SHA-3 Mechanisms

This section describes the PKCS#11 interface to the SHA-3 mechanisms in the HSM firmware for the digest bit lengths of 224, 256, 384 and 512.

NOTE   This feature requires minimum firmware version 7.4.2 and client version 10.2 (or a patched client 7.4). See Version Dependencies by Feature for more information.

>Digest Mechanisms

>HMAC Mechanisms

>Signature/Verification Mechanisms

>Encrypt/Decrypt Mechanisms

>Digest Key Derive Mechanisms

>Key Derivation Function (KDF) Mechanisms

Digest Mechanisms

Mechanism Type Description
SHA-3

The following mechanisms for performing a SHA-3 hash have been added:

>CKM_SHA3_224

>CKM_SHA3_256

>CKM_SHA3_384

>CKM_SHA3_512

SHAKE

The following mechanisms for performing a SHAKE XOF have been added:

>CKM_SHAKE_128

>CKM_SHAKE_256

These mechanisms require a CK_SHAKE_PARAMS mechanism parameters structure defined as follows:

                            typedef struct CK_SHAKE_PARAMS {
    CK_ULONG ulOutputLen;
} CK_SHAKE_PARAMS

The output length of the digest can be specified using the ulOutputLen field with a maximum value of 2048.

KECCAK

There are variants of the SHA-3 mechanisms that are included for compatibility with implementations that preceded the publication of FIPS PUB 202 where there is a difference in a single padding byte. These mechanisms are:

>CKM_KECCAK_224

>CKM_KECCAK_256

>CKM_KECCAK_384

>CKM_KECCAK_512

HMAC Mechanisms

The following mechanisms for performing an HMAC with SHA-3 have been added:

>CKM_SHA3_224_HMAC

>CKM_SHA3_224_HMAC_GENERAL

>CKM_SHA3_256_HMAC

>CKM_SHA3_256_HMAC_GENERAL

>CKM_SHA3_384_HMAC

>CKM_SHA3_384_HMAC_GENERAL

>CKM_SHA3_512_HMAC

>CKM_SHA3_512_HMAC_GENERAL

Signature/Verification Mechanisms

Mechanism Type Description
RSA PKCS

The following mechanisms for performing a RSA PKCS #1 v1.5 signature/verification with a SHA-3 digest have been added:

>CKM_SHA3_224_RSA_PKCS

>CKM_SHA3_256_RSA_PKCS

>CKM_SHA3_384_RSA_PKCS

>CKM_SHA3_512_RSA_PKCS

RSA PSS

The following mechanisms for performing a RSA signature/verification with PSS encoding with a SHA-3 digest have been added:

>CKM_SHA3_224_RSA_PKCS_PSS

>CKM_SHA3_256_RSA_PKCS_PSS

>CKM_SHA3_384_RSA_PKCS_PSS

>CKM_SHA3_512_RSA_PKCS_PSS

The following MGF1 constants have been defined with corresponding support:

>CKG_MGF1_SHA3_224

>CKG_MGF1_SHA3_256

>CKG_MGF1_SHA3_384

>CKG_MGF1_SHA3_512

These values can be specified via the mgf field of the CK_RSA_PKCS_PSS_PARAMS mechanism parameters.

The hashAlg field of the CK_RSA_PKCS_PSS_PARAMS mechanism parameters can be given the new values of CKM_SHA3_224, CKM_SHA3_256, CKM_SHA3_384 or CKM_SHA3_512.

DSA

The following mechanisms for performing a DSA signature/verification with a SHA-3 digest have been added:

>CKM_DSA_SHA3_224

>CKM_DSA_SHA3_256

>CKM_DSA_SHA3_384

>CKM_DSA_SHA3_512

ECDSA

The following mechanisms for performing an ECDSA signature/verification with a SHA-3 digest have been added:

>CKM_ECDSA_SHA3_224

>CKM_ECDSA_SHA3_256

>CKM_ECDSA_SHA3_384

>CKM_ECDSA_SHA3_512

EDDSA

The following mechanisms for performing an EDDSA signature/verification with a SHA-3 digest have been added:

>CKM_SHA3_224_EDDSA

>CKM_SHA3_256_EDDSA

>CKM_SHA3_384_EDDSA

>CKM_SHA3_512_EDDSA

Encrypt/Decrypt Mechanisms

CKM_RSA_PKCS_OAEP

For the CKM_RSA_PKCS_OAEP mechanism, the following values can be specified for the mgf field of the CK_RSA_PKCS_OAEP_PARAMS mechanism parameters:

>CKG_MGF1_SHA3_224

>CKG_MGF1_SHA3_256

>CKG_MGF1_SHA3_384

>CKG_MGF1_SHA3_512

For the hashAlg field of the CK_RSA_PKCS_OAEP_PARAMS mechanism parameters, the following hash algorithms can be specified:

>CKM_SHA3_224

>CKM_SHA3_256

>CKM_SHA3_384

>CKM_SHA3_512

Digest Key Derive Mechanisms

Mechanism Type Description
SHA-3

The following mechanisms can be used to derive a key using SHA-3:

>CKM_SHA3_224_KEY_DERIVE

>CKM_SHA3_256_KEY_DERIVE

>CKM_SHA3_384_KEY_DERIVE

>CKM_SHA3_512_KEY_DERIVE

SHAKE

The following mechanisms can be used to derive a key using SHAKE:

>CKM_SHAKE_128_KEY_DERIVE

>CKM_SHAKE_256_KEY_DERIVE

Key Derivation Function (KDF) Mechanisms

Mechanism Type Description

CKM_X9_42_DH_DERIVE

CKM_ECDH1_DERIVE

The following values can be specified for the kdf field of the CK_X9_42_DH1_DERIVE_PARAMS and CK_ECDH1_DERIVE_PARAMS mechanism parameters to make use of the SHA-3 variants:

>CKD_SHA3_224_KDF

>CKD_SHA3_256_KDF

>CKD_SHA3_384_KDF

>CKD_SHA3_512_KDF

>CKD_SHA3_224_NIST_KDF

>CKD_SHA3_256_NIST_KDF

>CKD_SHA3_384_NIST_KDF

>CKD_SHA3_512_NIST_KDF

>CKD_SHA3_224_SES_KDF

>CKD_SHA3_256_SES_KDF

>CKD_SHA3_384_SES_KDF

>CKD_SHA3_512_SES_KDF

CKM_PRF_KDF

The following values can be specified for the prfType field of the CK_PRF_KDF_PARAMS mechanism parameters to make use of the SHA-3 variants:

>CK_NIST_PRF_KDF_HMAC_SHA3_224

>CK_NIST_PRF_KDF_HMAC_SHA3_256

>CK_NIST_PRF_KDF_HMAC_SHA3_384

>CK_NIST_PRF_KDF_HMAC_SHA3_512