Restrictions
The restrictions for CSNDDSG.
Although ISO-9796 does not require the input data to be an integral number of bytes in length, this verb requires you to specify the data_length in bytes.
X9.31 requires the RSA token to have a minimum modulus bit length of 8192 bits, and the length must also be a multiple of 256 bits (or 32 bytes).
The length of the data parameter in bytes must be the exact length of the text to sign. The maximum size is 256 bytes. If you specify ZERO-PAD in the rule_array parameter, the length is restricted to 36 bytes unless the RSA key is a signature only key, then the maximum length is 256 bytes.
The data length limit is controlled by an access control point. If OFF (disabled), the maximum data length limit for ZERO-PAD is the modulus length of the PKA private key. If ON (enabled), the maximum data length limit for ZERO-PAD is 36 bytes. Only RSA key management keys are affected by this access control point. The limit for RSA signature use only keys is 256 bytes. This new access control point is always disabled in the default role. You must have a TKE workstation to enable it.
The Signature algorithm keyword CRDL-DSA is only supported with quantum safe algorithm (QSA) private keys whose token section type is 0x’50’, and whose algorithm is CRYSTALS-Dilithium or ML-KEM.
The Signature algorithm keyword CRDL-DSA is only supported with the MESSAGE input type and data_length at or below 6000 bytes.
The Signature algorithm keyword EC-SDSA is not supported in releases before 7.4. It is only supported with ECC keys. EC-SDSA in release 7.4 only supports random ECC curves secp256r1 (P256) and secp521r1 (P521). Hashing method SHA-256 must be used with P256 and SHA-512 must be used with P521.
The rule_array group Determinacy specification is used to select either keyword DETER or NONDETER, with NONDETER being the default. For pure ML-DSA X'05' keys, the rule_array keywords CRDL-DSA, CRDLHASH, and MESSAGE must be selected. Only rule_array keyword SHA-512 is supported for ML-DSA pre-hash.
If the RAWSEED keyword is specified, the first two bytes of the
data parameter are the seed length field and are interpreted as the
length (s) of the raw seed to be used to seed the signing process. The seed is
located after the seed length field. The data to be signed is located after both the two-byte
seed length field and s number of seed bytes. If the CONTEXT rule_array keyword rule is also specified, the data to be
signed is located after 1) the two byte raw seed length field, 2) s number
of seed bytes, 3) the two byte context length field, and c number of context
bytes.
If the CONTEXT rule is specified and the RAWSEED rule is not specified, then the
first two bytes of the data field are interpreted as the length c of the context
string to be used in the signing process. If the CONTEXT keyword is specified and the RAWSEED rule
is also specified, then the first two bytes after the end of the seed data ( position 3) are
interpreted as the length c of the context string to be used in the signing
process. The context string must be in the range 1 - 255 bytes if CONTEXT is specified. CONTEXT can
be specified for either pure ML-DSA
X'05' keys or pre-hash ML-DSA X'07'
keys. For pre-hash, currently only SHA-512 is supported.