Skip to content

Commit aa0fd6d

Browse files
douzzerdouzzer
authored
Merge pull request #37 from anhu/ccm
Add support for AES-CCM.
2 parents 6bee701 + d32bd83 commit aa0fd6d

File tree

8 files changed

+476
-1
lines changed

8 files changed

+476
-1
lines changed

README.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,10 @@ cd wolfPKCS11
3232
make
3333
make check
3434
```
35+
### Optional: AES-CCM Support
3536

37+
To have AES-CCM support in wolfPKCS11, simiply configure wolfSSL with the
38+
addition of `--enable-aesccm`
3639

3740
### TPM support with wolfTPM
3841

configure.ac

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -238,6 +238,18 @@ else
238238
DISABLE_DEFS="$DISABLE_DEFS -DHAVE_AESGCM"
239239
fi
240240

241+
AC_ARG_ENABLE([aesccm],
242+
[AS_HELP_STRING([--enable-aesccm],[Enable AES-CCM (default: disabled)])],
243+
[ ENABLED_AESCCM=$enableval ],
244+
[ ENABLED_AESCCM=no ]
245+
)
246+
if test "$ENABLED_AES" = "yes" && test "$ENABLED_AESCCM" = "yes"
247+
then
248+
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"
249+
else
250+
DISABLE_DEFS="$DISABLE_DEFS -DHAVE_AESCCM"
251+
fi
252+
241253
AC_ARG_ENABLE([hmac],
242254
[AS_HELP_STRING([--enable-hmac],[Enable HMAC (default: enabled)])],
243255
[ ENABLED_HMAC=$enableval ],
@@ -501,6 +513,7 @@ echo " * Single threaded: $ENABLED_SINGLETHREADED"
501513
echo " * AES: $ENABLED_AES"
502514
echo " * AES-CBC: $ENABLED_AESCBC"
503515
echo " * AES-GCM: $ENABLED_AESGCM"
516+
echo " * AES-CCM: $ENABLED_AESCCM"
504517
echo " * MD5: $ENABLED_MD5"
505518
echo " * SHA: $ENABLED_SHA1"
506519
echo " * SHA-224: $ENABLED_SHA224"

src/crypto.c

Lines changed: 89 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1288,6 +1288,30 @@ CK_RV C_EncryptInit(CK_SESSION_HANDLE hSession,
12881288
break;
12891289
}
12901290
#endif
1291+
1292+
#ifdef HAVE_AESCCM
1293+
case CKM_AES_CCM: {
1294+
CK_CCM_PARAMS* params;
1295+
1296+
if (type != CKK_AES)
1297+
return CKR_KEY_TYPE_INCONSISTENT;
1298+
if (pMechanism->pParameter == NULL)
1299+
return CKR_MECHANISM_PARAM_INVALID;
1300+
if (pMechanism->ulParameterLen != sizeof(CK_CCM_PARAMS))
1301+
return CKR_MECHANISM_PARAM_INVALID;
1302+
1303+
params = (CK_CCM_PARAMS*)pMechanism->pParameter;
1304+
ret = WP11_Session_SetCcmParams(session,
1305+
(int)params->ulDataLen,
1306+
params->pIv, (int)params->ulIvLen,
1307+
params->pAAD, (int)params->ulAADLen,
1308+
(int)params->ulMacLen);
1309+
if (ret != 0)
1310+
return CKR_MECHANISM_PARAM_INVALID;
1311+
init = WP11_INIT_AES_CCM_ENC;
1312+
break;
1313+
}
1314+
#endif
12911315
#endif
12921316
default:
12931317
(void)type;
@@ -1471,6 +1495,27 @@ CK_RV C_Encrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
14711495
*pulEncryptedDataLen = encDataLen;
14721496
break;
14731497
#endif
1498+
#ifdef HAVE_AESCCM
1499+
case CKM_AES_CCM:
1500+
if (!WP11_Session_IsOpInitialized(session, WP11_INIT_AES_CCM_ENC))
1501+
return CKR_OPERATION_NOT_INITIALIZED;
1502+
1503+
encDataLen = (word32)ulDataLen +
1504+
WP11_AesCcm_GetMacLen(session);
1505+
if (pEncryptedData == NULL) {
1506+
*pulEncryptedDataLen = encDataLen;
1507+
return CKR_OK;
1508+
}
1509+
if (encDataLen > (word32)*pulEncryptedDataLen)
1510+
return CKR_BUFFER_TOO_SMALL;
1511+
1512+
ret = WP11_AesCcm_Encrypt(pData, (int)ulDataLen, pEncryptedData,
1513+
&encDataLen, obj, session);
1514+
if (ret < 0)
1515+
return CKR_FUNCTION_FAILED;
1516+
*pulEncryptedDataLen = encDataLen;
1517+
break;
1518+
#endif
14741519
#endif
14751520
default:
14761521
(void)ret;
@@ -1858,6 +1903,29 @@ CK_RV C_DecryptInit(CK_SESSION_HANDLE hSession,
18581903
break;
18591904
}
18601905
#endif
1906+
#ifdef HAVE_AESCCM
1907+
case CKM_AES_CCM: {
1908+
CK_CCM_PARAMS* params;
1909+
1910+
if (type != CKK_AES)
1911+
return CKR_KEY_TYPE_INCONSISTENT;
1912+
if (pMechanism->pParameter == NULL)
1913+
return CKR_MECHANISM_PARAM_INVALID;
1914+
if (pMechanism->ulParameterLen != sizeof(CK_CCM_PARAMS))
1915+
return CKR_MECHANISM_PARAM_INVALID;
1916+
1917+
params = (CK_CCM_PARAMS*)pMechanism->pParameter;
1918+
ret = WP11_Session_SetCcmParams(session,
1919+
(int)params->ulDataLen,
1920+
params->pIv, (int)params->ulIvLen,
1921+
params->pAAD, (int)params->ulAADLen,
1922+
(int)params->ulMacLen);
1923+
if (ret != 0)
1924+
return CKR_MECHANISM_PARAM_INVALID;
1925+
init = WP11_INIT_AES_CCM_DEC;
1926+
break;
1927+
}
1928+
#endif
18611929
#endif
18621930
default:
18631931
(void)type;
@@ -2042,6 +2110,27 @@ CK_RV C_Decrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData,
20422110
*pulDataLen = decDataLen;
20432111
break;
20442112
#endif
2113+
#ifdef HAVE_AESCCM
2114+
case CKM_AES_CCM:
2115+
if (!WP11_Session_IsOpInitialized(session, WP11_INIT_AES_CCM_DEC))
2116+
return CKR_OPERATION_NOT_INITIALIZED;
2117+
2118+
decDataLen = (word32)ulEncryptedDataLen -
2119+
WP11_AesCcm_GetMacLen(session);
2120+
if (pData == NULL) {
2121+
*pulDataLen = decDataLen;
2122+
return CKR_OK;
2123+
}
2124+
if (decDataLen > (word32)*pulDataLen)
2125+
return CKR_BUFFER_TOO_SMALL;
2126+
2127+
ret = WP11_AesCcm_Decrypt(pEncryptedData, (int)ulEncryptedDataLen,
2128+
pData, &decDataLen, obj, session);
2129+
if (ret < 0)
2130+
return CKR_FUNCTION_FAILED;
2131+
*pulDataLen = decDataLen;
2132+
break;
2133+
#endif
20452134
#endif
20462135
default:
20472136
(void)decDataLen;

0 commit comments

Comments
 (0)