TODO(split that): Add support for SP.800-38F key wrapping

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf

Signed-off-by: Arthur Gautier <[email protected]>

Author: baloo

cryptoki-sys/pkcs11.h

@@ -879,6 +879,7 @@ typedef unsigned long ck_mechanism_type_t;
 
 #define CKM_AES_KEY_WRAP		(0x2109UL)
 #define CKM_AES_KEY_WRAP_PAD		(0x210aUL)
+#define CKM_AES_KEY_WRAP_KWP		(0x210BUL)
 
 #define CKM_RSA_PKCS_TPM_1_1		(0x4001UL)
 #define CKM_RSA_PKCS_OAEP_TPM_1_1	(0x4002UL)

cryptoki-sys/src/bindings/x86_64-unknown-linux-gnu.rs

@@ -525,6 +525,7 @@ pub const CKM_CAMELLIA_ECB_ENCRYPT_DATA: CK_MECHANISM_TYPE = 1366;
 pub const CKM_CAMELLIA_CBC_ENCRYPT_DATA: CK_MECHANISM_TYPE = 1367;
 pub const CKM_AES_KEY_WRAP: CK_MECHANISM_TYPE = 8457;
 pub const CKM_AES_KEY_WRAP_PAD: CK_MECHANISM_TYPE = 8458;
+pub const CKM_AES_KEY_WRAP_KWP: CK_MECHANISM_TYPE = 8459;
 pub const CKM_RSA_PKCS_TPM_1_1: CK_MECHANISM_TYPE = 16385;
 pub const CKM_RSA_PKCS_OAEP_TPM_1_1: CK_MECHANISM_TYPE = 16386;
 pub const CKM_EC_EDWARDS_KEY_PAIR_GEN: CK_MECHANISM_TYPE = 4181;

cryptoki/src/mechanism/mod.rs

@@ -63,6 +63,10 @@ impl MechanismType {
     pub const AES_KEY_WRAP_PAD: MechanismType = MechanismType {
         val: CKM_AES_KEY_WRAP_PAD,
     };
+    /// AES key wrap mechanism.  The CKM_AES_KEY_WRAP_KWP mechanism can wrap a key or encrypt block of data of any length.
+    pub const AES_KEY_WRAP_KWP: MechanismType = MechanismType {
+        val: CKM_AES_KEY_WRAP_KWP,
+    };
     /// AES-GCM mechanism
     pub const AES_GCM: MechanismType = MechanismType { val: CKM_AES_GCM };
 
@@ -609,6 +613,7 @@ impl MechanismType {
             }
             CKM_AES_KEY_WRAP => String::from(stringify!(CKM_AES_KEY_WRAP)),
             CKM_AES_KEY_WRAP_PAD => String::from(stringify!(CKM_AES_KEY_WRAP_PAD)),
+            CKM_AES_KEY_WRAP_KWP => String::from(stringify!(CKM_AES_KEY_WRAP_KWP)),
             CKM_RSA_PKCS_TPM_1_1 => String::from(stringify!(CKM_RSA_PKCS_TPM_1_1)),
             CKM_RSA_PKCS_OAEP_TPM_1_1 => String::from(stringify!(CKM_RSA_PKCS_OAEP_TPM_1_1)),
             CKM_EC_EDWARDS_KEY_PAIR_GEN => String::from(stringify!(CKM_EC_EDWARDS_KEY_PAIR_GEN)),
@@ -708,6 +713,8 @@ pub enum Mechanism<'a> {
     AesKeyWrap,
     /// AES key wrap with padding block
     AesKeyWrapPad,
+    /// AES key wrap with padding (CKM_AES_KEY_WRAP_KWP)
+    AesKeyWrapWithPadding(Option<[u8; 4]>),
     /// AES-GCM mechanism
     AesGcm(aead::GcmParams<'a>),
     /// AES-CBC-ENCRYPT-DATA mechanism
@@ -863,6 +870,7 @@ impl Mechanism<'_> {
             Mechanism::AesCbcPad(_) => MechanismType::AES_CBC_PAD,
             Mechanism::AesKeyWrap => MechanismType::AES_KEY_WRAP,
             Mechanism::AesKeyWrapPad => MechanismType::AES_KEY_WRAP_PAD,
+            Mechanism::AesKeyWrapWithPadding(_) => MechanismType::AES_KEY_WRAP_KWP,
             Mechanism::AesGcm(_) => MechanismType::AES_GCM,
             Mechanism::AesCbcEncryptData(_) => MechanismType::AES_CBC_ENCRYPT_DATA,
             Mechanism::AesCMac => MechanismType::AES_CMAC,
@@ -945,11 +953,13 @@ impl From<&Mechanism<'_>> for CK_MECHANISM {
             | Mechanism::Sha512RsaPkcsPss(params) => make_mechanism(mechanism, params),
             Mechanism::RsaPkcsOaep(params) => make_mechanism(mechanism, params),
             Mechanism::Ecdh1Derive(params) => make_mechanism(mechanism, params),
+            Mechanism::AesKeyWrapWithPadding(Some(params)) => make_mechanism(mechanism, params),
             // Mechanisms without parameters
             Mechanism::AesKeyGen
             | Mechanism::AesEcb
             | Mechanism::AesKeyWrap
             | Mechanism::AesKeyWrapPad
+            | Mechanism::AesKeyWrapWithPadding(None)
             | Mechanism::AesCMac
             | Mechanism::RsaPkcsKeyPairGen
             | Mechanism::RsaPkcs