Add support for AES_GCM

[andreastedile]

In the documentation, I see that mechanism AES_GCM is not supported.

OpenCryptoki added support for CKM_AES_GCM a few days ago.

If I try to use that feature, python-pkcs11 raises pkcs11.exceptions.MechanismParamInvalid:

import argparse

import pkcs11
from pkcs11 import KeyType, Attribute, Mechanism, Token, WrapMixin

if __name__ == "__main__":
    parser = argparse.ArgumentParser(description="PKCS#11 automaton learning")

    parser.add_argument("so", help="Shared object")
    parser.add_argument("token_label", help="Token label")
    parser.add_argument("user_pin", help="User PIN")

    args = parser.parse_args()

    so = args.so
    token_label = args.token_label
    user_pin = args.user_pin

    lib = pkcs11.lib(so)
    token: Token = lib.get_token(token_label=token_label)

    with token.open(user_pin=user_pin) as session:
        # opencryptoki: CKM_RSA_PKCS_KEY_PAIR_GEN 512-4096 bits	
        pub, priv = session.generate_keypair(KeyType.RSA,
                                             key_length=512 * 8,
                                             private_template={Attribute.EXTRACTABLE: True, Attribute.SENSITIVE: False},
                                             mechanism=Mechanism.RSA_PKCS_KEY_PAIR_GEN)

        # opencryptoki: CKM_AES_KEY_GEN	16-32 bytes	
        secret = session.generate_key(KeyType.AES,
                                      key_length=32 * 8,
                                      template={Attribute.SENSITIVE: False},
                                      mechanism=Mechanism.AES_KEY_GEN)

        secret: WrapMixin
        iv = session.generate_random(128)
        wrapped = secret.wrap_key(priv, mechanism=Mechanism.AES_GCM, mechanism_param=iv)

What are the steps required to support this mechanism?

[MatthiasValvekens]

FWIW, I'm working on hooking up openCryptoki in the new CI setup (see #212).

From a cursory inspection, the most obvious issue with your code seems to be the fact that you're generating a random 128-bit value to pass into the mechanism parameters -- that will indeed fail. AES-GCM takes multiple parameters (a nonce/IV, additional authenticated data and a tag length). PKCS#11 expects those to be passed as a struct that looks like this:

typedef struct CK_GCM_PARAMS {
  CK_BYTE_PTR pIv;
  CK_ULONG ulIvLen;
  CK_BYTE_PTR pAAD;
  CK_ULONG ulAADLen;
  CK_ULONG ulTagBits;
} CK_GCM_PARAMS;

Given that some of the entries in this struct are pointers, you can't produce a valid set of params from within pure Python code, this has to be implemented in the Cython layer of the library.

[andreastedile]

Hello @MatthiasValvekens,
does the library support a case where the HSM generates the IV and writes it into the CK_GCM_PARAMS pIv field?
This is precisely what Amazon AWS CloudHSM does for AES GCM:
https://docs.aws.amazon.com/cloudhsm/latest/userguide/pkcs11-mechanisms.html
If so, could you please briefly sketch how this can be achieved?

[MatthiasValvekens]

Hmm, good point... Getting the generated IV back out is not really possible straightforwardly with the current API design AFAICT.

I suppose we could introduce variants of certain APIs that allow you to re-intercept the parameters after the initialisation phase is done? That would require a bit of work, though. Best to file a separate issue for that.