From d4bb3258779d757ce6faf5b698c70af77ab7647f Mon Sep 17 00:00:00 2001
From: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Wed, 16 Feb 2022 13:51:16 +0100
Subject: [PATCH 17/34] COMMON: Add defines for Kyber
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
usr/include/pkcs11types.h | 49 +++++++++++++++++++++++++++++++++++++++++++++++
usr/lib/common/p11util.c | 4 ++++
2 files changed, 53 insertions(+)
diff --git a/usr/include/pkcs11types.h b/usr/include/pkcs11types.h
index 6bf9c1fa..3d967a13 100644
--- a/usr/include/pkcs11types.h
+++ b/usr/include/pkcs11types.h
@@ -439,6 +439,11 @@ typedef CK_ULONG CK_KEY_TYPE;
#endif
#define CKK_IBM_DILITHIUM CKK_IBM_PQC_DILITHIUM
+#ifndef OCK_NO_EP11_DEFINES
+#define CKK_IBM_PQC_KYBER CKK_VENDOR_DEFINED + 0x10024
+#endif
+#define CKK_IBM_KYBER CKK_IBM_PQC_KYBER
+
/* CK_CERTIFICATE_TYPE is a value that identifies a certificate
* type */
/* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG
@@ -614,6 +619,49 @@ typedef CK_ULONG CK_ATTRIBUTE_TYPE;
#define CKA_IBM_DILITHIUM_T0 (CKA_VENDOR_DEFINED + 0xd0007)
#define CKA_IBM_DILITHIUM_T1 (CKA_VENDOR_DEFINED + 0xd0008)
+#define CKA_IBM_KYBER_MODE (CKA_VENDOR_DEFINED + 0x0000E)
+
+#define CKA_IBM_KYBER_KEYFORM (CKA_VENDOR_DEFINED + 0xd0009)
+#define CKA_IBM_KYBER_PK (CKA_VENDOR_DEFINED + 0xd000A)
+#define CKA_IBM_KYBER_SK (CKA_VENDOR_DEFINED + 0xd000B)
+
+#define CK_IBM_KYBER_KEYFORM_ROUND2_768 1
+#define CK_IBM_KYBER_KEYFORM_ROUND2_1024 2
+
+#define CK_IBM_KYBER_KEM_VERSION 0
+
+typedef CK_ULONG CK_IBM_KYBER_KEM_MODE;
+
+#define CK_IBM_KYBER_KEM_ENCAPSULATE 1
+#define CK_IBM_KYBER_KEM_DECAPSULATE 2
+
+typedef CK_ULONG CK_IBM_KYBER_KDF_TYPE;
+
+#if !defined(CKD_VENDOR_DEFINED)
+#define CKD_VENDOR_DEFINED 0x80000000UL
+#endif
+
+#ifndef OCK_NO_EP11_DEFINES
+#define CKD_IBM_HYBRID_NULL CKD_VENDOR_DEFINED + 0x00000001UL
+#define CKD_IBM_HYBRID_SHA1_KDF CKD_VENDOR_DEFINED + 0x00000002UL
+#define CKD_IBM_HYBRID_SHA224_KDF CKD_VENDOR_DEFINED + 0x00000003UL
+#define CKD_IBM_HYBRID_SHA256_KDF CKD_VENDOR_DEFINED + 0x00000004UL
+#define CKD_IBM_HYBRID_SHA384_KDF CKD_VENDOR_DEFINED + 0x00000005UL
+#define CKD_IBM_HYBRID_SHA512_KDF CKD_VENDOR_DEFINED + 0x00000006UL
+#endif
+
+typedef struct CK_IBM_KYBER_PARAMS {
+ CK_ULONG ulVersion;
+ CK_IBM_KYBER_KEM_MODE mode;
+ CK_IBM_KYBER_KDF_TYPE kdf;
+ CK_BBOOL bPrepend;
+ CK_BYTE *pCipher;
+ CK_ULONG ulCipherLen;
+ CK_BYTE *pSharedData;
+ CK_ULONG ulSharedDataLen;
+ CK_OBJECT_HANDLE hSecret;
+} CK_IBM_KYBER_PARAMS;
+
/* For NSS 3.30: */
#define NSSCK_VENDOR_NSS 0x4E534350
#define CKA_NSS (CKA_VENDOR_DEFINED | NSSCK_VENDOR_NSS)
@@ -941,6 +989,7 @@ typedef CK_ULONG CK_MECHANISM_TYPE;
#define CKM_IBM_SHA3_512 CKM_VENDOR_DEFINED + 0x00010004
#define CKM_IBM_CMAC CKM_VENDOR_DEFINED + 0x00010007
#define CKM_IBM_DILITHIUM CKM_VENDOR_DEFINED + 0x00010023
+#define CKM_IBM_KYBER CKM_VENDOR_DEFINED + 0x00010024
#define CKM_IBM_SHA3_224_HMAC CKM_VENDOR_DEFINED + 0x00010025
#define CKM_IBM_SHA3_256_HMAC CKM_VENDOR_DEFINED + 0x00010026
#define CKM_IBM_SHA3_384_HMAC CKM_VENDOR_DEFINED + 0x00010027
diff --git a/usr/lib/common/p11util.c b/usr/lib/common/p11util.c
index f3a031e3..8b81ab42 100644
--- a/usr/lib/common/p11util.c
+++ b/usr/lib/common/p11util.c
@@ -234,6 +234,10 @@ const char *p11_get_cka(CK_ATTRIBUTE_TYPE atype)
_sym2str(CKA_IBM_DILITHIUM_T0);
_sym2str(CKA_IBM_DILITHIUM_T1);
_sym2str(CKA_IBM_PQC_PARAMS);
+ _sym2str(CKA_IBM_KYBER_KEYFORM);
+ _sym2str(CKA_IBM_KYBER_MODE);
+ _sym2str(CKA_IBM_KYBER_PK);
+ _sym2str(CKA_IBM_KYBER_SK);
default:
sprintf(buf, "unknown attribute type 0x%08lx", atype);
return buf;
--
2.16.2.windows.1