wolfSSL · dgarske · Jan 7, 2025 · Jan 7, 2025
diff --git a/README.md b/README.md
@@ -32,18 +32,27 @@ cd wolfPKCS11
 make
 make check
 ```
-### Optional: AES-CCM Support
-
-To have AES-CCM support in wolfPKCS11, simiply configure wolfSSL with the
-addition of `--enable-aesccm`
-
 ### TPM support with wolfTPM
 
 Enables using a TPM for cryptography and keystore.
 Tested using `./configure --enable-singlethreaded --enable-wolftpm --disable-dh CFLAGS="-DWOLFPKCS11_TPM_STORE" && make`.
 
 Note: The TPM does not support DH, so only RSA and ECC are supported.
 
+### Optional: AES-CCM Support
+
+To have AES-CCM support in wolfPKCS11, configure both wolfSSL and wolfPKCS11
+with the addition of `--enable-aesccm`.
+
+### Optional: AES-ECB Support
+
+To have AES-ECB support in wolfPKCS11, configure wolfSSL with the C macro
+`HAVE_AES_ECB` defined. For example, `CFLAGS="-DHAVE_AES_ECB"`. Then
+enable it in wolfPKCS11 with the addition of `--enable-aesecb` during the
+configure step.
+
+WARNING: ECB (Electronic Code Book) mode AES is generally considered to be
+insecure. Please consider using a different mode of AES.
 
 ### Build options and defines
 

diff --git a/configure.ac b/configure.ac
@@ -250,6 +250,18 @@ else
     DISABLE_DEFS="$DISABLE_DEFS -DHAVE_AESCCM"
 fi
 
+AC_ARG_ENABLE([aesecb],
+    [AS_HELP_STRING([--enable-aesecb],[Enable AES-ECB (default: disabled)])],
+    [ ENABLED_AESECB=$enableval ],
+    [ ENABLED_AESECB=no ]
+    )
+if test "$ENABLED_AES" = "yes" && test "$ENABLED_AESECB" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_AESECB"
+else
+    DISABLE_DEFS="$DISABLE_DEFS -DHAVE_AESECB"
+fi
+
 AC_ARG_ENABLE([hmac],
     [AS_HELP_STRING([--enable-hmac],[Enable HMAC (default: enabled)])],
     [ ENABLED_HMAC=$enableval ],
@@ -514,6 +526,7 @@ echo "   * AES:                        $ENABLED_AES"
 echo "   * AES-CBC:                    $ENABLED_AESCBC"
 echo "   * AES-GCM:                    $ENABLED_AESGCM"
 echo "   * AES-CCM:                    $ENABLED_AESCCM"
+echo "   * AES-ECB:                    $ENABLED_AESECB"
 echo "   * MD5:                        $ENABLED_MD5"
 echo "   * SHA:                        $ENABLED_SHA1"
 echo "   * SHA-224:                    $ENABLED_SHA224"

diff --git a/src/crypto.c b/src/crypto.c
@@ -1312,6 +1312,20 @@ CK_RV C_EncryptInit(CK_SESSION_HANDLE hSession,
             break;
         }
     #endif
+
+    #ifdef HAVE_AESECB
+        case CKM_AES_ECB: {
+            if (type != CKK_AES)
+                return CKR_KEY_TYPE_INCONSISTENT;
+            if (pMechanism->pParameter != NULL)
+                return CKR_MECHANISM_PARAM_INVALID;
+            if (pMechanism->ulParameterLen != 0)
+                return CKR_MECHANISM_PARAM_INVALID;
+
+            init = WP11_INIT_AES_ECB_ENC;
+            break;
+        }
+    #endif
 #endif
         default:
             (void)type;
@@ -1516,6 +1530,26 @@ CK_RV C_Encrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
             *pulEncryptedDataLen = encDataLen;
             break;
     #endif
+    #ifdef HAVE_AESECB
+        case CKM_AES_ECB:
+            if (!WP11_Session_IsOpInitialized(session, WP11_INIT_AES_ECB_ENC))
+                return CKR_OPERATION_NOT_INITIALIZED;
+
+            encDataLen = (word32)ulDataLen;
+            if (pEncryptedData == NULL) {
+                *pulEncryptedDataLen = encDataLen;
+                return CKR_OK;
+            }
+            if (encDataLen > (word32)*pulEncryptedDataLen)
+                return CKR_BUFFER_TOO_SMALL;
+
+            ret = WP11_AesEcb_Encrypt(pData, (int)ulDataLen, pEncryptedData,
+                                      &encDataLen, obj, session);
+            if (ret < 0)
+                return CKR_FUNCTION_FAILED;
+            *pulEncryptedDataLen = encDataLen;
+            break;
+    #endif
 #endif
         default:
             (void)ret;
@@ -1926,6 +1960,19 @@ CK_RV C_DecryptInit(CK_SESSION_HANDLE hSession,
             break;
         }
     #endif
+    #ifdef HAVE_AESECB
+        case CKM_AES_ECB: {
+            if (type != CKK_AES)
+                return CKR_KEY_TYPE_INCONSISTENT;
+            if (pMechanism->pParameter != NULL)
+                return CKR_MECHANISM_PARAM_INVALID;
+            if (pMechanism->ulParameterLen != 0)
+                return CKR_MECHANISM_PARAM_INVALID;
+
+            init = WP11_INIT_AES_ECB_DEC;
+            break;
+        }
+    #endif
 #endif
         default:
             (void)type;
@@ -2131,6 +2178,26 @@ CK_RV C_Decrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData,
             *pulDataLen = decDataLen;
             break;
     #endif
+    #ifdef HAVE_AESECB
+        case CKM_AES_ECB:
+            if (!WP11_Session_IsOpInitialized(session, WP11_INIT_AES_ECB_DEC))
+                return CKR_OPERATION_NOT_INITIALIZED;
+
+            decDataLen = (word32)ulEncryptedDataLen;
+            if (pData == NULL) {
+                *pulDataLen = decDataLen;
+                return CKR_OK;
+            }
+            if (decDataLen > (word32)*pulDataLen)
+                return CKR_BUFFER_TOO_SMALL;
+
+            ret = WP11_AesEcb_Decrypt(pEncryptedData, (int)ulEncryptedDataLen,
+                                      pData, &decDataLen, obj, session);
+            if (ret < 0)
+                return CKR_FUNCTION_FAILED;
+            *pulDataLen = decDataLen;
+            break;
+    #endif
 #endif
         default:
             (void)decDataLen;

diff --git a/src/internal.c b/src/internal.c
@@ -4832,7 +4832,7 @@ int WP11_Session_SetCcmParams(WP11_Session* session, int dataSz,
 
     return ret;
 }
-#endif /* HAVE_AESGCM */
+#endif /* HAVE_AESCCM */
 #endif /* !NO_AES */
 
 /**
@@ -8660,6 +8660,94 @@ int WP11_AesCcm_Decrypt(unsigned char* enc, word32 encSz, unsigned char* dec,
     return ret;
 }
 #endif /* HAVE_AESCCM */
+
+#ifdef HAVE_AESECB
+/**
+ * Encrypt plain text with AES-ECB.
+ * Output buffer must be large enough to hold all data.
+ *
+ * @param  plain    [in]      Plain text.
+ * @param  plainSz  [in]      Length of plain text in bytes.
+ * @param  enc      [in]      Buffer to hold encrypted data.
+ * @param  encSz    [in,out]  On in, length of buffer in bytes.
+ *                            On out, length of encrypted data including
+ *                            authentication tag in bytes.
+ * @param  secret   [in]      Secret key object.
+ * @param  session  [in]      Session object.
+ * @return  -ve on encryption failure.
+ *          0 on success.
+ */
+int WP11_AesEcb_Encrypt(unsigned char* plain, word32 plainSz,
+                        unsigned char* enc, word32* encSz, WP11_Object* secret,
+                        WP11_Session* session)
+{
+    int ret;
+    Aes aes;
+    WP11_Data* key;
+
+    ret = wc_AesInit(&aes, NULL, session->devId);
+    if (ret == 0) {
+        if (secret->onToken)
+            WP11_Lock_LockRO(secret->lock);
+        key = &secret->data.symmKey;
+        ret = wc_AesSetKey(&aes, key->data, key->len, NULL, AES_ENCRYPTION);
+        if (secret->onToken)
+            WP11_Lock_UnlockRO(secret->lock);
+
+        if (ret == 0)
+            ret = wc_AesEcbEncrypt(&aes, enc, plain, plainSz);
+        if (ret == 0)
+            *encSz = plainSz;
+
+        wc_AesFree(&aes);
+    }
+
+    return ret;
+}
+
+/**
+ * Decrypt data with AES-ECB.
+ * Output buffer must be large enough to hold all decrypted data.
+ *
+ * @param  enc      [in]      Encrypted data.
+ * @param  encSz    [in]      Length of encrypted data in bytes.
+ * @param  dec      [in]      Buffer to hold decrypted data.
+ * @param  decSz    [in,out]  On in, length of buffer in bytes.
+ *                            On out, length of decrypted data in bytes.
+ * @param  session  [in]      Session object holding Aes object.
+ * @return  -ve on decryption failure.
+ *          0 on success.
+ */
+int WP11_AesEcb_Decrypt(unsigned char* enc, word32 encSz, unsigned char* dec,
+                        word32* decSz, WP11_Object* secret,
+                        WP11_Session* session)
+{
+    int ret;
+    Aes aes;
+    WP11_Data* key;
+
+    ret = wc_AesInit(&aes, NULL, session->devId);
+    if (ret == 0) {
+        if (secret->onToken)
+            WP11_Lock_LockRO(secret->lock);
+        key = &secret->data.symmKey;
+        ret = wc_AesSetKey(&aes, key->data, key->len, NULL, AES_DECRYPTION);
+        if (secret->onToken)
+            WP11_Lock_UnlockRO(secret->lock);
+
+        if (ret == 0)
+            ret = wc_AesEcbDecrypt(&aes, dec, enc, encSz);
+
+        if (ret == 0) {
+            *decSz = encSz;
+        }
+
+        wc_AesFree(&aes);
+    }
+
+    return ret;
+}
+#endif /* HAVE_AESECB */
 #endif /* !NO_AES */
 
 #ifndef NO_HMAC

diff --git a/src/slot.c b/src/slot.c
@@ -249,6 +249,9 @@ static CK_MECHANISM_TYPE mechanismList[] = {
 #ifdef HAVE_AESCCM
     CKM_AES_CCM,
 #endif
+#ifdef HAVE_AESECB
+    CKM_AES_ECB,
+#endif
 #endif
 #ifndef NO_HMAC
 #ifndef NO_MD5
@@ -390,6 +393,12 @@ static CK_MECHANISM_INFO aesCcmMechInfo = {
     16, 32, CKF_ENCRYPT | CKF_DECRYPT
 };
 #endif
+#ifdef HAVE_AESECB
+/* Info on AES-ECB mechanism. */
+static CK_MECHANISM_INFO aesEcbMechInfo = {
+    16, 32, CKF_ENCRYPT | CKF_DECRYPT
+};
+#endif
 #endif
 #ifndef NO_HMAC
 #ifndef NO_MD5
@@ -512,6 +521,11 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type,
             XMEMCPY(pInfo, &aesCcmMechInfo, sizeof(CK_MECHANISM_INFO));
             break;
 #endif
+#ifdef HAVE_AESECB
+        case CKM_AES_ECB:
+            XMEMCPY(pInfo, &aesEcbMechInfo, sizeof(CK_MECHANISM_INFO));
+            break;
+#endif
 #endif
 #ifndef NO_HMAC
 #ifndef NO_MD5