Blame SOURCES/nss-3.53.1-chacha-multi.patch

892bb0
892bb0
# HG changeset patch
892bb0
# User Benjamin Beurdouche <bbeurdouche@mozilla.com>
892bb0
# Date 1595031194 0
892bb0
# Node ID f282556e6cc7715f5754aeaadda6f902590e7e38
892bb0
# Parent  89733253df83ef7fe8dd0d49f6370b857e93d325
892bb0
Bug 1636771 - Disable PKCS11 incremental mode for ChaCha20. r=kjacobs,rrelyea
892bb0
892bb0
Depends on D74801
892bb0
892bb0
Differential Revision: https://phabricator.services.mozilla.com/D83994
892bb0
892bb0
diff --git a/gtests/pk11_gtest/pk11_cipherop_unittest.cc b/gtests/pk11_gtest/pk11_cipherop_unittest.cc
892bb0
--- a/gtests/pk11_gtest/pk11_cipherop_unittest.cc
892bb0
+++ b/gtests/pk11_gtest/pk11_cipherop_unittest.cc
892bb0
@@ -72,9 +72,58 @@ TEST(Pkcs11CipherOp, SingleCtxMultipleUn
892bb0
   ASSERT_EQ(GetBytes(ctx, outbuf, 17), SECSuccess);
892bb0
 
892bb0
   PK11_FreeSymKey(key);
892bb0
   PK11_FreeSlot(slot);
892bb0
   PK11_DestroyContext(ctx, PR_TRUE);
892bb0
   NSS_ShutdownContext(globalctx);
892bb0
 }
892bb0
 
892bb0
+TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOpsChaCha20) {
892bb0
+  PK11SlotInfo* slot;
892bb0
+  PK11SymKey* key;
892bb0
+  PK11Context* ctx;
892bb0
+
892bb0
+  NSSInitContext* globalctx =
892bb0
+      NSS_InitContext("", "", "", "", NULL,
892bb0
+                      NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB |
892bb0
+                          NSS_INIT_FORCEOPEN | NSS_INIT_NOROOTINIT);
892bb0
+
892bb0
+  const CK_MECHANISM_TYPE cipher = CKM_NSS_CHACHA20_CTR;
892bb0
+
892bb0
+  slot = PK11_GetInternalSlot();
892bb0
+  ASSERT_TRUE(slot);
892bb0
+
892bb0
+  // Use arbitrary bytes for the ChaCha20 key and IV
892bb0
+  uint8_t key_bytes[32];
892bb0
+  for (size_t i = 0; i < 32; i++) {
892bb0
+    key_bytes[i] = i;
892bb0
+  }
892bb0
+  SECItem keyItem = {siBuffer, key_bytes, 32};
892bb0
+
892bb0
+  uint8_t iv_bytes[16];
892bb0
+  for (size_t i = 0; i < 16; i++) {
892bb0
+    key_bytes[i] = i;
892bb0
+  }
892bb0
+  SECItem ivItem = {siBuffer, iv_bytes, 16};
892bb0
+
892bb0
+  SECItem* param = PK11_ParamFromIV(cipher, &ivItem);
892bb0
+
892bb0
+  key = PK11_ImportSymKey(slot, cipher, PK11_OriginUnwrap, CKA_ENCRYPT,
892bb0
+                          &keyItem, NULL);
892bb0
+  ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, key, param);
892bb0
+  ASSERT_TRUE(key);
892bb0
+  ASSERT_TRUE(ctx);
892bb0
+
892bb0
+  uint8_t outbuf[128];
892bb0
+  // This is supposed to fail for Chacha20. This is because the underlying
892bb0
+  // PK11_CipherOp operation is calling the C_EncryptUpdate function for
892bb0
+  // which multi-part is disabled for ChaCha20 in counter mode.
892bb0
+  ASSERT_EQ(GetBytes(ctx, outbuf, 7), SECFailure);
892bb0
+
892bb0
+  PK11_FreeSymKey(key);
892bb0
+  PK11_FreeSlot(slot);
892bb0
+  SECITEM_FreeItem(param, PR_TRUE);
892bb0
+  PK11_DestroyContext(ctx, PR_TRUE);
892bb0
+  NSS_ShutdownContext(globalctx);
892bb0
+}
892bb0
+
892bb0
 }  // namespace nss_test
892bb0
diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c
892bb0
--- a/lib/softoken/pkcs11c.c
892bb0
+++ b/lib/softoken/pkcs11c.c
892bb0
@@ -1251,16 +1251,17 @@ sftk_CryptInit(CK_SESSION_HANDLE hSessio
892bb0
 
892bb0
         case CKM_NSS_CHACHA20_CTR: /* old NSS private version */
892bb0
         case CKM_CHACHA20:         /* PKCS #11 v3 version */
892bb0
         {
892bb0
             unsigned char *counter;
892bb0
             unsigned char *nonce;
892bb0
             unsigned long counter_len;
892bb0
             unsigned long nonce_len;
892bb0
+            context->multi = PR_FALSE;
892bb0
             if (pMechanism->mechanism == CKM_NSS_CHACHA20_CTR) {
892bb0
                 if (key_type != CKK_NSS_CHACHA20) {
892bb0
                     crv = CKR_KEY_TYPE_INCONSISTENT;
892bb0
                     break;
892bb0
                 }
892bb0
                 if (pMechanism->pParameter == NULL || pMechanism->ulParameterLen != 16) {
892bb0
                     crv = CKR_MECHANISM_PARAM_INVALID;
892bb0
                     break;
892bb0