mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-07 18:04:46 +00:00
Bug 1649545 - land NSS 615362dff5ad UPGRADE_NSS_RELEASE, r=jcj
2020-07-18 Benjamin Beurdouche <bbeurdouche@mozilla.com> * gtests/pk11_gtest/pk11_cipherop_unittest.cc, lib/softoken/pkcs11c.c: Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20. r=kjacobs,rrelyea Depends on D74801 [615362dff5ad] [tip] * gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc, lib/freebl/chacha20poly1305.c: Bug 1636771 - Fix incorrect call to Chacha20Poly1305 by PKCS11. r=jcj,kjacobs,rrelyea [a5e82e40f03e] 2020-07-16 Benjamin Beurdouche <bbeurdouche@mozilla.com> * lib/softoken/pkcs11c.c: Bug 1637222 - Enforce IV length check for DES. r=kjacobs,jcj [0c70232cb6d3] Differential Revision: https://phabricator.services.mozilla.com/D84043
This commit is contained in:
parent
e46180930b
commit
e3e0baf90e
@ -1 +1 @@
|
||||
ca068f5b5c17
|
||||
615362dff5ad
|
@ -10,4 +10,3 @@
|
||||
*/
|
||||
|
||||
#error "Do not include this header file."
|
||||
|
||||
|
@ -45,7 +45,7 @@ class Pkcs11ChaCha20Poly1305Test
|
||||
SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&aead_params),
|
||||
sizeof(aead_params)};
|
||||
|
||||
// Encrypt with bad parameters.
|
||||
// Encrypt with bad parameters (TagLen is too long).
|
||||
unsigned int encrypted_len = 0;
|
||||
std::vector<uint8_t> encrypted(data_len + aead_params.ulTagLen);
|
||||
aead_params.ulTagLen = 158072;
|
||||
@ -54,9 +54,16 @@ class Pkcs11ChaCha20Poly1305Test
|
||||
&encrypted_len, encrypted.size(), data, data_len);
|
||||
EXPECT_EQ(SECFailure, rv);
|
||||
EXPECT_EQ(0U, encrypted_len);
|
||||
aead_params.ulTagLen = 16;
|
||||
|
||||
// Encrypt with bad parameters (TagLen is too short).
|
||||
aead_params.ulTagLen = 2;
|
||||
rv = PK11_Encrypt(key.get(), kMech, ¶ms, encrypted.data(),
|
||||
&encrypted_len, encrypted.size(), data, data_len);
|
||||
EXPECT_EQ(SECFailure, rv);
|
||||
EXPECT_EQ(0U, encrypted_len);
|
||||
|
||||
// Encrypt.
|
||||
aead_params.ulTagLen = 16;
|
||||
rv = PK11_Encrypt(key.get(), kMech, ¶ms, encrypted.data(),
|
||||
&encrypted_len, encrypted.size(), data, data_len);
|
||||
|
||||
|
@ -77,4 +77,53 @@ TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOps) {
|
||||
NSS_ShutdownContext(globalctx);
|
||||
}
|
||||
|
||||
TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOpsChaCha20) {
|
||||
PK11SlotInfo* slot;
|
||||
PK11SymKey* key;
|
||||
PK11Context* ctx;
|
||||
|
||||
NSSInitContext* globalctx =
|
||||
NSS_InitContext("", "", "", "", NULL,
|
||||
NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB |
|
||||
NSS_INIT_FORCEOPEN | NSS_INIT_NOROOTINIT);
|
||||
|
||||
const CK_MECHANISM_TYPE cipher = CKM_NSS_CHACHA20_CTR;
|
||||
|
||||
slot = PK11_GetInternalSlot();
|
||||
ASSERT_TRUE(slot);
|
||||
|
||||
// Use arbitrary bytes for the ChaCha20 key and IV
|
||||
uint8_t key_bytes[32];
|
||||
for (size_t i = 0; i < 32; i++) {
|
||||
key_bytes[i] = i;
|
||||
}
|
||||
SECItem keyItem = {siBuffer, key_bytes, 32};
|
||||
|
||||
uint8_t iv_bytes[16];
|
||||
for (size_t i = 0; i < 16; i++) {
|
||||
key_bytes[i] = i;
|
||||
}
|
||||
SECItem ivItem = {siBuffer, iv_bytes, 16};
|
||||
|
||||
SECItem* param = PK11_ParamFromIV(cipher, &ivItem);
|
||||
|
||||
key = PK11_ImportSymKey(slot, cipher, PK11_OriginUnwrap, CKA_ENCRYPT,
|
||||
&keyItem, NULL);
|
||||
ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, key, param);
|
||||
ASSERT_TRUE(key);
|
||||
ASSERT_TRUE(ctx);
|
||||
|
||||
uint8_t outbuf[128];
|
||||
// This is supposed to fail for Chacha20. This is because the underlying
|
||||
// PK11_CipherOp operation is calling the C_EncryptUpdate function for
|
||||
// which multi-part is disabled for ChaCha20 in counter mode.
|
||||
ASSERT_EQ(GetBytes(ctx, outbuf, 7), SECFailure);
|
||||
|
||||
PK11_FreeSymKey(key);
|
||||
PK11_FreeSlot(slot);
|
||||
SECITEM_FreeItem(param, PR_TRUE);
|
||||
PK11_DestroyContext(ctx, PR_TRUE);
|
||||
NSS_ShutdownContext(globalctx);
|
||||
}
|
||||
|
||||
} // namespace nss_test
|
||||
|
@ -81,7 +81,7 @@ ChaCha20Poly1305_InitContext(ChaCha20Poly1305Context *ctx,
|
||||
PORT_SetError(SEC_ERROR_BAD_KEY);
|
||||
return SECFailure;
|
||||
}
|
||||
if (tagLen == 0 || tagLen > 16) {
|
||||
if (tagLen != 16) {
|
||||
PORT_SetError(SEC_ERROR_INPUT_LEN);
|
||||
return SECFailure;
|
||||
}
|
||||
|
@ -984,10 +984,6 @@ sftk_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
|
||||
crv = CKR_KEY_TYPE_INCONSISTENT;
|
||||
break;
|
||||
}
|
||||
if (pMechanism->ulParameterLen < 8) {
|
||||
crv = CKR_DOMAIN_PARAMS_INVALID;
|
||||
break;
|
||||
}
|
||||
t = NSS_DES_CBC;
|
||||
goto finish_des;
|
||||
case CKM_DES3_ECB:
|
||||
@ -1005,12 +1001,13 @@ sftk_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
|
||||
crv = CKR_KEY_TYPE_INCONSISTENT;
|
||||
break;
|
||||
}
|
||||
if (pMechanism->ulParameterLen < 8) {
|
||||
t = NSS_DES_EDE3_CBC;
|
||||
finish_des:
|
||||
if ((t != NSS_DES && t != NSS_DES_EDE3) && (pMechanism->pParameter == NULL ||
|
||||
pMechanism->ulParameterLen < 8)) {
|
||||
crv = CKR_DOMAIN_PARAMS_INVALID;
|
||||
break;
|
||||
}
|
||||
t = NSS_DES_EDE3_CBC;
|
||||
finish_des:
|
||||
context->blockSize = 8;
|
||||
att = sftk_FindAttribute(key, CKA_VALUE);
|
||||
if (att == NULL) {
|
||||
@ -1259,6 +1256,7 @@ sftk_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
|
||||
unsigned char *nonce;
|
||||
unsigned long counter_len;
|
||||
unsigned long nonce_len;
|
||||
context->multi = PR_FALSE;
|
||||
if (pMechanism->mechanism == CKM_NSS_CHACHA20_CTR) {
|
||||
if (key_type != CKK_NSS_CHACHA20) {
|
||||
crv = CKR_KEY_TYPE_INCONSISTENT;
|
||||
|
Loading…
Reference in New Issue
Block a user