CKM_RSA_PKCS_OAEP
The RSA PKCS OAEP mechanism can now use a supplied hashing mechanism. Previously RSA OAEP would always use SHA1 and returned an error if another was attempted.
With current firmware, PKCS#11 API and ckdemo now accept a new mechanism.
Allowed mechanisms are:
>CKM_SHA1
>CKM_SHA224
>CKM_SHA256
>CKM_SHA384
>CKM_SHA512
>0 (use the firmware's default engine, which is currently SHA1)
In ckdemo menu option 98 has a new value 17 - OAEP Hash Params, which can be set to use either default (CKM_SHA1) or selectable. When it is set to selectable the user is prompted for a hash mechanism when using the OAEP mechanism.
Firmware 7.7.2 and Newer Summary
NOTE Under Functions restricted from FIPS use, "Cannot legacy decrypt and "Cannot legacy unwrap" means that these operations are restricted with smaller keys (1024-bits, the previous minimum key size for FIPS use), but keys that meet the minimum FIPS size requirement (2048 bits) can still be used for decrypt and unwrap operations.
| FIPS approved? | Yes |
| Supported functions | Encrypt | Decrypt | Wrap | Unwrap |
| Functions restricted from FIPS use | Cannot legacy decrypt | Cannot legacy unwrap |
| Minimum key length (bits) | 256 |
| Minimum key length for FIPS use (bits) | 2048 |
| Minimum legacy key length for FIPS use (bits) | 1024 |
| Maximum key length (bits) | 8192 |
| Block size | 0 |
| Digest size | 0 |
| Key types | RSA |
| Algorithms | None |
| Modes | None |
| Flags | None |
Firmware 7.7.1 and Older Summary
| FIPS approved? | Yes |
| Supported functions | Encrypt | Decrypt | Wrap | Unwrap |
| Functions restricted from FIPS use | None |
| Minimum key length (bits) | 256 |
| Minimum key length for FIPS use (bits) | 2048 |
| Minimum legacy key length for FIPS use (bits) | 1024 |
| Maximum key length (bits) | 8192 |
| Block size | 0 |
| Digest size | 0 |
| Key types | RSA |
| Algorithms | None |
| Modes | None |
| Flags | None |
