PKCS#11 – Implementation Details
Slots and Tokens
PKCS#11 library represents NVIDIA HPSE as a single token present within one slot.
Multi-Threaded Application
PKCS#11 library only supports multi-threaded access by an application using the native operating system primitives.
Session Type
PKCS#11 library supports read / write (R/W) user session and read-only (R/O) user session.
Read / Write Session Limitation
PKCS#11 library does not allow creating a Read/Write session if any other PKCS#11 session is open, including in other running applications.
UNECE 156a 7.2.2.1.3
This limitation is to address the following clause of UNECE 156a:
When the execution of an update may affect the safety of the vehicle, the vehicle manufacturer shall demonstrate how the update will be executed safely. This shall be achieved through technical means that ensures the vehicle is in a state where the update can be executed safely.
Active Operation Abandonment
PKCS#11 library fails any cryptographic initialization functions for a session if there are any active operations of the same type on that session. The active operation will reset and return to the idle state.
PKCS#11 library additionally allows C_MessageSignInit and C_MessageVerifyInit to be called with pMechanism set to NULL_PTR to terminate an active operation
Operations that cannot be cancelled by C_SessionCancel
PKCS#11 library shall return CKR_OPERATION_CANCEL_FAILED if any of the following operations are included in the request to C_SessionCancel:
- CKF_GENERATE_KEY_PAIR
- CKF_GENERATE
- CKF_WRAP
- CKF_UNWRAP
- CKF_DERIVE
- CKF_MULTI_MESSAGE
- CKF_MESSAGE_ENCRYPT
- CKF_MESSAGE_DECRYPT
User Type
PKCS#11 library only supports the user type: normal user.
Read-Only User Authentication
PKCS#11 library supports normal user login to a read only session without the need for a PIN.
pPin from client application is NULL_PTR.
Read / Write User Authentication
PKCS#11 library supports login of an authenticated normal user login to a Read / Write session without the need for a PIN.
pPin from client application is NULL_PTR.
Encrypt Input Data length
PKCS#11 library restricts the data length of all multi-part encrypt update operations using CKM_AES_CBC_PAD mechanism to be a multiple of the cryptographic operation block size except for the last encrypt update part which does not have to be a multiple of the block size.
Decrypt Input Data length
PKCS#11 library restricts the data length of multi-part decrypt update operations to be a multiple of the cryptographic operation block size.
Session Object Limit
PKCS#11 library restricts the number of session keys that may be created, generated, derived or unwrapped across all sessions of a single application to a total of 80 keys split as 64 secret, 8 RSA public, and 8 EC public keys.
Cryptoki Function Calls
PKCS#11 library does not support every function in the Cryptoki API. It has a stub for every unsupported function and returns the value CKR_FUNCTION_NOT_SUPPORTED.
Callback Function Not Supported
PKCS#11 library does not support surrender callbacks.
Find Key by ID and Class
PKCS#11 library restricts key object search to the template attribute CKA_ID and CKA_CLASS only.
Deriving Additional Key
PKCS#11 library limits key derivation to a single derived key.
Derivation From Fuse Keys
PKCS#11 library supports derivation from the following named fuse keys:
| Fuse Key CKA_ID |
|---|
|
"NV_OEM_KEK0 " |
CKM_SP800_108_COUNTER_KDF Input Parameters
PKCS#11 library limits the counter mode key derivation function, denoted CKM_SP800_108_COUNTER_KDF, to use the following PRF input data definitions.
SP800-108 section 5.1 outlines a sample Counter Mode KDF, which defines the following PRF input:
PRF (KI, [i] || Label || 0x00 || Context || [L])
where || is the concatenation operation in which the order the values are defined and KI is the base key being derived from.
The following table lists the PRF input data field types, meanings, limitations, and order that are supported within the CK_PRF_DATA_PARAM structure:
| PRF Input | Data Field Identifier | Format | Description |
|---|---|---|---|
|
[i] |
CK_SP800_108_ITERATION_VARIABLE |
Big Endian 32 bit integer |
Counter that is the iteration variable. Value shall be 0x00000001 for SHA_256_HMAC or AES_CMAC PRF |
|
Label |
CK_SP800_108_BYTE_ARRAY |
1 to 32 bytes |
Client Application supplied byte array that identifies the purpose for the derived keying material. The byte 0x00 is not allowed. |
|
0x00 |
CK_SP800_108_BYTE_ARRAY |
1 byte |
An all zero octet. Used to indicate a separation of different variable length data fields |
|
Context |
CK_SP800_108_BYTE_ARRAY |
1 to 32 bytes |
Client Application supplied byte array containing the information related to the derived key. The byte 0x00 is not allowed. |
|
[L] |
CK_SP800_108_DKM_LENGTH |
Big Endian 32 bit integer |
An integer specifying the length (in bits) of the derived key. Value shall be 0x00000080 |
Secret Key Material Protection
PKCS#11 library does not allow access to secret key material or secret key check value.
Added Allowed Function Return Values
PKCS#11 library allows CKR_OPERATION_ACTIVE return value for C_Digest, C_Encrypt, and C_Decrypt functions. The current operation will reset and return to idle state upon returning CKR_OPERATION_ACTIVE. The approach taken warns of a potential programming error rather than silently accepting it.
PKCS#11 library allows CKR_MECHANISM_INVALID return value for C_xxUpdate, C_xxFinal if C_xxInit is called with mechanism CKM_AES_GCM.
PKCS#11 library allows CKR_OPERATION_NOT_INITIALIZED return value for C_xxMessageBegin functions.
PKCS#11 library allows CKR_OPERATION_ACTIVE return value for C_xxMessageNext functions. The current operation will reset and return to idle state upon returning CKR_OPERATION_ACTIVE. The approach taken warns of a potential programming error rather than silently accepting it.
Symmetric Key Block Mode
When using PKCS#11 APIs to generate, derive, or unwrap symmetric keys, users of DRIVE OS must specify at most one block mode in the CKA_ALLOWED_MECHANISMS template attribute for any particular key.
Exception: Specifying CKM_AES_CBC and CKM_AES_CBC_PAD for the same key is acceptable.
CMAC Message Length
PKCS#11 library does not support Signature requests using CKM_AES_CMAC with a 0 (zero)-length message.