1. 22 Dec, 2020 1 commit
  2. 18 Dec, 2020 1 commit
    • Robert Relyea's avatar
      Bug 1651411 New tlsfuzzer code can still detect timing issues in RSA operations. · 3a48c7de
      Robert Relyea authored
      This patch defeats Bleichenbacher by not trying to hide the size of the
      decrypted text, but to hide if the text succeeded for failed. This is done
      by generating a fake returned text that's based on the key and the cipher text,
      so the fake data is always the same for the same key and cipher text. Both the
      length and the plain text are generated with a prf.
      
      Here's the proposed spec the patch codes to:
      
          1. Use SHA-256 to hash the private exponent encoded as a big-endian integer to a string the same length as the public modulus. Keep this value secret. (this is just an optimisation so that the implementation doesn't have to serialise the key over and over again)
          2. Check the length of input according to step one of https://tools.ietf.org/html/rfc8017#section-7.2.2
          3. When provided with a ciphertext, use SHA-256 HMAC(key=hash_from_step1, text=ciphertext) to generate the key derivation key
          4. Use SHA-256 HMAC with key derivation key as the key and a two-byte big-endian iterator concatenated with byte string "length" with the big-endian representation of 2048 (0x0800) as the bit length of the generated string.
            - Iterate this PRF 8 times to generate a 256 byte string
          5. initialise the length of synthetic message to 0
          6. split the PRF output into 2 byte strings, convert into big-endian integers, zero-out high-order bits so that they have the same bit length as the octet length of the maximum acceptable message size (k-11), select the last integer that is no larger than (k-11) or remain at 0 if no integer is smaller than (k-11); this selection needs to be performed using a side-channel free operators
          7. Use SHA-256 HMAC with key derivation key as the key and a two-byte big-endian iterator concatenated with byte string "message" with the big-endian representation of k*8
            - use this PRF to generate k bytes of output (right-truncate last HMAC call if the number of generated bytes is not a multiple of SHA-256 output size)
          8. perform the RSA decryption as described in step 2 of section 7.2.2 of rfc8017
          9. Verify the EM message padding as described in step 3 of section 7.2.2 of rfc8017, but instead of outputting "decryption error", return the last l bytes of the "message" PRF, when l is the selected synthetic message length using the "length" PRF, make this decision and copy using side-channel free operation
      
      Differential Revision: https://phabricator.services.mozilla.com/D99843
      3a48c7de
  3. 11 Dec, 2020 1 commit
  4. 08 Sep, 2020 1 commit
  5. 12 May, 2020 1 commit
  6. 19 Feb, 2020 1 commit
  7. 14 Feb, 2020 1 commit
  8. 16 Jan, 2020 1 commit
  9. 29 Aug, 2019 1 commit
  10. 12 Aug, 2019 1 commit
  11. 13 Aug, 2019 1 commit
  12. 03 May, 2019 1 commit
  13. 02 May, 2019 2 commits
  14. 15 May, 2019 1 commit
  15. 14 May, 2019 1 commit
  16. 13 May, 2019 1 commit
  17. 19 Dec, 2018 1 commit
    • Jonas Allmann's avatar
      Bug 1514999 - Add wycheproof Curve25519 testcases to nss, r=franziskus · 69203eee
      Jonas Allmann authored
      Differential Revision: https://phabricator.services.mozilla.com/D14843
      
      --HG--
      rename : gtests/common/chachapoly-vectors.h => gtests/common/testvectors/chachapoly-vectors.h
      rename : gtests/common/gcm-vectors.h => gtests/common/testvectors/gcm-vectors.h
      rename : gtests/common/wycheproof/header_bases/chachapoly-vectors.h => gtests/common/testvectors_base/chachapoly-vectors_base.h
      rename : gtests/common/wycheproof/header_bases/gcm-vectors.h => gtests/common/testvectors_base/gcm-vectors_base.h
      rename : gtests/common/wycheproof/testvectors/aes_gcm_test.json => gtests/common/wycheproof/source_vectors/aes_gcm_test.json
      rename : gtests/common/wycheproof/testvectors/chacha20_poly1305_test.json => gtests/common/wycheproof/source_vectors/chacha20_poly1305_test.json
      extra : amend_source : c6a4e9bc385e669347b13bbe1703eed65e385d6c
      69203eee
  18. 30 Nov, 2018 1 commit
  19. 31 Oct, 2018 1 commit
  20. 03 Aug, 2018 1 commit
    • Franziskus Kiefer's avatar
      Bug 1479787 - build mozpkix as part of NSS, r=mt,keeler · 53850b92
      Franziskus Kiefer authored
      Differential Revision: https://phabricator.services.mozilla.com/D2719
      Differential Revision: https://phabricator.services.mozilla.com/D2720
      Differential Revision: https://phabricator.services.mozilla.com/D2861
      
      --HG--
      rename : cpputil/scoped_ptrs.h => cpputil/nss_scoped_ptrs.h
      rename : lib/mozpkix/test/gtest/README.txt => gtests/mozpkix_gtest/README.txt
      rename : lib/mozpkix/test/gtest/pkixbuild_tests.cpp => gtests/mozpkix_gtest/pkixbuild_tests.cpp
      rename : lib/mozpkix/test/gtest/pkixcert_extension_tests.cpp => gtests/mozpkix_gtest/pkixcert_extension_tests.cpp
      rename : lib/mozpkix/test/gtest/pkixcert_signature_algorithm_tests.cpp => gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp
      rename : lib/mozpkix/test/gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp => gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp
      rename : lib/mozpkix/test/gtest/pkixcheck_CheckIssuer_tests.cpp => gtests/mozpkix_gtest/pkixcheck_CheckIssuer_tests.cpp
      rename : lib/mozpkix/test/gtest/pkixcheck_CheckKeyUsage_tests.cpp => gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp
      rename : lib/mozpkix/test/gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp => gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp
      rename : lib/mozpkix/test/gtest/pkixcheck_CheckValidity_tests.cpp => gtests/mozpkix_gtest/pkixcheck_CheckValidity_tests.cpp
      rename : lib/mozpkix/test/gtest/pkixcheck_ParseValidity_tests.cpp => gtests/mozpkix_gtest/pkixcheck_ParseValidity_tests.cpp
      rename : lib/mozpkix/test/gtest/pkixcheck_TLSFeaturesSatisfiedInternal_tests.cpp => gtests/mozpkix_gtest/pkixcheck_TLSFeaturesSatisfiedInternal_tests.cpp
      rename : lib/mozpkix/test/gtest/pkixder_input_tests.cpp => gtests/mozpkix_gtest/pkixder_input_tests.cpp
      rename : lib/mozpkix/test/gtest/pkixder_pki_types_tests.cpp => gtests/mozpkix_gtest/pkixder_pki_types_tests.cpp
      rename : lib/mozpkix/test/gtest/pkixder_universal_types_tests.cpp => gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp
      rename : lib/mozpkix/test/gtest/pkixgtest.cpp => gtests/mozpkix_gtest/pkixgtest.cpp
      rename : lib/mozpkix/test/gtest/pkixgtest.h => gtests/mozpkix_gtest/pkixgtest.h
      rename : lib/mozpkix/test/gtest/pkixnames_tests.cpp => gtests/mozpkix_gtest/pkixnames_tests.cpp
      rename : lib/mozpkix/test/gtest/pkixocsp_CreateEncodedOCSPRequest_tests.cpp => gtests/mozpkix_gtest/pkixocsp_CreateEncodedOCSPRequest_tests.cpp
      rename : lib/mozpkix/test/gtest/pkixocsp_VerifyEncodedOCSPResponse.cpp => gtests/mozpkix_gtest/pkixocsp_VerifyEncodedOCSPResponse.cpp
      rename : lib/mozpkix/test/lib/pkixtestnss.h => lib/mozpkix/include/pkix-test/pkixtestnss.h
      rename : lib/mozpkix/test/lib/pkixtestutil.h => lib/mozpkix/include/pkix-test/pkixtestutil.h
      rename : lib/mozpkix/lib/pkixcheck.h => lib/mozpkix/include/pkix/pkixcheck.h
      rename : lib/mozpkix/lib/pkixder.h => lib/mozpkix/include/pkix/pkixder.h
      rename : lib/mozpkix/lib/pkixutil.h => lib/mozpkix/include/pkix/pkixutil.h
      rename : lib/mozpkix/test/lib/pkixtestalg.cpp => lib/mozpkix/test-lib/pkixtestalg.cpp
      rename : lib/mozpkix/test/lib/pkixtestnss.cpp => lib/mozpkix/test-lib/pkixtestnss.cpp
      rename : lib/mozpkix/test/lib/pkixtestutil.cpp => lib/mozpkix/test-lib/pkixtestutil.cpp
      extra : rebase_source : 7b1375fef0c8e0c361f44d16f69c31d0bd6d0b41
      53850b92
  21. 14 Feb, 2018 1 commit
  22. 19 Dec, 2017 1 commit
  23. 07 Nov, 2017 1 commit
  24. 29 Jun, 2017 1 commit
  25. 09 Jun, 2017 2 commits
  26. 04 May, 2017 1 commit
  27. 10 May, 2017 1 commit
  28. 08 May, 2017 1 commit
  29. 25 Apr, 2017 1 commit
  30. 04 Apr, 2017 1 commit
  31. 31 May, 2017 1 commit
  32. 23 May, 2017 1 commit
  33. 09 May, 2017 1 commit
  34. 28 Feb, 2017 1 commit
  35. 10 Feb, 2017 1 commit
  36. 25 Jan, 2017 1 commit
  37. 16 Jan, 2017 1 commit
  38. 17 Nov, 2016 1 commit