diff --git a/common/attrs.c b/common/attrs.c index 5b8add04..c10cb3c6 100644 --- a/common/attrs.c +++ b/common/attrs.c @@ -783,6 +783,9 @@ attribute_is_sensitive (const CK_ATTRIBUTE *attr, X (CKA_IBM_DILITHIUM_KEYFORM) X (CKA_IBM_DILITHIUM_RHO) X (CKA_IBM_DILITHIUM_T1) + X (CKA_IBM_KYBER_MODE) + X (CKA_IBM_KYBER_PK) + X (CKA_IBM_KYBER_KEYFORM) case CKA_VALUE: return (klass != CKO_CERTIFICATE && klass != CKO_X_CERTIFICATE_EXTENSION); diff --git a/common/constants.c b/common/constants.c index 98df2580..31e1ce01 100644 --- a/common/constants.c +++ b/common/constants.c @@ -147,6 +147,7 @@ const p11_constant p11_constant_types[] = { CT (CKA_IBM_OPAQUE, "ibm-opaque") CT (CKA_IBM_OPAQUE_REENC, "ibm-opaque-reenc") CT (CKA_IBM_OPAQUE_OLD, "ibm-opaque-old") + CT (CKA_IBM_KYBER_MODE, "ibm-kyber-mode") CT (CKA_IBM_DILITHIUM_MODE, "ibm-dilithium-mode") CT (CKA_IBM_RESTRICTABLE, "ibm-restrictable") CT (CKA_IBM_NEVER_MODIFIABLE, "ibm-never-modifiable") @@ -168,6 +169,9 @@ const p11_constant p11_constant_types[] = { CT (CKA_IBM_DILITHIUM_S2, "ibm-dilithium-s2") CT (CKA_IBM_DILITHIUM_T0, "ibm-dilithium-t0") CT (CKA_IBM_DILITHIUM_T1, "ibm-dilithium-t1") + CT (CKA_IBM_KYBER_KEYFORM, "ibm-kyber-keyform") + CT (CKA_IBM_KYBER_PK, "ibm-kyber-pk") + CT (CKA_IBM_KYBER_SK, "ibm-kyber-sk") CT (CKA_IBM_OPAQUE_PKEY, "ibm-opaque-pkey") CT (CKA_IBM_CCA_AES_KEY_MODE, "ibm-cca-aes-key-mode") CT (CKA_NSS_URL, "nss-url") @@ -636,6 +640,7 @@ const p11_constant p11_constant_mechanisms[] = { CT (CKM_IBM_EC_X448, "ibm-ec-x448") CT (CKM_IBM_ED448_SHA3, "ibm-ed448-sha3") CT (CKM_IBM_DILITHIUM, "ibm-dilithium") + CT (CKM_IBM_KYBER, "ibm-kyber") CT (CKM_IBM_SHA3_224_HMAC, "ibm-sha3-224-hmac") CT (CKM_IBM_SHA3_256_HMAC, "ibm-sha3-256-hmac") CT (CKM_IBM_SHA3_384_HMAC, "ibm-sha3-384-hmac") diff --git a/common/pkcs11x.h b/common/pkcs11x.h index bd18cda4..c0dc4841 100644 --- a/common/pkcs11x.h +++ b/common/pkcs11x.h @@ -213,6 +213,10 @@ typedef CK_ULONG CK_TRUST; #define CKA_IBM_DILITHIUM_MODE (CKA_VENDOR_DEFINED + 0x00010) #define CKA_IBM_CCA_AES_KEY_MODE (CKA_VENDOR_DEFINED + 0xd0101) #define CKA_IBM_OPAQUE_PKEY (CKA_VENDOR_DEFINED + 0xd0100) +#define CKA_IBM_KYBER_MODE (CKA_VENDOR_DEFINED + 0x0000E) +#define CKA_IBM_KYBER_KEYFORM (CKA_VENDOR_DEFINED + 0xd0009) +#define CKA_IBM_KYBER_PK (CKA_VENDOR_DEFINED + 0xd000A) +#define CKA_IBM_KYBER_SK (CKA_VENDOR_DEFINED + 0xd000B) #define CKM_IBM_SHA3_224 (CKM_VENDOR_DEFINED + 0x10001) #define CKM_IBM_SHA3_256 (CKM_VENDOR_DEFINED + 0x10002) @@ -224,6 +228,7 @@ typedef CK_ULONG CK_TRUST; #define CKM_IBM_EC_X448 (CKM_VENDOR_DEFINED + 0x1001e) #define CKM_IBM_ED448_SHA3 (CKM_VENDOR_DEFINED + 0x1001f) #define CKM_IBM_DILITHIUM (CKM_VENDOR_DEFINED + 0x10023) +#define CKM_IBM_KYBER (CKM_VENDOR_DEFINED + 0x10024) #define CKM_IBM_SHA3_224_HMAC (CKM_VENDOR_DEFINED + 0x10025) #define CKM_IBM_SHA3_256_HMAC (CKM_VENDOR_DEFINED + 0x10026) #define CKM_IBM_SHA3_384_HMAC (CKM_VENDOR_DEFINED + 0x10027) @@ -238,11 +243,19 @@ typedef CK_ULONG CK_TRUST; */ #ifdef CRYPTOKI_GNU #define CK_BYTE_PTR unsigned char * +#define CK_BYTE unsigned char #define childKeyIndex child_key_index #define pChainCode p_chain_code #define ulChainCodeLen ul_cahin_code_len +#define ulVersion ul_version +#define bPrepend b_prepend +#define pCipher p_cipher +#define ulCipherLen ul_cipher_len +#define pSharedData p_shared_data +#define hSecret h_secret + #define hSignVerifyKey h_sign_verify_key #endif @@ -280,6 +293,31 @@ typedef struct ck_ibm_btc_derive_params CK_IBM_BTC_DERIVE_PARAMS; #define CK_IBM_BTC_DERIVE_PARAMS_VERSION_1 1 +#define CK_IBM_KYBER_KEYFORM_ROUND2_768 1 +#define CK_IBM_KYBER_KEYFORM_ROUND2_1024 2 + +#define CK_IBM_KYBER_KEM_VERSION 0 + +typedef CK_ULONG CK_IBM_KYBER_KDF_TYPE; +typedef CK_ULONG CK_IBM_KYBER_KEM_MODE; + +#define CK_IBM_KYBER_KEM_ENCAPSULATE 1 +#define CK_IBM_KYBER_KEM_DECAPSULATE 2 + +struct ck_ibm_kyber_params { + CK_ULONG ulVersion; + CK_IBM_KYBER_KEM_MODE mode; + CK_IBM_KYBER_KDF_TYPE kdf; + CK_BBOOL bPrepend; + CK_BYTE *pCipher; + CK_ULONG ulCipherLen; + CK_BYTE *pSharedData; + CK_ULONG ulSharedDataLen; + CK_OBJECT_HANDLE hSecret; +}; + +typedef struct ck_ibm_kyber_params CK_IBM_KYBER_PARAMS; + struct ck_ibm_attributebound_wrap { CK_OBJECT_HANDLE hSignVerifyKey; }; @@ -288,11 +326,19 @@ typedef struct ck_ibm_attributebound_wrap CK_IBM_ATTRIBUTEBOUND_WRAP_PARAMS; #ifdef CRYPTOKI_GNU #undef CK_BYTE_PTR +#undef CK_BYTE #undef childKeyIndex #undef pChainCode #undef ulChainCodeLen +#undef ulVersion +#undef bPrepend +#undef pCipher +#undef ulCipherLen +#undef pSharedData +#undef hSecret + #undef hSignVerifyKey #endif diff --git a/p11-kit/rpc-message.c b/p11-kit/rpc-message.c index f64cfff5..fa7a9d97 100644 --- a/p11-kit/rpc-message.c +++ b/p11-kit/rpc-message.c @@ -853,6 +853,7 @@ map_attribute_to_value_type (CK_ATTRIBUTE_TYPE type) case CKA_IBM_CCA_AES_KEY_MODE: case CKA_IBM_STD_COMPLIANCE1: case CKA_IBM_KEYTYPE: + case CKA_IBM_KYBER_KEYFORM: return P11_RPC_VALUE_ULONG; case CKA_WRAP_TEMPLATE: case CKA_UNWRAP_TEMPLATE: @@ -917,6 +918,9 @@ map_attribute_to_value_type (CK_ATTRIBUTE_TYPE type) case CKA_IBM_DILITHIUM_S2: case CKA_IBM_DILITHIUM_T0: case CKA_IBM_DILITHIUM_T1: + case CKA_IBM_KYBER_MODE: + case CKA_IBM_KYBER_PK: + case CKA_IBM_KYBER_SK: return P11_RPC_VALUE_BYTE_ARRAY; } } @@ -1664,6 +1668,82 @@ p11_rpc_buffer_get_ibm_attrbound_wrap_mechanism_value (p11_buffer *buffer, return true; } +void +p11_rpc_buffer_add_ibm_kyber_mech_param_update (p11_buffer *buffer, + const void *value, + CK_ULONG value_length) +{ + CK_IBM_KYBER_PARAMS params; + + if (value_length != sizeof (CK_IBM_KYBER_PARAMS)) { + p11_buffer_fail (buffer); + return; + } + + memcpy (¶ms, value, value_length); + + if (params.mode == CK_IBM_KYBER_KEM_ENCAPSULATE) { + p11_rpc_buffer_add_byte(buffer, CK_IBM_KYBER_KEM_ENCAPSULATE); + + if (params.pCipher == NULL) { + p11_rpc_buffer_add_byte(buffer, 0); + p11_rpc_buffer_add_uint32(buffer, params.ulCipherLen); + } else { + p11_rpc_buffer_add_byte(buffer, 1); + p11_rpc_buffer_add_byte_array(buffer, (unsigned char *)params.pCipher, params.ulCipherLen); + } + } else { + p11_rpc_buffer_add_byte(buffer, CK_IBM_KYBER_KEM_DECAPSULATE); + } +} + +bool +p11_rpc_buffer_get_ibm_kyber_mech_param_update (p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length) +{ + const unsigned char *data; + size_t len; + unsigned char has_data; + unsigned char capsulation; + uint32_t length; + + if (!p11_rpc_buffer_get_byte(buffer, offset, &capsulation)) + return false; + + if (capsulation == CK_IBM_KYBER_KEM_ENCAPSULATE) { + if (!p11_rpc_buffer_get_byte(buffer, offset, &has_data)) + return false; + + if (has_data == 0) { + if (!p11_rpc_buffer_get_uint32(buffer, offset, &length)) + return false; + len = length; + } else { + if (!p11_rpc_buffer_get_byte_array(buffer, offset, &data, &len)) + return false; + } + + if (value) { + CK_IBM_KYBER_PARAMS *params = (CK_IBM_KYBER_PARAMS *) value; + + if (params->pCipher && params->ulCipherLen == len) { + memcpy(params->pCipher, data, len); + params->ulCipherLen = len; + } else { + params->pCipher = (void *) data; + params->ulCipherLen = len; + } + } + } + + if (value_length) + *value_length = sizeof (CK_IBM_KYBER_PARAMS); + + return true; +} + void p11_rpc_buffer_add_ibm_btc_derive_mech_param_update (p11_buffer *buffer, const void *value, @@ -1846,6 +1926,110 @@ p11_rpc_buffer_get_ibm_btc_derive_mechanism_value (p11_buffer *buffer, return true; } +void +p11_rpc_buffer_add_ibm_kyber_mechanism_value (p11_buffer *buffer, + const void *value, + CK_ULONG value_length) +{ + CK_IBM_KYBER_PARAMS params; + + if (value_length != sizeof (CK_IBM_KYBER_PARAMS)) { + p11_buffer_fail (buffer); + return; + } + + memcpy (¶ms, value, value_length); + + if (params.ulVersion > UINT64_MAX) { + p11_buffer_fail (buffer); + return; + } + p11_rpc_buffer_add_uint64(buffer, params.ulVersion); + + if (params.mode > UINT64_MAX) { + p11_buffer_fail (buffer); + return; + } + p11_rpc_buffer_add_uint64(buffer, params.mode); + + if (params.kdf > UINT64_MAX) { + p11_buffer_fail (buffer); + return; + } + p11_rpc_buffer_add_uint64(buffer, params.kdf); + + if (params.bPrepend > sizeof(CK_BBOOL)) { + p11_buffer_fail(buffer); + return; + } + p11_rpc_buffer_add_byte(buffer, (unsigned char) params.bPrepend); + + p11_rpc_buffer_add_byte_array(buffer, (unsigned char *)params.pCipher, params.ulCipherLen); + + p11_rpc_buffer_add_byte_array(buffer, (unsigned char *)params.pSharedData, params.ulSharedDataLen); + + if (params.hSecret > sizeof(CK_OBJECT_HANDLE)) { + p11_buffer_fail(buffer); + return; + } + p11_rpc_buffer_add_uint64(buffer, params.hSecret); +} + +bool +p11_rpc_buffer_get_ibm_kyber_mechanism_value (p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length) +{ + uint64_t val1; + uint64_t val2; + uint64_t val3; + unsigned char byte; + const unsigned char *data1; + size_t len1; + const unsigned char *data2; + size_t len2; + uint64_t val4; + + if (!p11_rpc_buffer_get_uint64(buffer, offset, &val1) || + !p11_rpc_buffer_get_uint64(buffer, offset, &val2) || + !p11_rpc_buffer_get_uint64(buffer, offset, &val3) || + !p11_rpc_buffer_get_byte(buffer, offset, &byte) || + !p11_rpc_buffer_get_byte_array(buffer, offset, &data1, &len1) || + !p11_rpc_buffer_get_byte_array(buffer, offset, &data2, &len2) || + !p11_rpc_buffer_get_uint64(buffer, offset, &val4)) + return false; + + if (value) { + CK_IBM_KYBER_PARAMS *params = (CK_IBM_KYBER_PARAMS *) value; + + params->ulVersion = val1; + params->mode = val2; + params->kdf = val3; + params->bPrepend = byte; + if (params->pCipher && params->ulCipherLen == len1) { + memcpy(params->pCipher, data1, len1); + params->ulCipherLen = len1; + } else { + params->pCipher = (void *) data1; + params->ulCipherLen = len1; + } + if (params->pSharedData && params->ulSharedDataLen == len2) { + memcpy(params->pSharedData, data2, len2); + params->ulSharedDataLen = len2; + } else { + params->pSharedData = (void *) data2; + params->ulSharedDataLen = len2; + } + params->hSecret = val4; + } + + if (value_length) + *value_length = sizeof (CK_IBM_KYBER_PARAMS); + + return true; +} + void p11_rpc_buffer_add_aes_iv_mechanism_value (p11_buffer *buffer, const void *value, @@ -2144,11 +2328,13 @@ p11_rpc_buffer_get_dh_pkcs_derive_mechanism_value (p11_buffer *buffer, static p11_rpc_mechanism_serializer p11_rpc_mech_param_update_serializers[] = { { CKM_IBM_BTC_DERIVE, p11_rpc_buffer_add_ibm_btc_derive_mech_param_update, p11_rpc_buffer_get_ibm_btc_derive_mech_param_update }, + { CKM_IBM_KYBER, p11_rpc_buffer_add_ibm_kyber_mech_param_update, p11_rpc_buffer_get_ibm_kyber_mech_param_update }, }; static p11_rpc_mechanism_serializer p11_rpc_mechanism_serializers[] = { { CKM_IBM_ECDSA_OTHER, p11_rpc_buffer_add_ibm_ecdsa_other_mechanism_value, p11_rpc_buffer_get_ibm_ecdsa_other_mechanism_value }, { CKM_IBM_BTC_DERIVE, p11_rpc_buffer_add_ibm_btc_derive_mechanism_value, p11_rpc_buffer_get_ibm_btc_derive_mechanism_value }, + { CKM_IBM_KYBER, p11_rpc_buffer_add_ibm_kyber_mechanism_value, p11_rpc_buffer_get_ibm_kyber_mechanism_value }, { CKM_RSA_PKCS_PSS, p11_rpc_buffer_add_rsa_pkcs_pss_mechanism_value, p11_rpc_buffer_get_rsa_pkcs_pss_mechanism_value }, { CKM_SHA1_RSA_PKCS_PSS, p11_rpc_buffer_add_rsa_pkcs_pss_mechanism_value, p11_rpc_buffer_get_rsa_pkcs_pss_mechanism_value }, { CKM_SHA224_RSA_PKCS_PSS, p11_rpc_buffer_add_rsa_pkcs_pss_mechanism_value, p11_rpc_buffer_get_rsa_pkcs_pss_mechanism_value }, diff --git a/p11-kit/rpc-message.h b/p11-kit/rpc-message.h index 107f5ca9..405e477e 100644 --- a/p11-kit/rpc-message.h +++ b/p11-kit/rpc-message.h @@ -517,6 +517,15 @@ bool p11_rpc_buffer_get_mechanism (p11_buffer *buffer, size_t *offset, CK_MECHANISM *mech); +void p11_rpc_buffer_add_ibm_kyber_mech_param_update (p11_buffer *buffer, + const void *value, + CK_ULONG value_length); + +bool p11_rpc_buffer_get_ibm_kyber_mech_param_update (p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length); + void p11_rpc_buffer_add_ibm_btc_derive_mech_param_update (p11_buffer *buffer, const void *value, CK_ULONG value_length); @@ -594,6 +603,17 @@ void p11_rpc_buffer_add_ibm_btc_derive_mechanism_value CK_ULONG value_length); bool p11_rpc_buffer_get_ibm_btc_derive_mechanism_value + (p11_buffer *buffer, + size_t *offset, + void *value, + CK_ULONG *value_length); + +void p11_rpc_buffer_add_ibm_kyber_mechanism_value + (p11_buffer *buffer, + const void *value, + CK_ULONG value_length); + +bool p11_rpc_buffer_get_ibm_kyber_mechanism_value (p11_buffer *buffer, size_t *offset, void *value,