Vendor annotations on P11 mechanisms
Vendor notes on PKCS #11 mechanisms to complement the specification.
CKM_RSA_PKCS_OAEP
The hashAlg and the mgf values specified by CK_RSA_PKCS_OAEP_PARAMS must have the same SHA hash size.
If they do not have the same hash size, then the encryption or decryption fails with a return value of CKR_MECHANISM_PARAM_INVALID.
The supported pairs of values are as follows:
| hashAlg | mgf |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
For a hash length h and RSA modulus length k in bytes, the longest message that can be encrypted is k-2h-2 bytes long.
CKM_RSA_PKCS_PSS and CKM_SHA*_RSA_PKCS_PSS
The hashAlg and the mgf values specified by CK_RSA_PKCS_PSS_PARAMS must have the same SHA hash size.
If they do not have the same hash size, then the signing or verifying fails with a return value of CKR_MECHANISM_PARAM_INVALID.
The sLen value is expected to be the length of the message hash in bytes.
If this is not the case, then the signing or verify again fails with a return value of CKR_MECHANISM_PARAM_INVALID.
The supported sets of values for hashAlg, mgf and sLen are as follows:
| hashAlg | mgf | sLen |
|---|---|---|
|
|
20 |
|
|
28 |
|
|
32 |
|
|
48 |
|
|
64 |
|
|
28 |
|
|
32 |
|
|
48 |
|
|
64 |
To use a mechanism with SHA hash size n bits, the public modulus of the RSA key must be at least 2n+2 bits long.