Add support for AES GCM mode.

[oleksiys]

KMIP 1.4 adds encryption/decryption parameters required by AES GCM mode.

[PeterHamilton]

Hi @oleksiys, thanks for submitting this pull request! From my initial glance I'm impressed at how comprehensive it looks. I'll give it a deeper review within the next day or two.

[PeterHamilton]

It looks like one of my tests is failing independent of your patch here. I'm triaging it now and should hopefully have a fix out tomorrow. Once that's upstream we can rebase your patch on that one and ensure that the test suite passes without issue.

[PeterHamilton]

Now that #573 is merged, go ahead and rebase this and we'll verify the tests pass.

[codecov-io]

Codecov Report

❗ No coverage uploaded for pull request base (master@4938f82). Click here to learn what that means.
The diff coverage is 96.33%.

@@            Coverage Diff            @@
##             master     #572   +/-   ##
=========================================
  Coverage          ?   96.02%           
=========================================
  Files             ?       75           
  Lines             ?    15583           
  Branches          ?        0           
=========================================
  Hits              ?    14963           
  Misses            ?      620           
  Partials          ?        0

Impacted Files	Coverage Δ
kmip/core/messages/payloads/encrypt.py	100% <100%> (ø)
kmip/services/server/engine.py	99.32% <100%> (ø)
kmip/core/messages/payloads/decrypt.py	100% <100%> (ø)
kmip/services/server/crypto/engine.py	98.84% <84%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4938f82...c8f4c8c. Read the comment docs.

[oleksiys]

PTAL

[PeterHamilton]

Overall, this looks really good. You did a great job updating the operation payloads with the KMIP 1.4 fields, threading those through the getters/setters/read/write methods, and updating all of the tests (and test vectors) to reflect the changes. The updates to the cryptography engine also look sound and mesh well with the existing data flow.

I would normally split a patch like this into a smaller patch for the operation payload updates (and tests), another patch for the cryptography engine updates (and tests), and (maybe) a third patch for the actual server changes to tie the two together. However, I think I'm ok leaving it as one giant patch since it provides good context for how all of these changes relate to one another.

I had a few comments in-line. Once those are addressed, I'll give this one final look over and then it'll be good to go.

[oleksiys]

@PeterHamilton I migrated two tests from CAVP. I also realized that we need to strip the tag to the requested tag length, it's covered by the test.
PTAL.

[PeterHamilton]

@oleksiys Thanks for updating this. I should be able to give this a final look over later this afternoon or tomorrow morning, at the latest.

[PeterHamilton]

Thanks for adding official GCM test vectors. I spot checked them and they look good. Just tweak the one auth_tag_length value for the first test and this will be good to go.