nkosmynin
commented
5 months ago It seems to be a bug. aesKeyValue shall contain binary key value representation, not HEX string. When I updated code to convert key value from HEX string to binary array and set key length properly, the key was imported properly. I also tested for decryption and encryption, now it returns correct results corresponding to other AES implementations.
I am trying to import the AES 128-bit (16 bytes) key in SoftHSM2 (latest version from github) with
softhsm2-util --import AES.key --aes --label AES --id 01 --token test --pin 1234. The AES.key file contains sample HEX key representation '00000000000000000000000000000000' (file length 32 chars). I assume that it shall be in ASCII string format, since in source code the fgets() is used to read key value (zero terminated C string). After the import the key is imported as AES 256-bit (32 bytes) key, while it shall be AES 128-bit key (16 bytes). It seems that the key length is not calculated properly, the key object is created with strlen(aesKeyValue), which returns 32 chars, while the key length shall be 16 bytes. Could it be that somehow key length is not calculated properly from HEX key value? Or AES file shall be in another format (not HEX ASCII digits)? Thenfgets()andstrlen()cannot be used as key can contain binary 0x00 bytes.