PKCS #11 mechanisms supported by the CCA token

View a list of mechanisms provided by PKCS #11 which you can use to exploit the openCryptoki features for the CCA token from within your application. Use the pkcsconf -m -c <CCA_token_slot> command to list the mechanisms (algorithms), that are supported by the CCA token.

The command output shown in Table 1 lists all mechanisms that are supported by the CCA token in the specified slot.
Table 1. PKCS #11 mechanisms supported by the CCA token

Table with 4 columns that contain information about openCryptoki mechanisms supported by the CCA token.

Mechanism Key sizes in bits or bytes Properties Support with OC version
CKM_AES_CBC 16-32 bytes ENCRYPT, DECRYPT before 3.16
CKM_AES_CBC_PAD 16-32 bytes ENCRYPT, DECRYPT before 3.16
CKM_AES_ECB 16-32 bytes ENCRYPT, DECRYPT before 3.16
CKM_AES_GCM 7) 16-32 bytes ENCRYPT, DECRYPT 3.25
CKM_AES_KEY_GEN 16-32 bytes GENERATE before 3.16
CKM_AES_XTS 1) 32 - 64 bytes ENCRYPT, DECRYPT 3.22
CKM_AES_XTS_KEY_GEN 1) 32 - 64 bytes GENERATE 3.22
CKM_DES_CBC 8-8 bytes ENCRYPT, DECRYPT before 3.16
CKM_DES_CBC_PAD 8-8 bytes ENCRYPT, DECRYPT before 3.16
CKM_DES_KEY_GEN 8-8 bytes GENERATE before 3.16
CKM_DES3_CBC 24-24 bytes ENCRYPT, DECRYPT before 3.16
CKM_DES3_CBC_PAD 24-24 bytes ENCRYPT, DECRYPT before 3.16
CKM_DES3_KEY_GEN 24-24 bytes GENERATE before 3.16
CKM_EC_KEY_PAIR_GEN 160-521 GENERATE_KEY_PAIR, EC_F_P, EC_OID, EC_UNCOMPRESS, EC_COMPRESS before 3.16
CKM_ECDH1_DERIVE (see Using ECDH to derive AES keys) 160-521 DERIVE, EC_F_P, EC_OID, EC_UNCOMPRESS, EC_COMPRESS before 3.16
CKM_ECDSA 160-521 SIGN, VERIFY, EC_F_P, EC_OID, EC_UNCOMPRESS, EC_COMPRESS before 3.16
CKM_ECDSA_KEY_PAIR_GEN 160-521 GENERATE_KEY_PAIR, EC_F_P, EC_OID, EC_UNCOMPRESS, EC_COMPRESS before 3.16
CKM_ECDSA_SHA1 160-521 SIGN, VERIFY, EC_F_P, EC_OID, EC_UNCOMPRESS, EC_COMPRESS before 3.16
CKM_ECDSA_SHA3_2246) 160-521 SIGN, VERIFY, EC_F_P, EC_OID, EC_UNCOMPRESS, EC_COMPRESS 3.24
CKM_ECDSA_SHA3_2566) 160-521 SIGN, VERIFY, EC_F_P, EC_OID, EC_UNCOMPRESS, EC_COMPRESS 3.24
CKM_ECDSA_SHA3_3846) 160-521 SIGN, VERIFY, EC_F_P, EC_OID, EC_UNCOMPRESS, EC_COMPRESS 3.24
CKM_ECDSA_SHA3_5126) 160-521 SIGN, VERIFY, EC_F_P, EC_OID, EC_UNCOMPRESS, EC_COMPRESS 3.24
CKM_ECDSA_SHA224 160-521 SIGN, VERIFY, EC_F_P, EC_OID, EC_UNCOMPRESS, EC_COMPRESS before 3.16
CKM_ECDSA_SHA256 160-521 SIGN, VERIFY, EC_F_P, EC_OID, EC_UNCOMPRESS, EC_COMPRESS before 3.16
CKM_ECDSA_SHA384 160-521 SIGN, VERIFY, EC_F_P, EC_OID, EC_UNCOMPRESS, EC_COMPRESS before 3.16
CKM_ECDSA_SHA512 160-521 SIGN, VERIFY, EC_F_P, EC_OID, EC_UNCOMPRESS, EC_COMPRESS before 3.16
CKM_GENERIC_SECRET_KEY_GEN 80-2048 GENERATE before 3.16
CKM_IBM_DILITHIUM 5) 256-256 bytes SIGN, VERIFY, GENERATE_KEY_PAIR 3.24 and at least CCA 7.1
CKM_IBM_SHA3_2246) n/a DIGEST 3.24
CKM_IBM_SHA3_2566) n/a DIGEST 3.24
CKM_IBM_SHA3_3846) n/a DIGEST 3.24
CKM_IBM_SHA3_5126) n/a DIGEST 3.24
CKM_MD5 n/a DIGEST before 3.16
CKM_MD5_RSA_PKCS 512-4096 SIGN, VERIFY before 3.16
CKM_RSA_AES_KEY_WRAP 4) 2048-4096 WRAP, UNWRAP starting with 3.25
CKM_RSA_PKCS 2) 512-4096 ENCRYPT, DECRYPT, SIGN, VERIFY, WRAP, UNWRAP before 3.16
CKM_RSA_PKCS_KEY_PAIR_GEN 512-4096 GENERATE_KEY_PAIR before 3.16
CKM_RSA_PKCS_OAEP 2), 3) 512-4096 ENCRYPT, DECRYPT, WRAP, UNWRAP before 3.16
CKM_RSA_PKCS_PSS 512-4096 ENCRYPT, DECRYPT, SIGN, VERIFY before 3.16
CKM_SHA_1 n/a DIGEST before 3.16
CKM_SHA_1_HMAC 80-2048 SIGN, VERIFY before 3.16
CKM_SHA_1_HMAC_GENERAL 80-2048 SIGN, VERIFY before 3.16
CKM_SHA_1_KEY_GEN 80-2048 HW, GENERATE 3.26
CKM_SHA1_RSA_PKCS 512-4096 SIGN, VERIFY before 3.16
CKM_SHA1_RSA_PKCS_PSS 512-4096 SIGN, VERIFY before 3.16
CKM_SHA224 n/a DIGEST before 3.16
CKM_SHA224_HMAC 112-2048 SIGN, VERIFY before 3.16
CKM_SHA224_HMAC_GENERAL 112-2048 SIGN, VERIFY before 3.16
CKM_SHA224_KEY_GEN 80-2048 HW, GENERATE 3.26
CKM_SHA224_RSA_PKCS 512-4096 SIGN, VERIFY before 3.16
CKM_SHA224_RSA_PKCS_PSS 512-4096 SIGN, VERIFY before 3.16
CKM_SHA256 n/a DIGEST before 3.16
CKM_SHA256_HMAC 128-2048 SIGN, VERIFY before 3.16
CKM_SHA256_HMAC_GENERAL 128-2048 SIGN, VERIFY before 3.16
CKM_SHA256_KEY_GEN 80-2048 HW, GENERATE 3.26
CKM_SHA256_RSA_PKCS 512-4096 SIGN, VERIFY before 3.16
CKM_SHA256_RSA_PKCS_PSS 512-4096 SIGN, VERIFY before 3.16
CKM_SHA3_2246) n/a DIGEST 3.24
CKM_SHA3_224_RSA_PKCS6) 512-4096 SIGN, VERIFY 3.24
CKM_SHA3_2566) n/a DIGEST 3.24
CKM_SHA3_256_RSA_PKCS6) 512-4096 SIGN, VERIFY 3.24
CKM_SHA3_3846) n/a DIGEST 3.24
CKM_SHA3_384_RSA_PKCS6) 512-4096 SIGN, VERIFY 3.24
CKM_SHA3_5126) n/a DIGEST 3.24
CKM_SHA3_512_RSA_PKCS6) 512-4096 SIGN, VERIFY 3.24
CKM_SHA384 n/a DIGEST before 3.16
CKM_SHA384_HMAC 192-2048 SIGN, VERIFY before 3.16
CKM_SHA384_HMAC_GENERAL 192-2048 SIGN, VERIFY before 3.16
CKM_SHA384_KEY_GEN 80-2048 HW, GENERATE 3.26
CKM_SHA384_RSA_PKCS 512-4096 SIGN, VERIFY before 3.16
CKM_SHA384_RSA_PKCS_PSS 512-4096 SIGN, VERIFY before 3.16
CKM_SHA512 n/a DIGEST before 3.16
CKM_SHA512_HMAC 256-2048 SIGN, VERIFY before 3.16
CKM_SHA512_HMAC_GENERAL 256-2048 SIGN, VERIFY before 3.16
CKM_SHA512_KEY_GEN 80-2048 HW, GENERATE 3.26
CKM_SHA512_RSA_PKCS 512-4096 SIGN, VERIFY before 3.16
CKM_SHA512_RSA_PKCS_PSS 512-4096 SIGN, VERIFY before 3.16
Notes:

1) Only applicable with protected key (see How and why to exploit protected keys).

2) Keys backed by CCA AES DATA keys can be wrapped using mechanisms CKM_RSA_PKCS and CKM_RSA_PKCS_OAEP with an RSA wrapping key.

Keys backed by CCA AES CIPHER keys can only be wrapped by the CKM_RSA_AES_KEY_WRAP mechanism (unless export-restricted), but not by any of the other mechanisms that can wrap CCA AES DATA keys.

3) For CCA earlier than version 8.1, only RSA OAEP with either SHA-1 or SHA256 is supported. Starting with CCA version 8.1, also SHA224, SHA384, and SHA512 can be used with RSA OAEP, but only for encrypt or decrypt operations. Key wrapping or unwrapping with RSA OAEP still only supports SHA-1 and SHA256.

4) Prerequisite: CCA version 7.5 or later. Furthermore, the following access control points (ACPs) must be enabled in the CCA adapters:

  • X’03B8’ - Symmetric Key Export - AES, CKM-RAKW
  • X’03CD’ - Permit import of an AES key token from a PKCS#11 CKM_RSA_AES_KEY_WRAP object

These ACPs are disabled by default, and must be explicitly enabled via the TKE by the crypto card administrator.

5) CCA release 7.1 and later is required to support Dilithium (6,5) Round 2. CCA release 8.0 and later is required to support Dilithium (8,7) Round 2, Dilithium (6,5) Round 3 and Dilithium (8,7) Round 3.

6) CCA release 8.1 is required to support SHA3.

7) Observe the following restrictions using this mechanism:

  • Single-chunk operations only, that is, C_EncryptInit() followed by C_Encrypt() and C_DecryptInit() followed by C_Decrypt(). C_EncryptUpdate(), C_EncryptFinal(), C_DecryptUpdate(), and C_DecryptFinal() are not supported and return CKR_MECHANISM_INVALID if used with the CKM_AES_GCM mechanism.
  • This mechanism is not supported for protected keys. All AES-GCM operations are performed on the cryptographic adapter.

For explanations of the key object properties, see the PKCS #11 Cryptographic Token Interface Standard.