OLD | NEW |
1 diff --git a/nss/lib/freebl/blapi.h b/nss/lib/freebl/blapi.h | 1 diff --git a/lib/freebl/blapi.h b/lib/freebl/blapi.h |
2 index 8324714..682be76 100644 | 2 index 8324714..682be76 100644 |
3 --- a/nss/lib/freebl/blapi.h | 3 --- a/lib/freebl/blapi.h |
4 +++ b/nss/lib/freebl/blapi.h | 4 +++ b/lib/freebl/blapi.h |
5 @@ -986,6 +986,38 @@ Camellia_Decrypt(CamelliaContext *cx, unsigned char *output
, | 5 @@ -986,6 +986,38 @@ Camellia_Decrypt(CamelliaContext *cx, unsigned char *output
, |
6 unsigned int *outputLen, unsigned int maxOutputLen, | 6 unsigned int *outputLen, unsigned int maxOutputLen, |
7 const unsigned char *input, unsigned int inputLen); | 7 const unsigned char *input, unsigned int inputLen); |
8 | 8 |
9 +/******************************************/ | 9 +/******************************************/ |
10 +/* | 10 +/* |
11 +** ChaCha20+Poly1305 AEAD | 11 +** ChaCha20+Poly1305 AEAD |
12 +*/ | 12 +*/ |
13 + | 13 + |
14 +extern SECStatus | 14 +extern SECStatus |
(...skipping 19 matching lines...) Expand all Loading... |
34 +extern SECStatus | 34 +extern SECStatus |
35 +ChaCha20Poly1305_Open(const ChaCha20Poly1305Context *ctx, | 35 +ChaCha20Poly1305_Open(const ChaCha20Poly1305Context *ctx, |
36 + unsigned char *output, unsigned int *outputLen, | 36 + unsigned char *output, unsigned int *outputLen, |
37 + unsigned int maxOutputLen, | 37 + unsigned int maxOutputLen, |
38 + const unsigned char *input, unsigned int inputLen, | 38 + const unsigned char *input, unsigned int inputLen, |
39 + const unsigned char *nonce, unsigned int nonceLen, | 39 + const unsigned char *nonce, unsigned int nonceLen, |
40 + const unsigned char *ad, unsigned int adLen); | 40 + const unsigned char *ad, unsigned int adLen); |
41 | 41 |
42 /******************************************/ | 42 /******************************************/ |
43 /* | 43 /* |
44 diff --git a/nss/lib/freebl/blapit.h b/nss/lib/freebl/blapit.h | 44 diff --git a/lib/freebl/blapit.h b/lib/freebl/blapit.h |
45 index 8e172d4..5726dc7 100644 | 45 index 8e172d4..5726dc7 100644 |
46 --- a/nss/lib/freebl/blapit.h | 46 --- a/lib/freebl/blapit.h |
47 +++ b/nss/lib/freebl/blapit.h | 47 +++ b/lib/freebl/blapit.h |
48 @@ -222,6 +222,7 @@ struct SHA256ContextStr ; | 48 @@ -222,6 +222,7 @@ struct SHA256ContextStr ; |
49 struct SHA512ContextStr ; | 49 struct SHA512ContextStr ; |
50 struct AESKeyWrapContextStr ; | 50 struct AESKeyWrapContextStr ; |
51 struct SEEDContextStr ; | 51 struct SEEDContextStr ; |
52 +struct ChaCha20Poly1305ContextStr; | 52 +struct ChaCha20Poly1305ContextStr; |
53 | 53 |
54 typedef struct DESContextStr DESContext; | 54 typedef struct DESContextStr DESContext; |
55 typedef struct RC2ContextStr RC2Context; | 55 typedef struct RC2ContextStr RC2Context; |
56 @@ -240,6 +241,7 @@ typedef struct SHA512ContextStr SHA512Context; | 56 @@ -240,6 +241,7 @@ typedef struct SHA512ContextStr SHA512Context; |
57 typedef struct SHA512ContextStr SHA384Context; | 57 typedef struct SHA512ContextStr SHA384Context; |
58 typedef struct AESKeyWrapContextStr AESKeyWrapContext; | 58 typedef struct AESKeyWrapContextStr AESKeyWrapContext; |
59 typedef struct SEEDContextStr SEEDContext; | 59 typedef struct SEEDContextStr SEEDContext; |
60 +typedef struct ChaCha20Poly1305ContextStr ChaCha20Poly1305Context; | 60 +typedef struct ChaCha20Poly1305ContextStr ChaCha20Poly1305Context; |
61 | 61 |
62 /*************************************************************************** | 62 /*************************************************************************** |
63 ** RSA Public and Private Key structures | 63 ** RSA Public and Private Key structures |
64 diff --git a/nss/lib/freebl/chacha20/chacha20.c b/nss/lib/freebl/chacha20/chacha
20.c | 64 diff --git a/lib/freebl/chacha20/chacha20.c b/lib/freebl/chacha20/chacha20.c |
65 new file mode 100644 | 65 new file mode 100644 |
66 index 0000000..ca0b1ff | 66 index 0000000..ca0b1ff |
67 --- /dev/null | 67 --- /dev/null |
68 +++ b/nss/lib/freebl/chacha20/chacha20.c | 68 +++ b/lib/freebl/chacha20/chacha20.c |
69 @@ -0,0 +1,108 @@ | 69 @@ -0,0 +1,108 @@ |
70 +/* This Source Code Form is subject to the terms of the Mozilla Public | 70 +/* This Source Code Form is subject to the terms of the Mozilla Public |
71 + * License, v. 2.0. If a copy of the MPL was not distributed with this | 71 + * License, v. 2.0. If a copy of the MPL was not distributed with this |
72 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 72 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
73 + | 73 + |
74 +/* Adopted from the public domain code in NaCl by djb. */ | 74 +/* Adopted from the public domain code in NaCl by djb. */ |
75 + | 75 + |
76 +#include <string.h> | 76 +#include <string.h> |
77 +#include <stdio.h> | 77 +#include <stdio.h> |
78 + | 78 + |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
168 + out += 64; | 168 + out += 64; |
169 + } | 169 + } |
170 + | 170 + |
171 + if (inLen > 0) { | 171 + if (inLen > 0) { |
172 + ChaChaCore(block, input, 20); | 172 + ChaChaCore(block, input, 20); |
173 + for (i = 0; i < inLen; i++) { | 173 + for (i = 0; i < inLen; i++) { |
174 + out[i] = in[i] ^ block[i]; | 174 + out[i] = in[i] ^ block[i]; |
175 + } | 175 + } |
176 + } | 176 + } |
177 +} | 177 +} |
178 diff --git a/nss/lib/freebl/chacha20/chacha20.h b/nss/lib/freebl/chacha20/chacha
20.h | 178 diff --git a/lib/freebl/chacha20/chacha20.h b/lib/freebl/chacha20/chacha20.h |
179 new file mode 100644 | 179 new file mode 100644 |
180 index 0000000..6336ba7 | 180 index 0000000..6336ba7 |
181 --- /dev/null | 181 --- /dev/null |
182 +++ b/nss/lib/freebl/chacha20/chacha20.h | 182 +++ b/lib/freebl/chacha20/chacha20.h |
183 @@ -0,0 +1,22 @@ | 183 @@ -0,0 +1,22 @@ |
184 +/* | 184 +/* |
185 + * chacha20.h - header file for ChaCha20 implementation. | 185 + * chacha20.h - header file for ChaCha20 implementation. |
186 + * | 186 + * |
187 + * This Source Code Form is subject to the terms of the Mozilla Public | 187 + * This Source Code Form is subject to the terms of the Mozilla Public |
188 + * License, v. 2.0. If a copy of the MPL was not distributed with this | 188 + * License, v. 2.0. If a copy of the MPL was not distributed with this |
189 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 189 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
190 + | 190 + |
191 +#ifndef FREEBL_CHACHA20_H_ | 191 +#ifndef FREEBL_CHACHA20_H_ |
192 +#define FREEBL_CHACHA20_H_ | 192 +#define FREEBL_CHACHA20_H_ |
193 + | 193 + |
194 +#include <stdint.h> | 194 +#include <stdint.h> |
195 + | 195 + |
196 +/* ChaCha20XOR encrypts |inLen| bytes from |in| with the given key and | 196 +/* ChaCha20XOR encrypts |inLen| bytes from |in| with the given key and |
197 + * nonce and writes the result to |out|, which may be equal to |in|. The | 197 + * nonce and writes the result to |out|, which may be equal to |in|. The |
198 + * initial block counter is specified by |counter|. */ | 198 + * initial block counter is specified by |counter|. */ |
199 +extern void ChaCha20XOR(unsigned char *out, | 199 +extern void ChaCha20XOR(unsigned char *out, |
200 + const unsigned char *in, unsigned int inLen, | 200 + const unsigned char *in, unsigned int inLen, |
201 + const unsigned char key[32], | 201 + const unsigned char key[32], |
202 + const unsigned char nonce[8], | 202 + const unsigned char nonce[8], |
203 + uint64_t counter); | 203 + uint64_t counter); |
204 + | 204 + |
205 +#endif /* FREEBL_CHACHA20_H_ */ | 205 +#endif /* FREEBL_CHACHA20_H_ */ |
206 diff --git a/nss/lib/freebl/chacha20/chacha20_vec.c b/nss/lib/freebl/chacha20/ch
acha20_vec.c | 206 diff --git a/lib/freebl/chacha20/chacha20_vec.c b/lib/freebl/chacha20/chacha20_v
ec.c |
207 new file mode 100644 | 207 new file mode 100644 |
208 index 0000000..c3573b3 | 208 index 0000000..c3573b3 |
209 --- /dev/null | 209 --- /dev/null |
210 +++ b/nss/lib/freebl/chacha20/chacha20_vec.c | 210 +++ b/lib/freebl/chacha20/chacha20_vec.c |
211 @@ -0,0 +1,281 @@ | 211 @@ -0,0 +1,281 @@ |
212 +/* This Source Code Form is subject to the terms of the Mozilla Public | 212 +/* This Source Code Form is subject to the terms of the Mozilla Public |
213 + * License, v. 2.0. If a copy of the MPL was not distributed with this | 213 + * License, v. 2.0. If a copy of the MPL was not distributed with this |
214 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 214 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
215 + | 215 + |
216 +/* This implementation is by Ted Krovetz and was submitted to SUPERCOP and | 216 +/* This implementation is by Ted Krovetz and was submitted to SUPERCOP and |
217 + * marked as public domain. It was been altered to allow for non-aligned inputs | 217 + * marked as public domain. It was been altered to allow for non-aligned inputs |
218 + * and to allow the block counter to be passed in specifically. */ | 218 + * and to allow the block counter to be passed in specifically. */ |
219 + | 219 + |
220 +#include <string.h> | 220 +#include <string.h> |
(...skipping 262 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
483 + } | 483 + } |
484 + } else { | 484 + } else { |
485 + buf[0] = REVV_BE(v0 + s0); | 485 + buf[0] = REVV_BE(v0 + s0); |
486 + } | 486 + } |
487 + | 487 + |
488 + for (i=inlen & ~15; i<inlen; i++) { | 488 + for (i=inlen & ~15; i<inlen; i++) { |
489 + ((char *)op)[i] = ((char *)ip)[i] ^ ((char *)buf)[i]; | 489 + ((char *)op)[i] = ((char *)ip)[i] ^ ((char *)buf)[i]; |
490 + } | 490 + } |
491 + } | 491 + } |
492 +} | 492 +} |
493 diff --git a/nss/lib/freebl/chacha20poly1305.c b/nss/lib/freebl/chacha20poly1305
.c | 493 diff --git a/lib/freebl/chacha20poly1305.c b/lib/freebl/chacha20poly1305.c |
494 new file mode 100644 | 494 new file mode 100644 |
495 index 0000000..6fa5c4b | 495 index 0000000..6fa5c4b |
496 --- /dev/null | 496 --- /dev/null |
497 +++ b/nss/lib/freebl/chacha20poly1305.c | 497 +++ b/lib/freebl/chacha20poly1305.c |
498 @@ -0,0 +1,169 @@ | 498 @@ -0,0 +1,169 @@ |
499 +/* This Source Code Form is subject to the terms of the Mozilla Public | 499 +/* This Source Code Form is subject to the terms of the Mozilla Public |
500 + * License, v. 2.0. If a copy of the MPL was not distributed with this | 500 + * License, v. 2.0. If a copy of the MPL was not distributed with this |
501 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 501 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
502 + | 502 + |
503 +#ifdef FREEBL_NO_DEPEND | 503 +#ifdef FREEBL_NO_DEPEND |
504 +#include "stubs.h" | 504 +#include "stubs.h" |
505 +#endif | 505 +#endif |
506 + | 506 + |
507 +#include <string.h> | 507 +#include <string.h> |
(...skipping 150 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
658 + Poly1305Do(tag, ad, adLen, input, inputLen - ctx->tagLen, block); | 658 + Poly1305Do(tag, ad, adLen, input, inputLen - ctx->tagLen, block); |
659 + if (NSS_SecureMemcmp(tag, &input[inputLen - ctx->tagLen], ctx->tagLen) != 0
) { | 659 + if (NSS_SecureMemcmp(tag, &input[inputLen - ctx->tagLen], ctx->tagLen) != 0
) { |
660 + PORT_SetError(SEC_ERROR_BAD_DATA); | 660 + PORT_SetError(SEC_ERROR_BAD_DATA); |
661 + return SECFailure; | 661 + return SECFailure; |
662 + } | 662 + } |
663 + | 663 + |
664 + ChaCha20XOR(output, input, inputLen - ctx->tagLen, ctx->key, nonce, 1); | 664 + ChaCha20XOR(output, input, inputLen - ctx->tagLen, ctx->key, nonce, 1); |
665 + | 665 + |
666 + return SECSuccess; | 666 + return SECSuccess; |
667 +} | 667 +} |
668 diff --git a/nss/lib/freebl/chacha20poly1305.h b/nss/lib/freebl/chacha20poly1305
.h | 668 diff --git a/lib/freebl/chacha20poly1305.h b/lib/freebl/chacha20poly1305.h |
669 new file mode 100644 | 669 new file mode 100644 |
670 index 0000000..c77632a | 670 index 0000000..c77632a |
671 --- /dev/null | 671 --- /dev/null |
672 +++ b/nss/lib/freebl/chacha20poly1305.h | 672 +++ b/lib/freebl/chacha20poly1305.h |
673 @@ -0,0 +1,15 @@ | 673 @@ -0,0 +1,15 @@ |
674 +/* This Source Code Form is subject to the terms of the Mozilla Public | 674 +/* This Source Code Form is subject to the terms of the Mozilla Public |
675 + * License, v. 2.0. If a copy of the MPL was not distributed with this | 675 + * License, v. 2.0. If a copy of the MPL was not distributed with this |
676 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 676 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
677 + | 677 + |
678 +#ifndef _CHACHA20_POLY1305_H_ | 678 +#ifndef _CHACHA20_POLY1305_H_ |
679 +#define _CHACHA20_POLY1305_H_ 1 | 679 +#define _CHACHA20_POLY1305_H_ 1 |
680 + | 680 + |
681 +/* ChaCha20Poly1305ContextStr saves the key and tag length for a | 681 +/* ChaCha20Poly1305ContextStr saves the key and tag length for a |
682 + * ChaCha20+Poly1305 AEAD operation. */ | 682 + * ChaCha20+Poly1305 AEAD operation. */ |
683 +struct ChaCha20Poly1305ContextStr { | 683 +struct ChaCha20Poly1305ContextStr { |
684 + unsigned char key[32]; | 684 + unsigned char key[32]; |
685 + unsigned char tagLen; | 685 + unsigned char tagLen; |
686 +}; | 686 +}; |
687 + | 687 + |
688 +#endif /* _CHACHA20_POLY1305_H_ */ | 688 +#endif /* _CHACHA20_POLY1305_H_ */ |
689 diff --git a/nss/lib/freebl/poly1305/poly1305-donna-x64-sse2-incremental-source.
c b/nss/lib/freebl/poly1305/poly1305-donna-x64-sse2-incremental-source.c | 689 diff --git a/lib/freebl/poly1305/poly1305-donna-x64-sse2-incremental-source.c b/
lib/freebl/poly1305/poly1305-donna-x64-sse2-incremental-source.c |
690 new file mode 100644 | 690 new file mode 100644 |
691 index 0000000..38cbf35 | 691 index 0000000..38cbf35 |
692 --- /dev/null | 692 --- /dev/null |
693 +++ b/nss/lib/freebl/poly1305/poly1305-donna-x64-sse2-incremental-source.c | 693 +++ b/lib/freebl/poly1305/poly1305-donna-x64-sse2-incremental-source.c |
694 @@ -0,0 +1,623 @@ | 694 @@ -0,0 +1,623 @@ |
695 +/* This Source Code Form is subject to the terms of the Mozilla Public | 695 +/* This Source Code Form is subject to the terms of the Mozilla Public |
696 + * License, v. 2.0. If a copy of the MPL was not distributed with this | 696 + * License, v. 2.0. If a copy of the MPL was not distributed with this |
697 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 697 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
698 + | 698 + |
699 +/* This implementation of poly1305 is by Andrew Moon | 699 +/* This implementation of poly1305 is by Andrew Moon |
700 + * (https://github.com/floodyberry/poly1305-donna) and released as public | 700 + * (https://github.com/floodyberry/poly1305-donna) and released as public |
701 + * domain. It implements SIMD vectorization based on the algorithm described in | 701 + * domain. It implements SIMD vectorization based on the algorithm described in |
702 + * http://cr.yp.to/papers.html#neoncrypto. Unrolled to 2 powers, i.e. 64 byte | 702 + * http://cr.yp.to/papers.html#neoncrypto. Unrolled to 2 powers, i.e. 64 byte |
703 + * block size. */ | 703 + * block size. */ |
(...skipping 604 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1308 + /* pad */ | 1308 + /* pad */ |
1309 + t0 = ((uint64_t)p->R23.d[3] << 32) | (uint64_t)p->R23.d[1]; | 1309 + t0 = ((uint64_t)p->R23.d[3] << 32) | (uint64_t)p->R23.d[1]; |
1310 + t1 = ((uint64_t)p->R24.d[3] << 32) | (uint64_t)p->R24.d[1]; | 1310 + t1 = ((uint64_t)p->R24.d[3] << 32) | (uint64_t)p->R24.d[1]; |
1311 + h0 += (t0 & 0xfffffffffff) ; c = (h0 >> 44); h0 &= 0xfffffffffff; t0
= shr128_pair(t1, t0, 44); | 1311 + h0 += (t0 & 0xfffffffffff) ; c = (h0 >> 44); h0 &= 0xfffffffffff; t0
= shr128_pair(t1, t0, 44); |
1312 + h1 += (t0 & 0xfffffffffff) + c; c = (h1 >> 44); h1 &= 0xfffffffffff; t1
= (t1 >> 24); | 1312 + h1 += (t0 & 0xfffffffffff) + c; c = (h1 >> 44); h1 &= 0xfffffffffff; t1
= (t1 >> 24); |
1313 + h2 += (t1 ) + c; | 1313 + h2 += (t1 ) + c; |
1314 + | 1314 + |
1315 + U64TO8_LE(mac + 0, ((h0 ) | (h1 << 44))); | 1315 + U64TO8_LE(mac + 0, ((h0 ) | (h1 << 44))); |
1316 + U64TO8_LE(mac + 8, ((h1 >> 20) | (h2 << 24))); | 1316 + U64TO8_LE(mac + 8, ((h1 >> 20) | (h2 << 24))); |
1317 +} | 1317 +} |
1318 diff --git a/nss/lib/freebl/poly1305/poly1305.c b/nss/lib/freebl/poly1305/poly13
05.c | 1318 diff --git a/lib/freebl/poly1305/poly1305.c b/lib/freebl/poly1305/poly1305.c |
1319 new file mode 100644 | 1319 new file mode 100644 |
1320 index 0000000..d86048a | 1320 index 0000000..d86048a |
1321 --- /dev/null | 1321 --- /dev/null |
1322 +++ b/nss/lib/freebl/poly1305/poly1305.c | 1322 +++ b/lib/freebl/poly1305/poly1305.c |
1323 @@ -0,0 +1,254 @@ | 1323 @@ -0,0 +1,254 @@ |
1324 +/* This Source Code Form is subject to the terms of the Mozilla Public | 1324 +/* This Source Code Form is subject to the terms of the Mozilla Public |
1325 + * License, v. 2.0. If a copy of the MPL was not distributed with this | 1325 + * License, v. 2.0. If a copy of the MPL was not distributed with this |
1326 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 1326 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
1327 + | 1327 + |
1328 +/* This implementation of poly1305 is by Andrew Moon | 1328 +/* This implementation of poly1305 is by Andrew Moon |
1329 + * (https://github.com/floodyberry/poly1305-donna) and released as public | 1329 + * (https://github.com/floodyberry/poly1305-donna) and released as public |
1330 + * domain. */ | 1330 + * domain. */ |
1331 + | 1331 + |
1332 +#include <string.h> | 1332 +#include <string.h> |
(...skipping 235 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1568 + f0 = ((state->h0 ) | (state->h1 << 26)) + (uint64_t)U8TO32_LE(&stat
e->key[0]); | 1568 + f0 = ((state->h0 ) | (state->h1 << 26)) + (uint64_t)U8TO32_LE(&stat
e->key[0]); |
1569 + f1 = ((state->h1 >> 6) | (state->h2 << 20)) + (uint64_t)U8TO32_LE(&stat
e->key[4]); | 1569 + f1 = ((state->h1 >> 6) | (state->h2 << 20)) + (uint64_t)U8TO32_LE(&stat
e->key[4]); |
1570 + f2 = ((state->h2 >> 12) | (state->h3 << 14)) + (uint64_t)U8TO32_LE(&stat
e->key[8]); | 1570 + f2 = ((state->h2 >> 12) | (state->h3 << 14)) + (uint64_t)U8TO32_LE(&stat
e->key[8]); |
1571 + f3 = ((state->h3 >> 18) | (state->h4 << 8)) + (uint64_t)U8TO32_LE(&stat
e->key[12]); | 1571 + f3 = ((state->h3 >> 18) | (state->h4 << 8)) + (uint64_t)U8TO32_LE(&stat
e->key[12]); |
1572 + | 1572 + |
1573 + U32TO8_LE(&mac[ 0], (uint32_t)f0); f1 += (f0 >> 32); | 1573 + U32TO8_LE(&mac[ 0], (uint32_t)f0); f1 += (f0 >> 32); |
1574 + U32TO8_LE(&mac[ 4], (uint32_t)f1); f2 += (f1 >> 32); | 1574 + U32TO8_LE(&mac[ 4], (uint32_t)f1); f2 += (f1 >> 32); |
1575 + U32TO8_LE(&mac[ 8], (uint32_t)f2); f3 += (f2 >> 32); | 1575 + U32TO8_LE(&mac[ 8], (uint32_t)f2); f3 += (f2 >> 32); |
1576 + U32TO8_LE(&mac[12], (uint32_t)f3); | 1576 + U32TO8_LE(&mac[12], (uint32_t)f3); |
1577 +} | 1577 +} |
1578 diff --git a/nss/lib/freebl/poly1305/poly1305.h b/nss/lib/freebl/poly1305/poly13
05.h | 1578 diff --git a/lib/freebl/poly1305/poly1305.h b/lib/freebl/poly1305/poly1305.h |
1579 new file mode 100644 | 1579 new file mode 100644 |
1580 index 0000000..4beb172 | 1580 index 0000000..4beb172 |
1581 --- /dev/null | 1581 --- /dev/null |
1582 +++ b/nss/lib/freebl/poly1305/poly1305.h | 1582 +++ b/lib/freebl/poly1305/poly1305.h |
1583 @@ -0,0 +1,31 @@ | 1583 @@ -0,0 +1,31 @@ |
1584 +/* | 1584 +/* |
1585 + * poly1305.h - header file for Poly1305 implementation. | 1585 + * poly1305.h - header file for Poly1305 implementation. |
1586 + * | 1586 + * |
1587 + * This Source Code Form is subject to the terms of the Mozilla Public | 1587 + * This Source Code Form is subject to the terms of the Mozilla Public |
1588 + * License, v. 2.0. If a copy of the MPL was not distributed with this | 1588 + * License, v. 2.0. If a copy of the MPL was not distributed with this |
1589 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 1589 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
1590 + | 1590 + |
1591 +#ifndef FREEBL_POLY1305_H_ | 1591 +#ifndef FREEBL_POLY1305_H_ |
1592 +#define FREEBL_POLY1305_H_ | 1592 +#define FREEBL_POLY1305_H_ |
(...skipping 12 matching lines...) Expand all Loading... |
1605 +extern void Poly1305Update(poly1305_state* state, | 1605 +extern void Poly1305Update(poly1305_state* state, |
1606 + const unsigned char *in, | 1606 + const unsigned char *in, |
1607 + size_t inLen); | 1607 + size_t inLen); |
1608 + | 1608 + |
1609 +/* Poly1305Finish completes the poly1305 calculation and writes a 16 byte | 1609 +/* Poly1305Finish completes the poly1305 calculation and writes a 16 byte |
1610 + * authentication tag to |mac|. */ | 1610 + * authentication tag to |mac|. */ |
1611 +extern void Poly1305Finish(poly1305_state* state, | 1611 +extern void Poly1305Finish(poly1305_state* state, |
1612 + unsigned char mac[16]); | 1612 + unsigned char mac[16]); |
1613 + | 1613 + |
1614 +#endif /* FREEBL_POLY1305_H_ */ | 1614 +#endif /* FREEBL_POLY1305_H_ */ |
1615 diff --git a/nss/lib/pk11wrap/pk11mech.c b/nss/lib/pk11wrap/pk11mech.c | 1615 diff --git a/lib/pk11wrap/pk11mech.c b/lib/pk11wrap/pk11mech.c |
1616 index b7a7296..edc7a9b 100644 | 1616 index 29e86e6..0ebb075 100644 |
1617 --- a/nss/lib/pk11wrap/pk11mech.c | 1617 --- a/lib/pk11wrap/pk11mech.c |
1618 +++ b/nss/lib/pk11wrap/pk11mech.c | 1618 +++ b/lib/pk11wrap/pk11mech.c |
1619 @@ -152,6 +152,8 @@ PK11_GetKeyMechanism(CK_KEY_TYPE type) | 1619 @@ -152,6 +152,8 @@ PK11_GetKeyMechanism(CK_KEY_TYPE type) |
1620 return CKM_SEED_CBC; | 1620 return CKM_SEED_CBC; |
1621 case CKK_CAMELLIA: | 1621 case CKK_CAMELLIA: |
1622 return CKM_CAMELLIA_CBC; | 1622 return CKM_CAMELLIA_CBC; |
1623 + case CKK_NSS_CHACHA20: | 1623 + case CKK_NSS_CHACHA20: |
1624 + return CKM_NSS_CHACHA20_POLY1305; | 1624 + return CKM_NSS_CHACHA20_POLY1305; |
1625 case CKK_AES: | 1625 case CKK_AES: |
1626 return CKM_AES_CBC; | 1626 return CKM_AES_CBC; |
1627 case CKK_DES: | 1627 case CKK_DES: |
1628 @@ -219,6 +221,8 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type,unsigned long len) | 1628 @@ -219,6 +221,8 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type,unsigned long len) |
1629 case CKM_CAMELLIA_CBC_PAD: | 1629 case CKM_CAMELLIA_CBC_PAD: |
1630 case CKM_CAMELLIA_KEY_GEN: | 1630 case CKM_CAMELLIA_KEY_GEN: |
1631 return CKK_CAMELLIA; | 1631 return CKK_CAMELLIA; |
1632 + case CKM_NSS_CHACHA20_POLY1305: | 1632 + case CKM_NSS_CHACHA20_POLY1305: |
1633 + return CKK_NSS_CHACHA20; | 1633 + return CKK_NSS_CHACHA20; |
1634 case CKM_AES_ECB: | 1634 case CKM_AES_ECB: |
1635 case CKM_AES_CBC: | 1635 case CKM_AES_CBC: |
1636 case CKM_AES_CCM: | 1636 case CKM_AES_CCM: |
1637 @@ -429,6 +433,8 @@ PK11_GetKeyGenWithSize(CK_MECHANISM_TYPE type, int size) | 1637 @@ -431,6 +435,8 @@ PK11_GetKeyGenWithSize(CK_MECHANISM_TYPE type, int size) |
1638 case CKM_CAMELLIA_CBC_PAD: | 1638 case CKM_CAMELLIA_CBC_PAD: |
1639 case CKM_CAMELLIA_KEY_GEN: | 1639 case CKM_CAMELLIA_KEY_GEN: |
1640 return CKM_CAMELLIA_KEY_GEN; | 1640 return CKM_CAMELLIA_KEY_GEN; |
1641 + case CKM_NSS_CHACHA20_POLY1305: | 1641 + case CKM_NSS_CHACHA20_POLY1305: |
1642 + return CKM_NSS_CHACHA20_KEY_GEN; | 1642 + return CKM_NSS_CHACHA20_KEY_GEN; |
1643 case CKM_AES_ECB: | 1643 case CKM_AES_ECB: |
1644 case CKM_AES_CBC: | 1644 case CKM_AES_CBC: |
1645 case CKM_AES_CCM: | 1645 case CKM_AES_CCM: |
1646 diff --git a/nss/lib/softoken/pkcs11.c b/nss/lib/softoken/pkcs11.c | 1646 diff --git a/lib/softoken/pkcs11.c b/lib/softoken/pkcs11.c |
1647 index bd7c4bd..716922f 100644 | 1647 index 97d6d3f..75c9e8e 100644 |
1648 --- a/nss/lib/softoken/pkcs11.c | 1648 --- a/lib/softoken/pkcs11.c |
1649 +++ b/nss/lib/softoken/pkcs11.c | 1649 +++ b/lib/softoken/pkcs11.c |
1650 @@ -370,6 +370,9 @@ static const struct mechanismList mechanisms[] = { | 1650 @@ -370,6 +370,9 @@ static const struct mechanismList mechanisms[] = { |
1651 {CKM_SEED_MAC, {16, 16, CKF_SN_VR}, PR_TRUE}, | 1651 {CKM_SEED_MAC, {16, 16, CKF_SN_VR}, PR_TRUE}, |
1652 {CKM_SEED_MAC_GENERAL, {16, 16, CKF_SN_VR}, PR_TRUE}, | 1652 {CKM_SEED_MAC_GENERAL, {16, 16, CKF_SN_VR}, PR_TRUE}, |
1653 {CKM_SEED_CBC_PAD, {16, 16, CKF_EN_DE_WR_UN}, PR_TRUE}
, | 1653 {CKM_SEED_CBC_PAD, {16, 16, CKF_EN_DE_WR_UN}, PR_TRUE}
, |
1654 + /* ------------------------- ChaCha20 Operations ---------------------- */ | 1654 + /* ------------------------- ChaCha20 Operations ---------------------- */ |
1655 + {CKM_NSS_CHACHA20_KEY_GEN, {32, 32, CKF_GENERATE}, PR_TRUE}
, | 1655 + {CKM_NSS_CHACHA20_KEY_GEN, {32, 32, CKF_GENERATE}, PR_TRUE}
, |
1656 + {CKM_NSS_CHACHA20_POLY1305,{32, 32, CKF_EN_DE}, PR_TRUE}, | 1656 + {CKM_NSS_CHACHA20_POLY1305,{32, 32, CKF_EN_DE}, PR_TRUE}, |
1657 /* ------------------------- Hashing Operations ----------------------- */ | 1657 /* ------------------------- Hashing Operations ----------------------- */ |
1658 {CKM_MD2, {0, 0, CKF_DIGEST}, PR_FALSE}, | 1658 {CKM_MD2, {0, 0, CKF_DIGEST}, PR_FALSE}, |
1659 {CKM_MD2_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE}, | 1659 {CKM_MD2_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE}, |
1660 diff --git a/nss/lib/softoken/pkcs11c.c b/nss/lib/softoken/pkcs11c.c | 1660 diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c |
1661 index fc050f3..955d4c9 100644 | 1661 index 8755f24..992fba4 100644 |
1662 --- a/nss/lib/softoken/pkcs11c.c | 1662 --- a/lib/softoken/pkcs11c.c |
1663 +++ b/nss/lib/softoken/pkcs11c.c | 1663 +++ b/lib/softoken/pkcs11c.c |
1664 @@ -663,6 +663,97 @@ sftk_RSADecryptOAEP(SFTKOAEPDecryptInfo *info, unsigned cha
r *output, | 1664 @@ -664,6 +664,97 @@ sftk_RSADecryptOAEP(SFTKOAEPDecryptInfo *info, unsigned cha
r *output, |
1665 return rv; | 1665 return rv; |
1666 } | 1666 } |
1667 | 1667 |
1668 +static SFTKChaCha20Poly1305Info * | 1668 +static SFTKChaCha20Poly1305Info * |
1669 +sftk_ChaCha20Poly1305_CreateContext(const unsigned char *key, | 1669 +sftk_ChaCha20Poly1305_CreateContext(const unsigned char *key, |
1670 + unsigned int keyLen, | 1670 + unsigned int keyLen, |
1671 + const CK_NSS_AEAD_PARAMS* params) | 1671 + const CK_NSS_AEAD_PARAMS* params) |
1672 +{ | 1672 +{ |
1673 + SFTKChaCha20Poly1305Info *ctx; | 1673 + SFTKChaCha20Poly1305Info *ctx; |
1674 + | 1674 + |
(...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1752 + } | 1752 + } |
1753 + | 1753 + |
1754 + return ChaCha20Poly1305_Open(&ctx->freeblCtx, output, outputLen, | 1754 + return ChaCha20Poly1305_Open(&ctx->freeblCtx, output, outputLen, |
1755 + maxOutputLen, input, inputLen, ctx->nonce, | 1755 + maxOutputLen, input, inputLen, ctx->nonce, |
1756 + sizeof(ctx->nonce), ad, ctx->adLen); | 1756 + sizeof(ctx->nonce), ad, ctx->adLen); |
1757 +} | 1757 +} |
1758 + | 1758 + |
1759 /** NSC_CryptInit initializes an encryption/Decryption operation. | 1759 /** NSC_CryptInit initializes an encryption/Decryption operation. |
1760 * | 1760 * |
1761 * Always called by NSC_EncryptInit, NSC_DecryptInit, NSC_WrapKey,NSC_UnwrapKey
. | 1761 * Always called by NSC_EncryptInit, NSC_DecryptInit, NSC_WrapKey,NSC_UnwrapKey
. |
1762 @@ -1056,6 +1147,35 @@ finish_des: | 1762 @@ -1057,6 +1148,35 @@ finish_des: |
1763 context->destroy = (SFTKDestroy) AES_DestroyContext; | 1763 context->destroy = (SFTKDestroy) AES_DestroyContext; |
1764 break; | 1764 break; |
1765 | 1765 |
1766 + case CKM_NSS_CHACHA20_POLY1305: | 1766 + case CKM_NSS_CHACHA20_POLY1305: |
1767 + if (pMechanism->ulParameterLen != sizeof(CK_NSS_AEAD_PARAMS)) { | 1767 + if (pMechanism->ulParameterLen != sizeof(CK_NSS_AEAD_PARAMS)) { |
1768 + crv = CKR_MECHANISM_PARAM_INVALID; | 1768 + crv = CKR_MECHANISM_PARAM_INVALID; |
1769 + break; | 1769 + break; |
1770 + } | 1770 + } |
1771 + context->multi = PR_FALSE; | 1771 + context->multi = PR_FALSE; |
1772 + if (key_type != CKK_NSS_CHACHA20) { | 1772 + if (key_type != CKK_NSS_CHACHA20) { |
(...skipping 15 matching lines...) Expand all Loading... |
1788 + } | 1788 + } |
1789 + context->update = (SFTKCipher) (isEncrypt ? | 1789 + context->update = (SFTKCipher) (isEncrypt ? |
1790 + sftk_ChaCha20Poly1305_Encrypt : | 1790 + sftk_ChaCha20Poly1305_Encrypt : |
1791 + sftk_ChaCha20Poly1305_Decrypt); | 1791 + sftk_ChaCha20Poly1305_Decrypt); |
1792 + context->destroy = (SFTKDestroy) sftk_ChaCha20Poly1305_DestroyContext; | 1792 + context->destroy = (SFTKDestroy) sftk_ChaCha20Poly1305_DestroyContext; |
1793 + break; | 1793 + break; |
1794 + | 1794 + |
1795 case CKM_NETSCAPE_AES_KEY_WRAP_PAD: | 1795 case CKM_NETSCAPE_AES_KEY_WRAP_PAD: |
1796 context->doPad = PR_TRUE; | 1796 context->doPad = PR_TRUE; |
1797 /* fall thru */ | 1797 /* fall thru */ |
1798 @@ -3609,6 +3729,10 @@ nsc_SetupBulkKeyGen(CK_MECHANISM_TYPE mechanism, CK_KEY_T
YPE *key_type, | 1798 @@ -3654,6 +3774,10 @@ nsc_SetupBulkKeyGen(CK_MECHANISM_TYPE mechanism, CK_KEY_T
YPE *key_type, |
1799 *key_type = CKK_AES; | 1799 *key_type = CKK_AES; |
1800 if (*key_length == 0) crv = CKR_TEMPLATE_INCOMPLETE; | 1800 if (*key_length == 0) crv = CKR_TEMPLATE_INCOMPLETE; |
1801 break; | 1801 break; |
1802 + case CKM_NSS_CHACHA20_KEY_GEN: | 1802 + case CKM_NSS_CHACHA20_KEY_GEN: |
1803 + *key_type = CKK_NSS_CHACHA20; | 1803 + *key_type = CKK_NSS_CHACHA20; |
1804 + if (*key_length == 0) crv = CKR_TEMPLATE_INCOMPLETE; | 1804 + if (*key_length == 0) crv = CKR_TEMPLATE_INCOMPLETE; |
1805 + break; | 1805 + break; |
1806 default: | 1806 default: |
1807 PORT_Assert(0); | 1807 PORT_Assert(0); |
1808 crv = CKR_MECHANISM_INVALID; | 1808 crv = CKR_MECHANISM_INVALID; |
1809 @@ -3854,6 +3978,7 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession, | 1809 @@ -3900,6 +4024,7 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession, |
1810 case CKM_SEED_KEY_GEN: | 1810 case CKM_SEED_KEY_GEN: |
1811 case CKM_CAMELLIA_KEY_GEN: | 1811 case CKM_CAMELLIA_KEY_GEN: |
1812 case CKM_AES_KEY_GEN: | 1812 case CKM_AES_KEY_GEN: |
1813 + case CKM_NSS_CHACHA20_KEY_GEN: | 1813 + case CKM_NSS_CHACHA20_KEY_GEN: |
1814 #if NSS_SOFTOKEN_DOES_RC5 | 1814 #if NSS_SOFTOKEN_DOES_RC5 |
1815 case CKM_RC5_KEY_GEN: | 1815 case CKM_RC5_KEY_GEN: |
1816 #endif | 1816 #endif |
1817 diff --git a/nss/lib/softoken/pkcs11i.h b/nss/lib/softoken/pkcs11i.h | 1817 diff --git a/lib/softoken/pkcs11i.h b/lib/softoken/pkcs11i.h |
1818 index 9a00273..175bb78 100644 | 1818 index 1023a00..4e8601b 100644 |
1819 --- a/nss/lib/softoken/pkcs11i.h | 1819 --- a/lib/softoken/pkcs11i.h |
1820 +++ b/nss/lib/softoken/pkcs11i.h | 1820 +++ b/lib/softoken/pkcs11i.h |
1821 @@ -14,6 +14,7 @@ | 1821 @@ -14,6 +14,7 @@ |
1822 #include "pkcs11t.h" | 1822 #include "pkcs11t.h" |
1823 | 1823 |
1824 #include "sftkdbt.h" | 1824 #include "sftkdbt.h" |
1825 +#include "chacha20poly1305.h" | 1825 +#include "chacha20poly1305.h" |
1826 #include "hasht.h" | 1826 #include "hasht.h" |
1827 | 1827 |
1828 /* | 1828 /* |
1829 @@ -104,6 +105,7 @@ typedef struct SFTKHashSignInfoStr SFTKHashSignInfo; | 1829 @@ -104,6 +105,7 @@ typedef struct SFTKHashSignInfoStr SFTKHashSignInfo; |
1830 typedef struct SFTKOAEPEncryptInfoStr SFTKOAEPEncryptInfo; | 1830 typedef struct SFTKOAEPEncryptInfoStr SFTKOAEPEncryptInfo; |
(...skipping 13 matching lines...) Expand all Loading... |
1844 + ChaCha20Poly1305Context freeblCtx; | 1844 + ChaCha20Poly1305Context freeblCtx; |
1845 + unsigned char nonce[8]; | 1845 + unsigned char nonce[8]; |
1846 + unsigned char ad[16]; | 1846 + unsigned char ad[16]; |
1847 + unsigned char *adOverflow; | 1847 + unsigned char *adOverflow; |
1848 + unsigned int adLen; | 1848 + unsigned int adLen; |
1849 +}; | 1849 +}; |
1850 + | 1850 + |
1851 /* | 1851 /* |
1852 * Template based on SECItems, suitable for passing as arrays | 1852 * Template based on SECItems, suitable for passing as arrays |
1853 */ | 1853 */ |
1854 diff --git a/nss/lib/util/pkcs11n.h b/nss/lib/util/pkcs11n.h | 1854 diff --git a/lib/util/pkcs11n.h b/lib/util/pkcs11n.h |
1855 index a1a0ebb..d48cef6 100644 | 1855 index 5e13784..86a396f 100644 |
1856 --- a/nss/lib/util/pkcs11n.h | 1856 --- a/lib/util/pkcs11n.h |
1857 +++ b/nss/lib/util/pkcs11n.h | 1857 +++ b/lib/util/pkcs11n.h |
1858 @@ -51,6 +51,8 @@ | 1858 @@ -51,6 +51,8 @@ |
1859 #define CKK_NSS_JPAKE_ROUND1 (CKK_NSS + 2) | 1859 #define CKK_NSS_JPAKE_ROUND1 (CKK_NSS + 2) |
1860 #define CKK_NSS_JPAKE_ROUND2 (CKK_NSS + 3) | 1860 #define CKK_NSS_JPAKE_ROUND2 (CKK_NSS + 3) |
1861 | 1861 |
1862 +#define CKK_NSS_CHACHA20 (CKK_NSS + 4) | 1862 +#define CKK_NSS_CHACHA20 (CKK_NSS + 4) |
1863 + | 1863 + |
1864 /* | 1864 /* |
1865 * NSS-defined certificate types | 1865 * NSS-defined certificate types |
1866 * | 1866 * |
1867 @@ -214,6 +216,9 @@ | 1867 @@ -218,6 +220,9 @@ |
1868 #define CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256 (CKM_NSS + 23) | 1868 #define CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE (CKM_NSS + 25) |
1869 #define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) | 1869 #define CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH (CKM_NSS + 26) |
1870 | 1870 |
1871 +#define CKM_NSS_CHACHA20_KEY_GEN (CKM_NSS + 25) | 1871 +#define CKM_NSS_CHACHA20_KEY_GEN (CKM_NSS + 27) |
1872 +#define CKM_NSS_CHACHA20_POLY1305 (CKM_NSS + 26) | 1872 +#define CKM_NSS_CHACHA20_POLY1305 (CKM_NSS + 28) |
1873 + | 1873 + |
1874 /* | 1874 /* |
1875 * HISTORICAL: | 1875 * HISTORICAL: |
1876 * Do not attempt to use these. They are only used by NETSCAPE's internal | 1876 * Do not attempt to use these. They are only used by NETSCAPE's internal |
1877 @@ -281,6 +286,14 @@ typedef struct CK_NSS_MAC_CONSTANT_TIME_PARAMS { | 1877 @@ -285,6 +290,14 @@ typedef struct CK_NSS_MAC_CONSTANT_TIME_PARAMS { |
1878 CK_ULONG ulHeaderLen; /* in */ | 1878 CK_ULONG ulHeaderLen; /* in */ |
1879 } CK_NSS_MAC_CONSTANT_TIME_PARAMS; | 1879 } CK_NSS_MAC_CONSTANT_TIME_PARAMS; |
1880 | 1880 |
1881 +typedef struct CK_NSS_AEAD_PARAMS { | 1881 +typedef struct CK_NSS_AEAD_PARAMS { |
1882 + CK_BYTE_PTR pIv; /* This is the nonce. */ | 1882 + CK_BYTE_PTR pIv; /* This is the nonce. */ |
1883 + CK_ULONG ulIvLen; | 1883 + CK_ULONG ulIvLen; |
1884 + CK_BYTE_PTR pAAD; | 1884 + CK_BYTE_PTR pAAD; |
1885 + CK_ULONG ulAADLen; | 1885 + CK_ULONG ulAADLen; |
1886 + CK_ULONG ulTagLen; | 1886 + CK_ULONG ulTagLen; |
1887 +} CK_NSS_AEAD_PARAMS; | 1887 +} CK_NSS_AEAD_PARAMS; |
1888 + | 1888 + |
1889 /* | 1889 /* |
1890 * NSS-defined return values | 1890 * NSS-defined return values |
1891 * | 1891 * |
OLD | NEW |