summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBenjamin Beurdouche <bbeurdouche@mozilla.com>2020-07-18 00:13:14 +0000
committerBenjamin Beurdouche <bbeurdouche@mozilla.com>2020-07-18 00:13:14 +0000
commit7554bfbd7e9f442eb95709f3b7df0c02086730be (patch)
treebdc14c5bc6562055a0c1ba5d1709dcf425f031d5
parentc803f3e828bff91f4186c518f18222b89af988e0 (diff)
downloadnss-hg-7554bfbd7e9f442eb95709f3b7df0c02086730be.tar.gz
Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20. r=kjacobs,rrelyea
Depends on D74801 Differential Revision: https://phabricator.services.mozilla.com/D83994
-rw-r--r--gtests/pk11_gtest/pk11_cipherop_unittest.cc49
-rw-r--r--lib/softoken/pkcs11c.c1
2 files changed, 50 insertions, 0 deletions
diff --git a/gtests/pk11_gtest/pk11_cipherop_unittest.cc b/gtests/pk11_gtest/pk11_cipherop_unittest.cc
index 38982fd88..700750cc9 100644
--- a/gtests/pk11_gtest/pk11_cipherop_unittest.cc
+++ b/gtests/pk11_gtest/pk11_cipherop_unittest.cc
@@ -77,4 +77,53 @@ TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOps) {
NSS_ShutdownContext(globalctx);
}
+TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOpsChaCha20) {
+ PK11SlotInfo* slot;
+ PK11SymKey* key;
+ PK11Context* ctx;
+
+ NSSInitContext* globalctx =
+ NSS_InitContext("", "", "", "", NULL,
+ NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB |
+ NSS_INIT_FORCEOPEN | NSS_INIT_NOROOTINIT);
+
+ const CK_MECHANISM_TYPE cipher = CKM_NSS_CHACHA20_CTR;
+
+ slot = PK11_GetInternalSlot();
+ ASSERT_TRUE(slot);
+
+ // Use arbitrary bytes for the ChaCha20 key and IV
+ uint8_t key_bytes[32];
+ for (size_t i = 0; i < 32; i++) {
+ key_bytes[i] = i;
+ }
+ SECItem keyItem = {siBuffer, key_bytes, 32};
+
+ uint8_t iv_bytes[16];
+ for (size_t i = 0; i < 16; i++) {
+ key_bytes[i] = i;
+ }
+ SECItem ivItem = {siBuffer, iv_bytes, 16};
+
+ SECItem* param = PK11_ParamFromIV(cipher, &ivItem);
+
+ key = PK11_ImportSymKey(slot, cipher, PK11_OriginUnwrap, CKA_ENCRYPT,
+ &keyItem, NULL);
+ ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, key, param);
+ ASSERT_TRUE(key);
+ ASSERT_TRUE(ctx);
+
+ uint8_t outbuf[128];
+ // This is supposed to fail for Chacha20. This is because the underlying
+ // PK11_CipherOp operation is calling the C_EncryptUpdate function for
+ // which multi-part is disabled for ChaCha20 in counter mode.
+ ASSERT_EQ(GetBytes(ctx, outbuf, 7), SECFailure);
+
+ PK11_FreeSymKey(key);
+ PK11_FreeSlot(slot);
+ SECITEM_FreeItem(param, PR_TRUE);
+ PK11_DestroyContext(ctx, PR_TRUE);
+ NSS_ShutdownContext(globalctx);
+}
+
} // namespace nss_test
diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c
index bd8882680..8fe503685 100644
--- a/lib/softoken/pkcs11c.c
+++ b/lib/softoken/pkcs11c.c
@@ -1256,6 +1256,7 @@ sftk_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
unsigned char *nonce;
unsigned long counter_len;
unsigned long nonce_len;
+ context->multi = PR_FALSE;
if (pMechanism->mechanism == CKM_NSS_CHACHA20_CTR) {
if (key_type != CKK_NSS_CHACHA20) {
crv = CKR_KEY_TYPE_INCONSISTENT;