||||
|
PK11_PubUnwrapSymKeyWithFlags(SECKEYPrivateKey *wrappingKey,
|
||||||
|
SECItem *wrappedKey, CK_MECHANISM_TYPE target,
|
||||||
|
CK_ATTRIBUTE_TYPE operation, int keySize, CK_FLAGS flags)
|
||||||
|
|
39
SOURCES/nss-3.53.1-revert_rhel8_unsafe_policy_change.patch
Normal file
39
SOURCES/nss-3.53.1-revert_rhel8_unsafe_policy_change.patch
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
diff -up ./lib/pk11wrap/pk11pars.c.policy_revert ./lib/pk11wrap/pk11pars.c
|
||||||
|
--- ./lib/pk11wrap/pk11pars.c.policy_revert 2020-11-04 10:26:59.085300799 -0800
|
||||||
|
+++ ./lib/pk11wrap/pk11pars.c 2020-11-04 10:29:52.774239468 -0800
|
||||||
|
@@ -391,12 +391,6 @@ static const oidValDef signOptList[] = {
|
||||||
|
/* Signatures */
|
||||||
|
{ CIPHER_NAME("DSA"), SEC_OID_ANSIX9_DSA_SIGNATURE,
|
||||||
|
NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE },
|
||||||
|
- { CIPHER_NAME("RSA-PKCS"), SEC_OID_PKCS1_RSA_ENCRYPTION,
|
||||||
|
- NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE },
|
||||||
|
- { CIPHER_NAME("RSA-PSS"), SEC_OID_PKCS1_RSA_PSS_SIGNATURE,
|
||||||
|
- NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE },
|
||||||
|
- { CIPHER_NAME("ECDSA"), SEC_OID_ANSIX962_EC_PUBLIC_KEY,
|
||||||
|
- NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE },
|
||||||
|
};
|
||||||
|
|
||||||
|
typedef struct {
|
||||||
|
@@ -412,7 +406,7 @@ static const algListsDef algOptLists[] =
|
||||||
|
{ macOptList, PR_ARRAY_SIZE(macOptList), "MAC", PR_FALSE },
|
||||||
|
{ cipherOptList, PR_ARRAY_SIZE(cipherOptList), "CIPHER", PR_FALSE },
|
||||||
|
{ kxOptList, PR_ARRAY_SIZE(kxOptList), "OTHER-KX", PR_FALSE },
|
||||||
|
- { signOptList, PR_ARRAY_SIZE(signOptList), "OTHER-SIGN", PR_FALSE },
|
||||||
|
+ { signOptList, PR_ARRAY_SIZE(signOptList), "OTHER-SIGN", PR_TRUE },
|
||||||
|
};
|
||||||
|
|
||||||
|
static const optionFreeDef sslOptList[] = {
|
||||||
|
diff -up ./tests/ssl/sslpolicy.txt.policy_revert ./tests/ssl/sslpolicy.txt
|
||||||
|
--- ./tests/ssl/sslpolicy.txt.policy_revert 2020-11-04 10:31:20.837715397 -0800
|
||||||
|
+++ ./tests/ssl/sslpolicy.txt 2020-11-04 10:33:19.598357223 -0800
|
||||||
|
@@ -193,7 +193,9 @@
|
||||||
|
1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa-pkcs:rsa:des-ede3-cbc:tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Implicitly Narrow
|
||||||
|
1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:rsa-pkcs/all:rsa-pss/all:ecdsa/all:dsa/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Implicitly
|
||||||
|
0 noECC SSL3 d disallow=dsa Disallow DSA Signatures Explicitly
|
||||||
|
- 1 noECC SSL3 d disallow=rsa-pkcs Disallow RSA PKCS 1 Signatures Explicitly
|
||||||
|
+# rsa-pkcs, rsa-pss, and ecdsa policy checking reverted in rhel8 for binary
|
||||||
|
+# compatibility reasons
|
||||||
|
+# 1 noECC SSL3 d disallow=rsa-pkcs Disallow RSA PKCS 1 Signatures Explicitly
|
||||||
|
# test default settings
|
||||||
|
# NOTE: tstclient will attempt to overide the defaults, so we detect we
|
||||||
|
# were successful by locking in our settings
|
@ -46,7 +46,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
|
|||||||
Summary: Network Security Services
|
Summary: Network Security Services
|
||||||
Name: nss
|
Name: nss
|
||||||
Version: %{nss_version}
|
Version: %{nss_version}
|
||||||
Release: 11%{?dist}
|
Release: 17%{?dist}
|
||||||
License: MPLv2.0
|
License: MPLv2.0
|
||||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||||
Requires: nspr >= %{nspr_version}
|
Requires: nspr >= %{nspr_version}
|
||||||
@ -93,6 +93,7 @@ Source26: key4.db.xml
|
|||||||
Source27: secmod.db.xml
|
Source27: secmod.db.xml
|
||||||
Source28: nss-p11-kit.config
|
Source28: nss-p11-kit.config
|
||||||
Source29: nss-softokn-cavs-1.0.tar.gz
|
Source29: nss-softokn-cavs-1.0.tar.gz
|
||||||
|
Source30: PayPalEE.cert
|
||||||
|
|
||||||
# To inject hardening flags for DSO
|
# To inject hardening flags for DSO
|
||||||
Patch1: nss-dso-ldflags.patch
|
Patch1: nss-dso-ldflags.patch
|
||||||
@ -142,6 +143,32 @@ Patch226: nss-disable-dc.patch
|
|||||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1648822
|
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1648822
|
||||||
Patch227: nss-3.53.1-remove-timing-tests.patch
|
Patch227: nss-3.53.1-remove-timing-tests.patch
|
||||||
|
|
||||||
|
Patch228: nss-3.53.1-cmac-kdf-selftests.patch
|
||||||
|
Patch229: nss-3.53.1-measure-fix.patch
|
||||||
|
Patch230: nss-3.53.1-no-small-primes.patch
|
||||||
|
Patch231: nss-3.53.1-no-small-primes-tests.patch
|
||||||
|
|
||||||
|
#Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1666891
|
||||||
|
Patch232: nss-3.53.1-oaep-api.patch
|
||||||
|
|
||||||
|
#Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1670835
|
||||||
|
Patch233: nss-3.53.1-enable-disable-policy.patch
|
||||||
|
# not everything in that patch is appropriate for rhel8 since it requires
|
||||||
|
# changes to the policy generator to wind up with a working system
|
||||||
|
Patch234: nss-3.53.1-revert_rhel8_unsafe_policy_change.patch
|
||||||
|
|
||||||
|
#Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1636771
|
||||||
|
# CVE-2020-12403
|
||||||
|
Patch235: nss-3.53.1-chacha-len.patch
|
||||||
|
Patch236: nss-3.53.1-chacha-multi.patch
|
||||||
|
# CVE-2020-12400
|
||||||
|
# CVE-2020-6829
|
||||||
|
Patch237: nss-3.53.1-constant-time-p384.patch
|
||||||
|
Patch238: nss-3.53.1-constant-time-p521.patch
|
||||||
|
|
||||||
|
# IKE fix
|
||||||
|
Patch239: nss-3.53.1-ike-app-b-fix.patch
|
||||||
|
|
||||||
# For compatibility reasons, we stick with the old PKCS #11 2.40
|
# For compatibility reasons, we stick with the old PKCS #11 2.40
|
||||||
# definition of CK_GCM_PARAMS:
|
# definition of CK_GCM_PARAMS:
|
||||||
%if 0%{?fedora} < 34
|
%if 0%{?fedora} < 34
|
||||||
@ -286,6 +313,8 @@ popd
|
|||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1247353
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1247353
|
||||||
find nss/lib/libpkix -perm /u+x -type f -exec chmod -x {} \;
|
find nss/lib/libpkix -perm /u+x -type f -exec chmod -x {} \;
|
||||||
|
|
||||||
|
#update paypal cert (git binary patches don't work with autopatch)
|
||||||
|
cp %{SOURCE30} nss/tests/libpkix/certs/
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
|
||||||
@ -919,6 +948,33 @@ update-crypto-policies --no-reload &> /dev/null || :
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Dec 3 2020 Bob Relyea <rrelyea@redhat.com> - 3.53.1-17
|
||||||
|
- Fix various corner cases with ike v1 app b support.
|
||||||
|
|
||||||
|
* Thu Nov 19 2020 Bob Relyea <rrelyea@redhat.com> - 3.53.1-16
|
||||||
|
- Fix the following CVE
|
||||||
|
- CVE-2020-12403 chacha-poly issues
|
||||||
|
- CVE-2020-12400 constant time ECC.
|
||||||
|
- CVE-2020-6829 constant time ECC.
|
||||||
|
|
||||||
|
* Wed Nov 4 2020 Bob Relyea <rrelyea@redhat.com> - 3.53.1-15
|
||||||
|
- Revert some policy changes the generate ABI runtime issues.
|
||||||
|
|
||||||
|
* Thu Oct 29 2020 Bob Relyea <rrelyea@redhat.com> - 3.53.1-14
|
||||||
|
- Add support for enable/disable in policy. Now if your policy
|
||||||
|
file has disallow=x enable=y it will act just like our other
|
||||||
|
libraries.
|
||||||
|
|
||||||
|
* Mon Oct 26 2020 Bob Relyea <rrelyea@redhat.com> - 3.53.1-13
|
||||||
|
- Add OAEP interface so applications can wrap keys with RSA-OAEP
|
||||||
|
rather than RSA-PKCS-1.
|
||||||
|
|
||||||
|
* Mon Oct 19 2020 Bob Relyea <rrelyea@redhat.com> - 3.53.1-12
|
||||||
|
- fips need to reject small primes even if they are approved
|
||||||
|
- code to autodetect whether or not to use the cache needs to do so
|
||||||
|
in a way that doesn't mess with filesystem negative file caching.
|
||||||
|
- add kdf selftests
|
||||||
|
|
||||||
* Thu Jul 30 2020 Bob Relyea <rrelyea@redhat.com> - 3.53.1-11
|
* Thu Jul 30 2020 Bob Relyea <rrelyea@redhat.com> - 3.53.1-11
|
||||||
- Fix issue with upgradedb where upgradedb expects standard to
|
- Fix issue with upgradedb where upgradedb expects standard to
|
||||||
generate dbm databases, not sql databases (default in RHEL8)
|
generate dbm databases, not sql databases (default in RHEL8)
|
||||||
|
Loading…
Reference in New Issue
Block a user