Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pkcs11-tool: add support for AES/GCM encryption and decryption #2927

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

pkcs11-tool: add support for AES/GCM encryption and decryption #2927

wants to merge 6 commits into from

Conversation

jclc
Copy link

@jclc jclc commented Nov 5, 2023
edited

Adds support for --encrypt and --decrypt when using -m AES-GCM.

Note that due to AES-GCM being a cipher method with authenticated data, multipart decryption doesn't return any data until C_DecryptFinal. This implementation decrypts the entire ciphertext in memory and uses a single C_Decrypt call for inputs of all sizes.

Tested (manually) on the latest version of SoftHSMv2

Checklist
  • PKCS#11 module is tested
  • Windows minidriver is tested
  • macOS tokend is tested

Jakuje
Jakuje reviewed Nov 6, 2023
View reviewed changes
src/tools/pkcs11-tool.c
iv = get_iv(opt_iv, &iv_size);
gcm_params.pIv = iv;
gcm_params.ulIvLen = iv_size;
gcm_params.ulIvBits = iv_size * 8; // no one seems to know what this is for
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The section 2.13.5 AES GCM and CCM Mechanism parameters says:

ulIvBits length of initialization vector in bits. Do no use ulIvBits to specify the length of the initialization vector, but ulIvLen instead.

so I would drop this.

https://docs.oasis-open.org/pkcs11/pkcs11-curr/v3.0/os/pkcs11-curr-v3.0-os.html#_Toc30061261

src/tools/pkcs11-tool.c
gcm_params.pAAD = aad;
gcm_params.ulAADLen = aad_size;

gcm_params.ulTagBits = opt_tag_len * 8;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would sanity-check that the value is in the bounds required by the specs. From the above linked section, it should be between 0 and 128

src/tools/pkcs11-tool.c
Comment on lines +2680 to +2685
rv = p11->C_DecryptInit(session, &mech, key);
if (rv != CKR_OK)
p11_fatal("C_DecryptInit", rv);
if ((getCLASS(session, key) == CKO_PRIVATE_KEY) && getALWAYS_AUTHENTICATE(session, key))
login(session, CKU_CONTEXT_SPECIFIC);
out_len = sizeof(out_buffer);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is still a lot of duplicated code. In both of these conditions, this block is the same. Would it be possible to rewrite it to avoid the code duplication by placing this part before the newly introduced condition?

@Jakuje
Copy link
Member

Jakuje commented Nov 6, 2023

Regarding testing, I would consider to run some automated against some software token. I think NSS softoken supports GCM ciphers and given that it can now take a path to NSS db in the environment variable [1], it should not be very complicated to integrated into the CI (see for example pkcs11-provider [2]).

[1] nss-dev/nss@c0bbdc4
[2] https://github.com/latchset/pkcs11-provider/blob/main/tests/setup-softokn.sh

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Jakuje Jakuje Jakuje left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jclc @Jakuje