From 76293f4637d27d3d894792ecda995a1feb09c4c9 Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Fri, 15 Nov 2024 11:10:01 -0500 Subject: [PATCH] Add support for AES-CCM. --- README.md | 3 +- configure.ac | 13 +++ src/crypto.c | 89 ++++++++++++++++++ src/internal.c | 214 +++++++++++++++++++++++++++++++++++++++++- src/slot.c | 14 +++ tests/pkcs11test.c | 115 +++++++++++++++++++++++ wolfpkcs11/internal.h | 15 +++ wolfpkcs11/pkcs11.h | 12 +++ 8 files changed, 472 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 78bc9b1..be1ed88 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ Build wolfSSL: git clone https://github.com/wolfSSL/wolfssl.git cd wolfssl ./autogen.sh -./configure --enable-aescfb --enable-cryptocb --enable-rsapss --enable-keygen --enable-pwdbased --enable-scrypt C_EXTRA_FLAGS="-DWOLFSSL_PUBLIC_MP -DWC_RSA_DIRECT" +./configure --enable-aescfb --enable-aesccm --enable-cryptocb --enable-rsapss --enable-keygen --enable-pwdbased --enable-scrypt C_EXTRA_FLAGS="-DWOLFSSL_PUBLIC_MP -DWC_RSA_DIRECT" make make check sudo make install @@ -33,7 +33,6 @@ make make check ``` - ### TPM support with wolfTPM Enables using a TPM for cryptography and keystore. diff --git a/configure.ac b/configure.ac index 9dbe518..61acf77 100644 --- a/configure.ac +++ b/configure.ac @@ -238,6 +238,18 @@ else DISABLE_DEFS="$DISABLE_DEFS -DHAVE_AESGCM" fi +AC_ARG_ENABLE([aesccm], + [AS_HELP_STRING([--enable-aesccm],[Enable AES-CCM (default: enabled)])], + [ ENABLED_AESCCM=$enableval ], + [ ENABLED_AESCCM=yes ] + ) +if test "$ENABLED_AES" = "yes" && test "$ENABLED_AESCCM" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM" +else + DISABLE_DEFS="$DISABLE_DEFS -DHAVE_AESCCM" +fi + AC_ARG_ENABLE([hmac], [AS_HELP_STRING([--enable-hmac],[Enable HMAC (default: enabled)])], [ ENABLED_HMAC=$enableval ], @@ -501,6 +513,7 @@ echo " * Single threaded: $ENABLED_SINGLETHREADED" echo " * AES: $ENABLED_AES" echo " * AES-CBC: $ENABLED_AESCBC" echo " * AES-GCM: $ENABLED_AESGCM" +echo " * AES-CCM: $ENABLED_AESCCM" echo " * MD5: $ENABLED_MD5" echo " * SHA: $ENABLED_SHA1" echo " * SHA-224: $ENABLED_SHA224" diff --git a/src/crypto.c b/src/crypto.c index 9a239c1..563b523 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -1288,6 +1288,30 @@ CK_RV C_EncryptInit(CK_SESSION_HANDLE hSession, break; } #endif + + #ifdef HAVE_AESCCM + case CKM_AES_CCM: { + CK_CCM_PARAMS* params; + + if (type != CKK_AES) + return CKR_KEY_TYPE_INCONSISTENT; + if (pMechanism->pParameter == NULL) + return CKR_MECHANISM_PARAM_INVALID; + if (pMechanism->ulParameterLen != sizeof(CK_CCM_PARAMS)) + return CKR_MECHANISM_PARAM_INVALID; + + params = (CK_CCM_PARAMS*)pMechanism->pParameter; + ret = WP11_Session_SetCcmParams(session, + (int)params->ulDataLen, + params->pIv, (int)params->ulIvLen, + params->pAAD, (int)params->ulAADLen, + (int)params->ulMacLen); + if (ret != 0) + return CKR_MECHANISM_PARAM_INVALID; + init = WP11_INIT_AES_CCM_ENC; + break; + } + #endif #endif default: (void)type; @@ -1471,6 +1495,27 @@ CK_RV C_Encrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, *pulEncryptedDataLen = encDataLen; break; #endif + #ifdef HAVE_AESCCM + case CKM_AES_CCM: + if (!WP11_Session_IsOpInitialized(session, WP11_INIT_AES_CCM_ENC)) + return CKR_OPERATION_NOT_INITIALIZED; + + encDataLen = (word32)ulDataLen + + WP11_AesCcm_GetMacLen(session); + if (pEncryptedData == NULL) { + *pulEncryptedDataLen = encDataLen; + return CKR_OK; + } + if (encDataLen > (word32)*pulEncryptedDataLen) + return CKR_BUFFER_TOO_SMALL; + + ret = WP11_AesCcm_Encrypt(pData, (int)ulDataLen, pEncryptedData, + &encDataLen, obj, session); + if (ret < 0) + return CKR_FUNCTION_FAILED; + *pulEncryptedDataLen = encDataLen; + break; + #endif #endif default: (void)ret; @@ -1858,6 +1903,29 @@ CK_RV C_DecryptInit(CK_SESSION_HANDLE hSession, break; } #endif + #ifdef HAVE_AESCCM + case CKM_AES_CCM: { + CK_CCM_PARAMS* params; + + if (type != CKK_AES) + return CKR_KEY_TYPE_INCONSISTENT; + if (pMechanism->pParameter == NULL) + return CKR_MECHANISM_PARAM_INVALID; + if (pMechanism->ulParameterLen != sizeof(CK_CCM_PARAMS)) + return CKR_MECHANISM_PARAM_INVALID; + + params = (CK_CCM_PARAMS*)pMechanism->pParameter; + ret = WP11_Session_SetCcmParams(session, + (int)params->ulDataLen, + params->pIv, (int)params->ulIvLen, + params->pAAD, (int)params->ulAADLen, + (int)params->ulMacLen); + if (ret != 0) + return CKR_MECHANISM_PARAM_INVALID; + init = WP11_INIT_AES_CCM_DEC; + break; + } + #endif #endif default: (void)type; @@ -2042,6 +2110,27 @@ CK_RV C_Decrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData, *pulDataLen = decDataLen; break; #endif + #ifdef HAVE_AESCCM + case CKM_AES_CCM: + if (!WP11_Session_IsOpInitialized(session, WP11_INIT_AES_CCM_DEC)) + return CKR_OPERATION_NOT_INITIALIZED; + + decDataLen = (word32)ulEncryptedDataLen - + WP11_AesCcm_GetMacLen(session); + if (pData == NULL) { + *pulDataLen = decDataLen; + return CKR_OK; + } + if (decDataLen > (word32)*pulDataLen) + return CKR_BUFFER_TOO_SMALL; + + ret = WP11_AesCcm_Decrypt(pEncryptedData, (int)ulEncryptedDataLen, + pData, &decDataLen, obj, session); + if (ret < 0) + return CKR_FUNCTION_FAILED; + *pulDataLen = decDataLen; + break; + #endif #endif default: (void)decDataLen; diff --git a/src/internal.c b/src/internal.c index 3fb5de4..2f465c8 100644 --- a/src/internal.c +++ b/src/internal.c @@ -256,6 +256,18 @@ typedef struct WP11_GcmParams { int encSz; /* Size of encrypted data in bytes */ } WP11_GcmParams; #endif + +#ifdef HAVE_AESCCM +typedef struct WP11_CcmParams { + int dataSz; /* Data size in bytes */ + unsigned char iv[WP11_MAX_GCM_NONCE_SZ]; + /* IV/nonce data */ + int ivSz; /* IV/nonce size in bytes */ + unsigned char* aad; /* Additional Authentication Data */ + int aadSz; /* AAD size in bytes */ + int macSz; /* Size of MAC data in bytes */ +} WP11_CcmParams; +#endif #endif #ifndef NO_HMAC @@ -292,6 +304,9 @@ struct WP11_Session { #ifdef HAVE_AESGCM WP11_GcmParams gcm; /* AES-GCM parameters */ #endif + #ifdef HAVE_AESCCM + WP11_CcmParams ccm; /* AES-CCM parameters */ + #endif #endif #ifndef NO_HMAC WP11_Hmac hmac; /* HMAC parameters */ @@ -620,6 +635,14 @@ static void wp11_Session_Final(WP11_Session* session) } } #endif +#ifdef HAVE_AESCCM + if (session->mechanism == CKM_AES_CCM) { + if (session->params.ccm.aad != NULL) { + XFREE(session->params.ccm.aad, NULL, DYNAMIC_TYPE_TMP_BUFFER); + session->params.ccm.aad = NULL; + } + } +#endif #endif } @@ -4584,7 +4607,7 @@ int WP11_Session_SetCbcParams(WP11_Session* session, unsigned char* iv, #ifdef HAVE_AESGCM /** - * Set the parameters to use for an AES-CBC operation. + * Set the parameters to use for an AES-GCM operation. * * @param session [in] Session object. * @param iv [in] Initialization vector. @@ -4626,6 +4649,55 @@ int WP11_Session_SetGcmParams(WP11_Session* session, unsigned char* iv, return ret; } #endif /* HAVE_AESGCM */ + +#ifdef HAVE_AESCCM +/** + * Set the parameters to use for an AES-CCM operation. + * + * @param dataSz [in] Length of data in bytes. + * @param session [in] Session object. + * @param iv [in] Nonce. + * @param ivSz [in] Length of nonce in bytes. + * @param aad [in] Additional authentication data. + * @param aadSz [in] Length of additional authentication data. + * @param macSz [in] Length of the MAC in bytes. + * @return BAD_FUNC_ARG if the IV/nonce is too big. + * Other -ve value on failure. + * 0 on success. + */ +int WP11_Session_SetCcmParams(WP11_Session* session, int dataSz, + unsigned char* iv, int ivSz, + unsigned char* aad, int aadSz, + int macSz) +{ + int ret = 0; + WP11_CcmParams* ccm = &session->params.ccm; + + if (ivSz > WP11_MAX_GCM_NONCE_SZ) + ret = BAD_FUNC_ARG; + + if (ret == 0) { + ccm->dataSz = dataSz; + XMEMSET(ccm, 0, sizeof(*ccm)); + XMEMCPY(ccm->iv, iv, ivSz); + ccm->ivSz = ivSz; + if (aad != NULL) { + ccm->aad = (unsigned char*)XMALLOC(aadSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (ccm->aad == NULL) { + ret = MEMORY_E; + } + if (ret == 0) { + XMEMCPY(ccm->aad, aad, aadSz); + ccm->aadSz = aadSz; + } + } + ccm->macSz = macSz; + } + + return ret; +} +#endif /* HAVE_AESGCM */ #endif /* !NO_AES */ /** @@ -8302,6 +8374,146 @@ int WP11_AesGcm_DecryptFinal(unsigned char* dec, word32* decSz, return ret; } #endif /* HAVE_AESGCM */ + +#ifdef HAVE_AESCCM +/** + * Return the number of data bytes from CCM parameters. + * + * @param session [in] Session object. + * @return Data byte length. + */ +int WP11_AesCcm_DataLen(WP11_Session* session) +{ + WP11_CcmParams* ccm = &session->params.ccm; + + return ccm->dataSz; +} + +/** + * Return the MAC size from the CCM parameters. + * + * @param session [in] Session object. + * @return MAC byte length. + */ +int WP11_AesCcm_GetMacLen(WP11_Session* session) +{ + WP11_CcmParams* ccm = &session->params.ccm; + + return ccm->macSz; +} + +/** + * Encrypt plain text with AES-CCM placing authentication tag on end. + * Output buffer must be large enough to hold all data. + * + * @param plain [in] Plain text. + * @param plainSz [in] Length of plain text in bytes. + * @param enc [in] Buffer to hold encrypted data. + * @param encSz [in,out] On in, length of buffer in bytes. + * On out, length of encrypted data including + * authentication tag in bytes. + * @param secret [in] Secret key object. + * @param session [in] Session object holding CCM parameters. + * @return -ve on encryption failure. + * 0 on success. + */ +int WP11_AesCcm_Encrypt(unsigned char* plain, word32 plainSz, + unsigned char* enc, word32* encSz, WP11_Object* secret, + WP11_Session* session) +{ + int ret; + Aes aes; + WP11_Data* key; + WP11_CcmParams* ccm = &session->params.ccm; + word32 authTagSz = ccm->macSz; + unsigned char* authTag = enc + plainSz; + + ret = wc_AesInit(&aes, NULL, INVALID_DEVID); + if (ret == 0) { + if (secret->onToken) + WP11_Lock_LockRO(secret->lock); + key = &secret->data.symmKey; + ret = wc_AesCcmSetKey(&aes, key->data, key->len); + if (secret->onToken) + WP11_Lock_UnlockRO(secret->lock); + + if (ret == 0) + ret = wc_AesCcmEncrypt(&aes, enc, plain, plainSz, + ccm->iv, ccm->ivSz, + authTag, authTagSz, + ccm->aad, ccm->aadSz); + if (ret == 0) + *encSz = plainSz + authTagSz; + + if (ccm->aad != NULL) { + XFREE(ccm->aad, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ccm->aad = NULL; + ccm->aadSz = 0; + } + + wc_AesFree(&aes); + } + + return ret; +} + +/** + * Decrypt data, including authentication tag, with AES-CCM + * Output buffer must be large enough to hold all decrypted data. + * + * @param enc [in] Encrypted data. + * @param encSz [in] Length of encrypted data in bytes. + * @param dec [in] Buffer to hold decrypted data. + * @param decSz [in,out] On in, length of buffer in bytes. + * On out, length of decrypted data in bytes. + * @param session [in] Session object holding Aes object. + * @return AES_CCM_AUTH_E when data does not authenticate. + * Other -ve on encryption failure. + * 0 on success. + */ +int WP11_AesCcm_Decrypt(unsigned char* enc, word32 encSz, unsigned char* dec, + word32* decSz, WP11_Object* secret, + WP11_Session* session) +{ + int ret; + Aes aes; + WP11_Data* key; + WP11_CcmParams* ccm = &session->params.ccm; + word32 authTagSz = ccm->macSz; + unsigned char* authTag = enc + encSz - authTagSz; + encSz -= authTagSz; + + ret = wc_AesInit(&aes, NULL, INVALID_DEVID); + if (ret == 0) { + if (secret->onToken) + WP11_Lock_LockRO(secret->lock); + key = &secret->data.symmKey; + ret = wc_AesCcmSetKey(&aes, key->data, key->len); + if (secret->onToken) + WP11_Lock_UnlockRO(secret->lock); + + if (ret == 0) + ret = wc_AesCcmDecrypt(&aes, dec, enc, encSz, + ccm->iv, ccm->ivSz, + authTag, authTagSz, + ccm->aad, ccm->aadSz); + + if (ret == 0) { + *decSz = encSz; + } + + if (ccm->aad != NULL) { + XFREE(ccm->aad, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ccm->aad = NULL; + ccm->aadSz = 0; + } + + wc_AesFree(&aes); + } + + return ret; +} +#endif /* HAVE_AESCCM */ #endif /* !NO_AES */ #ifndef NO_HMAC diff --git a/src/slot.c b/src/slot.c index b189229..16cee00 100644 --- a/src/slot.c +++ b/src/slot.c @@ -246,6 +246,9 @@ static CK_MECHANISM_TYPE mechanismList[] = { #ifdef HAVE_AESGCM CKM_AES_GCM, #endif +#ifdef HAVE_AESCCM + CKM_AES_CCM, +#endif #endif #ifndef NO_HMAC #ifndef NO_MD5 @@ -381,6 +384,12 @@ static CK_MECHANISM_INFO aesGcmMechInfo = { 16, 32, CKF_ENCRYPT | CKF_DECRYPT }; #endif +#ifdef HAVE_AESCCM +/* Info on AES-CCM mechanism. */ +static CK_MECHANISM_INFO aesCcmMechInfo = { + 16, 32, CKF_ENCRYPT | CKF_DECRYPT +}; +#endif #endif #ifndef NO_HMAC #ifndef NO_MD5 @@ -498,6 +507,11 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, XMEMCPY(pInfo, &aesGcmMechInfo, sizeof(CK_MECHANISM_INFO)); break; #endif +#ifdef HAVE_AESCCM + case CKM_AES_CCM: + XMEMCPY(pInfo, &aesCcmMechInfo, sizeof(CK_MECHANISM_INFO)); + break; +#endif #endif #ifndef NO_HMAC #ifndef NO_MD5 diff --git a/tests/pkcs11test.c b/tests/pkcs11test.c index 48c23e7..6c2ae5e 100644 --- a/tests/pkcs11test.c +++ b/tests/pkcs11test.c @@ -7024,6 +7024,118 @@ static CK_RV test_aes_gcm_gen_key_id(void* args) return ret; } #endif + +#ifdef HAVE_AESCCM +static CK_RV test_aes_ccm_encdec(CK_SESSION_HANDLE session, unsigned char* aad, + int aadLen, int macLen, unsigned char* exp, + unsigned char* expMac, CK_OBJECT_HANDLE key) +{ + CK_RV ret; + byte plain[32]; + byte enc[48]; /* 32 bytes of plaintext + 16 bytes of mac */ + byte dec[32]; + byte iv[12]; + CK_ULONG plainSz, encSz, decSz; + CK_MECHANISM mech; + CK_CCM_PARAMS ccmParams; + + memset(plain, 9, sizeof(plain)); + memset(iv, 9, sizeof(iv)); + plainSz = sizeof(plain); + encSz = sizeof(enc); + decSz = sizeof(dec); + + ccmParams.pIv = iv; + ccmParams.ulIvLen = sizeof(iv); + ccmParams.pAAD = aad; + ccmParams.ulAADLen = aadLen; + ccmParams.ulMacLen = macLen; + + mech.mechanism = CKM_AES_CCM; + mech.ulParameterLen = sizeof(ccmParams); + mech.pParameter = &ccmParams; + + ret = funcList->C_EncryptInit(session, &mech, key); + CHECK_CKR(ret, "AES-CCM Encrypt Init"); + if (ret == CKR_OK) { + encSz = 0; + ret = funcList->C_Encrypt(session, plain, plainSz, NULL, &encSz); + CHECK_CKR(ret, "AES-CCM Encrypt"); + } + if (ret == CKR_OK && encSz != plainSz + macLen) { + ret = -1; + CHECK_CKR(ret, "AES-CCM Encrypt encrypted length"); + } + if (ret == CKR_OK) { + encSz = 0; + ret = funcList->C_Encrypt(session, plain, plainSz, enc, &encSz); + CHECK_CKR_FAIL(ret, CKR_BUFFER_TOO_SMALL, "AES-CCM Encrypt"); + encSz = sizeof(enc); + } + if (ret == CKR_OK) { + ret = funcList->C_Encrypt(session, plain, plainSz, enc, &encSz); + CHECK_CKR(ret, "AES-CCM Encrypt"); + } + if (ret == CKR_OK && encSz != plainSz + macLen) { + ret = -1; + CHECK_CKR(ret, "AES-CCM Encrypt Result not correct length"); + } + if (ret == CKR_OK && exp != NULL && XMEMCMP(enc, exp, plainSz) != 0) { + ret = -1; + CHECK_CKR(ret, "AES-CCM Encrypt Result not matching expected"); + } + if (ret == CKR_OK && expMac != NULL && + XMEMCMP(enc + plainSz, expMac, macLen) != 0) { + ret = -1; + CHECK_CKR(ret, "AES-CCM Encrypt Result not matching expected tag"); + } + if (ret == CKR_OK) { + ret = funcList->C_DecryptInit(session, &mech, key); + CHECK_CKR(ret, "AES-CCM Decrypt Init"); + } + if (ret == CKR_OK) { + decSz = 0; + ret = funcList->C_Decrypt(session, enc, encSz, NULL, &decSz); + CHECK_CKR(ret, "AES-CCM Decrypt"); + } + if (ret == CKR_OK && decSz != plainSz) { + ret = -1; + CHECK_CKR(ret, "AES-CCM Decrypt decrypted length"); + } + if (ret == CKR_OK) { + decSz = 0; + ret = funcList->C_Decrypt(session, enc, encSz, dec, &decSz); + CHECK_CKR_FAIL(ret, CKR_BUFFER_TOO_SMALL, "AES-CCM Decrypt"); + decSz = sizeof(dec); + } + if (ret == CKR_OK) { + ret = funcList->C_Decrypt(session, enc, encSz, dec, &decSz); + CHECK_CKR(ret, "AES-CCM Decrypt"); + } + if (ret == CKR_OK) { + if (decSz != plainSz || XMEMCMP(plain, dec, decSz) != 0) { + ret = -1; + CHECK_CKR(ret, "AES-CCM Decrypted data match plain text"); + } + } + + return ret; +} + +static CK_RV test_aes_ccm_gen_key(void* args) +{ + CK_SESSION_HANDLE session = *(CK_SESSION_HANDLE*)args; + CK_RV ret; + CK_OBJECT_HANDLE key; + + ret = gen_aes_key(session, 16, NULL, 0, 0, &key); + if (ret == CKR_OK) + ret = test_aes_ccm_encdec(session, NULL, 0, 16, NULL, NULL, key); + + return ret; +} + +#endif /* HAVE_AESCCM */ #endif #ifndef NO_HMAC @@ -8022,7 +8134,10 @@ static TEST_FUNC testFunc[] = { PKCS11TEST_FUNC_SESS_DECL(test_aes_gcm_gen_key), PKCS11TEST_FUNC_SESS_DECL(test_aes_gcm_gen_key_id), #endif +#ifdef HAVE_AESCCM + PKCS11TEST_FUNC_SESS_DECL(test_aes_ccm_gen_key), #endif +#endif /* !NO_AES */ #ifndef NO_HMAC #ifndef NO_MD5 PKCS11TEST_FUNC_SESS_DECL(test_hmac_md5), diff --git a/wolfpkcs11/internal.h b/wolfpkcs11/internal.h index f098bdb..ca2bfc9 100644 --- a/wolfpkcs11/internal.h +++ b/wolfpkcs11/internal.h @@ -116,6 +116,8 @@ extern "C" { #define WP11_INIT_AES_GCM_DEC 0x0004 #define WP11_INIT_AES_CBC_PAD_ENC 0x0005 #define WP11_INIT_AES_CBC_PAD_DEC 0x0006 +#define WP11_INIT_AES_CCM_ENC 0x0007 +#define WP11_INIT_AES_CCM_DEC 0x0008 #define WP11_INIT_HMAC_SIGN 0x0010 #define WP11_INIT_HMAC_VERIFY 0x0011 #define WP11_INIT_RSA_X_509_ENC 0x0020 @@ -235,6 +237,10 @@ int WP11_Session_SetCbcParams(WP11_Session* session, unsigned char* iv, int enc, int WP11_Session_SetGcmParams(WP11_Session* session, unsigned char* iv, int ivSz, unsigned char* aad, int aadLen, int tagBits); +int WP11_Session_SetCcmParams(WP11_Session* session, int dataSz, + unsigned char* iv, int ivSz, + unsigned char* aad, int aadSz, + int macSz); int WP11_Session_AddObject(WP11_Session* session, int onToken, WP11_Object* object); void WP11_Session_RemoveObject(WP11_Session* session, WP11_Object* object); @@ -389,6 +395,15 @@ int WP11_AesGcm_DecryptUpdate(unsigned char* enc, word32 encSz, int WP11_AesGcm_DecryptFinal(unsigned char* dec, word32* decSz, WP11_Object* secret, WP11_Session* session); +int WP11_AesCcm_DataLen(WP11_Session* session); +int WP11_AesCcm_GetMacLen(WP11_Session* session); +int WP11_AesCcm_Encrypt(unsigned char* plain, word32 plainSz, + unsigned char* enc, word32* encSz, WP11_Object* secret, + WP11_Session* session); +int WP11_AesCcm_Decrypt(unsigned char* enc, word32 encSz, unsigned char* dec, + word32* decSz, WP11_Object* secret, + WP11_Session* session); + int WP11_Hmac_SigLen(WP11_Session* session); int WP11_Hmac_Init(CK_MECHANISM_TYPE mechanism, WP11_Object* secret, WP11_Session* session); diff --git a/wolfpkcs11/pkcs11.h b/wolfpkcs11/pkcs11.h index a259c1b..b046f78 100644 --- a/wolfpkcs11/pkcs11.h +++ b/wolfpkcs11/pkcs11.h @@ -235,6 +235,7 @@ extern "C" { #define CKM_AES_CBC 0x00001082UL #define CKM_AES_CBC_PAD 0x00001085UL #define CKM_AES_GCM 0x00001087UL +#define CKM_AES_CCM 0x00001088UL #define CKR_OK 0x00000000UL #define CKR_CANCEL 0x00000001UL @@ -542,6 +543,17 @@ typedef struct CK_GCM_PARAMS { typedef CK_GCM_PARAMS* CK_GCM_PARAMS_PTR; +typedef struct CK_CCM_PARAMS { + CK_ULONG ulDataLen; + CK_BYTE_PTR pIv; + CK_ULONG ulIvLen; + CK_BYTE_PTR pAAD; + CK_ULONG ulAADLen; + CK_ULONG ulMacLen; +} CK_CCM_PARAMS; +typedef CK_CCM_PARAMS* CK_CCM_PARAMS_PTR; + + /* Function list types. */ typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST; typedef CK_FUNCTION_LIST* CK_FUNCTION_LIST_PTR;