CKM_RSA_PKCS_OAEP
The RSA PKCS OAEP mechanism can now use a supplied hashing mechanism. Previously RSA OAEP would always use SHA1 and returned an error if another was attempted.
With current firmware, PKCS#11 API and ckdemo now accept a new mechanism.
Allowed mechanisms are:
>CKM_SHA1
>CKM_SHA224
>CKM_SHA256
>CKM_SHA384
>CKM_SHA512
>0 (use the firmware's default engine, which is currently SHA1)
In ckdemo, menu option 98 has a new value 17 - OAEP Hash Params, which can be set to use either default (CKM_SHA1) or selectable. When it is set to selectable the user is prompted for a hash mechanism when using the OAEP mechanism.
NOTE RSA public exponent value e=3 was deprecated, and Luna HSM does not support its use in FIPS 140 configuration. By default, use RSA exponent value 65537 (2^16 + 1) instead, or refer to the FIPS 186-5 Appendix A.1.1 specification for detailed guidance.
See also Impact on Exponents.
Firmware 7.7.2 and Newer Summary
NOTE Under Functions restricted from FIPS use, "Cannot legacy decrypt and "Cannot legacy unwrap" means that these operations are restricted with smaller keys (1024-bits, the previous minimum key size for FIPS use), but keys that meet the minimum FIPS size requirement (2048 bits) can still be used for decrypt and unwrap operations.
| FIPS approved? | Yes |
| Supported functions | Encrypt | Decrypt | Wrap | Unwrap |
| Functions restricted from FIPS use | Cannot legacy decrypt | Cannot legacy unwrap |
| Minimum key length (bits) | 256 |
| Minimum key length for FIPS use (bits) | 2048 |
| Minimum legacy key length for FIPS use (bits) | 1024 |
| Maximum key length (bits) | 8192 |
| Block size | 0 |
| Digest size | 0 |
| Key types | RSA |
| Algorithms | None |
| Modes | None |
| Flags | None |
Firmware 7.7.1 and Older Summary
| FIPS approved? | Yes |
| Supported functions | Encrypt | Decrypt | Wrap | Unwrap |
| Functions restricted from FIPS use | None |
| Minimum key length (bits) | 256 |
| Minimum key length for FIPS use (bits) | 2048 |
| Minimum legacy key length for FIPS use (bits) | 1024 |
| Maximum key length (bits) | 8192 |
| Block size | 0 |
| Digest size | 0 |
| Key types | RSA |
| Algorithms | None |
| Modes | None |
| Flags | None |
