diff options
author | Benjamin Beurdouche <bbeurdouche@mozilla.com> | 2020-07-18 00:13:14 +0000 |
---|---|---|
committer | Benjamin Beurdouche <bbeurdouche@mozilla.com> | 2020-07-18 00:13:14 +0000 |
commit | 4a0d2dcd789dd5bb100b0c36ee4e05d488140e00 (patch) | |
tree | 8d55646e73a7ce5e07f6f25f1032176cdfcc4def | |
parent | 1f3869123503ad1b85bd7aa2cfcdac49b5f09471 (diff) | |
download | nss-hg-4a0d2dcd789dd5bb100b0c36ee4e05d488140e00.tar.gz |
Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20. r=kjacobs,rrelyea
Depends on D74801
Differential Revision: https://phabricator.services.mozilla.com/D83994
-rw-r--r-- | gtests/pk11_gtest/pk11_cipherop_unittest.cc | 49 | ||||
-rw-r--r-- | lib/softoken/pkcs11c.c | 1 |
2 files changed, 50 insertions, 0 deletions
diff --git a/gtests/pk11_gtest/pk11_cipherop_unittest.cc b/gtests/pk11_gtest/pk11_cipherop_unittest.cc index 38982fd88..700750cc9 100644 --- a/gtests/pk11_gtest/pk11_cipherop_unittest.cc +++ b/gtests/pk11_gtest/pk11_cipherop_unittest.cc @@ -77,4 +77,53 @@ TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOps) { NSS_ShutdownContext(globalctx); } +TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOpsChaCha20) { + PK11SlotInfo* slot; + PK11SymKey* key; + PK11Context* ctx; + + NSSInitContext* globalctx = + NSS_InitContext("", "", "", "", NULL, + NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB | + NSS_INIT_FORCEOPEN | NSS_INIT_NOROOTINIT); + + const CK_MECHANISM_TYPE cipher = CKM_NSS_CHACHA20_CTR; + + slot = PK11_GetInternalSlot(); + ASSERT_TRUE(slot); + + // Use arbitrary bytes for the ChaCha20 key and IV + uint8_t key_bytes[32]; + for (size_t i = 0; i < 32; i++) { + key_bytes[i] = i; + } + SECItem keyItem = {siBuffer, key_bytes, 32}; + + uint8_t iv_bytes[16]; + for (size_t i = 0; i < 16; i++) { + key_bytes[i] = i; + } + SECItem ivItem = {siBuffer, iv_bytes, 16}; + + SECItem* param = PK11_ParamFromIV(cipher, &ivItem); + + key = PK11_ImportSymKey(slot, cipher, PK11_OriginUnwrap, CKA_ENCRYPT, + &keyItem, NULL); + ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, key, param); + ASSERT_TRUE(key); + ASSERT_TRUE(ctx); + + uint8_t outbuf[128]; + // This is supposed to fail for Chacha20. This is because the underlying + // PK11_CipherOp operation is calling the C_EncryptUpdate function for + // which multi-part is disabled for ChaCha20 in counter mode. + ASSERT_EQ(GetBytes(ctx, outbuf, 7), SECFailure); + + PK11_FreeSymKey(key); + PK11_FreeSlot(slot); + SECITEM_FreeItem(param, PR_TRUE); + PK11_DestroyContext(ctx, PR_TRUE); + NSS_ShutdownContext(globalctx); +} + } // namespace nss_test diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c index bd8882680..8fe503685 100644 --- a/lib/softoken/pkcs11c.c +++ b/lib/softoken/pkcs11c.c @@ -1256,6 +1256,7 @@ sftk_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, unsigned char *nonce; unsigned long counter_len; unsigned long nonce_len; + context->multi = PR_FALSE; if (pMechanism->mechanism == CKM_NSS_CHACHA20_CTR) { if (key_type != CKK_NSS_CHACHA20) { crv = CKR_KEY_TYPE_INCONSISTENT; |