-
Notifications
You must be signed in to change notification settings - Fork 416
Add AES-CCM #883
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Add AES-CCM #883
Changes from all commits
d1138f4
d47a250
32895e9
8bd13c0
e286033
1929e2f
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -38,6 +38,7 @@ Minimum required versions: | |
|
|
||
| - Botan 2.0.0 | ||
| - OpenSSL 1.0.0 | ||
| **OpenSSL 3.6+ required for AES-CCM** [ref issue #22773](https://github.com/openssl/openssl/issues/22773) | ||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. we don't specify here minimum for other features like PQC so this shouldn't be here either.
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. And OpenSSL 3.6 is not required. This feature was developed long before OpenSSL 3.6. |
||
|
|
||
| If you are using Botan, use at least version 2.6.0. This will improve | ||
| the performance when doing public key operations. | ||
|
|
||
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -810,6 +810,7 @@ void SoftHSM::prepareSupportedMechanisms(std::map<std::string, CK_MECHANISM_TYPE | |||||
| t["CKM_AES_CBC_PAD"] = CKM_AES_CBC_PAD; | ||||||
| t["CKM_AES_CTR"] = CKM_AES_CTR; | ||||||
| t["CKM_AES_GCM"] = CKM_AES_GCM; | ||||||
| t["CKM_AES_CCM"] = CKM_AES_CCM; | ||||||
| t["CKM_AES_KEY_WRAP"] = CKM_AES_KEY_WRAP; | ||||||
| #ifdef HAVE_AES_KEY_WRAP_PAD | ||||||
| t["CKM_AES_KEY_WRAP_PAD"] = CKM_AES_KEY_WRAP_PAD; | ||||||
|
|
@@ -1218,6 +1219,7 @@ CK_RV SoftHSM::C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_ | |||||
| case CKM_AES_ECB: | ||||||
| case CKM_AES_CTR: | ||||||
| case CKM_AES_GCM: | ||||||
| case CKM_AES_CCM: | ||||||
| pInfo->ulMinKeySize = 16; | ||||||
| pInfo->ulMaxKeySize = 32; | ||||||
| pInfo->flags |= CKF_ENCRYPT | CKF_DECRYPT; | ||||||
|
|
@@ -2226,6 +2228,7 @@ static bool isSymMechanism(CK_MECHANISM_PTR pMechanism) | |||||
| case CKM_AES_CBC_PAD: | ||||||
| case CKM_AES_CTR: | ||||||
| case CKM_AES_GCM: | ||||||
| case CKM_AES_CCM: | ||||||
| return true; | ||||||
| default: | ||||||
| return false; | ||||||
|
|
@@ -2287,6 +2290,7 @@ CK_RV SoftHSM::SymEncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech | |||||
| size_t counterBits = 0; | ||||||
| ByteString aad; | ||||||
| size_t tagBytes = 0; | ||||||
| size_t msgLenBytes = 0; | ||||||
| switch(pMechanism->mechanism) { | ||||||
| #ifndef WITH_FIPS | ||||||
| case CKM_DES_ECB: | ||||||
|
|
@@ -2445,6 +2449,40 @@ CK_RV SoftHSM::SymEncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech | |||||
| } | ||||||
| tagBytes = tagBytes / 8; | ||||||
| break; | ||||||
| case CKM_AES_CCM: | ||||||
| if (keyType != CKK_AES) | ||||||
| return CKR_KEY_TYPE_INCONSISTENT; | ||||||
| algo = SymAlgo::AES; | ||||||
| mode = SymMode::CCM; | ||||||
| if (pMechanism->pParameter == NULL_PTR || | ||||||
| pMechanism->ulParameterLen != sizeof(CK_CCM_PARAMS)) | ||||||
| { | ||||||
| DEBUG_MSG("CCM mode requires parameters"); | ||||||
| return CKR_ARGUMENTS_BAD; | ||||||
| } | ||||||
| if (CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulNonceLen < 7 || CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulNonceLen > 13) { | ||||||
| DEBUG_MSG("Invalid ulNonceLen value, is %#5d should be 7 ≤ ulNonceLen ≤ 13.", CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulNonceLen); | ||||||
| return CKR_ARGUMENTS_BAD; | ||||||
| } | ||||||
| iv.resize(CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulNonceLen); | ||||||
| memcpy(&iv[0], CK_CCM_PARAMS_PTR(pMechanism->pParameter)->nonce, CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulNonceLen); | ||||||
| aad.resize(CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen); | ||||||
| if (CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen > 0) | ||||||
| memcpy(&aad[0], CK_CCM_PARAMS_PTR(pMechanism->pParameter)->aad, CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen); | ||||||
|
Comment on lines
+2467
to
+2471
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Validate nested CCM pointers before copying. Line 2468 and Line 3258 copy Proposed fix+ if (CK_CCM_PARAMS_PTR(pMechanism->pParameter)->nonce == NULL_PTR ||
+ (CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen > 0 &&
+ CK_CCM_PARAMS_PTR(pMechanism->pParameter)->aad == NULL_PTR))
+ {
+ DEBUG_MSG("Invalid CCM nonce/AAD pointer");
+ return CKR_ARGUMENTS_BAD;
+ }
iv.resize(CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulNonceLen);
memcpy(&iv[0], CK_CCM_PARAMS_PTR(pMechanism->pParameter)->nonce, CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulNonceLen);
aad.resize(CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen);Apply the same check in both Also applies to: 3257-3261 🤖 Prompt for AI Agents |
||||||
| tagBytes = CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulMACLen; | ||||||
| counterBits = CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulDataLen; | ||||||
| msgLenBytes = 15 - CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulNonceLen; | ||||||
| if (msgLenBytes < 8 && counterBits >= (1ULL << (8 * msgLenBytes))) | ||||||
| { | ||||||
| DEBUG_MSG("ulDataLen %lu exceeds CCM limit for msgLenBytes=%zu", counterBits, msgLenBytes); | ||||||
| return CKR_ARGUMENTS_BAD; | ||||||
| } | ||||||
| if (tagBytes != 4 && tagBytes != 6 && tagBytes != 8 && tagBytes != 10 && tagBytes != 12 && tagBytes != 14 && tagBytes != 16) | ||||||
| { | ||||||
| DEBUG_MSG("Invalid ulMACLen value, is %#5d should be 4, 6, 8, 10, 12, 14, or 16", tagBytes); | ||||||
| return CKR_ARGUMENTS_BAD; | ||||||
| } | ||||||
|
bukka marked this conversation as resolved.
|
||||||
| break; | ||||||
| default: | ||||||
| return CKR_MECHANISM_INVALID; | ||||||
| } | ||||||
|
|
@@ -3201,6 +3239,34 @@ CK_RV SoftHSM::SymDecryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech | |||||
| } | ||||||
| tagBytes = tagBytes / 8; | ||||||
| break; | ||||||
| case CKM_AES_CCM: | ||||||
| if (keyType != CKK_AES) | ||||||
| return CKR_KEY_TYPE_INCONSISTENT; | ||||||
| algo = SymAlgo::AES; | ||||||
| mode = SymMode::CCM; | ||||||
| if (pMechanism->pParameter == NULL_PTR || | ||||||
| pMechanism->ulParameterLen != sizeof(CK_CCM_PARAMS)) | ||||||
| { | ||||||
| DEBUG_MSG("CCM mode requires parameters"); | ||||||
| return CKR_ARGUMENTS_BAD; | ||||||
| } | ||||||
| if (CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulNonceLen < 7 && CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulNonceLen > 13) { | ||||||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. looks like there are more issues - you need to fix in a similar way like the encrypt path... |
||||||
| DEBUG_MSG("Invalid ulNonceLen value, is %#5d should be 7 ≤ ulNonceLen ≤ 13.", CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulNonceLen); | ||||||
| return CKR_ARGUMENTS_BAD; | ||||||
| } | ||||||
| iv.resize(CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulNonceLen); | ||||||
| memcpy(&iv[0], CK_CCM_PARAMS_PTR(pMechanism->pParameter)->nonce, CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulNonceLen); | ||||||
| aad.resize(CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen); | ||||||
| if (CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen > 0) | ||||||
| memcpy(&aad[0], CK_CCM_PARAMS_PTR(pMechanism->pParameter)->aad, CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen); | ||||||
| tagBytes = CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulMACLen; | ||||||
| counterBits = CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulDataLen; | ||||||
| if (tagBytes != 16 && tagBytes != 14 && tagBytes != 12 && tagBytes != 10 && tagBytes != 8) | ||||||
| { | ||||||
| DEBUG_MSG("Invalid ulDataLen value, is %#5d should be 16, 14, 12, 10 or 8", tagBytes); | ||||||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This looks also wrong. |
||||||
| return CKR_ARGUMENTS_BAD; | ||||||
| } | ||||||
| break; | ||||||
| default: | ||||||
| return CKR_MECHANISM_INVALID; | ||||||
| } | ||||||
|
|
||||||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -250,6 +250,17 @@ std::string BotanAES::getCipher() const | |
| break; | ||
| case SymMode::GCM: | ||
| return algo + "/GCM(" + std::to_string(currentTagBytes) + ")"; | ||
| case SymMode::CCM: | ||
| { | ||
| int preL = std::to_string(currentCounterBits).length(); | ||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. How counter bits are related to L? |
||
| int L; | ||
| if (preL < 2) { | ||
| L = 2; | ||
| } else { | ||
| L = preL; | ||
| } | ||
| return algo + "/CCM(" + std::to_string(currentTagBytes) + "," + std::to_string(L) + ")"; | ||
| } | ||
| default: | ||
| ERROR_MSG("Invalid AES cipher mode %i", currentCipherMode); | ||
|
|
||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be removed