diff -up firefox-91.2.0/Cargo.toml.fips-quic firefox-91.2.0/Cargo.toml

--- firefox-91.2.0/Cargo.toml.fips-quic	2021-10-21 09:40:17.235999423 +0200

+++ firefox-91.2.0/Cargo.toml	2021-10-21 11:21:06.746558028 +0200

@@ -109,3 +109,12 @@ path = "third_party/rust/failure"

 [patch.crates-io.prost-derive]

 path = "third_party/rust/prost-derive"

+

+[patch."https://github.com/mozilla/neqo"]

+neqo-crypto = { path = "third_party/rust/neqo-crypto" }

+neqo-transport = { path = "third_party/rust/neqo-transport" }

+neqo-qpack = { path = "third_party/rust/neqo-qpack" }

+neqo-common = { path = "third_party/rust/neqo-common" }

+

+

+

diff -up firefox-91.2.0/third_party/rust/neqo-crypto/bindings/bindings.toml.fips-quic firefox-91.2.0/third_party/rust/neqo-crypto/bindings/bindings.toml

--- firefox-91.2.0/third_party/rust/neqo-crypto/bindings/bindings.toml.fips-quic	2021-09-28 18:41:34.000000000 +0200

+++ firefox-91.2.0/third_party/rust/neqo-crypto/bindings/bindings.toml	2021-10-21 08:49:01.762221759 +0200

@@ -163,7 +163,7 @@ functions = [

     "PK11_GetKeyData",

     "PK11_GetMechanism",

     "PK11_HPKE_Serialize",

-    "PK11_ImportSymKey",

+    "PK11_ImportDataKey",

     "PK11_ReadRawAttribute",

     "PK11_ReferenceSymKey",

     "SECITEM_FreeItem",

@@ -196,11 +196,10 @@ variables = [

     "CKM_AES_ECB",

     "CKM_AES_GCM",

     "CKM_EC_KEY_PAIR_GEN",

+    "CKM_HKDF_DERIVE",

     "CKM_INVALID_MECHANISM",

     "CKM_NSS_CHACHA20_CTR",

     "CKM_NSS_CHACHA20_POLY1305",

-    "CKM_NSS_HKDF_SHA256",

-    "CKM_NSS_HKDF_SHA384",

     "PK11_ATTR_INSENSITIVE",

     "PK11_ATTR_PRIVATE",

     "PK11_ATTR_PUBLIC",

diff -up firefox-91.2.0/third_party/rust/neqo-crypto/Cargo.toml.fips-quic firefox-91.2.0/third_party/rust/neqo-crypto/Cargo.toml

diff -up firefox-91.2.0/third_party/rust/neqo-crypto/src/hkdf.rs.fips-quic firefox-91.2.0/third_party/rust/neqo-crypto/src/hkdf.rs

--- firefox-91.2.0/third_party/rust/neqo-crypto/src/hkdf.rs.fips-quic	2021-09-28 18:41:44.000000000 +0200

+++ firefox-91.2.0/third_party/rust/neqo-crypto/src/hkdf.rs	2021-10-21 08:49:01.763221763 +0200

@@ -10,8 +10,8 @@ use crate::constants::{

 };

 use crate::err::{Error, Res};

 use crate::p11::{

-    random, Item, PK11Origin, PK11SymKey, PK11_ImportSymKey, Slot, SymKey, CKA_DERIVE,

-    CKM_NSS_HKDF_SHA256, CKM_NSS_HKDF_SHA384, CK_ATTRIBUTE_TYPE, CK_MECHANISM_TYPE,

+    random, Item, PK11Origin, PK11SymKey, PK11_ImportDataKey, Slot, SymKey, CKA_DERIVE,

+    CKM_HKDF_DERIVE, CK_ATTRIBUTE_TYPE, CK_MECHANISM_TYPE,

 };

 use std::convert::TryFrom;

@@ -52,27 +52,22 @@ fn key_size(version: Version, cipher: Ci

 /// # Errors

 /// Only if NSS fails.

 pub fn generate_key(version: Version, cipher: Cipher) -> Res<SymKey> {

-    import_key(version, cipher, &random(key_size(version, cipher)?))

+    import_key(version, &random(key_size(version, cipher)?))

 }

 /// Import a symmetric key for use with HKDF.

 ///

 /// # Errors

 /// Errors returned if the key buffer is an incompatible size or the NSS functions fail.

-pub fn import_key(version: Version, cipher: Cipher, buf: &[u8]) -> Res<SymKey> {

+pub fn import_key(version: Version, buf: &[u8]) -> Res<SymKey> {

     if version != TLS_VERSION_1_3 {

         return Err(Error::UnsupportedVersion);

     }

-    let mech = match cipher {

-        TLS_AES_128_GCM_SHA256 | TLS_CHACHA20_POLY1305_SHA256 => CKM_NSS_HKDF_SHA256,

-        TLS_AES_256_GCM_SHA384 => CKM_NSS_HKDF_SHA384,

-        _ => return Err(Error::UnsupportedCipher),

-    };

     let slot = Slot::internal()?;

     let key_ptr = unsafe {

-        PK11_ImportSymKey(

+        PK11_ImportDataKey(

             *slot,

-            CK_MECHANISM_TYPE::from(mech),

+            CK_MECHANISM_TYPE::from(CKM_HKDF_DERIVE),

             PK11Origin::PK11_OriginUnwrap,

             CK_ATTRIBUTE_TYPE::from(CKA_DERIVE),

             &mut Item::wrap(buf),

diff -up firefox-91.2.0/third_party/rust/neqo-crypto/src/selfencrypt.rs.fips-quic firefox-91.2.0/third_party/rust/neqo-crypto/src/selfencrypt.rs

--- firefox-91.2.0/third_party/rust/neqo-crypto/src/selfencrypt.rs.fips-quic	2021-09-28 18:41:41.000000000 +0200

+++ firefox-91.2.0/third_party/rust/neqo-crypto/src/selfencrypt.rs	2021-10-21 08:49:01.763221763 +0200

@@ -41,7 +41,7 @@ impl SelfEncrypt {

     fn make_aead(&self, k: &SymKey, salt: &[u8]) -> Res<Aead> {

         debug_assert_eq!(salt.len(), Self::SALT_LENGTH);

-        let salt = hkdf::import_key(self.version, self.cipher, salt)?;

+        let salt = hkdf::import_key(self.version, salt)?;

         let secret = hkdf::extract(self.version, self.cipher, Some(&salt), k)?;

         Aead::new(self.version, self.cipher, &secret, "neqo self")

     }

diff -up firefox-91.2.0/third_party/rust/neqo-crypto/tests/aead.rs.fips-quic firefox-91.2.0/third_party/rust/neqo-crypto/tests/aead.rs

--- firefox-91.2.0/third_party/rust/neqo-crypto/tests/aead.rs.fips-quic	2021-09-28 18:41:35.000000000 +0200

+++ firefox-91.2.0/third_party/rust/neqo-crypto/tests/aead.rs	2021-10-21 08:49:01.764221767 +0200

@@ -26,7 +26,6 @@ fn make_aead(cipher: Cipher) -> Aead {

     let secret = hkdf::import_key(

         TLS_VERSION_1_3,

-        cipher,

         &[

             0x47, 0xb2, 0xea, 0xea, 0x6c, 0x26, 0x6e, 0x32, 0xc0, 0x69, 0x7a, 0x9e, 0x2a, 0x89,

             0x8b, 0xdf, 0x5c, 0x4f, 0xb3, 0xe5, 0xac, 0x34, 0xf0, 0xe5, 0x49, 0xbf, 0x2c, 0x58,

diff -up firefox-91.2.0/third_party/rust/neqo-crypto/tests/hkdf.rs.fips-quic firefox-91.2.0/third_party/rust/neqo-crypto/tests/hkdf.rs

--- firefox-91.2.0/third_party/rust/neqo-crypto/tests/hkdf.rs.fips-quic	2021-09-28 18:41:44.000000000 +0200

+++ firefox-91.2.0/third_party/rust/neqo-crypto/tests/hkdf.rs	2021-10-21 08:49:01.764221767 +0200

@@ -38,8 +38,8 @@ fn cipher_hash_len(cipher: Cipher) -> us

 fn import_keys(cipher: Cipher) -> (SymKey, SymKey) {

     let l = cipher_hash_len(cipher);

     (

-        hkdf::import_key(TLS_VERSION_1_3, cipher, &SALT[0..l]).expect("import salt"),

-        hkdf::import_key(TLS_VERSION_1_3, cipher, &IKM[0..l]).expect("import IKM"),

+        hkdf::import_key(TLS_VERSION_1_3, &SALT[0..l]).expect("import salt"),

+        hkdf::import_key(TLS_VERSION_1_3, &IKM[0..l]).expect("import IKM"),

     )

 }

diff -up firefox-91.2.0/third_party/rust/neqo-crypto/tests/hp.rs.fips-quic firefox-91.2.0/third_party/rust/neqo-crypto/tests/hp.rs

--- firefox-91.2.0/third_party/rust/neqo-crypto/tests/hp.rs.fips-quic	2021-09-28 18:41:44.000000000 +0200

+++ firefox-91.2.0/third_party/rust/neqo-crypto/tests/hp.rs	2021-10-21 08:49:01.764221767 +0200

@@ -9,7 +9,7 @@ use neqo_crypto::hp::HpKey;

 use test_fixture::fixture_init;

 fn make_hp(cipher: Cipher) -> HpKey {

-    let ikm = hkdf::import_key(TLS_VERSION_1_3, cipher, &[;; 16]).expect("import IKM");

+    let ikm = hkdf::import_key(TLS_VERSION_1_3, &[;; 16]).expect("import IKM");

     let prk = hkdf::extract(TLS_VERSION_1_3, cipher, None, &ikm).expect("extract works");

     HpKey::extract(TLS_VERSION_1_3, cipher, &prk, "hp").expect("extract label works")

 }

diff -up firefox-91.2.0/third_party/rust/neqo-http3/Cargo.toml.fips-quic firefox-91.2.0/third_party/rust/neqo-http3/Cargo.toml

diff -up firefox-91.2.0/third_party/rust/neqo-qpack/Cargo.toml.fips-quic firefox-91.2.0/third_party/rust/neqo-qpack/Cargo.toml

diff -up firefox-91.2.0/third_party/rust/neqo-transport/Cargo.toml.fips-quic firefox-91.2.0/third_party/rust/neqo-transport/Cargo.toml

diff -up firefox-91.2.0/third_party/rust/neqo-transport/src/crypto.rs.fips-quic firefox-91.2.0/third_party/rust/neqo-transport/src/crypto.rs

--- firefox-91.2.0/third_party/rust/neqo-transport/src/crypto.rs.fips-quic	2021-09-28 18:41:44.000000000 +0200

+++ firefox-91.2.0/third_party/rust/neqo-transport/src/crypto.rs	2021-10-21 08:49:01.765221771 +0200

@@ -432,14 +432,8 @@ impl CryptoDxState {

         let initial_secret = hkdf::extract(

             TLS_VERSION_1_3,

             cipher,

-            Some(

-                hkdf::import_key(TLS_VERSION_1_3, cipher, salt)

-                    .as_ref()

-                    .unwrap(),

-            ),

-            hkdf::import_key(TLS_VERSION_1_3, cipher, dcid)

-                .as_ref()

-                .unwrap(),

+            Some(hkdf::import_key(TLS_VERSION_1_3, salt).as_ref().unwrap()),

+            hkdf::import_key(TLS_VERSION_1_3, dcid).as_ref().unwrap(),

         )

         .unwrap();

@@ -1094,8 +1088,7 @@ impl CryptoStates {

         let app_read = |epoch| CryptoDxAppData {

             dx: read(epoch),

             cipher: TLS_AES_128_GCM_SHA256,

-            next_secret: hkdf::import_key(TLS_VERSION_1_3, TLS_AES_128_GCM_SHA256, &[0xaa; 32])

-                .unwrap(),

+            next_secret: hkdf::import_key(TLS_VERSION_1_3, &[0xaa; 32]).unwrap(),

         };

         Self {

             initial: Some(CryptoState {

@@ -1120,8 +1113,7 @@ impl CryptoStates {

             0x00, 0xa1, 0x54, 0x43, 0xf1, 0x82, 0x03, 0xa0, 0x7d, 0x60, 0x60, 0xf6, 0x88, 0xf3,

             0x0f, 0x21, 0x63, 0x2b,

         ];

-        let secret =

-            hkdf::import_key(TLS_VERSION_1_3, TLS_CHACHA20_POLY1305_SHA256, SECRET).unwrap();

+        let secret = hkdf::import_key(TLS_VERSION_1_3, SECRET).unwrap();

         let app_read = |epoch| CryptoDxAppData {

             dx: CryptoDxState {

                 direction: CryptoDxDirection::Read,

diff -up firefox-91.2.0/third_party/rust/neqo-transport/src/packet/retry.rs.fips-quic firefox-91.2.0/third_party/rust/neqo-transport/src/packet/retry.rs

--- firefox-91.2.0/third_party/rust/neqo-transport/src/packet/retry.rs.fips-quic	2021-09-28 18:41:34.000000000 +0200

+++ firefox-91.2.0/third_party/rust/neqo-transport/src/packet/retry.rs	2021-10-21 08:49:01.766221775 +0200

@@ -28,7 +28,7 @@ fn make_aead(secret: &[u8]) -> Aead {

     #[cfg(debug_assertions)]

     ::neqo_crypto::assert_initialized();

-    let secret = hkdf::import_key(TLS_VERSION_1_3, TLS_AES_128_GCM_SHA256, secret).unwrap();

+    let secret = hkdf::import_key(TLS_VERSION_1_3, secret).unwrap();

     Aead::new(TLS_VERSION_1_3, TLS_AES_128_GCM_SHA256, &secret, "quic ").unwrap()

 }

 thread_local!(static RETRY_AEAD_29: RefCell<Aead> = RefCell::new(make_aead(RETRY_SECRET_29)));

diff -up firefox-91.2.0/third_party/rust/neqo-transport/tests/common/mod.rs.fips-quic firefox-91.2.0/third_party/rust/neqo-transport/tests/common/mod.rs

--- firefox-91.2.0/third_party/rust/neqo-transport/tests/common/mod.rs.fips-quic	2021-09-28 18:41:34.000000000 +0200

+++ firefox-91.2.0/third_party/rust/neqo-transport/tests/common/mod.rs	2021-10-21 08:49:01.766221775 +0200

@@ -121,13 +121,11 @@ pub fn client_initial_aead_and_hp(dcid:

         TLS_VERSION_1_3,

         TLS_AES_128_GCM_SHA256,

         Some(

-            hkdf::import_key(TLS_VERSION_1_3, TLS_AES_128_GCM_SHA256, INITIAL_SALT)

+            hkdf::import_key(TLS_VERSION_1_3, INITIAL_SALT)

                 .as_ref()

                 .unwrap(),

         ),

-        hkdf::import_key(TLS_VERSION_1_3, TLS_AES_128_GCM_SHA256, dcid)

-            .as_ref()

-            .unwrap(),

+        hkdf::import_key(TLS_VERSION_1_3, dcid).as_ref().unwrap(),

     )

     .unwrap();