Add AES Key Derivation Support (ECB,CBC Encrypt)

Additional Information:

1. Added AES Key Derivation mechanisms described in
   PKCS11 v2.4.0 Section 2.15:
  - CKM_AES_ECB_ENCRYPT_DATA
  - CKM_AES_CBC_ENCRYPT_DATA

2. Incorporated code-review comments:
  - directly sliced the IV data to extract mechanism_params for CBC_ENCRYPT,
  - added Unit Tests for ECB_ENCRYPT
    - test_derive_ecb_encrypt
  - added Unit Tests for CBC_ENCRYPT
    - test_derive_cbc_encrypt
  - updated dev-requirements
  - split the Unit Tests into 2 phases:
    - key-derivation tests
    - data encrypyion/decryption tests
    - replaced f-strings with python3.5 compatible format strings

Sanity Testing:

1. Build Validation:
python setup.py build_ext --inplace

2. AES Testing:
export PKCS11_MODULE=XXX
export PKCS11_TOKEN_LABEL=XXX
export PKCS11_TOKEN_PIN=XXX
export PKCS11_TOKEN_SO_PIN=XXX
pytest ./tests/test_aes.py

Signed-off-by: Akshitij Malik

Author: Akshitij Malik

tests/test_aes.py

@@ -152,7 +152,7 @@ def test_derive_using_ecb_encrypt(self, test_type, test_key_length, iv_length):
                                             pkcs11.Attribute.SENSITIVE: False,
                                         })
 
-        self.assertTrue(key is not None, f"Failed to create {test_key_length}-bit Master Key")
+        self.assertTrue(key is not None, "Failed to create {}-bit Master Key".format(test_key_length))
 
         # Derive a Key from the Master Key
         iv = b'0' * iv_length
@@ -170,9 +170,9 @@ def test_derive_using_ecb_encrypt(self, test_type, test_key_length, iv_length):
             derived_key = None
 
         if test_type.startswith("NEGATIVE"):
-            self.assertTrue(derived_key is None, f"Unexpected {test_key_length}-bit Derived Key")
+            self.assertTrue(derived_key is None, "Unexpected {}-bit Derived Key".format(test_key_length))
         else:
-            self.assertTrue(derived_key is not None, f"Failed to derive {test_key_length}-bit Derived Key")
+            self.assertTrue(derived_key is not None, "Failed to derive {}-bit Derived Key".format(test_key_length))
 
     @parameterized.expand([
         ("POSITIVE_128_BIT",            128, 16),
@@ -200,7 +200,7 @@ def test_encrypt_with_key_derived_using_ecb_encrypt(self, test_type, test_key_le
                                             pkcs11.Attribute.SENSITIVE: False,
                                         })
 
-        self.assertTrue(key is not None, f"Failed to create {test_key_length}-bit Master Key")
+        self.assertTrue(key is not None, "Failed to create {}-bit Master Key".format(test_key_length))
 
         # Derive a Key from the Master Key
         iv = b'0' * iv_length
@@ -217,7 +217,7 @@ def test_encrypt_with_key_derived_using_ecb_encrypt(self, test_type, test_key_le
                 pkcs11.exceptions.FunctionFailed) as e:
             derived_key = None
 
-        self.assertTrue(derived_key is not None, f"Failed to derive {test_key_length}-bit Derived Key")
+        self.assertTrue(derived_key is not None, "Failed to derive {}-bit Derived Key".format(test_key_length))
 
         # Test capability of Key to Encrypt/Decrypt data
         data = b'HELLO WORLD' * 1024
@@ -258,7 +258,7 @@ def test_derive_using_cbc_encrypt(self, test_type, test_key_length, iv_length, d
                                             pkcs11.Attribute.SENSITIVE: False,
                                         })
 
-        self.assertTrue(key is not None, f"Failed to create {test_key_length}-bit Master Key")
+        self.assertTrue(key is not None, "Failed to create {}-bit Master Key".format(test_key_length))
 
         # Derive a Key from the Master Key
         iv = b'0' * iv_length
@@ -278,9 +278,9 @@ def test_derive_using_cbc_encrypt(self, test_type, test_key_length, iv_length, d
             derived_key = None
 
         if test_type.startswith("NEGATIVE"):
-            self.assertTrue(derived_key is None, f"Unexpected {test_key_length}-bit Derived Key")
+            self.assertTrue(derived_key is None, "Unexpected {}-bit Derived Key".format(test_key_length))
         else:
-            self.assertTrue(derived_key is not None, f"Failed to derive {test_key_length}-bit Derived Key")
+            self.assertTrue(derived_key is not None, "Failed to derive {}-bit Derived Key".format(test_key_length))
 
     @parameterized.expand([
         ("POSITIVE_128_BIT",            128, 16, 16),
@@ -309,7 +309,7 @@ def test_encrypt_with_key_derived_using_cbc_encrypt(self, test_type, test_key_le
                                             pkcs11.Attribute.SENSITIVE: False,
                                         })
 
-        self.assertTrue(key is not None, f"Failed to create {test_key_length}-bit Master Key")
+        self.assertTrue(key is not None, "Failed to create {}-bit Master Key".format(test_key_length))
 
         # Derive a Key from the Master Key
         iv = b'0' * iv_length
@@ -328,7 +328,7 @@ def test_encrypt_with_key_derived_using_cbc_encrypt(self, test_type, test_key_le
                 IndexError) as e:
             derived_key = None
 
-        self.assertTrue(derived_key is not None, f"Failed to derive {test_key_length}-bit Derived Key")
+        self.assertTrue(derived_key is not None, "Failed to derive {}-bit Derived Key".format(test_key_length))
 
         # Test capability of Key to Encrypt/Decrypt data
         data = b'HELLO WORLD' * 1024