CKM_SM3_HMAC
SM3 is a hash function published by the Chinese Commercial Cryptography Administration Office for the use of electronic authentication service system. The design of SM3 builds upon the design of the SHA-2 hash function, but introduces additional strengthening features. For Luna PCIe HSM 7s, the available mechanisms are CKM_SM3, the hash function, and CKM_SM3_KEY_DERIVATION, and CKM_SM3_HMAC.
TIP Some mechanisms in this collection have both a "general" variant and a similarly named variant without "general" in the name. Per the PKCS#11 specification the _GENERAL variant of mechanism accepts a mechanism parameter that is used to define the length of the signature that is returned. The length can typically be any value between 1 and the length of the underlying HASH algorithm.
The variants without _GENERAL do not accept any mechanism parameters and always return a fixed length signature; where the length is defined by the underlying HASH algorithm.
Firmware 7.8.1 and Newer Summary
Luna HSM Firmware 7.8.1 and newer supports zero-byte input to HMAC functions.
| FIPS approved? | No |
| Supported functions | Sign | Verify |
| Functions restricted from FIPS use | N/A |
| Minimum key length (bits) | 8 |
| Minimum key length for FIPS use (bits) | N/A |
| Minimum legacy key length for FIPS use (bits) | N/A |
| Maximum key length (bits) | 4096 |
| Block size | 64 |
| Digest size | 32 |
| Key types | Symmetric |
| Algorithms | SM3 |
| Modes | HMAC |
| Flags | Allow zero-length input |
Firmware 7.8.0 and Older Summary
| FIPS approved? | No |
| Supported functions | Sign | Verify |
| Functions restricted from FIPS use | N/A |
| Minimum key length (bits) | 8 |
| Minimum key length for FIPS use (bits) | N/A |
| Minimum legacy key length for FIPS use (bits) | N/A |
| Maximum key length (bits) | 4096 |
| Block size | 64 |
| Digest size | 32 |
| Key types | Symmetric |
| Algorithms | SM3 |
| Modes | HMAC |
| Flags | None |
