Add CK_RSA_AES_KEY_WRAP_PARAMS to params.go

[cryptojerp]

I'm building a tool that calls the WrapKey/UnwrapKey. I'm able to perform Wrapping/Unwrapping against:

1. An AES key with RSA Keypair.
2. An RSA Private Key with AES Key.

But I'm unable to perform Wrapping/Unwrapping of an RSA Private Key with another RSA Key Pair. According to the PKCS 11 documentation (both 2.40 and 3.0 versions), section called "RSA AES KEY WRAP mechanism parameters" requires the use of parameter called "CK_RSA_AES_KEY_WRAP_PARAMS".

Could the "CK_RSA_AES_KEY_WRAP_PARAMS" be added to the library?

[miekg]

[ Quoting ***@***.***> in "[miekg/pkcs11] Add CK_RSA_AES_KEY_W..." ]

I'm building a tool that calls the WrapKey/UnwrapKey. I'm able to perform Wrapping/Unwrapping against: 1. An AES key with RSA Keypair. 2. An RSA Private Key with AES Key. But I'm unable to perform Wrapping/Unwrapping of an RSA Private Key with another RSA Key Pair. According to the PKCS 11 documentation (both 2.40 and 3.0 versions), section called "RSA AES KEY WRAP mechanism parameters" requires the use of parameter called "CK_RSA_AES_KEY_WRAP_PARAMS". Could the "CK_RSA_AES_KEY_WRAP_PARAMS" be added to the library?

Oh, this is a typedef. Unsure how to programmatically include them in zconst.go

[cryptojerp]

I was thinking more on creating a new type in params.go. Like GMCParams or OAEPParams. Something like the following:

// ----------- suggested changes in param.go -----------
// RsaAesKeyWrapParams represents the parameters for the CKM_RSA_AES_KEY_WRAP mechanism.
type RsaAesKeyWrapParams struct {
	aesKeyBits uint
	params  *OAEPParams
}

// NewRsaAesKeyWrapParams creates a CK_RSA_AES_KEY_WRAP_PARAMS structure suitable for use with the CKM_RSA_AES_KEY_WRAP mechanism.
func NewRsaAesKeyWrapParams(aesKeySize, hashAlg, mgf, sourceType uint, sourceData []byte) *RsaAesKeyWrapParams {
	return &RsaAesKeyWrapParams{
		aesKeyBits:    aesKeySize,
		params  :        NewGCMParams(hashAlg, mgf, sourceType, sourceData),
	}
}

func cRsaAesKeyWrapParams(p *RsaAesKeyWrapParams) []byte {
// TODO: Rest of code.

And then:

// ----------- suggested changes in types.go -----------
func cMechanism(mechList []*Mechanism) (arena, *C.CK_MECHANISM) {
// add existing code.
	case *RsaAesKeyWrapParams:
		param = cRsaAesKeyWrapParams(p)
// add existing code.

Does this make sence?

[miekg]

But why does this wrapping need new code, while the other ones just work?

[cryptojerp]

The wrap mechanism denoted CKM_RSA_AES_KEY_WRAP, has the parameter CK_RSA_AES_KEY_WRAP_PARAMS structure.

Without this parameter, I'm unable to use this mechanism.

[miekg]

[ Quoting ***@***.***> in "Re: [miekg/pkcs11] Add CK_RSA_AES_K..." ]

The wrap mechanism denoted CKM_RSA_AES_KEY_WRAP, has the parameter CK_RSA_AES_KEY_WRAP_PARAMS structure. Without this parameter, I'm unable to use this mechanism.

hmm, there is a bunch of manual code in params.go, wish that could also be generated, but looks too complex to make that happen.

[varder]

Please have a look at the PR
#166