Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20. r=kjacobs…
…,rrelyea

Depends on D74801

Differential Revision: https://phabricator.services.mozilla.com/D83994

--HG--
branch : NSS_3_53_BRANCH
extra : transplant_source : aSb%DF%F5%AD%CE%C5y%CCv%9E%3A%D0%DB%FE%29%D2%A8o
  • Loading branch information
beurdouche committed Jul 18, 2020
1 parent cfcf556 commit 4d767bf
Show file tree
Hide file tree
Showing 2 changed files with 50 additions and 0 deletions.
49 changes: 49 additions & 0 deletions gtests/pk11_gtest/pk11_cipherop_unittest.cc
Expand Up @@ -77,4 +77,53 @@ TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOps) {
NSS_ShutdownContext(globalctx);
}

TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOpsChaCha20) {
PK11SlotInfo* slot;
PK11SymKey* key;
PK11Context* ctx;

NSSInitContext* globalctx =
NSS_InitContext("", "", "", "", NULL,
NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB |
NSS_INIT_FORCEOPEN | NSS_INIT_NOROOTINIT);

const CK_MECHANISM_TYPE cipher = CKM_NSS_CHACHA20_CTR;

slot = PK11_GetInternalSlot();
ASSERT_TRUE(slot);

// Use arbitrary bytes for the ChaCha20 key and IV
uint8_t key_bytes[32];
for (size_t i = 0; i < 32; i++) {
key_bytes[i] = i;
}
SECItem keyItem = {siBuffer, key_bytes, 32};

uint8_t iv_bytes[16];
for (size_t i = 0; i < 16; i++) {
key_bytes[i] = i;
}
SECItem ivItem = {siBuffer, iv_bytes, 16};

SECItem* param = PK11_ParamFromIV(cipher, &ivItem);

key = PK11_ImportSymKey(slot, cipher, PK11_OriginUnwrap, CKA_ENCRYPT,
&keyItem, NULL);
ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, key, param);
ASSERT_TRUE(key);
ASSERT_TRUE(ctx);

uint8_t outbuf[128];
// This is supposed to fail for Chacha20. This is because the underlying
// PK11_CipherOp operation is calling the C_EncryptUpdate function for
// which multi-part is disabled for ChaCha20 in counter mode.
ASSERT_EQ(GetBytes(ctx, outbuf, 7), SECFailure);

PK11_FreeSymKey(key);
PK11_FreeSlot(slot);
SECITEM_FreeItem(param, PR_TRUE);
PK11_DestroyContext(ctx, PR_TRUE);
NSS_ShutdownContext(globalctx);
}

} // namespace nss_test
1 change: 1 addition & 0 deletions lib/softoken/pkcs11c.c
Expand Up @@ -1256,6 +1256,7 @@ sftk_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
unsigned char *nonce;
unsigned long counter_len;
unsigned long nonce_len;
context->multi = PR_FALSE;
if (pMechanism->mechanism == CKM_NSS_CHACHA20_CTR) {
if (key_type != CKK_NSS_CHACHA20) {
crv = CKR_KEY_TYPE_INCONSISTENT;
Expand Down

0 comments on commit 4d767bf

Please sign in to comment.