How to enable AES XTS support for CCA and EP11 tokens

Edit online

AES XTS support is provided for CCA tokens, EP11 tokens, ICA tokens and Soft tokens. With AES XTS support, you can exploit the AES XTS block cipher mode together with a key that is composed from two concatenated AES keys.

For ICA tokens and Soft tokens, AES XTS support is provided with clear keys. These tokens can exploit AES XTS support without any preparation.

Exploiting the AES XTS support with CCA tokens and EP11 tokens is only possible with the use of protected keys on the CP Assist for Cryptographic Functions (CPACF) feature of IBM Z® systems. Protected keys are derived from secure keys and therefore requires a functioning configuration of the PKEY_MODE option in the applicable configuration files. Therefore, some background knowledge about the transformation of secure keys into protect keys and the use of protected keys in openCryptoki sessions is required. Read How and why to exploit protected keys for more information.

Generating and importing AES XTS keys

All openCryptoki token types documented in this publication support the generation of AES XTS keys either with PKCS #11 function C_GenerateKey() or with the p11sak utility (see Managing token keys - p11sak utility).

Furthermore, with the C_CreateObject() function, you can import a key for all token types into openCryptoki.

An AES XTS key import for CCA tokens offers two options:

Importing clear keys for AES XTS (works for CCA and EP11 tokens): Double length AES XTS clear keys, consisting of a pair of two keys are internally converted into a pair of secure keys using a CCA function. These two secure keys are then concatenated to each other and stored in the CKA_IBM_OPAQUE attribute.

Importing CCA secure keys for AES XTS: In case of a secure key blob import for AES XTS, the CKA_IBM_OPAQUE attribute contains two secure key blobs concatenated to each other. openCryptoki checks if the properties of each key of the key pair match the CCA AESDATA secure key type in the CKA_IBM_OPAQUE attribute. It sets CKA_SENSITIVE to TRUE and clears the CKA_VALUE attribute.

See also Usage notes for CCA library functions).

Restrictions for CCA tokens and EP11 tokens

  • With CCA and EP11 tokens, AES XTS keys cannot be used for wrapping and unwrapping other keys using the CKM_AES_XTS mechanism, in contrast to the specifications in the AES XTS section of PKCS #11 Specification Version 3.1.
  • The CCA and EP11 tokens also do not support wrapping and unwrapping of AES XTS keys.
  • With CCA and EP11 tokens, AES XTS keys cannot be used for deriving other keys, nor can AES XTS keys be derived from other keys.
  • The EP11 token does not support function C_IBM_ReencryptSingle() with AES XTS keys.