CKM_RSA_PKCS_OAEP
The RSA PKCS OAEP mechanism can now use a supplied hashing mechanism. Previously RSA OAEP would always use SHA1 and returned an error if another was attempted.
With current firmware, PKCS#11 API and ckdemo now accept a new mechanism.
Allowed mechanisms are:
>CKM_SHA1
>CKM_SHA224
>CKM_SHA256
>CKM_SHA384
>CKM_SHA512
>0 (use the firmware's default engine, which is currently SHA1)
In ckdemo, menu option 98 has a new value 17 - OAEP Hash Params, which can be set to use either default (CKM_SHA1) or selectable. When it is set to selectable the user is prompted for a hash mechanism when using the OAEP mechanism.
NOTE RSA public exponent value e=3 was deprecated, and Luna HSM does not support its use in FIPS 140 configuration. By default, use RSA exponent value 65537 (2^16 + 1) instead, or refer to the FIPS 186-5 Appendix A.1.1 specification for detailed guidance.
See also RSA Mechanism Remap for FIPS Compliance.
Summary
| FIPS approved? | Yes |
| Supported functions | Encrypt | Decrypt | Wrap | Unwrap |
| Functions restricted from FIPS use | Cannot legacy decrypt | Cannot legacy unwrap |
| Minimum key length (bits) | 256 |
| Minimum key length for FIPS use (bits) | 2048 |
| Minimum legacy key length for FIPS use (bits) | 1024 |
| Maximum key length (bits) | 8192 |
| Block size | 0 |
| Digest size | 0 |
| Key types | RSA |
| Algorithms | None |
| Modes | None |
| Flags | None |
NOTE Under Functions restricted from FIPS use, "Cannot legacy decrypt and "Cannot legacy unwrap" means that these operations are restricted with smaller keys (1024-bits, the previous minimum key size for FIPS use), but keys that meet the minimum FIPS size requirement (2048 bits) can still be used for decrypt and unwrap operations.
