AWS CloudHSM
User Guide

Supported PKCS #11 Mechanisms

The AWS CloudHSM software library for PKCS #11 supports the following algorithms:

  • Encryption and decryption – AES-CBC, AES-ECB, AES-GCM, DES3-CBC, DES3-ECB, RSA-OAEP, and RSA-PKCS

  • Sign and verify – RSA, HMAC, and ECDSA; with and without hashing

  • Hash/digest – SHA1, SHA224, SHA256, SHA384, and SHA512

  • Key wrap – AES Key Wrap,4 AES-GCM, RSA-AES, and RSA-OAEP

  • Key derivation – ECDH5

The AWS CloudHSM software library for PKCS #11 is compliant with PKCS #11 version 2.40. To invoke a cryptographic feature using PKCS #11, call a function with a given mechanism. The combinations of functions and mechanisms supported by CloudHSM are summarized in the following table.

Interpreting the Supported PKCS #11 Mechanism-Function Table

A ✔ mark indicates that CloudHSM supports the mechanism for the function. We do not support all possible functions listed in the PKCS #11 specification. A ✖ mark indicates that CloudHSM does not yet support the mechanism for the given function, even though the PKCS #11 standard allows it. Empty cells indicate that PKCS #11 standard does not support the mechanism for the given function.

Supported PKCS #11 Mechanisms and Functions

Mechanism

Functions

 

Generate Key or Key Pair

Sign & Verify

SR & VR

Digest

Encrypt & Decrypt

Derive Key

Wrap & UnWrap

CKM_RSA_X9_31_KEY_PAIR_GEN

2

 

 

 

 

 

 

CKM_RSA_PKCS   1   1

 

CKM_RSA_PKCS_OAEP

 

 

 

 

1

 

6

CKM_SHA1_RSA_PKCS

 

 

 

 

 

 

CKM_SHA224_RSA_PKCS

 

 

 

 

 

 

CKM_SHA256_RSA_PKCS

 

 

 

 

 

 

CKM_SHA384_RSA_PKCS

 

 

 

 

 

 

CKM_SHA512_RSA_PKCS

 

 

 

 

 

 

CKM_RSA_PKCS_PSS

 

1

 

 

 

 

 

CKM_SHA1_RSA_PKCS_PSS

 

 

 

 

 

 

CKM_SHA224_RSA_PKCS_PSS

 

 

 

 

 

 

CKM_SHA256_RSA_PKCS_PSS

 

 

 

 

 

 

CKM_SHA384_RSA_PKCS_PSS

 

 

 

 

 

 

CKM_SHA512_RSA_PKCS_PSS

 

 

 

 

 

 

CKM_EC_KEY_PAIR_GEN

 

 

 

 

 

 

CKM_ECDSA

 

1

 

 

 

 

 

CKM_ECDSA_SHA1

 

 

 

 

 

 

CKM_ECDSA_SHA224

 

 

 

 

 

 

CKM_ECDSA_SHA256

 

 

 

 

 

 

CKM_ECDSA_SHA384

 

 

 

 

 

 

CKM_ECDSA_SHA512

 

 

 

 

 

 

CKM_ECDH1_DERIVE

 

 

 

 

 

5

 

CKM_GENERIC_SECRET_KEY_GEN

 

 

 

 

 

 

CKM_AES_KEY_GEN

 

 

 

 

 

 

CKM_AES_ECB

 

 

 

 

 

CKM_AES_CBC

 

 

 

 

3.2

 

CKM_AES_CBC_PAD

 

 

 

 

 

CKM_DES3_KEY_GEN

 

 

 

 

 

 

CKM_DES3_CBC

 

 

 

 

3.2

 

CKM_DES3_CBC_PAD

 

 

 

 

 

CKM_AES_GCM

 

 

 

 

3.2, 4

 

 

CKM_MD5_HMAC

 

 

 

 

 

 

CKM_SHA_1

 

 

 

3.1

 

 

 

CKM_SHA_1_HMAC

 

3.2

 

 

 

 

 

CKM_SHA224

 

 

 

3.1

 

 

 

CKM_SHA224_HMAC

 

3.2

 

 

 

 

 

CKM_SHA256

 

 

 

3.1

 

 

 

CKM_SHA256_HMAC

 

3.2

 

 

 

 

 

CKM_SHA384

 

 

 

3.1

 

 

 

CKM_SHA384_HMAC

 

3.2

 

 

 

 

 

CKM_SHA512

 

 

 

3.1

 

 

 

CKM_SHA512_HMAC

 

3.2

 

 

 

 

 

CKM_AES_KEY_WRAP

 

 

 

 

 

 

CKM_RSA_AES_KEY_WRAP

 

 

 

 

 

 

Annotations:

1 Single-part operations only.

2 Mechanism is functionally identical to the CKM_RSA_PKCS_KEY_PAIR_GEN mechanism, but offers stronger guarantees for p and q generation.

3.1 When hashing data using any of the following mechanisms, data buffer less than 16 KB in size is hashed on the HSM. Larger data buffer, which is between 16 KB and the maximum data size, is hashed locally in software. The following table lists the maximum data size set for each mechanism:

Mechanism Maximum Data Size
CKM_SHA_1 16296
CKM_SHA224 16264
CKM_SHA256 16296
CKM_SHA384 16232
CKM_SHA512 16232

3.2 When operating on data by using any of the following mechanisms, if the data buffer exceeds the maximum data size, the operation results in an error. The following table lists maximum data size set for each mechanism:

Mechanism Maximum Data Size
CKM_SHA_1_HMAC 16288
CKM_SHA224_HMAC 16256
CKM_SHA256_HMAC 16288
CKM_SHA384_HMAC 16224
CKM_SHA512_HMAC 16224
CKM_SHA1_RSA_PKCS 16296
CKM_SHA224_RSA_PKCS 16264
CKM_SHA256_RSA_PKCS 16296
CKM_SHA364_RSA_PKCS 16232
CKM_SHA512_RSA_PKCS 16232
CKM_AES_CBC 16272
CKM_AES_GCM 16224
CKM_DES3_CBC 16280

4 When performing AES-GCM encryption, the HSM does not accept initialization vector (IV) data from the application. You must use an IV that it generates. The 12-byte IV provided by the HSM is written into the memory reference pointed to by the pIV element of the CK_GCM_PARAMS parameters structure that you supply. To prevent user confusion, PKCS #11 SDK in version 1.1.1 and later ensures that pIV points to a zeroized buffer when AES-GCM encryption is initialized.

5 Mechanism is implemented to support SSL/TLS offload cases and is executed only partially within the HSM. Before using this mechanism, see "Issue: ECDH key derivation is executed only partially within the HSM" in Known Issues for the PKCS #11 SDK.

6 The following CK_MECHANISM_TYPE and CK_RSA_PKCS_MGF_TYPE are supported as CK_RSA_PKCS_OAEP_PARAMS for CKM_RSA_PKCS_OAEP:

  • CKM_SHA_1 using CKG_MGF1_SHA1

  • CKM_SHA224 using CKG_MGF1_SHA224

  • CKM_SHA256 using CKG_MGF1_SHA256

  • CKM_SHA384 using CKM_MGF1_SHA384

  • CKM_SHA512 using CKM_MGF1_SHA512