CKM_AES_KW
NIST Special Publication 800-38F describes cryptographic methods that are approved for “key wrapping,” that is, the protection of the confidentiality and integrity of cryptographic keys. In addition to describing existing methods, that publication specifies two new, deterministic authenticated-encryption modes of operation of the Advanced Encryption Standard (AES) algorithm: the AES Key Wrap (KW) mode and the AES Key Wrap With Padding (KWP) mode. Luna Network HSM 7 implements the AES Key Wrap (KW) mode at this time, which SP800-38F recommends as more secure than CKM_AES_CBC. This mechanism meets the requirements specified in RFC 3394 for key wrapping.
Data size
The maximum allowed data size for this mechanism is 64KB (64 * 1024).
NOTE
>NIST Special Publication 800-38F recommends this method as more secure than CKM_AES_CBC. This mechanism meets the requirements specified in RFC 3394 for key wrapping.
>For key generation or unwrap operations prior to HSM firmware version 7.9.3, the length of the new/unwrapped key must be specified with CKA_VALUE_LEN, but see below.
>This mechanism can be used to wrap/unwrap symmetric keys only. To wrap/unwrap private/asymmetric keys, use a mechanism that can wrap data of any length, such as CKM_AES_CBC_PAD, CKM_AES_GCM, or CKM_AES_KWP.
UPDATE firmware 7.9.3 and newer:
In compliance with PKCS#11 v2.40, v3.1 and v3.2, the AES key wrap (CKM_AES_KW) the HSM operation requires the CKA_VALUE_LEN attribute. This has been the functionality in Luna HSMs.
PKCS#11 v3.0 deviates from that trend and CKA_VALUE_LEN is not needed for AES Key Wrap — the size can be inferred from the wrapped data itself. Beginning with firmware version 7.9.3 and client UC 10.9.3, either option can be selected. See Using CKM_AES_KW with and without VALUE_LEN.
Summary
| FIPS approved? | Yes |
| Supported functions | Encrypt | Decrypt | Wrap | Unwrap |
| Functions restricted from FIPS use | None |
| Minimum key length (bits) | 128 |
| Minimum key length for FIPS use (bits) | 128 |
| Minimum legacy key length for FIPS use (bits) | N/A |
| Maximum key length (bits) | 256 |
| Block size | 8 |
| Digest size | 0 |
| Key types | AES |
| Algorithms | AES |
| Modes | KEYWRAP |
| Flags | Extractable | Accumulating |
