SHA-3 Mechanisms

This section describes the PKCS#11 interface to the SHA-3 mechanisms in the HSM firmware for the digest bit lengths of 224, 256, 384 and 512.

NOTE    This feature requires minimum Luna HSM Firmware 7.4.2 (Luna HSM Firmware 7.7.0 for Luna PCIe HSM 7) and Luna HSM Client 10.2.0 (or a patched Luna HSM Client 7.4.0). You require a backup HSM with minimum Luna Backup HSM 7 Firmware 7.7.1 to back up these objects.

>Digest Mechanisms

>HMAC Mechanisms

>Signature/Verification Mechanisms

>Encrypt/Decrypt Mechanisms

>Digest Key Derive Mechanisms

>Key Derivation Function (KDF) Mechanisms

Digest Mechanisms

Mechanism Type Description
SHA-3

The following mechanisms for performing a SHA-3 hash have been added:

>CKM_SHA3_224

>CKM_SHA3_256

>CKM_SHA3_384

>CKM_SHA3_512

SHAKE

The following mechanisms for performing a SHAKE XOF have been added:

>CKM_SHAKE_128

>CKM_SHAKE_256

These mechanisms require a CK_SHAKE_PARAMS mechanism parameters structure defined as follows:

                            typedef struct CK_SHAKE_PARAMS {
    CK_ULONG ulOutputLen;
} CK_SHAKE_PARAMS

The output length of the digest can be specified using the ulOutputLen field with a maximum value of 2048.

KECCAK

There are variants of the SHA-3 mechanisms that are included for compatibility with implementations that preceded the publication of FIPS PUB 202 where there is a difference in a single padding byte. These mechanisms are:

>CKM_KECCAK_224

>CKM_KECCAK_256

>CKM_KECCAK_384

>CKM_KECCAK_512

HMAC Mechanisms

The following mechanisms for performing an HMAC with SHA-3 have been added:

>CKM_SHA3_224_HMAC

>CKM_SHA3_224_HMAC_GENERAL

>CKM_SHA3_256_HMAC

>CKM_SHA3_256_HMAC_GENERAL

>CKM_SHA3_384_HMAC

>CKM_SHA3_384_HMAC_GENERAL

>CKM_SHA3_512_HMAC

>CKM_SHA3_512_HMAC_GENERAL

Signature/Verification Mechanisms

Mechanism Type Description
RSA PKCS

The following mechanisms for performing a RSA PKCS #1 v1.5 signature/verification with a SHA-3 digest have been added:

>CKM_SHA3_224_RSA_PKCS

>CKM_SHA3_256_RSA_PKCS

>CKM_SHA3_384_RSA_PKCS

>CKM_SHA3_512_RSA_PKCS

RSA PSS

The following mechanisms for performing a RSA signature/verification with PSS encoding with a SHA-3 digest have been added:

>CKM_SHA3_224_RSA_PKCS_PSS

>CKM_SHA3_256_RSA_PKCS_PSS

>CKM_SHA3_384_RSA_PKCS_PSS

>CKM_SHA3_512_RSA_PKCS_PSS

The following MGF1 constants have been defined with corresponding support:

>CKG_MGF1_SHA3_224

>CKG_MGF1_SHA3_256

>CKG_MGF1_SHA3_384

>CKG_MGF1_SHA3_512

These values can be specified via the mgf field of the CK_RSA_PKCS_PSS_PARAMS mechanism parameters.

The hashAlg field of the CK_RSA_PKCS_PSS_PARAMS mechanism parameters can be given the new values of CKM_SHA3_224, CKM_SHA3_256, CKM_SHA3_384 or CKM_SHA3_512.

DSA

The following mechanisms for performing a DSA signature/verification with a SHA-3 digest have been added:

>CKM_DSA_SHA3_224

>CKM_DSA_SHA3_256

>CKM_DSA_SHA3_384

>CKM_DSA_SHA3_512

ECDSA

The following mechanisms for performing an ECDSA signature/verification with a SHA-3 digest have been added:

>CKM_ECDSA_SHA3_224

>CKM_ECDSA_SHA3_256

>CKM_ECDSA_SHA3_384

>CKM_ECDSA_SHA3_512

EDDSA

The following mechanisms for performing an EDDSA signature/verification with a SHA-3 digest have been added:

>CKM_SHA3_224_EDDSA

>CKM_SHA3_256_EDDSA

>CKM_SHA3_384_EDDSA

>CKM_SHA3_512_EDDSA

Encrypt/Decrypt Mechanisms

CKM_RSA_PKCS_OAEP

For the CKM_RSA_PKCS_OAEP mechanism, the following values can be specified for the mgf field of the CK_RSA_PKCS_OAEP_PARAMS mechanism parameters:

>CKG_MGF1_SHA3_224

>CKG_MGF1_SHA3_256

>CKG_MGF1_SHA3_384

>CKG_MGF1_SHA3_512

For the hashAlg field of the CK_RSA_PKCS_OAEP_PARAMS mechanism parameters, the following hash algorithms can be specified:

>CKM_SHA3_224

>CKM_SHA3_256

>CKM_SHA3_384

>CKM_SHA3_512

Digest Key Derive Mechanisms

Mechanism Type Description
SHA-3

The following mechanisms can be used to derive a key using SHA-3:

>CKM_SHA3_224_KEY_DERIVE

>CKM_SHA3_256_KEY_DERIVE

>CKM_SHA3_384_KEY_DERIVE

>CKM_SHA3_512_KEY_DERIVE

SHAKE

The following mechanisms can be used to derive a key using SHAKE:

>CKM_SHAKE_128_KEY_DERIVE

>CKM_SHAKE_256_KEY_DERIVE

Key Derivation Function (KDF) Mechanisms

Mechanism Type Description

CKM_X9_42_DH_DERIVE

CKM_ECDH1_DERIVE

The following values can be specified for the kdf field of the CK_X9_42_DH1_DERIVE_PARAMS and CK_ECDH1_DERIVE_PARAMS mechanism parameters to make use of the SHA-3 variants:

>CKD_SHA3_224_KDF

>CKD_SHA3_256_KDF

>CKD_SHA3_384_KDF

>CKD_SHA3_512_KDF

>CKD_SHA3_224_NIST_KDF

>CKD_SHA3_256_NIST_KDF

>CKD_SHA3_384_NIST_KDF

>CKD_SHA3_512_NIST_KDF

>CKD_SHA3_224_SES_KDF

>CKD_SHA3_256_SES_KDF

>CKD_SHA3_384_SES_KDF

>CKD_SHA3_512_SES_KDF

CKM_PRF_KDF

The following values can be specified for the prfType field of the CK_PRF_KDF_PARAMS mechanism parameters to make use of the SHA-3 variants:

>CK_NIST_PRF_KDF_HMAC_SHA3_224

>CK_NIST_PRF_KDF_HMAC_SHA3_256

>CK_NIST_PRF_KDF_HMAC_SHA3_384

>CK_NIST_PRF_KDF_HMAC_SHA3_512