Closed Bug 198090 Opened 22 years ago Closed 5 months ago

PK11SDR_Encrypt and PK11SDR_Decrypt hardcode 3DES - add support for AES

Categories

(NSS :: Libraries, enhancement, P3)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(firefox141 fixed)

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox141 --- fixed

People

(Reporter: nelson, Assigned: maltejur)

References

Details

Attachments

(2 files, 2 obsolete files)

Bug 198090 - Part 1: Use AES in the SDR (NSS) r?simonf,#nss-reviewers
48 bytes, text/x-phabricator-request
Details | Review
Bug 198090 - Part 2: Use AES in the SDR (m-c) r?simonf
48 bytes, text/x-phabricator-request
Details | Review
The encrypted "blob" of data produced by PK11SDR_Encrypt and input to PK11SDR_Decrypt includes an Algorithm ID and a key ID. Therefore, it should be possible to decrypt blobs that were encrypted with algorithms other than 3DES, such as AES. However, PK11SDR_Decrypt ignores the algorithm ID and always uses 3DES. The Algorithm ID is used only as a source of the IV for the block cipher. PK11SDR_Encrypt takes a Key ID as input, but not an algorithm identifier of any kind. It always uses 3DES. I propose that the algorithm limitation be removed. I propose that PK11SDR_Decrypt should actually determine the algorithm from the Algorithm ID in the blob. This is backwards compatible and requires no API change. I also propose that a new encrypt function be created, similar to PK11SDR_Encrypt but which takes a different or additional parameter that enables keys for other algorithms to be found and/or used. PK11SDR_Encrypt could then be reimplemented as a call to this new function that uses only 3DES.
Marking P3. No one is asking for this, AFAIK.
Priority: -- → P3
QA Contact: bishakhabanerjee → jason.m.reid
Assignee: wtchang → nobody
QA Contact: jason.m.reid → libraries
Severity: normal → S3

Benjamin, is it time to get this done? Nelson's suggestion seems reasonable, and 3DES probably should no longer be used for new encrypted data in 2023?

Flags: needinfo?(bbeurdouche)
Summary: PK11SDR_Encrypt and PK11SDR_Decrypt hardcode 3DES → PK11SDR_Encrypt and PK11SDR_Decrypt hardcode 3DES - add support for AES

I think it would be great to replace with AES.

Blocks: 1846723

I've made some comments on the bug. I think the patch is a good first step toward a solution.

Flags: needinfo?(bbeurdouche)

This adds AES to the SDR to replace 3DES. There also was previous but abandoned
work on this in D185145.

This includes a breaking change to PK11SDR_Encrypt, adding a new second
parameter CK_MECHANISM_TYPE type.

Assignee: nobody → maltejur
Status: NEW → ASSIGNED
Attachment #9346903 - Attachment is obsolete: true

The following patch is waiting for review from an inactive reviewer:

ID Title Author Reviewer Status
D251031 Bug 198090 - Part 2: Use AES in the SDR (m-c) r?simonf maltejur keeler: Back Jun 16, 2025

:maltejur, could you please find another reviewer?

For more information, please visit BugBot documentation.

Flags: needinfo?(maltejur)
Flags: needinfo?(maltejur)
Attachment #9490459 - Attachment description: Bug 198090 - Part 1: Use AES in the SDR (NSS) r?simonf,#nss-reviewers → WIP: Bug 198090 - Part 1: Use AES in the SDR (NSS) r?simonf,#nss-reviewers
Attachment #9490459 - Attachment description: WIP: Bug 198090 - Part 1: Use AES in the SDR (NSS) r?simonf,#nss-reviewers → Bug 198090 - Part 1: Use AES in the SDR (NSS) r?simonf,#nss-reviewers

https://hg.mozilla.org/mozilla-central/rev/ca2f55c89a21

Status: ASSIGNED → RESOLVED
Closed: 5 months ago
status-firefox141: --- → fixed
Resolution: --- → FIXED
Blocks: 1974184
Regressions: 1974505
Duplicate of this bug: 1846723

Comment on attachment 9490461 [details]
WIP: Bug 198090 - Part 3: Add migration to reencrypt all logins with AES r?simonf

Revision D251032 was moved to bug 1974184. Setting attachment 9490461 [details] to obsolete.

Attachment #9490461 - Attachment is obsolete: true
Regressions: 1978715
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: