Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Bug 1623374 Need to support the new PKCS #11 Message interface for AE…
…S GCM and ChaCha Poly r=mt Update ssl to use the new PK11_AEADOp() interface. 1. We restore the use of PK11Context_Create() for AEAD operations. 2. AES GCM and CHACHA/Poly specific functions are no longer needed as PK11_AEADOp() handles all the mechanism specific processing. 3. TLS semantic differences between the two algorithms is handled by their parameters: 1. Nonce length is the length of the nonce counter. If it's zero, then XOR_Counter is used (and the nonce length is the sizeof(sslSequenceNumber)). 2. IV length is the full IV length - nonce length. 3. TLS 1.3 always uses XOR_Counter. 4. The IV is returned from the token in the encrypt case. Only in the explict nonce case is it examined. (The code depends on the fact that the count in the token will match sslSequenceNumber). I did have assert code to verify this was happening for testing, but it's removed from this patch it can be added back. 5. All the decrypt instances of XOR_Counter IV creation have been colapsed into tls13_WriteNonce(). 6. Even tough PK11_AEADOp returns and accepts the tag separately (for encrypt and decrypt respectively). The SSL code still returns the values as buffer||tag. 7. tls13_AEAD() has been enhanced so all uses of AEAD outside of the TLS stream can use it instead of their own wrapped version. It can handle streams (CreateContext() tls13_AEAD() tls13_AEAD() DestroyContext()) or single shot tls13_AEAD(context=NULL). In the later case, the keys for the single shot operation should not be resued. 8. libssl_internals.c in the gtests directory has been updated to handle advancing the internal iv counter when we artifically advance the seqNum. Since we don't have access to any token iv counter (including softoken), The code switches to simulated message mode, and updates the simulated state as appropriate. (obviously this is for testing only code as it reaches into normally private data structures). Differential Revision: https://phabricator.services.mozilla.com/D68480
- Loading branch information