| |
| # HG changeset patch |
| # User Benjamin Beurdouche <bbeurdouche@mozilla.com> |
| # Date 1595031194 0 |
| # Node ID f282556e6cc7715f5754aeaadda6f902590e7e38 |
| # Parent 89733253df83ef7fe8dd0d49f6370b857e93d325 |
| Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20. r=kjacobs,rrelyea |
| |
| Depends on D74801 |
| |
| Differential Revision: https://phabricator.services.mozilla.com/D83994 |
| |
| diff --git a/gtests/pk11_gtest/pk11_cipherop_unittest.cc b/gtests/pk11_gtest/pk11_cipherop_unittest.cc |
| --- a/gtests/pk11_gtest/pk11_cipherop_unittest.cc |
| +++ b/gtests/pk11_gtest/pk11_cipherop_unittest.cc |
| @@ -72,9 +72,58 @@ TEST(Pkcs11CipherOp, SingleCtxMultipleUn |
| ASSERT_EQ(GetBytes(ctx, outbuf, 17), SECSuccess); |
| |
| PK11_FreeSymKey(key); |
| PK11_FreeSlot(slot); |
| PK11_DestroyContext(ctx, PR_TRUE); |
| NSS_ShutdownContext(globalctx); |
| } |
| |
| +TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOpsChaCha20) { |
| + PK11SlotInfo* slot; |
| + PK11SymKey* key; |
| + PK11Context* ctx; |
| + |
| + NSSInitContext* globalctx = |
| + NSS_InitContext("", "", "", "", NULL, |
| + NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB | |
| + NSS_INIT_FORCEOPEN | NSS_INIT_NOROOTINIT); |
| + |
| + const CK_MECHANISM_TYPE cipher = CKM_NSS_CHACHA20_CTR; |
| + |
| + slot = PK11_GetInternalSlot(); |
| + ASSERT_TRUE(slot); |
| + |
| + // Use arbitrary bytes for the ChaCha20 key and IV |
| + uint8_t key_bytes[32]; |
| + for (size_t i = 0; i < 32; i++) { |
| + key_bytes[i] = i; |
| + } |
| + SECItem keyItem = {siBuffer, key_bytes, 32}; |
| + |
| + uint8_t iv_bytes[16]; |
| + for (size_t i = 0; i < 16; i++) { |
| + key_bytes[i] = i; |
| + } |
| + SECItem ivItem = {siBuffer, iv_bytes, 16}; |
| + |
| + SECItem* param = PK11_ParamFromIV(cipher, &ivItem); |
| + |
| + key = PK11_ImportSymKey(slot, cipher, PK11_OriginUnwrap, CKA_ENCRYPT, |
| + &keyItem, NULL); |
| + ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, key, param); |
| + ASSERT_TRUE(key); |
| + ASSERT_TRUE(ctx); |
| + |
| + uint8_t outbuf[128]; |
| + // This is supposed to fail for Chacha20. This is because the underlying |
| + // PK11_CipherOp operation is calling the C_EncryptUpdate function for |
| + // which multi-part is disabled for ChaCha20 in counter mode. |
| + ASSERT_EQ(GetBytes(ctx, outbuf, 7), SECFailure); |
| + |
| + PK11_FreeSymKey(key); |
| + PK11_FreeSlot(slot); |
| + SECITEM_FreeItem(param, PR_TRUE); |
| + PK11_DestroyContext(ctx, PR_TRUE); |
| + NSS_ShutdownContext(globalctx); |
| +} |
| + |
| } // namespace nss_test |
| diff --git a/gtests/pk11_gtest/pk11_cipherop_unittest.cc.org b/gtests/pk11_gtest/pk11_cipherop_unittest.cc |
| index 38982fd..700750c 100644 |
| --- a/gtests/pk11_gtest/pk11_cipherop_unittest.cc.org |
| +++ b/gtests/pk11_gtest/pk11_cipherop_unittest.cc |
| @@ -77,4 +77,53 @@ TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOps) { |
| NSS_ShutdownContext(globalctx); |
| } |
| |
| +TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOpsChaCha20) { |
| + PK11SlotInfo* slot; |
| + PK11SymKey* key; |
| + PK11Context* ctx; |
| + |
| + NSSInitContext* globalctx = |
| + NSS_InitContext("", "", "", "", NULL, |
| + NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB | |
| + NSS_INIT_FORCEOPEN | NSS_INIT_NOROOTINIT); |
| + |
| + const CK_MECHANISM_TYPE cipher = CKM_NSS_CHACHA20_CTR; |
| + |
| + slot = PK11_GetInternalSlot(); |
| + ASSERT_TRUE(slot); |
| + |
| + // Use arbitrary bytes for the ChaCha20 key and IV |
| + uint8_t key_bytes[32]; |
| + for (size_t i = 0; i < 32; i++) { |
| + key_bytes[i] = i; |
| + } |
| + SECItem keyItem = {siBuffer, key_bytes, 32}; |
| + |
| + uint8_t iv_bytes[16]; |
| + for (size_t i = 0; i < 16; i++) { |
| + key_bytes[i] = i; |
| + } |
| + SECItem ivItem = {siBuffer, iv_bytes, 16}; |
| + |
| + SECItem* param = PK11_ParamFromIV(cipher, &ivItem); |
| + |
| + key = PK11_ImportSymKey(slot, cipher, PK11_OriginUnwrap, CKA_ENCRYPT, |
| + &keyItem, NULL); |
| + ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, key, param); |
| + ASSERT_TRUE(key); |
| + ASSERT_TRUE(ctx); |
| + |
| + uint8_t outbuf[128]; |
| + // This is supposed to fail for Chacha20. This is because the underlying |
| + // PK11_CipherOp operation is calling the C_EncryptUpdate function for |
| + // which multi-part is disabled for ChaCha20 in counter mode. |
| + ASSERT_EQ(GetBytes(ctx, outbuf, 7), SECFailure); |
| + |
| + PK11_FreeSymKey(key); |
| + PK11_FreeSlot(slot); |
| + SECITEM_FreeItem(param, PR_TRUE); |
| + PK11_DestroyContext(ctx, PR_TRUE); |
| + NSS_ShutdownContext(globalctx); |
| +} |
| + |
| } // namespace nss_test |
| |
| diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c |
| index 003e2be..a3eecf5 100644 |
| --- a/lib/softoken/pkcs11c.c |
| +++ b/lib/softoken/pkcs11c.c |
| @@ -1207,6 +1207,7 @@ sftk_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, |
| break; |
| |
| case CKM_NSS_CHACHA20_CTR: |
| + context->multi = PR_FALSE; |
| if (key_type != CKK_NSS_CHACHA20) { |
| crv = CKR_KEY_TYPE_INCONSISTENT; |
| break; |
| |