Add support for CKM_IBM_KYBER

This adds support for the CKM_IBM_KYBER IBM specific mechanism. Additionally this exploits the rpc_C_DeriveKey rework.
p11-glue · Jan 29, 2025 · 79c5502 · 79c5502
1 parent e9c74a7
commit 79c5502
Show file tree

Hide file tree

Showing 5 changed files with 256 additions and 0 deletions.
diff --git a/common/attrs.c b/common/attrs.c
@@ -783,6 +783,9 @@ attribute_is_sensitive (const CK_ATTRIBUTE *attr,
 	X (CKA_IBM_DILITHIUM_KEYFORM)
 	X (CKA_IBM_DILITHIUM_RHO)
 	X (CKA_IBM_DILITHIUM_T1)
+	X (CKA_IBM_KYBER_MODE)
+	X (CKA_IBM_KYBER_PK)
+	X (CKA_IBM_KYBER_KEYFORM)
 	case CKA_VALUE:
 		return (klass != CKO_CERTIFICATE &&
 			klass != CKO_X_CERTIFICATE_EXTENSION);

diff --git a/common/constants.c b/common/constants.c
@@ -147,6 +147,7 @@ const p11_constant p11_constant_types[] = {
 	CT (CKA_IBM_OPAQUE, "ibm-opaque")
 	CT (CKA_IBM_OPAQUE_REENC, "ibm-opaque-reenc")
 	CT (CKA_IBM_OPAQUE_OLD, "ibm-opaque-old")
+	CT (CKA_IBM_KYBER_MODE, "ibm-kyber-mode")
 	CT (CKA_IBM_DILITHIUM_MODE, "ibm-dilithium-mode")
 	CT (CKA_IBM_RESTRICTABLE, "ibm-restrictable")
 	CT (CKA_IBM_NEVER_MODIFIABLE, "ibm-never-modifiable")
@@ -168,6 +169,9 @@ const p11_constant p11_constant_types[] = {
 	CT (CKA_IBM_DILITHIUM_S2, "ibm-dilithium-s2")
 	CT (CKA_IBM_DILITHIUM_T0, "ibm-dilithium-t0")
 	CT (CKA_IBM_DILITHIUM_T1, "ibm-dilithium-t1")
+	CT (CKA_IBM_KYBER_KEYFORM, "ibm-kyber-keyform")
+	CT (CKA_IBM_KYBER_PK, "ibm-kyber-pk")
+	CT (CKA_IBM_KYBER_SK, "ibm-kyber-sk")
 	CT (CKA_IBM_OPAQUE_PKEY, "ibm-opaque-pkey")
 	CT (CKA_IBM_CCA_AES_KEY_MODE, "ibm-cca-aes-key-mode")
 	CT (CKA_NSS_URL, "nss-url")
@@ -636,6 +640,7 @@ const p11_constant p11_constant_mechanisms[] = {
 	CT (CKM_IBM_EC_X448, "ibm-ec-x448")
 	CT (CKM_IBM_ED448_SHA3, "ibm-ed448-sha3")
 	CT (CKM_IBM_DILITHIUM, "ibm-dilithium")
+	CT (CKM_IBM_KYBER, "ibm-kyber")
 	CT (CKM_IBM_SHA3_224_HMAC, "ibm-sha3-224-hmac")
 	CT (CKM_IBM_SHA3_256_HMAC, "ibm-sha3-256-hmac")
 	CT (CKM_IBM_SHA3_384_HMAC, "ibm-sha3-384-hmac")

diff --git a/common/pkcs11x.h b/common/pkcs11x.h
@@ -213,6 +213,10 @@ typedef CK_ULONG                        CK_TRUST;
 #define CKA_IBM_DILITHIUM_MODE                 (CKA_VENDOR_DEFINED + 0x00010)
 #define CKA_IBM_CCA_AES_KEY_MODE               (CKA_VENDOR_DEFINED + 0xd0101)
 #define CKA_IBM_OPAQUE_PKEY                    (CKA_VENDOR_DEFINED + 0xd0100)
+#define CKA_IBM_KYBER_MODE                     (CKA_VENDOR_DEFINED + 0x0000E)
+#define CKA_IBM_KYBER_KEYFORM                  (CKA_VENDOR_DEFINED + 0xd0009)
+#define CKA_IBM_KYBER_PK                       (CKA_VENDOR_DEFINED + 0xd000A)
+#define CKA_IBM_KYBER_SK                       (CKA_VENDOR_DEFINED + 0xd000B)
 
 #define CKM_IBM_SHA3_224                       (CKM_VENDOR_DEFINED + 0x10001)
 #define CKM_IBM_SHA3_256                       (CKM_VENDOR_DEFINED + 0x10002)
@@ -224,6 +228,7 @@ typedef CK_ULONG                        CK_TRUST;
 #define CKM_IBM_EC_X448                        (CKM_VENDOR_DEFINED + 0x1001e)
 #define CKM_IBM_ED448_SHA3                     (CKM_VENDOR_DEFINED + 0x1001f)
 #define CKM_IBM_DILITHIUM                      (CKM_VENDOR_DEFINED + 0x10023)
+#define CKM_IBM_KYBER                          (CKM_VENDOR_DEFINED + 0x10024)
 #define CKM_IBM_SHA3_224_HMAC                  (CKM_VENDOR_DEFINED + 0x10025)
 #define CKM_IBM_SHA3_256_HMAC                  (CKM_VENDOR_DEFINED + 0x10026)
 #define CKM_IBM_SHA3_384_HMAC                  (CKM_VENDOR_DEFINED + 0x10027)
@@ -266,6 +271,31 @@ typedef struct ck_ibm_btc_derive_params CK_IBM_BTC_DERIVE_PARAMS;
 
 #define CK_IBM_BTC_DERIVE_PARAMS_VERSION_1 1
 
+#define CK_IBM_KYBER_KEYFORM_ROUND2_768    1
+#define CK_IBM_KYBER_KEYFORM_ROUND2_1024   2
+
+#define CK_IBM_KYBER_KEM_VERSION           0
+
+typedef CK_ULONG CK_IBM_KYBER_KDF_TYPE;
+typedef CK_ULONG CK_IBM_KYBER_KEM_MODE;
+
+#define CK_IBM_KYBER_KEM_ENCAPSULATE       1
+#define CK_IBM_KYBER_KEM_DECAPSULATE       2
+
+struct ck_ibm_kyber_params {
+    CK_ULONG                ulVersion;
+    CK_IBM_KYBER_KEM_MODE   mode;
+    CK_IBM_KYBER_KDF_TYPE   kdf;
+    CK_BBOOL                bPrepend;
+    CK_BYTE                 *pCipher;
+    CK_ULONG                ulCipherLen;
+    CK_BYTE                 *pSharedData;
+    CK_ULONG                ulSharedDataLen;
+    CK_OBJECT_HANDLE        hSecret;
+};
+
+typedef struct ck_ibm_kyber_params CK_IBM_KYBER_PARAMS;
+
 /*
  * If the caller is using the PKCS#11 GNU calling convention, then we cater
  * to that here.

diff --git a/p11-kit/rpc-message.c b/p11-kit/rpc-message.c
@@ -853,6 +853,7 @@ map_attribute_to_value_type (CK_ATTRIBUTE_TYPE type)
 	case CKA_IBM_CCA_AES_KEY_MODE:
 	case CKA_IBM_STD_COMPLIANCE1:
 	case CKA_IBM_KEYTYPE:
+	case CKA_IBM_KYBER_KEYFORM:
 		return P11_RPC_VALUE_ULONG;
 	case CKA_WRAP_TEMPLATE:
 	case CKA_UNWRAP_TEMPLATE:
@@ -917,6 +918,9 @@ map_attribute_to_value_type (CK_ATTRIBUTE_TYPE type)
 	case CKA_IBM_DILITHIUM_S2:
 	case CKA_IBM_DILITHIUM_T0:
 	case CKA_IBM_DILITHIUM_T1:
+	case CKA_IBM_KYBER_MODE:
+	case CKA_IBM_KYBER_PK:
+	case CKA_IBM_KYBER_SK:
 		return P11_RPC_VALUE_BYTE_ARRAY;
 	}
 }
@@ -1664,6 +1668,82 @@ p11_rpc_buffer_get_ibm_attrbound_wrap_mechanism_value (p11_buffer *buffer,
 	return true;
 }
 
+void
+p11_rpc_buffer_add_ibm_kyber_mech_param_update (p11_buffer *buffer,
+					 const void *value,
+					 CK_ULONG value_length)
+{
+	CK_IBM_KYBER_PARAMS params;
+
+	if (value_length != sizeof (CK_IBM_KYBER_PARAMS)) {
+		p11_buffer_fail (buffer);
+		return;
+	}
+
+	memcpy (&params, value, value_length);
+
+	if (params.mode == CK_IBM_KYBER_KEM_ENCAPSULATE) {
+		p11_rpc_buffer_add_byte(buffer, CK_IBM_KYBER_KEM_ENCAPSULATE);
+
+		if (params.pCipher == NULL) {
+			p11_rpc_buffer_add_byte(buffer, 0);
+			p11_rpc_buffer_add_uint32(buffer, params.ulCipherLen);
+		} else {
+			p11_rpc_buffer_add_byte(buffer, 1);
+			p11_rpc_buffer_add_byte_array(buffer, (unsigned char *)params.pCipher, params.ulCipherLen);
+		}
+	} else {
+		p11_rpc_buffer_add_byte(buffer, CK_IBM_KYBER_KEM_DECAPSULATE);
+	}
+}
+
+bool
+p11_rpc_buffer_get_ibm_kyber_mech_param_update (p11_buffer *buffer,
+					 size_t *offset,
+					 void *value,
+					 CK_ULONG *value_length)
+{
+	const unsigned char *data;
+	size_t len;
+	unsigned char has_data;
+	unsigned char capsulation;
+	uint32_t length;
+
+	if (!p11_rpc_buffer_get_byte(buffer, offset, &capsulation))
+		return false;
+
+	if (capsulation == CK_IBM_KYBER_KEM_ENCAPSULATE) {
+		if (!p11_rpc_buffer_get_byte(buffer, offset, &has_data))
+			return false;
+
+		if (has_data == 0) {
+			if (!p11_rpc_buffer_get_uint32(buffer, offset, &length))
+				return false;
+			len = length;
+		} else {
+			if (!p11_rpc_buffer_get_byte_array(buffer, offset, &data, &len))
+				return false;
+		}
+
+		if (value) {
+			CK_IBM_KYBER_PARAMS *params = (CK_IBM_KYBER_PARAMS *) value;
+
+			if (params->pCipher && params->ulCipherLen == len) {
+				memcpy(params->pCipher, data, len);
+				params->ulCipherLen = len;
+			} else {
+				params->pCipher = (void *) data;
+				params->ulCipherLen = len;
+			}
+		}
+	}
+
+	if (value_length)
+		*value_length = sizeof (CK_IBM_KYBER_PARAMS);
+
+	return true;
+}
+
 void
 p11_rpc_buffer_add_ibm_btc_derive_mech_param_update (p11_buffer *buffer,
 					 const void *value,
@@ -1852,6 +1932,122 @@ p11_rpc_buffer_get_ibm_btc_derive_mechanism_value (p11_buffer *buffer,
 	return true;
 }
 
+void
+p11_rpc_buffer_add_ibm_kyber_mechanism_value (p11_buffer *buffer,
+					      const void *value,
+					      CK_ULONG value_length)
+{
+	CK_IBM_KYBER_PARAMS params;
+
+	if (value_length != sizeof (CK_IBM_KYBER_PARAMS)) {
+		p11_buffer_fail (buffer);
+		return;
+	}
+
+	memcpy (&params, value, value_length);
+
+	if (params.ulVersion > UINT64_MAX) {
+		p11_buffer_fail (buffer);
+		return;
+	}
+	p11_rpc_buffer_add_uint64(buffer, params.ulVersion);
+
+	if (params.mode > UINT64_MAX) {
+		p11_buffer_fail (buffer);
+		return;
+	}
+	p11_rpc_buffer_add_uint64(buffer, params.mode);
+
+	if (params.kdf > UINT64_MAX) {
+		p11_buffer_fail (buffer);
+		return;
+	}
+	p11_rpc_buffer_add_uint64(buffer, params.kdf);
+
+	if (params.bPrepend > sizeof(CK_BBOOL)) {
+		p11_buffer_fail(buffer);
+		return;
+	}
+	p11_rpc_buffer_add_byte(buffer, (unsigned char) params.bPrepend);
+
+	p11_rpc_buffer_add_byte_array(buffer, (unsigned char *)params.pCipher, params.ulCipherLen);
+
+	p11_rpc_buffer_add_byte_array(buffer, (unsigned char *)params.pSharedData, params.ulSharedDataLen);
+
+	if (params.hSecret > sizeof(CK_OBJECT_HANDLE)) {
+		p11_buffer_fail(buffer);
+		return;
+	}
+	p11_rpc_buffer_add_uint64(buffer, params.hSecret);
+}
+
+bool
+p11_rpc_buffer_get_ibm_kyber_mechanism_value (p11_buffer *buffer,
+					      size_t *offset,
+					      void *value,
+					      CK_ULONG *value_length)
+{
+	uint64_t val1;
+	uint64_t val2;
+	uint64_t val3;
+	unsigned char byte;
+	const unsigned char *data1;
+	size_t len1;
+	const unsigned char *data2;
+	size_t len2;
+	uint64_t val4;
+
+	if (!p11_rpc_buffer_get_uint64(buffer, offset, &val1))
+		return false;
+
+	if (!p11_rpc_buffer_get_uint64(buffer, offset, &val2))
+		return false;
+
+	if (!p11_rpc_buffer_get_uint64(buffer, offset, &val3))
+		return false;
+
+	if (!p11_rpc_buffer_get_byte(buffer, offset, &byte))
+		return false;
+
+	if (!p11_rpc_buffer_get_byte_array(buffer, offset, &data1, &len1))
+		return false;
+
+	if (!p11_rpc_buffer_get_byte_array(buffer, offset, &data2, &len2))
+		return false;
+
+	if (!p11_rpc_buffer_get_uint64(buffer, offset, &val4))
+		return false;
+
+	if (value) {
+		CK_IBM_KYBER_PARAMS *params = (CK_IBM_KYBER_PARAMS *) value;
+
+		params->ulVersion = val1;
+		params->mode = val2;
+		params->kdf = val3;
+		params->bPrepend = byte;
+		if (params->pCipher && params->ulCipherLen == len1) {
+			memcpy(params->pCipher, data1, len1);
+			params->ulCipherLen = len1;
+		} else {
+			params->pCipher = (void *) data1;
+			params->ulCipherLen = len1;
+		}
+		if (params->pSharedData && params->ulSharedDataLen == len2) {
+			memcpy(params->pSharedData, data2, len2);
+			params->ulSharedDataLen = len2;
+		} else {
+			params->pSharedData = (void *) data2;
+			params->ulSharedDataLen = len2;
+		}
+		params->hSecret = val4;
+	}
+
+	if (value_length)
+		*value_length = sizeof (CK_IBM_KYBER_PARAMS);
+
+	return true;
+}
+
 void
 p11_rpc_buffer_add_aes_iv_mechanism_value (p11_buffer *buffer,
 					   const void *value,
@@ -2150,11 +2346,13 @@ p11_rpc_buffer_get_dh_pkcs_derive_mechanism_value (p11_buffer *buffer,
 
 static p11_rpc_mechanism_serializer p11_rpc_mech_param_update_serializers[] = {
 	{ CKM_IBM_BTC_DERIVE, p11_rpc_buffer_add_ibm_btc_derive_mech_param_update, p11_rpc_buffer_get_ibm_btc_derive_mech_param_update },
+	{ CKM_IBM_KYBER, p11_rpc_buffer_add_ibm_kyber_mech_param_update, p11_rpc_buffer_get_ibm_kyber_mech_param_update },
 };
 
 static p11_rpc_mechanism_serializer p11_rpc_mechanism_serializers[] = {
 	{ CKM_IBM_ECDSA_OTHER, p11_rpc_buffer_add_ibm_ecdsa_other_mechanism_value, p11_rpc_buffer_get_ibm_ecdsa_other_mechanism_value },
 	{ CKM_IBM_BTC_DERIVE, p11_rpc_buffer_add_ibm_btc_derive_mechanism_value, p11_rpc_buffer_get_ibm_btc_derive_mechanism_value },
+	{ CKM_IBM_KYBER, p11_rpc_buffer_add_ibm_kyber_mechanism_value, p11_rpc_buffer_get_ibm_kyber_mechanism_value },
 	{ CKM_RSA_PKCS_PSS, p11_rpc_buffer_add_rsa_pkcs_pss_mechanism_value, p11_rpc_buffer_get_rsa_pkcs_pss_mechanism_value },
 	{ CKM_SHA1_RSA_PKCS_PSS, p11_rpc_buffer_add_rsa_pkcs_pss_mechanism_value, p11_rpc_buffer_get_rsa_pkcs_pss_mechanism_value },
 	{ CKM_SHA224_RSA_PKCS_PSS, p11_rpc_buffer_add_rsa_pkcs_pss_mechanism_value, p11_rpc_buffer_get_rsa_pkcs_pss_mechanism_value },

diff --git a/p11-kit/rpc-message.h b/p11-kit/rpc-message.h
@@ -515,6 +515,15 @@ bool             p11_rpc_buffer_get_mechanism            (p11_buffer *buffer,
 							  size_t *offset,
 							  CK_MECHANISM *mech);
 
+void             p11_rpc_buffer_add_ibm_kyber_mech_param_update (p11_buffer *buffer,
+							  const void *value,
+							  CK_ULONG value_length);
+
+bool             p11_rpc_buffer_get_ibm_kyber_mech_param_update (p11_buffer *buffer,
+							  size_t *offset,
+							  void *value,
+							  CK_ULONG *value_length);
+
 void             p11_rpc_buffer_add_ibm_btc_derive_mech_param_update (p11_buffer *buffer,
 							       const void *value,
 							       CK_ULONG value_length);
@@ -592,6 +601,17 @@ void            p11_rpc_buffer_add_ibm_btc_derive_mechanism_value
 							CK_ULONG value_length);
 
 bool            p11_rpc_buffer_get_ibm_btc_derive_mechanism_value
+						   (p11_buffer *buffer,
+						   size_t *offset,
+						   void *value,
+						   CK_ULONG *value_length);
+
+void            p11_rpc_buffer_add_ibm_kyber_mechanism_value
+						   (p11_buffer *buffer,
+						   const void *value,
+						   CK_ULONG value_length);
+
+bool            p11_rpc_buffer_get_ibm_kyber_mechanism_value
 						  (p11_buffer *buffer,
 						   size_t *offset,
 						   void *value,