Added support for AES CBC Key Unwrap (#871)

Hussainity · web-flow · commit 1b61bb0483b2 · 2026-05-09T18:33:33.000+02:00
diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp
@@ -1212,7 +1212,7 @@ CK_RV SoftHSM::C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_
 			pInfo->flags = CKF_UNWRAP | CKF_WRAP;
 			/* FALLTHROUGH */
 		case CKM_AES_CBC:
-			pInfo->flags |= CKF_WRAP;
+			pInfo->flags |= CKF_WRAP | CKF_UNWRAP;
 			/* FALLTHROUGH */
 		case CKM_AES_ECB:
 		case CKM_AES_CTR:
@@ -6618,6 +6618,7 @@ CK_RV SoftHSM::WrapKeySym
 			break;
 #endif
 		case CKM_AES_CBC:
+			blocksize = 16;
 			algo = SymAlgo::AES;
 			break;
 
@@ -7219,6 +7220,7 @@ CK_RV SoftHSM::UnwrapKeySym
 			mode = SymWrap::AES_KEYWRAP_PAD;
 			break;
 #endif
+	        case CKM_AES_CBC:
 	        case CKM_AES_CBC_PAD:
 			algo = SymAlgo::AES;
 			blocksize = 16;
@@ -7251,9 +7253,36 @@ CK_RV SoftHSM::UnwrapKeySym
 	ByteString iv;
 	ByteString decryptedFinal;
 	CK_RV rv = CKR_OK;
-	
+
 	switch(pMechanism->mechanism) {
 
+	case CKM_AES_CBC:
+		iv.resize(blocksize);
+		memcpy(&iv[0], pMechanism->pParameter, blocksize);
+
+		if (!cipher->decryptInit(unwrappingkey, SymMode::CBC, iv, false))
+		{
+			cipher->recycleKey(unwrappingkey);
+			CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
+			return CKR_MECHANISM_INVALID;
+		}
+		if (!cipher->decryptUpdate(wrapped, keydata))
+		{
+			cipher->recycleKey(unwrappingkey);
+			CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
+			return CKR_GENERAL_ERROR;
+		}
+		// Finalize decryption
+		if (!cipher->decryptFinal(decryptedFinal))
+		{
+			cipher->recycleKey(unwrappingkey);
+			CryptoFactory::i()->recycleSymmetricAlgorithm(cipher);
+			return CKR_GENERAL_ERROR;
+		}
+		keydata += decryptedFinal;
+		// No unpadding for CKM_AES_CBC - returns raw decrypted data
+		break;
+
 	case CKM_AES_CBC_PAD:
 	case CKM_DES3_CBC_PAD:
 		iv.resize(blocksize);
@@ -7565,6 +7594,7 @@ CK_RV SoftHSM::C_UnwrapKey
 				return rv;
 			break;
 
+	        case CKM_AES_CBC:
 	        case CKM_AES_CBC_PAD:
 			// TODO check block length
 			if (pMechanism->pParameter == NULL_PTR ||
diff --git a/src/lib/test/SymmetricAlgorithmTests.cpp b/src/lib/test/SymmetricAlgorithmTests.cpp
@@ -1099,7 +1099,7 @@ void SymmetricAlgorithmTests::aesWrapUnwrapGeneric(CK_MECHANISM_TYPE mechanismTy
 
 	CK_RV rv;
 	CK_BYTE ivPtr[16];
-	if( mechanismType == CKM_AES_CBC_PAD ) {
+	if( mechanismType == CKM_AES_CBC_PAD || mechanismType == CKM_AES_CBC ) {
 		rv = CRYPTOKI_F_PTR( C_GenerateRandom(hSession, ivPtr, sizeof ivPtr) );
 		CPPUNIT_ASSERT(rv == CKR_OK);
 		mechanism.pParameter = ivPtr;
@@ -1148,7 +1148,12 @@ void SymmetricAlgorithmTests::aesWrapUnwrapGeneric(CK_MECHANISM_TYPE mechanismTy
 	CPPUNIT_ASSERT(rv == CKR_OK);
 
 	auto wrapOverhead = [mechanismType]() {
-		return (mechanismType == CKM_AES_KEY_WRAP || mechanismType == CKM_AES_KEY_WRAP_PAD) ? 8 : 16;
+		if (mechanismType == CKM_AES_KEY_WRAP || mechanismType == CKM_AES_KEY_WRAP_PAD)
+			return 8;
+		else if (mechanismType == CKM_AES_CBC)
+			return 0;  // No padding overhead for CKM_AES_CBC
+		else
+			return 16;  // CKM_AES_CBC_PAD adds padding
 	};
 	CPPUNIT_ASSERT(wrappedLen == rndKeyLen + wrapOverhead() );
 
@@ -1199,7 +1204,7 @@ void SymmetricAlgorithmTests::aesWrapUnwrapNonModifiableGeneric(CK_MECHANISM_TYP
 
 	CK_RV rv;
 	CK_BYTE ivPtr[16];
-	if( mechanismType == CKM_AES_CBC_PAD ) {
+	if( mechanismType == CKM_AES_CBC_PAD || mechanismType == CKM_AES_CBC ) {
 		rv = CRYPTOKI_F_PTR( C_GenerateRandom(hSession, ivPtr, sizeof ivPtr) );
 		CPPUNIT_ASSERT(rv == CKR_OK);
 		mechanism.pParameter = ivPtr;
@@ -1248,7 +1253,12 @@ void SymmetricAlgorithmTests::aesWrapUnwrapNonModifiableGeneric(CK_MECHANISM_TYP
 	CPPUNIT_ASSERT(rv == CKR_OK);
 
 	auto wrapOverhead = [mechanismType]() {
-		return (mechanismType == CKM_AES_KEY_WRAP || mechanismType == CKM_AES_KEY_WRAP_PAD) ? 8 : 16;
+		if (mechanismType == CKM_AES_KEY_WRAP || mechanismType == CKM_AES_KEY_WRAP_PAD)
+			return 8;
+		else if (mechanismType == CKM_AES_CBC)
+			return 0;  // No padding overhead for CKM_AES_CBC
+		else
+			return 16;  // CKM_AES_CBC_PAD adds padding
 	};
 	CPPUNIT_ASSERT(wrappedLen == rndKeyLen + wrapOverhead() );
 
@@ -1322,13 +1332,14 @@ void SymmetricAlgorithmTests::wrapUnwrapRsa(CK_MECHANISM_TYPE mechanismType, CK_
 
 	CK_BYTE ivPtr[16];
 	switch(mechanismType) {
+		case CKM_AES_CBC:
 		case CKM_AES_CBC_PAD:
 		case CKM_DES_CBC_PAD:
 		case CKM_DES3_CBC_PAD:
 			rv = CRYPTOKI_F_PTR( C_GenerateRandom(hSession, ivPtr, sizeof ivPtr) );
 			CPPUNIT_ASSERT(rv == CKR_OK);
 			mechanism.pParameter = ivPtr;
-			mechanism.ulParameterLen = mechanismType == CKM_AES_CBC_PAD ? 16 : 8;
+			mechanism.ulParameterLen = (mechanismType == CKM_AES_CBC_PAD || mechanismType == CKM_AES_CBC) ? 16 : 8;
 			// falls through
 	}
 		
@@ -1756,8 +1767,10 @@ void SymmetricAlgorithmTests::testAesWrapUnwrap()
 
 	aesWrapUnwrapGeneric(CKM_AES_KEY_WRAP, hSession, hKey);
 	aesWrapUnwrapGeneric(CKM_AES_CBC_PAD, hSession, hKey);
+	aesWrapUnwrapGeneric(CKM_AES_CBC, hSession, hKey);
 	aesWrapUnwrapNonModifiableGeneric(CKM_AES_KEY_WRAP, hSession, hKey);
     aesWrapUnwrapNonModifiableGeneric(CKM_AES_CBC_PAD, hSession, hKey);
+    aesWrapUnwrapNonModifiableGeneric(CKM_AES_CBC, hSession, hKey);
 	aesWrapUnwrapRsa(CKM_AES_KEY_WRAP, hSession, hKey);
 	aesWrapUnwrapRsa(CKM_AES_CBC_PAD, hSession, hKey);
 
