Implements RFC5649 as CKM_AES_KEY_WRAP_PAD but should actually be CKM_AES_KEY_WRAP_KWP

[space88man]

SoftHSMv2 does not list 0x210B CKM_AES_KEY_WRAP_KWP as a supported mechanism - when in fact it is implemented but misnamed as 0x210A.

PKCS11 v3.1: SoftHSMv2 implements RFC5649 but uses 0x210A CKM_AES_KEY_WRAP_PAD as the mechanism: it should be 0x210B CKM_AES_KEY_WRAP_KWP.

0x210A CKM_AES_KEY_WRAP_PAD is a different mechanism: the data is PKCS7-padded and then RFC3394 is applied. This mechanism is deprecated due to confusing implementations. The PKCS7-padded version is now 0x210C CKM_AES_KEY_WRAP_PKCS7 .

https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/os/pkcs11-spec-v3.1-os.html#_Toc111203510

This is not terribly serious in itself — the RFC5649 mechanism is simply (mis)named CKM_AES_KEY_WRAP_PAD — but it affects our code testing and interoperability with Thales Luna which uses *_KWP constants.