Vendor annotations on P11 mechanisms
Vendor notes on PKCS #11 mechanisms to complement the specification.
CKM_RSA_PKCS_OAEP
The hashAlg
and the mgf
values specified by CK_RSA_PKCS_OAEP_PARAMS
must have the same SHA hash size.
If they do not have the same hash size, then the encryption or decryption fails with a return value of CKR_MECHANISM_PARAM_INVALID
.
The supported pairs of values are as follows:
hashAlg | mgf |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
For a hash length h
and RSA modulus length k
in bytes, the longest message that can be encrypted is k-2h-2
bytes long.
CKM_RSA_PKCS_PSS and CKM_SHA*_RSA_PKCS_PSS
The hashAlg
and the mgf
values specified by CK_RSA_PKCS_PSS_PARAMS
must have the same SHA hash size.
If they do not have the same hash size, then the signing or verifying fails with a return value of CKR_MECHANISM_PARAM_INVALID
.
The sLen
value is expected to be the length of the message hash in bytes.
If this is not the case, then the signing or verify again fails with a return value of CKR_MECHANISM_PARAM_INVALID
.
The supported sets of values for hashAlg
, mgf
and sLen
are as follows:
hashAlg | mgf | sLen |
---|---|---|
|
|
20 |
|
|
28 |
|
|
32 |
|
|
48 |
|
|
64 |
|
|
28 |
|
|
32 |
|
|
48 |
|
|
64 |
To use a mechanism with SHA hash size n
bits, the public modulus of the RSA key must be at least 2n+2
bits long.