# HG changeset patch # User Benjamin Beurdouche # Date 1595031194 0 # Node ID f282556e6cc7715f5754aeaadda6f902590e7e38 # Parent 89733253df83ef7fe8dd0d49f6370b857e93d325 Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20. r=kjacobs,rrelyea Depends on D74801 Differential Revision: https://phabricator.services.mozilla.com/D83994 diff --git a/gtests/pk11_gtest/pk11_cipherop_unittest.cc b/gtests/pk11_gtest/pk11_cipherop_unittest.cc --- a/gtests/pk11_gtest/pk11_cipherop_unittest.cc +++ b/gtests/pk11_gtest/pk11_cipherop_unittest.cc @@ -72,9 +72,58 @@ TEST(Pkcs11CipherOp, SingleCtxMultipleUn ASSERT_EQ(GetBytes(ctx, outbuf, 17), SECSuccess); PK11_FreeSymKey(key); PK11_FreeSlot(slot); PK11_DestroyContext(ctx, PR_TRUE); NSS_ShutdownContext(globalctx); } +TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOpsChaCha20) { + PK11SlotInfo* slot; + PK11SymKey* key; + PK11Context* ctx; + + NSSInitContext* globalctx = + NSS_InitContext("", "", "", "", NULL, + NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB | + NSS_INIT_FORCEOPEN | NSS_INIT_NOROOTINIT); + + const CK_MECHANISM_TYPE cipher = CKM_NSS_CHACHA20_CTR; + + slot = PK11_GetInternalSlot(); + ASSERT_TRUE(slot); + + // Use arbitrary bytes for the ChaCha20 key and IV + uint8_t key_bytes[32]; + for (size_t i = 0; i < 32; i++) { + key_bytes[i] = i; + } + SECItem keyItem = {siBuffer, key_bytes, 32}; + + uint8_t iv_bytes[16]; + for (size_t i = 0; i < 16; i++) { + key_bytes[i] = i; + } + SECItem ivItem = {siBuffer, iv_bytes, 16}; + + SECItem* param = PK11_ParamFromIV(cipher, &ivItem); + + key = PK11_ImportSymKey(slot, cipher, PK11_OriginUnwrap, CKA_ENCRYPT, + &keyItem, NULL); + ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, key, param); + ASSERT_TRUE(key); + ASSERT_TRUE(ctx); + + uint8_t outbuf[128]; + // This is supposed to fail for Chacha20. This is because the underlying + // PK11_CipherOp operation is calling the C_EncryptUpdate function for + // which multi-part is disabled for ChaCha20 in counter mode. + ASSERT_EQ(GetBytes(ctx, outbuf, 7), SECFailure); + + PK11_FreeSymKey(key); + PK11_FreeSlot(slot); + SECITEM_FreeItem(param, PR_TRUE); + PK11_DestroyContext(ctx, PR_TRUE); + NSS_ShutdownContext(globalctx); +} + } // namespace nss_test diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c --- a/lib/softoken/pkcs11c.c +++ b/lib/softoken/pkcs11c.c @@ -1251,16 +1251,17 @@ sftk_CryptInit(CK_SESSION_HANDLE hSessio case CKM_NSS_CHACHA20_CTR: /* old NSS private version */ case CKM_CHACHA20: /* PKCS #11 v3 version */ { unsigned char *counter; unsigned char *nonce; unsigned long counter_len; unsigned long nonce_len; + context->multi = PR_FALSE; if (pMechanism->mechanism == CKM_NSS_CHACHA20_CTR) { if (key_type != CKK_NSS_CHACHA20) { crv = CKR_KEY_TYPE_INCONSISTENT; break; } if (pMechanism->pParameter == NULL || pMechanism->ulParameterLen != 16) { crv = CKR_MECHANISM_PARAM_INVALID; break;