in kmsp11/operation/crypter_ops.cc [31:55]
absl::StatusOr<DecryptOp> NewDecryptOp(std::shared_ptr<Object> key,
const CK_MECHANISM* mechanism) {
switch (mechanism->mechanism) {
case CKM_RSA_PKCS_OAEP:
return NewRsaOaepDecrypter(key, mechanism);
case CKM_AES_GCM:
return NewInvalidArgumentError(
absl::StrFormat(
"Mechanism %#x not supported for AES-GCM decryption, the"
"Cloud KMS PKCS #11 library defines a custom mechanism"
"(CKM_CLOUDKMS_AES_GCM) that you can use instead",
mechanism->mechanism),
CKR_MECHANISM_INVALID, SOURCE_LOCATION);
case CKM_CLOUDKMS_AES_GCM:
return NewAesGcmDecrypter(key, mechanism);
case CKM_AES_CTR:
return NewAesCtrDecrypter(key, mechanism);
case CKM_AES_CBC:
case CKM_AES_CBC_PAD:
return NewAesCbcDecrypter(key, mechanism);
default:
return InvalidMechanismError(mechanism->mechanism, "decrypt",
SOURCE_LOCATION);
}
}