Add support for CKM_AES_GCM

It takes a CK_GCM_PARAMS structure as mechanism parameter. The definition of struct ck_gcm_params in pkcs11.h was wrong. According to the PKCS#11 standard it does not have field iv_bits. Signed-off-by: Ingo Franzki <[email protected]>
p11-glue · May 2, 2022 · 2f072a6 · 2f072a6
1 parent 1146b47
commit 2f072a6
Show file tree

Hide file tree

Showing 3 changed files with 75 additions and 1 deletion.
diff --git a/common/pkcs11.h b/common/pkcs11.h
@@ -982,7 +982,6 @@ struct ck_aes_ctr_params {
 struct ck_gcm_params {
  unsigned char *iv_ptr;
  unsigned long iv_len;
- unsigned long iv_bits;
  unsigned char *aad_ptr;
  unsigned long aad_len;
  unsigned long tag_bits;

diff --git a/p11-kit/rpc-message.c b/p11-kit/rpc-message.c
@@ -1660,6 +1660,71 @@ p11_rpc_buffer_get_aes_ctr_mechanism_value (p11_buffer *buffer,
  return true;
 }
 
+void
+p11_rpc_buffer_add_aes_gcm_mechanism_value (p11_buffer *buffer,
+ const void *value,
+ CK_ULONG value_length)
+{
+ CK_GCM_PARAMS params;
+
+ /* Check if value can be converted to CK_GCM_PARAMS. */
+ if (value_length != sizeof (CK_GCM_PARAMS)) {
+ p11_buffer_fail (buffer);
+ return;
+ }
+
+ memcpy (&params, value, value_length);
+
+ /* Check if params.ulTagBits can be converted to uint64_t. */
+ if (params.ulTagBits > UINT64_MAX) {
+ p11_buffer_fail (buffer);
+ return;
+ }
+
+ p11_rpc_buffer_add_byte_array (buffer,
+ (unsigned char *)params.pIv,
+ params.ulIvLen);
+ p11_rpc_buffer_add_byte_array (buffer,
+ (unsigned char *)params.pAAD,
+ params.ulAADLen);
+ p11_rpc_buffer_add_uint64 (buffer, params.ulTagBits);
+}
+
+bool
+p11_rpc_buffer_get_aes_gcm_mechanism_value (p11_buffer *buffer,
+ size_t *offset,
+ void *value,
+ CK_ULONG *value_length)
+{
+ uint64_t val;
+ const unsigned char *data1, *data2;
+ size_t len1, len2;
+
+ if (!p11_rpc_buffer_get_byte_array (buffer, offset, &data1, &len1))
+ return false;
+ if (!p11_rpc_buffer_get_byte_array (buffer, offset, &data2, &len2))
+ return false;
+ if (!p11_rpc_buffer_get_uint64 (buffer, offset, &val))
+ return false;
+
+ if (value) {
+ CK_GCM_PARAMS params;
+
+ params.pIv = (void *) data1;
+ params.ulIvLen = len1;
+ params.pAAD = (void *) data2;
+ params.ulAADLen = len2;
+ params.ulTagBits = val;
+
+ memcpy (value, &params, sizeof (CK_GCM_PARAMS));
+ }
+
+ if (value_length)
+ *value_length = sizeof (CK_GCM_PARAMS);
+
+ return true;
+}
+
 void
 p11_rpc_buffer_add_des_iv_mechanism_value (p11_buffer *buffer,
  const void *value,
@@ -1807,6 +1872,7 @@ static p11_rpc_mechanism_serializer p11_rpc_mechanism_serializers[] = {
  { CKM_AES_CFB128, p11_rpc_buffer_add_aes_iv_mechanism_value, p11_rpc_buffer_get_aes_iv_mechanism_value },
  { CKM_AES_CTS, p11_rpc_buffer_add_aes_iv_mechanism_value, p11_rpc_buffer_get_aes_iv_mechanism_value },
  { CKM_AES_CTR, p11_rpc_buffer_add_aes_ctr_mechanism_value, p11_rpc_buffer_get_aes_ctr_mechanism_value },
+ { CKM_AES_GCM, p11_rpc_buffer_add_aes_gcm_mechanism_value, p11_rpc_buffer_get_aes_gcm_mechanism_value },
  { CKM_DES_CBC, p11_rpc_buffer_add_des_iv_mechanism_value, p11_rpc_buffer_get_des_iv_mechanism_value },
  { CKM_DES_CBC_PAD, p11_rpc_buffer_add_des_iv_mechanism_value, p11_rpc_buffer_get_des_iv_mechanism_value },
  { CKM_DES3_CBC, p11_rpc_buffer_add_des_iv_mechanism_value, p11_rpc_buffer_get_des_iv_mechanism_value },

diff --git a/p11-kit/rpc-message.h b/p11-kit/rpc-message.h
@@ -520,6 +520,15 @@ bool p11_rpc_buffer_get_aes_ctr_mechanism_value (p11_buffer *buffer,
  void *value,
  CK_ULONG *value_length);
 
+void p11_rpc_buffer_add_aes_gcm_mechanism_value (p11_buffer *buffer,
+ const void *value,
+ CK_ULONG value_length);
+
+bool p11_rpc_buffer_get_aes_gcm_mechanism_value (p11_buffer *buffer,
+ size_t *offset,
+ void *value,
+ CK_ULONG *value_length);
+
 void p11_rpc_buffer_add_des_iv_mechanism_value (p11_buffer *buffer,
  const void *value,
  CK_ULONG value_length);