7 files changed, 143 insertions, 2 deletions

diff --git a/lib/freebl/blapi.h b/lib/freebl/blapi.h
index 6f806884e..3d1ff7269 100644
--- a/lib/freebl/blapi.h
+++ b/lib/freebl/blapi.h
@@ -1043,6 +1043,27 @@ Camellia_Decrypt(CamelliaContext *cx, unsigned char *output,
 
 /******************************************/
 /*
+** ChaCha20 block cipher
+*/
+
+extern SECStatus ChaCha20_InitContext(ChaCha20Context *ctx,
+                                      const unsigned char *key,
+                                      unsigned int keyLen,
+                                      const unsigned char *nonce,
+                                      unsigned int nonceLen,
+                                      PRUint32 ctr);
+
+extern ChaCha20Context *ChaCha20_CreateContext(const unsigned char *key,
+                                               unsigned int keyLen,
+                                               const unsigned char *nonce,
+                                               unsigned int nonceLen,
+                                               PRUint32 ctr);
+
+extern void ChaCha20_DestroyContext(ChaCha20Context *ctx, PRBool freeit);
+
+
+/******************************************/
+/*
 ** ChaCha20+Poly1305 AEAD
 */
 
diff --git a/lib/freebl/blapit.h b/lib/freebl/blapit.h
index 03cf96381..0054e17b8 100644
--- a/lib/freebl/blapit.h
+++ b/lib/freebl/blapit.h
@@ -245,6 +245,7 @@ struct SHA256ContextStr;
 struct SHA512ContextStr;
 struct AESKeyWrapContextStr;
 struct SEEDContextStr;
+struct ChaCha20ContextStr;
 struct ChaCha20Poly1305ContextStr;
 struct Blake2bContextStr;
 
@@ -265,6 +266,7 @@ typedef struct SHA512ContextStr SHA512Context;
 typedef struct SHA512ContextStr SHA384Context;
 typedef struct AESKeyWrapContextStr AESKeyWrapContext;
 typedef struct SEEDContextStr SEEDContext;
+typedef struct ChaCha20ContextStr ChaCha20Context;
 typedef struct ChaCha20Poly1305ContextStr ChaCha20Poly1305Context;
 typedef struct Blake2bContextStr BLAKE2BContext;
 
diff --git a/lib/freebl/chacha20poly1305.c b/lib/freebl/chacha20poly1305.c
index aa1a63fe4..746fdb7a2 100644
--- a/lib/freebl/chacha20poly1305.c
+++ b/lib/freebl/chacha20poly1305.c
@@ -84,6 +84,66 @@ Chacha20Poly1305_vsx_aead_decrypt(uint8_t *k, uint8_t *n1, uint32_t aadlen,
                                   uint8_t *cipher, uint8_t *mac);
 
 SECStatus
+ChaCha20_InitContext(ChaCha20Context *ctx, const unsigned char *key,
+                     unsigned int keyLen, const unsigned char *nonce,
+                     unsigned int nonceLen, PRUint32 ctr)
+{
+#ifdef NSS_DISABLE_CHACHAPOLY
+    return SECFailure;
+#else
+    if (keyLen != 32) {
+        PORT_SetError(SEC_ERROR_BAD_KEY);
+        return SECFailure;
+    }
+    if (nonceLen != 12) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    ctx->counter = ctr;
+    PORT_Memcpy(ctx->key, key, sizeof(ctx->key));
+    PORT_Memcpy(ctx->nonce, nonce, sizeof(ctx->nonce));
+
+    return SECSuccess;
+#endif
+}
+
+ChaCha20Context *
+ChaCha20_CreateContext(const unsigned char *key, unsigned int keyLen,
+                       const unsigned char *nonce, unsigned int nonceLen,
+                       PRUint32 ctr)
+{
+#ifdef NSS_DISABLE_CHACHAPOLY
+    return NULL;
+#else
+    ChaCha20Context *ctx;
+
+    ctx = PORT_New(ChaCha20Context);
+    if (ctx == NULL) {
+        return NULL;
+    }
+
+    if (ChaCha20_InitContext(ctx, key, keyLen, nonce, nonceLen, ctr) != SECSuccess) {
+        PORT_Free(ctx);
+        ctx = NULL;
+    }
+
+    return ctx;
+#endif
+}
+
+void
+ChaCha20_DestroyContext(ChaCha20Context *ctx, PRBool freeit)
+{
+#ifndef NSS_DISABLE_CHACHAPOLY
+    PORT_Memset(ctx, 0, sizeof(*ctx));
+    if (freeit) {
+        PORT_Free(ctx);
+    }
+#endif
+}
+
+SECStatus
 ChaCha20Poly1305_InitContext(ChaCha20Poly1305Context *ctx,
                              const unsigned char *key, unsigned int keyLen,
                              unsigned int tagLen)
diff --git a/lib/freebl/chacha20poly1305.h b/lib/freebl/chacha20poly1305.h
index c77632aa1..fff528af3 100644
--- a/lib/freebl/chacha20poly1305.h
+++ b/lib/freebl/chacha20poly1305.h
@@ -12,4 +12,10 @@ struct ChaCha20Poly1305ContextStr {
     unsigned char tagLen;
 };
 
+struct ChaCha20ContextStr {
+    unsigned char key[32];
+    unsigned char nonce[12];
+    PRUint32 counter;
+};
+
 #endif /* _CHACHA20_POLY1305_H_ */
diff --git a/lib/freebl/ldvector.c b/lib/freebl/ldvector.c
index f14425f21..ac3b862b5 100644
--- a/lib/freebl/ldvector.c
+++ b/lib/freebl/ldvector.c
@@ -371,9 +371,14 @@ static const struct FREEBLVectorStr vector =
       AESKeyWrap_DecryptKWP,
 
       /* End of version 3.023 */
-      KEA_PrimeCheck
+      KEA_PrimeCheck,
 
       /* End of version 3.024 */
+      ChaCha20_InitContext,
+      ChaCha20_CreateContext,
+      ChaCha20_DestroyContext
+
+      /* End of version 3.025 */
     };
 
 const FREEBLVector*
diff --git a/lib/freebl/loader.c b/lib/freebl/loader.c
index 891516fa5..3c61471de 100644
--- a/lib/freebl/loader.c
+++ b/lib/freebl/loader.c
@@ -2159,6 +2159,36 @@ ChaCha20_Xor(unsigned char *output, const unsigned char *block, unsigned int len
 }
 
 SECStatus
+ChaCha20_InitContext(ChaCha20Context *ctx, const unsigned char *key,
+                                           unsigned int keyLen,
+                                           const unsigned char *nonce,
+                                           unsigned int nonceLen,
+                                           PRUint32 ctr)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_ChaCha20_InitContext)(ctx, key, keyLen, nonce, nonceLen, ctr);
+}
+
+ChaCha20Context *
+ChaCha20_CreateContext(const unsigned char *key, unsigned int keyLen,
+                       const unsigned char *nonce, unsigned int nonceLen,
+                       PRUint32 ctr)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_ChaCha20_CreateContext)(key, keyLen, nonce, nonceLen, ctr);
+}
+
+void
+ChaCha20_DestroyContext(ChaCha20Context *ctx, PRBool freeit)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_ChaCha20_DestroyContext)(ctx, freeit);
+}
+
+SECStatus
 ChaCha20Poly1305_InitContext(ChaCha20Poly1305Context *ctx,
                              const unsigned char *key, unsigned int keyLen,
                              unsigned int tagLen)
diff --git a/lib/freebl/loader.h b/lib/freebl/loader.h
index 0b5ee5ef0..eb3046d27 100644
--- a/lib/freebl/loader.h
+++ b/lib/freebl/loader.h
@@ -10,7 +10,7 @@
 
 #include "blapi.h"
 
-#define FREEBL_VERSION 0x0324
+#define FREEBL_VERSION 0x0325
 
 struct FREEBLVectorStr {
 
@@ -815,6 +815,23 @@ struct FREEBLVectorStr {
     PRBool (*p_KEA_PrimeCheck)(SECItem *prime);
     /* Version 3.024 came to here */
 
+    SECStatus (*p_ChaCha20_InitContext)(ChaCha20Context *ctx,
+                                        const unsigned char *key,
+                                        unsigned int keyLen,
+                                        const unsigned char *nonce,
+                                        unsigned int nonceLen,
+                                        PRUint32 ctr);
+
+    ChaCha20Context *(*p_ChaCha20_CreateContext)(const unsigned char *key,
+                                                 unsigned int keyLen,
+                                                 const unsigned char *nonce,
+                                                 unsigned int nonceLen,
+                                                 PRUint32 ctr);
+
+    void (*p_ChaCha20_DestroyContext)(ChaCha20Context *ctx, PRBool freeit);
+
+    /* Version 3.025 came to here */
+
     /* Add new function pointers at the end of this struct and bump
      * FREEBL_VERSION at the beginning of this file. */
 };