Mechanisms

Wrap secret keys only (private key wrapping must use CBC_PAD).

CKM_AES_KEY_WRAP_PAD has been deprecated and replaced by CKM_AES_KEY_WRAP_KWP.

Before you can create a key for use with the derive mechanism CKM_CONCATENATE_BASE_AND_KEY, you must specify the CKA_ALLOWED_MECHANISMS attribute in the template with the CKM_CONCATENATE_BASE_AND_KEY set. Specifying the CKA_ALLOWED_MECHANISMS in the template enables the setting of the nCore level ACL, which enables the key in this derive key operation. For more information about the CKA_ALLOWED_MECHANISMS attribute, see Attributes.

Single-part operations only.

CKA_EC_PARAMS is a DER-encoded PrintableString curve25519.

If no capabilities are specified in the template, for example the CKA_DERIVE, CKA_SIGN and CKA_UNWRAP attributes are omitted, then the default capability is sign/verify.

Key generation does calculate its own curves but, as shown in the PKCS #11 standard, takes the CKA_PARAMS, which contains the curve information (similar to that of a discrete logarithm group in the generation of a DSA key pair). CKA_EC_PARAMS is a Byte array which is DER-encoded of an ANSI X9.62 Parameters value. It can take both named curves and custom curves.

The following PKCS #11-specific flags describe which curves are supported:

The CKM_ECDH1_DERIVE mechanism is supported. However, the mechanism only takes a CK_ECDH1_DERIVE_PARAMS struct in which CK_EC_KDF_TYPE can be one of the following:

For more information on CK_ECDH1_DERIVE_PARAMS, see the PKCS #11 standard.

For the pPublicData* parameter, a raw octet string value (as defined in section A.5.2 of ANSI X9.62) and DER-encoded ECPoint value (as defined in section E.6 of ANSI X9.62 or, in the case of CKK_EC_MONTGOMERY, RFC 7748) are now accepted.

Both the Ed25519 and Ed25519ph signature schemes are supported, The Ed25519 scheme requires either no CK_EDDSA_PARAMS to be passed or if it is passed it should have the following set:

The Ed25519ph signature scheme requires CK_EDDSA_PARAMS to have the following set:

Wrap secret keys only.

This mechanism depends on the vendor-defined key generation mechanism CKM_NC_SHA_1_HMAC_KEY_GEN, CKM_NC_SHA224_HMAC_KEY_GEN, CKM_NC_SHA256_HMAC_KEY_GEN, CKM_NC_SHA384_HMAC_KEY_GEN, or CKM_NC_SHA512_HMAC_KEY_GEN. For more information, see Vendor-defined mechanisms.

The hashAlg and the mgf that are specified by the CK_RSA_PKCS_PSS_PARAMS must have the same SHA hash size. If they do not have the same hash size, then the signing or verify fails with a return value of CKR_MECHANISM_PARAM_INVALID.

The sLen value is expected to be the length of the message hash. If this is not the case, then the signing or verify again fails with a return value of CKR_MECHANISM_PARAM_INVALID. The Security World Software implementation of RSA_PKCS_PSS salt lengths are as follows:

The base key and the derived key are restricted to DES, DES3, CAST5 or Generic, though they may be of different types.

For wrap and unwrap with CKM_AES_GCM, the IV supplied in the CKM_GCM_PARAMS structure must be 12 bytes. For wrap the IV must be all zeroes. This will be overwritten by the actual value used when the wrap command has completed successfully. For unwrap the IV must be the value returned by the corresponding wrap.

In order to create an unwrapping key for use with the mechanism CKM_RSA_AES_KEY_WRAP where CKA_UNWRAP_TEMPLATE is also set, you must:

Specifying the CKA_ALLOWED_MECHANISMS attribute in the template and overriding the SAMs enables use of the CKA_UNWRAP_TEMPLATE attribute with the unwrapping key.

Keys with CKA_WRAP_WITH_TRUSTED set cannot be wrapped with the mechanism CKM_RSA_AES_KEY_WRAP. The C_WrapKey operation will return CKR_KEY_NOT_WRAPPABLE for such keys.

For more information about the SAMs, see PKCS #11 security assurance mechanism. For more information about the CKA_ALLOWED_MECHANISMS attribute, see Attributes.

Sign only.