CODEWITHSUNDEEP
pkcs#11pkcs11interopsofthsm
Rufus Buschart
Rufus Buschart

Reputation: 553

Unwrapping of symmetric key throws Pkcs11Exception / CKR_GENERAL_ERROR

I'm trying to convert the Wrap / Unwrap example from a RSA key pair to a single AES key:

// Open RW session
using (ISession session = slot.OpenSession(SessionType.ReadWrite))
{
  string userPin = "1234";

  // Login as normal user
  session.Login(CKU.CKU_USER, userPin);

  // Generate symetric secret key
  IObjectHandle secretKey = Helpers.GenerateKey(session);

  // Generate symetric key
  IObjectHandle publicKey = Helpers.GenerateKey(session);

  // Specify wrapping mechanism
  IMechanism mechanism = session.Factories.MechanismFactory.Create(CKM.CKM_AES_KEY_WRAP);

  // Wrap key
  byte[] wrappedKey = session.WrapKey(mechanism, publicKey, secretKey);

  // Define attributes for unwrapped key
  List<IObjectAttribute> objectAttributes = new List<IObjectAttribute>();

  objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_SECRET_KEY));
  objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_KEY_TYPE, CKK.CKK_AES));
  objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_ENCRYPT, true));
  objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_DECRYPT, true));
  objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_DERIVE, true));
  objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_EXTRACTABLE, true));
  objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true));
  objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_LABEL, "UnWrapperTest"));

  // Unwrap key
  IObjectHandle unwrappedKey = session.UnwrapKey(mechanism, secretKey, wrappedKey, objectAttributes);
  }
}

with

public static IObjectHandle GenerateKey(ISession session)
{
  // Prepare attribute template of new key
  List<IObjectAttribute> objectAttributes = new List<IObjectAttribute>();
  objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_SECRET_KEY));
  objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_KEY_TYPE, CKK.CKK_AES));
  objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true));
  objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_ENCRYPT, true));
  objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_DECRYPT, true));
  objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_DERIVE, true));
  objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_EXTRACTABLE, true));
  objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_VALUE_LEN, 32));
  objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_LABEL, "WrapperTest"));

  // Specify key generation mechanism
  IMechanism mechanism = session.Factories.MechanismFactory.Create(CKM.CKM_AES_KEY_GEN);

  // Generate key
  return session.GenerateKey(mechanism, objectAttributes);
}

But the line IObjectHandle unwrappedKey = session.UnwrapKey(mechanism, secretKey, wrappedKey, objectAttributes); always throws a Net.Pkcs11Interop.Common.Pkcs11Exception: 'Method C_UnwrapKey returned CKR_GENERAL_ERROR' exception.

As 'HSM' I'm using a SoftHSM2 on Windows.

What am I doing wrong?

Disclosure: I'm cross-posting this question also in GitHub

Upvotes: 2

Views: 666

Answers (1)

Rufus Buschart
Rufus Buschart

Reputation: 553

Found the problem:

IObjectHandle unwrappedKey = session.UnwrapKey(mechanism, secretKey, wrappedKey, objectAttributes);

should read

IObjectHandle unwrappedKey = session.UnwrapKey(mechanism, publicKey, wrappedKey, objectAttributes);

Upvotes: 1

Related Questions