CKM_AES_KWP
RFC 5649 specifies a padding convention for use with the AES Key Wrap algorithm specified in RFC 3394. This convention eliminates the requirement that the length of the key is to be wrapped by a multiple of 64 bits, allowing a key of any practical length to be wrapped.
This convention should always be used instead of CKM_AES_CBC when wrapping a key from the HSM.
Data size
The maximum allowed data size for this mechanism is 64KB (64 * 1024).
Summary
| FIPS approved? | Yes |
| Supported functions | Encrypt | Decrypt | Wrap | Unwrap |
| Functions restricted from FIPS use | None |
| Minimum key length (bits) | 128 |
| Minimum key length for FIPS use (bits) | 128 |
| Minimum legacy key length for FIPS use (bits) | N/A |
| Maximum key length (bits) | 256 |
| Block size | 8 |
| Digest size | 0 |
| Key types | AES |
| Algorithms | AES |
| Modes | KEYWRAP_PAD |
| Flags | Extractable | Accumulating |
