CKM_SHA256_HMAC

TIP   Some mechanisms in this collection have both a "general" variant and a similarly named variant without "general" in the name. Per the PKCS#11 specification the _GENERAL variant of mechanism accepts a mechanism parameter that is used to define the length of the signature that is returned. The length can typically be any value between 1 and the length of the underlying HASH algorithm.

The variants without _GENERAL do not accept any mechanism parameters and always return a fixed length signature; where the length is defined by the underlying HASH algorithm.

Firmware 7.8.1 and Newer Summary

Luna HSM Firmware 7.8.1 and newer supports zero-byte input to HMAC functions.

FIPS approved? Yes
Supported functions Sign | Verify
Functions restricted from FIPS use None
Minimum key length (bits) 8
Minimum key length for FIPS use (bits) 112
Minimum legacy key length for FIPS use (bits) 80
Maximum key length (bits) 4096
Block size 64
Digest size 32
Key types Symmetric
Algorithms SHA256
Modes HMAC
Flags Extractable | Allow zero-length input

Firmware 7.8.0 and Older Summary

FIPS approved? Yes
Supported functions Sign | Verify
Functions restricted from FIPS use None
Minimum key length (bits) 8
Minimum key length for FIPS use (bits) 112
Minimum legacy key length for FIPS use (bits) 80
Maximum key length (bits) 4096
Block size 64
Digest size 32
Key types Symmetric
Algorithms SHA256
Modes HMAC
Flags Extractable