97 lines
3.2 KiB
Diff
97 lines
3.2 KiB
Diff
|
|
# HG changeset patch
|
|
# User Benjamin Beurdouche <bbeurdouche@mozilla.com>
|
|
# Date 1595031194 0
|
|
# Node ID f282556e6cc7715f5754aeaadda6f902590e7e38
|
|
# Parent 89733253df83ef7fe8dd0d49f6370b857e93d325
|
|
Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20. r=kjacobs,rrelyea
|
|
|
|
Depends on D74801
|
|
|
|
Differential Revision: https://phabricator.services.mozilla.com/D83994
|
|
|
|
diff --git a/gtests/pk11_gtest/pk11_cipherop_unittest.cc b/gtests/pk11_gtest/pk11_cipherop_unittest.cc
|
|
--- a/gtests/pk11_gtest/pk11_cipherop_unittest.cc
|
|
+++ b/gtests/pk11_gtest/pk11_cipherop_unittest.cc
|
|
@@ -72,9 +72,58 @@ TEST(Pkcs11CipherOp, SingleCtxMultipleUn
|
|
ASSERT_EQ(GetBytes(ctx, outbuf, 17), SECSuccess);
|
|
|
|
PK11_FreeSymKey(key);
|
|
PK11_FreeSlot(slot);
|
|
PK11_DestroyContext(ctx, PR_TRUE);
|
|
NSS_ShutdownContext(globalctx);
|
|
}
|
|
|
|
+TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOpsChaCha20) {
|
|
+ PK11SlotInfo* slot;
|
|
+ PK11SymKey* key;
|
|
+ PK11Context* ctx;
|
|
+
|
|
+ NSSInitContext* globalctx =
|
|
+ NSS_InitContext("", "", "", "", NULL,
|
|
+ NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB |
|
|
+ NSS_INIT_FORCEOPEN | NSS_INIT_NOROOTINIT);
|
|
+
|
|
+ const CK_MECHANISM_TYPE cipher = CKM_NSS_CHACHA20_CTR;
|
|
+
|
|
+ slot = PK11_GetInternalSlot();
|
|
+ ASSERT_TRUE(slot);
|
|
+
|
|
+ // Use arbitrary bytes for the ChaCha20 key and IV
|
|
+ uint8_t key_bytes[32];
|
|
+ for (size_t i = 0; i < 32; i++) {
|
|
+ key_bytes[i] = i;
|
|
+ }
|
|
+ SECItem keyItem = {siBuffer, key_bytes, 32};
|
|
+
|
|
+ uint8_t iv_bytes[16];
|
|
+ for (size_t i = 0; i < 16; i++) {
|
|
+ key_bytes[i] = i;
|
|
+ }
|
|
+ SECItem ivItem = {siBuffer, iv_bytes, 16};
|
|
+
|
|
+ SECItem* param = PK11_ParamFromIV(cipher, &ivItem);
|
|
+
|
|
+ key = PK11_ImportSymKey(slot, cipher, PK11_OriginUnwrap, CKA_ENCRYPT,
|
|
+ &keyItem, NULL);
|
|
+ ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, key, param);
|
|
+ ASSERT_TRUE(key);
|
|
+ ASSERT_TRUE(ctx);
|
|
+
|
|
+ uint8_t outbuf[128];
|
|
+ // This is supposed to fail for Chacha20. This is because the underlying
|
|
+ // PK11_CipherOp operation is calling the C_EncryptUpdate function for
|
|
+ // which multi-part is disabled for ChaCha20 in counter mode.
|
|
+ ASSERT_EQ(GetBytes(ctx, outbuf, 7), SECFailure);
|
|
+
|
|
+ PK11_FreeSymKey(key);
|
|
+ PK11_FreeSlot(slot);
|
|
+ SECITEM_FreeItem(param, PR_TRUE);
|
|
+ PK11_DestroyContext(ctx, PR_TRUE);
|
|
+ NSS_ShutdownContext(globalctx);
|
|
+}
|
|
+
|
|
} // namespace nss_test
|
|
diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c
|
|
--- a/lib/softoken/pkcs11c.c
|
|
+++ b/lib/softoken/pkcs11c.c
|
|
@@ -1251,16 +1251,17 @@ sftk_CryptInit(CK_SESSION_HANDLE hSessio
|
|
|
|
case CKM_NSS_CHACHA20_CTR: /* old NSS private version */
|
|
case CKM_CHACHA20: /* PKCS #11 v3 version */
|
|
{
|
|
unsigned char *counter;
|
|
unsigned char *nonce;
|
|
unsigned long counter_len;
|
|
unsigned long nonce_len;
|
|
+ context->multi = PR_FALSE;
|
|
if (pMechanism->mechanism == CKM_NSS_CHACHA20_CTR) {
|
|
if (key_type != CKK_NSS_CHACHA20) {
|
|
crv = CKR_KEY_TYPE_INCONSISTENT;
|
|
break;
|
|
}
|
|
if (pMechanism->pParameter == NULL || pMechanism->ulParameterLen != 16) {
|
|
crv = CKR_MECHANISM_PARAM_INVALID;
|
|
break;
|
|
|