CKM_XOR_BASE_AND_KEY

**WARNING**   This mechanism contains vulnerabilities that could compromise security. It has been disabled in the factory settings for new HSMs. To enable it, the Weak PKCS#11 Mechanisms flag must be set. See "Weak PKCS#11 Mechanisms" in SafeNet ProtectToolkit-C Administration Guide for more information.

Supported Operations

Encrypt and Decrypt

No

Sign and Verify

No

SignRecover and VerifyRecover

No

Digest

No

Generate Key/Key-Pair

No

Wrap and Unwrap

No

Derive

Yes

FIPS-approved

Yes (but disabled in FIPS mode due to vulnerabilities)

Key Size Range (bytes) and Parameters

Minimum 0
FIPS Minimum

N/A

Maximum None
Parameter CK_OBJECT_HANDLE

Description

XORing key derivation, denoted CKM_XOR_BASE_AND_KEY, is a mechanism which provides the capability of deriving a secret key by performing a bit XORing of two existing secret keys. The two keys are specified by handles; the values of the keys specified are XORed together in a buffer to create the value of the new key.

This mechanism takes a parameter, a CK_OBJECT_HANDLE. This handle produces the key value information that is XORed with the base key’s value information (the base key is the key whose handle is supplied as an argument to C_DeriveKey).

For example, if the value of the base key is 0x01234567, and the value of the other key is 0x89ABCDEF, then the value of the derived key is taken from a buffer containing the string 0x88888888.

>If no length or key type is provided in the template, then the key produced by this mechanism is a generic secret key. Its length is equal to the minimum of the lengths of the data and the value of the original key.

>If no key type is provided in the template, but a length is, then the key produced by this mechanism is a generic secret key of the specified length.

>If no length is provided in the template, but a key type is, then that key type must have a well-defined length. If it does, then the key produced by this mechanism is of the type specified in the template. If it doesn’t, an error is returned.

>If both a key type and a length are provided in the template, the length must be compatible with that key type. The key produced by this mechanism is of the specified type and length.

>If a key type is provided in the template the behavior depends on whether the type is identical to the type of the base key. If the base key is of type CKK_GENERIC_SECRET then you can change the type of the new key. Otherwise you can change the type only if the “Pure PKCS11” configuration flag has been set.

If a DES, DES2, DES3, or CDMF key is derived with this mechanism, the parity bits of the key are set properly.

If the requested type of key requires more bytes than are available by taking the shorter of the two keys' value, an error is generated.

This mechanism has the following rules about key sensitivity and extractability:

>If the base key has its CKA_SENSITIVE attribute set to TRUE, so does the derived key. If not, then the derived key’s CKA_SENSITIVE attribute is set either from the supplied template or from a default value.

>Similarly, the derived key’s CKA_EXTRACTABLE attribute is set either from the supplied template or else it defaults to the value of the CKA_EXTRACTABLE of the base key.

>The derived key’s CKA_ALWAYS_SENSITIVE attribute is set to TRUE if and only if the base key has its CKA_ALWAYS_SENSITIVE attribute set to TRUE.

>Similarly, the derived key’s CKA_NEVER_EXTRACTABLE attribute is set to TRUE if and only if the base key has its CKA_NEVER_EXTRACTABLE attribute set to TRUE.

Return to SafeNet ProtectToolkit-C Mechanisms