AES Counter Mode.

aws-cloudhsm-pkcs11-examples/GNUmakefile

@@ -1,6 +1,6 @@
 AWS := aws-cloudhsm-pkcs11-examples
 
-TESTS := bin/aes_cbc bin/aes_gcm bin/aes_ecb \
+TESTS := bin/aes_cbc bin/aes_ctr bin/aes_gcm bin/aes_ecb \
 	bin/digest bin/multi_part_digest \
 	bin/find_objects \
 	bin/aes_generate bin/ec_generate bin/rsa_generate \
@@ -29,6 +29,9 @@ clean:
 bin/aes_cbc: $(AWS)/src/encrypt/aes_cbc.c $(AWS)/src/encrypt/aes.c
 	cc $(CFLAGS) -o $@ $+ $(COMMON_SRCS)
 
+bin/aes_ctr: $(AWS)/src/encrypt/aes_ctr.c $(AWS)/src/encrypt/aes.c
+	cc $(CFLAGS) -o $@ $+ $(COMMON_SRCS)
+
 bin/aes_gcm: $(AWS)/src/encrypt/aes_gcm.c $(AWS)/src/encrypt/aes.c
 	cc $(CFLAGS) -o $@ $+ $(COMMON_SRCS)
 

cmd/token/main.go

@@ -124,6 +124,7 @@ type EncDec struct {
 	Block     cipher.Block
 	BlockMode cipher.BlockMode
 	AEAD      cipher.AEAD
+	Stream    cipher.Stream
 	IV        []byte
 	AAD       []byte
 

cmd/token/provider.go

@@ -734,6 +734,30 @@ func (p *Provider) EncryptInit(req *pkcs11.EncryptInitReq) (*pkcs11.EncryptInitR
 		}
 		return resp, nil
 
+	case pkcs11.CkmAESCTR:
+		var params pkcs11.AesCtrParams
+		err = pkcs11.Unmarshal(req.Mechanism.Parameter, &params)
+		if err != nil {
+			Errorf("pkcs11.Unmarshal: %v", err)
+			return nil, pkcs11.ErrMechanismParamInvalid
+		}
+
+		b, err := aes.NewCipher(key)
+		if err != nil {
+			return nil, pkcs11.ErrKeySizeRange
+		}
+		if b.BlockSize() != len(params.Cb) {
+			Errorf("%s: invalid IV length %v, expected %v",
+				req.Mechanism.Mechanism, len(params.Cb), b.BlockSize())
+			return nil, pkcs11.ErrMechanismParamInvalid
+		}
+
+		p.session.Encrypt = &EncDec{
+			Mechanism: req.Mechanism.Mechanism,
+			Stream:    cipher.NewCTR(b, params.Cb[:]),
+		}
+		return resp, nil
+
 	case pkcs11.CkmAESGCM:
 		b, err := aes.NewCipher(key)
 		if err != nil {
@@ -746,11 +770,11 @@ func (p *Provider) EncryptInit(req *pkcs11.EncryptInitReq) (*pkcs11.EncryptInitR
 		var params pkcs11.GcmParams
 		err = pkcs11.Unmarshal(req.Mechanism.Parameter, &params)
 		if err != nil {
-			log.Printf("\u251c\u2500\u2500\u2574pkcs11.Unmarshal: %v", err)
+			Errorf("pkcs11.Unmarshal: %v", err)
 			return nil, pkcs11.ErrMechanismParamInvalid
 		}
 		if len(params.Iv) != 12 {
-			log.Printf("\u251c\u2500\u2500\u2574%s: invalid IV length %v, expected 12",
+			Errorf("%s: invalid IV length %v, expected 12",
 				req.Mechanism.Mechanism, len(params.Iv))
 			return nil, pkcs11.ErrMechanismParamInvalid
 		}
@@ -838,6 +862,14 @@ func (p *Provider) Encrypt(req *pkcs11.EncryptReq) (*pkcs11.EncryptResp, error)
 		p.session.Encrypt.BlockMode.CryptBlocks(resp.EncryptedData,
 			resp.EncryptedData)
 
+	case pkcs11.CkmAESCTR:
+		if req.EncryptedDataSize == 0 {
+			// Querying output buffer size.
+			return resp, nil
+		}
+		p.session.Encrypt.Stream.XORKeyStream(req.Data, req.Data)
+		resp.EncryptedData = req.Data
+
 	case pkcs11.CkmAESGCM:
 		if debug {
 			log.Printf("AEAD: IV: %x (%d), AAD: %x (%d)",
@@ -1003,6 +1035,30 @@ func (p *Provider) DecryptInit(req *pkcs11.DecryptInitReq) error {
 		}
 		return nil
 
+	case pkcs11.CkmAESCTR:
+		var params pkcs11.AesCtrParams
+		err = pkcs11.Unmarshal(req.Mechanism.Parameter, &params)
+		if err != nil {
+			Errorf("pkcs11.Unmarshal: %v", err)
+			return pkcs11.ErrMechanismParamInvalid
+		}
+
+		b, err := aes.NewCipher(key)
+		if err != nil {
+			return pkcs11.ErrKeySizeRange
+		}
+		if b.BlockSize() != len(params.Cb) {
+			Errorf("%s: invalid IV length %v, expected %v",
+				req.Mechanism.Mechanism, len(params.Cb), b.BlockSize())
+			return pkcs11.ErrMechanismParamInvalid
+		}
+
+		p.session.Decrypt = &EncDec{
+			Mechanism: req.Mechanism.Mechanism,
+			Stream:    cipher.NewCTR(b, params.Cb[:]),
+		}
+		return nil
+
 	case pkcs11.CkmAESGCM:
 		b, err := aes.NewCipher(key)
 		if err != nil {
@@ -1107,6 +1163,15 @@ func (p *Provider) Decrypt(req *pkcs11.DecryptReq) (*pkcs11.DecryptResp, error)
 		resp.DataLen = len(data)
 		resp.Data = data
 
+	case pkcs11.CkmAESCTR:
+		if req.DataSize == 0 {
+			// Querying output buffer size.
+			return resp, nil
+		}
+		p.session.Decrypt.Stream.XORKeyStream(req.EncryptedData,
+			req.EncryptedData)
+		resp.Data = req.EncryptedData
+
 	case pkcs11.CkmAESGCM:
 		if debug {
 			log.Printf("AEAD: IV: %x (%d), AAD: %x (%d)",

library/pkcs11_types.rpct

@@ -92,6 +92,11 @@ type CK_MECHANISM struct {
 
 encoder CK_MECHANISM = vp_encode_mechanism
 
+type CK_AES_CTR_PARAMS struct {
+      CK_ULONG ulCounterBits
+  [16]CK_BYTE  cb
+}
+
 type CK_GCM_PARAMS struct {
    [CK_ULONG ulIvLen]CK_BYTE  pIv
                      CK_ULONG ulIvBits

library/vp_encoders.c

@@ -64,6 +64,29 @@ vp_encode_mechanism(VPBuffer *buf, CK_MECHANISM_PTR m)
       vp_buffer_add_byte_arr(buf, m->pParameter, m->ulParameterLen);
       break;
 
+    case CKM_AES_CTR:
+      if (m->ulParameterLen == sizeof(CK_AES_CTR_PARAMS))
+        {
+          CK_AES_CTR_PARAMS_PTR p = (CK_AES_CTR_PARAMS_PTR) m->pParameter;
+
+          vp_buffer_add_ulong(&b, p->ulCounterBits);
+          vp_buffer_add_byte_arr(&b, p->cb, sizeof(p->cb));
+
+          if (vp_buffer_error(&b, &ret))
+            goto out;
+
+          vp_buffer_add_byte_arr(buf, vp_buffer_ptr(&b), vp_buffer_len(&b));
+        }
+      else
+        {
+          vp_log(LOG_ERR,
+                 "mechanism: %08x: invalid CK_AES_CTR_PARAMS: len=%d (%d)",
+                 m->mechanism, m->ulParameterLen, sizeof(CK_AES_CTR_PARAMS));
+          return CKR_MECHANISM_INVALID;
+        }
+
+      break;
+
     case CKM_AES_GCM:
       if (m->ulParameterLen == sizeof(CK_GCM_PARAMS_V230))
         {

pkcs11/rpc.go

@@ -65,6 +65,12 @@ type UTF8Char = byte
 // VoidPtr defines basic protocol type CK_VOID_PTR.
 type VoidPtr = byte
 
+// AesCtrParams defines compound protocol type CK_AES_CTR_PARAMS.
+type AesCtrParams struct {
+	CounterBits Ulong
+	Cb          [16]Byte
+}
+
 // Attribute defines compound protocol type CK_ATTRIBUTE.
 type Attribute struct {
 	Type  AttributeType