IBM-specific mask generation functions
In your openCryptoki applications, you can apply IBM-specific mask generation functions (MGFs) for special purposes as offered by an exploited token.
CKG_IBM_MGF1_SHA3_nnn
Availability:
The following mask generation functions are available with the EP11 token:
- CKG_IBM_MGF1_SHA3_224
- CKG_IBM_MGF1_SHA3_256
- CKG_IBM_MGF1_SHA3_384
- CKG_IBM_MGF1_SHA3_512
Description:
A mask generation function (MGF) is applied to a message block when formatting a message block for the PKCS #1 OAEP encryption scheme or the PKCS #1 PSS signature scheme.
The IBM-specific SHA3 variants of the MGFs are equivalent to the MGFs defined by the PKCS #11 standard for SHA3 ( CKG_MGF1_SHA3_nnn).
Prerequisites:
An EP11 host library and a Crypto Express EP11 coprocessor version supporting the SHA3 algorithms are required.
| Function | Description |
|---|---|
| CKG_IBM_MGF1_SHA3_224 | Equivalent to the PKCS #11 function CKG_MGF1_SHA3_224. |
| CKG_IBM_MGF1_SHA3_256 | Equivalent to the PKCS #11 function CKG_MGF1_SHA3_256. |
| CKG_IBM_MGF1_SHA3_384 | Equivalent to the PKCS #11 function CKG_MGF1_SHA3_384. |
| CKG_IBM_MGF1_SHA3_512 | Equivalent to the PKCS #11 function CKG_MGF1_SHA3_512. |
Note: Starting with openCryptoki version 3.24,
you can replace the IBM-specific
CKM_IBM_MGF1_SHA3_nnn mechanisms with the corresponding PKCS #11 3.0 SHA3 mechanisms for all openCryptoki tokens (EP11 token only starting with version 3.25).