softhsm · mhochsto · Jun 10, 2026 · Jun 11, 2026 · Jun 11, 2026 · coderabbitai
@@ -43,14 +43,15 @@ Now we need to install some dependencies
 
 	$ brew install automake
 	$ brew install pkg-config
-	$ brew install openssl
+	$ brew install openssl@3.6
 	$ brew install sqlite
 	$ brew install cppunit
 	$ brew install libtool
 
+OpenSSL 3.6+ required for AES-CCM ref issue #22773
+
 openssl, sqlite, and libtool are pre-installed on the system. The versions downloaded
 by brew are stored in an alternative location under /usr/local
-
 The only brew warning of note is for libtool:
 
 	==> Caveats

@@ -38,6 +38,7 @@ Minimum required versions:
 
 - Botan 2.0.0
 - OpenSSL 1.0.0
+**OpenSSL 3.6+ required for AES-CCM**  [ref issue #22773](https://github.com/openssl/openssl/issues/22773)
 
 If you are using Botan, use at least version 2.6.0. This will improve
 the performance when doing public key operations.

@@ -810,6 +810,7 @@ void SoftHSM::prepareSupportedMechanisms(std::map<std::string, CK_MECHANISM_TYPE
 	t["CKM_AES_CBC_PAD"]		= CKM_AES_CBC_PAD;
 	t["CKM_AES_CTR"]		= CKM_AES_CTR;
 	t["CKM_AES_GCM"]		= CKM_AES_GCM;
+	t["CKM_AES_CCM"]		= CKM_AES_CCM;
 	t["CKM_AES_KEY_WRAP"]		= CKM_AES_KEY_WRAP;
 #ifdef HAVE_AES_KEY_WRAP_PAD
 	t["CKM_AES_KEY_WRAP_PAD"]	= CKM_AES_KEY_WRAP_PAD;
@@ -1218,6 +1219,7 @@ CK_RV SoftHSM::C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_
 		case CKM_AES_ECB:
 		case CKM_AES_CTR:
 		case CKM_AES_GCM:
+		case CKM_AES_CCM:
 			pInfo->ulMinKeySize = 16;
 			pInfo->ulMaxKeySize = 32;
 			pInfo->flags |= CKF_ENCRYPT | CKF_DECRYPT;
@@ -2226,6 +2228,7 @@ static bool isSymMechanism(CK_MECHANISM_PTR pMechanism)
 		case CKM_AES_CBC_PAD:
 		case CKM_AES_CTR:
 		case CKM_AES_GCM:
+		case CKM_AES_CCM:
 			return true;
 		default:
 			return false;
@@ -2445,6 +2448,34 @@ CK_RV SoftHSM::SymEncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech
 			}
 			tagBytes = tagBytes / 8;
 			break;
+		case CKM_AES_CCM:
+			if (keyType != CKK_AES)
+				return CKR_KEY_TYPE_INCONSISTENT;
+			algo = SymAlgo::AES;
+			mode = SymMode::CCM;
+			if (pMechanism->pParameter == NULL_PTR ||
+			    pMechanism->ulParameterLen != sizeof(CK_CCM_PARAMS))
+			{
+				DEBUG_MSG("CCM mode requires parameters");
+				return CKR_ARGUMENTS_BAD;
+			}
+			if (CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulNonceLen < 7 && CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulNonceLen > 13) {
+				DEBUG_MSG("Invalid ulNonceLen value, is %#5d should be 7 ≤ ulNonceLen ≤ 13.", CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulNonceLen);
+				return CKR_ARGUMENTS_BAD;
+			}
+			iv.resize(CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulNonceLen);
+			memcpy(&iv[0], CK_CCM_PARAMS_PTR(pMechanism->pParameter)->nonce, CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulNonceLen);
+			aad.resize(CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen);
+			if (CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen > 0)
+				memcpy(&aad[0], CK_CCM_PARAMS_PTR(pMechanism->pParameter)->aad, CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen);
+			tagBytes = CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulMACLen;
+			counterBits = CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulDataLen;
+			if (tagBytes != 16 && tagBytes != 14 && tagBytes != 12 && tagBytes != 10 && tagBytes != 8)
+			{
+				DEBUG_MSG("Invalid ulMACLen value, is %#5d should be 16, 14, 12, 10 or 8", tagBytes);
+				return CKR_ARGUMENTS_BAD;
+			}
+			break;
 		default:
 			return CKR_MECHANISM_INVALID;
 	}
@@ -3201,6 +3232,34 @@ CK_RV SoftHSM::SymDecryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech
 			}
 			tagBytes = tagBytes / 8;
 			break;
+		case CKM_AES_CCM:
+			if (keyType != CKK_AES)
+				return CKR_KEY_TYPE_INCONSISTENT;
+			algo = SymAlgo::AES;
+			mode = SymMode::CCM;
+			if (pMechanism->pParameter == NULL_PTR ||
+			    pMechanism->ulParameterLen != sizeof(CK_CCM_PARAMS))
+			{
+				DEBUG_MSG("CCM mode requires parameters");
+				return CKR_ARGUMENTS_BAD;
+			}
+			if (CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulNonceLen < 7 && CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulNonceLen > 13) {
+				DEBUG_MSG("Invalid ulNonceLen value, is %#5d should be 7 ≤ ulNonceLen ≤ 13.", CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulNonceLen);
+				return CKR_ARGUMENTS_BAD;
+			}
+			iv.resize(CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulNonceLen);
+			memcpy(&iv[0], CK_CCM_PARAMS_PTR(pMechanism->pParameter)->nonce, CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulNonceLen);
+			aad.resize(CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen);
+			if (CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen > 0)
+				memcpy(&aad[0], CK_CCM_PARAMS_PTR(pMechanism->pParameter)->aad, CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulAADLen);
+			tagBytes = CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulMACLen;
+			counterBits = CK_CCM_PARAMS_PTR(pMechanism->pParameter)->ulDataLen;
+			if (tagBytes != 16 && tagBytes != 14 && tagBytes != 12 && tagBytes != 10 && tagBytes != 8)
+			{
+				DEBUG_MSG("Invalid ulDataLen value, is %#5d should be 16, 14, 12, 10 or 8", tagBytes);
+				return CKR_ARGUMENTS_BAD;
+			}
+			break;
 		default:
 			return CKR_MECHANISM_INVALID;
 	}

@@ -250,6 +250,17 @@ std::string BotanAES::getCipher() const
 			break;
 		case SymMode::GCM:
 			return algo + "/GCM(" + std::to_string(currentTagBytes) + ")";
+		case SymMode::CCM: 
+		{
+			int preL = std::to_string(currentCounterBits).length();
+			int L;
+			if (preL < 2) {
+				L = 2;
+			} else {
+				L = preL;
+			}
+			return algo + "/CCM(" + std::to_string(currentTagBytes) + "," + std::to_string(L) + ")";
+		}
 		default:
 			ERROR_MSG("Invalid AES cipher mode %i", currentCipherMode);
 

@@ -94,14 +94,15 @@ BotanSymmetricAlgorithm::~BotanSymmetricAlgorithm()
 // Encryption functions
 bool BotanSymmetricAlgorithm::encryptInit(const SymmetricKey* key, const SymMode::Type mode /* = SymMode:CBC */, const ByteString& IV /* = ByteString()*/, bool padding /* = true */, size_t counterBits /* = 0 */, const ByteString& aad /* = ByteString() */, size_t tagBytes /* = 0 */)
 {
+
 	// Call the superclass initialiser
 	if (!SymmetricAlgorithm::encryptInit(key, mode, IV, padding, counterBits, aad, tagBytes))
 	{
 		return false;
 	}
 
 	// Check the IV
-	if (mode != SymMode::GCM && (IV.size() > 0) && (IV.size() != getBlockSize()))
+	if ((mode != SymMode::GCM && mode != SymMode::CCM) && (IV.size() > 0) && (IV.size() != getBlockSize()))
 	{
 		ERROR_MSG("Invalid IV size (%d bytes, expected %d bytes)", IV.size(), getBlockSize());
 
@@ -188,7 +189,7 @@ bool BotanSymmetricAlgorithm::encryptInit(const SymmetricKey* key, const SymMode
 			cipher->set_key(botanKey);
 			cryption = new Botan::Pipe(cipher);
 		}
-		else if (mode == SymMode::GCM)
+		else if (mode == SymMode::GCM || mode == SymMode::CCM)
 		{
 			Botan::AEAD_Mode* aead = Botan::get_aead(cipherName, Botan::ENCRYPTION);
 			aead->set_key(botanKey);
@@ -336,7 +337,7 @@ bool BotanSymmetricAlgorithm::decryptInit(const SymmetricKey* key, const SymMode
 	}
 
 	// Check the IV
-	if (mode != SymMode::GCM && (IV.size() > 0) && (IV.size() != getBlockSize()))
+	if ((mode != SymMode::GCM && mode != SymMode::CCM) && (IV.size() > 0) && (IV.size() != getBlockSize()))
 	{
 		ERROR_MSG("Invalid IV size (%d bytes, expected %d bytes)", IV.size(), getBlockSize());
 
@@ -434,6 +435,19 @@ bool BotanSymmetricAlgorithm::decryptInit(const SymmetricKey* key, const SymMode
 			filter->set_iv(botanIV);
 			cryption = new Botan::Pipe(filter);
 		}
+		else if (mode == SymMode::CCM)
+		{
+			Botan::AEAD_Mode* aead = Botan::get_aead(cipherName, Botan::DECRYPTION);
+			aead->set_key(botanKey);
+			if (aad.size() > 0) {
+				aead->set_associated_data(aad.const_byte_str(), aad.size());
+			}
+
+			Botan::InitializationVector botanIV = Botan::InitializationVector(IV.const_byte_str(), IV.size());
+			Botan::Keyed_Filter* filter = new Botan::Cipher_Mode_Filter(aead);
+			filter->set_iv(botanIV);
+			cryption = new Botan::Pipe(filter);
+		}
 		else
 		{
 			Botan::InitializationVector botanIV = Botan::InitializationVector(IV.const_byte_str(), IV.size());
@@ -468,7 +482,7 @@ bool BotanSymmetricAlgorithm::decryptUpdate(const ByteString& encryptedData, Byt
 	}
 
 	// AEAD ciphers should not return decrypted data until final is called
-	if (currentCipherMode == SymMode::GCM)
+	if (currentCipherMode == SymMode::GCM || currentCipherMode == SymMode::CCM)
 	{
 		data.resize(0);
 		return true;
@@ -541,7 +555,7 @@ bool BotanSymmetricAlgorithm::decryptFinal(ByteString& data)
 		return false;
 	}
 
-	if (mode == SymMode::GCM)
+	if (mode == SymMode::GCM || mode == SymMode::CCM)
 	{
 		// Write data
 		try

@@ -262,6 +262,18 @@ const EVP_CIPHER* OSSLAES::getCipher() const
 				return EVP_aes_256_gcm();
 		};
 	}
+	else if (currentCipherMode == SymMode::CCM)
+	{
+		switch(currentKey->getBitLen())
+		{
+			case 128:
+				return EVP_aes_128_ccm();
+			case 192:
+				return EVP_aes_192_ccm();
+			case 256:
+				return EVP_aes_256_ccm();
+		};
+	}
 
 	ERROR_MSG("Invalid AES cipher mode %i", currentCipherMode);