Bug 1534468 - Expose ChaCha20 primitive through PKCS#11, r=ekr

Summary: This adds a "CTR" mode for ChaCha20. This takes a composite 16 octet "IV", which is internally decomposed into a nonce and counter. This operates like a CTR mode cipher on arbitrary input, up to the ChaCha20 limit of 2^32 x 64 octet blocks. The counter provided is a starting counter and it is incremented if more than 64 octets of input is provided. Reviewers: ekr Tags: #secure-revision Bug #: 1534468 Differential Revision: https://phabricator.services.mozilla.com/D23060
author: Martin Thomson <mt@lowentropy.net> 2019-03-12 10:37:17 +1100
committer: Martin Thomson <mt@lowentropy.net> 2019-03-12 10:37:17 +1100
commit: 6e2602485df141d1e07eac88af4bf6db3c3c75e4 (patch)
tree: 23890742413c8d1b80e1e628e3279ef5e728f1e7 /lib/pk11wrap
parent: fbfe67489f995b561e8c501d274492045203aa20 (diff)
download: nss-hg-6e2602485df141d1e07eac88af4bf6db3c3c75e4.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/pk11wrap/pk11mech.c b/lib/pk11wrap/pk11mech.c
index 48e50dff4..874980882 100644
--- a/lib/pk11wrap/pk11mech.c
+++ b/lib/pk11wrap/pk11mech.c
@@ -226,6 +226,7 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type, unsigned long len)
             return CKK_CAMELLIA;
         case CKM_NSS_CHACHA20_POLY1305:
         case CKM_NSS_CHACHA20_KEY_GEN:
+        case CKM_NSS_CHACHA20_CTR:
             return CKK_NSS_CHACHA20;
         case CKM_AES_ECB:
         case CKM_AES_CBC:
@@ -440,6 +441,7 @@ PK11_GetKeyGenWithSize(CK_MECHANISM_TYPE type, int size)
         case CKM_CAMELLIA_KEY_GEN:
             return CKM_CAMELLIA_KEY_GEN;
         case CKM_NSS_CHACHA20_POLY1305:
+        case CKM_NSS_CHACHA20_CTR:
             return CKM_NSS_CHACHA20_KEY_GEN;
         case CKM_AES_ECB:
         case CKM_AES_CBC:
@@ -730,6 +732,9 @@ PK11_GetBlockSize(CK_MECHANISM_TYPE type, SECItem *params)
         case CKM_RSA_X_509:
             /*actually it's the modulus length of the key!*/
             return -1; /* failure */
+        case CKM_NSS_CHACHA20_POLY1305:
+        case CKM_NSS_CHACHA20_CTR:
+            return 64;
         default:
             return pk11_lookup(type)->blockSize;
     }
@@ -784,12 +789,16 @@ PK11_GetIVLength(CK_MECHANISM_TYPE type)
         case CKM_CAST3_CBC_PAD:
         case CKM_CAST5_CBC_PAD:
             return 8;
+        case CKM_AES_GCM:
+        case CKM_NSS_CHACHA20_POLY1305:
+            return 12;
         case CKM_SEED_CBC:
         case CKM_SEED_CBC_PAD:
         case CKM_CAMELLIA_CBC:
         case CKM_CAMELLIA_CBC_PAD:
         case CKM_AES_CBC:
         case CKM_AES_CBC_PAD:
+        case CKM_NSS_CHACHA20_CTR:
             return 16;
         case CKM_SKIPJACK_CBC64:
         case CKM_SKIPJACK_ECB64:
author	Martin Thomson <mt@lowentropy.net>	2019-03-12 10:37:17 +1100
committer	Martin Thomson <mt@lowentropy.net>	2019-03-12 10:37:17 +1100
commit	6e2602485df141d1e07eac88af4bf6db3c3c75e4 (patch)
tree	23890742413c8d1b80e1e628e3279ef5e728f1e7 /lib/pk11wrap
parent	fbfe67489f995b561e8c501d274492045203aa20 (diff)
download	nss-hg-6e2602485df141d1e07eac88af4bf6db3c3c75e4.tar.gz