PKCS#11 – Supported Mechanism – Function Table

The following table shows which combinations of functions and mechanisms are supported by PKCS#11 library. An “x” mark indicates that the PKCS#11 library supports the mechanism for the function.

Mechanism	Generate Key	Public/ Private Key Pair Generation	Encrypt/ Encrypt Message	Decrypt/ Decrypt Message	Encrypt/ Encrypt Message (Single- part only)	Decrypt/ Decrypt Message (Single- part only)	Sign/ Sign Message	Verify/ Verify Message	Sign (Single- part only)	Verify (Single- part only)	Digest	Derive Key	Unwrap Key	Wrap Key	Notes
CKM_AES_CBC			X	X											using AES [FIPS 197] with 128-bit or 256-bit key sizes
CKM_AES_CBC_PAD			X	X											using AES [FIPS 197] with 128-bit or 256-bit key sizes
CKM_AES_CTR			X	X											using AES [FIPS 197] with 128-bit or 256-bit key sizes
CKM_AES_GCM					X	X							X	X
CKM_AES_CMAC							X	X				X			using AES [FIPS 197] with 128-bit or 256-bit key sizes
CKM_AES_GMAC							X	X
CKM_SHA256_HMAC												X
CKM_SP800_56C_TWO_STEPS_KDF												X			Custom mechanism for camera use only
CKM_SHA256											X
CKM_SHA384											X
CKM_SHA512											X
CKM_SHA3_256											X
CKM_SHA3_384											X
CKM_SHA3_512											X
CKM_AES_KEY_WRAP													X	X	For use with MACSEC only
CKM_AES_CBC_CUSTOM_DATA_WRAP														X	Custom mechanism for camera use only
CKM_AES_KEY_GEN	X														returning 128-bit or 256-bit key sizes
CKM_EC_EDWARDS_KEY_PAIR_GEN		X													generate EC public/private key pairs over the curve Ed25519
CKM_EC_MONTGOMERY_KEY_PAIR_GEN		X													generate EC public/private key pairs over the curve 25519
CKM_EC_KEY_PAIR_GEN_W_EXTRA_BITS		X													FIPS 186-5 extra bits method (Appendix B)
CKM_SP800_108_COUNTER_KDF												X			using CKM_AES_CMAC [FIPS 197] with 128-bit or 256-bit key sizes
CKM_SP800_108_COUNTER_KDF												X			using CKM_SHA256_HMAC [FIPS 198-1][FIPS 180-4] with 128 or 256-bit key sizes
CKM_ECDH1_COFACTOR_DERIVE												X			Deriving either a CKK_GENERIC_SECRET or CKK_AES. Curve25519 or Curve448 or secp256r1
CKM_ECDH1_DERIVE												X			Deriving either a CKK_GENERIC_SECRET or CKK_AES. Curve25519 or Curve448 or secp256r1
CKM_RSA_PKCS_PSS										X					using RSA with 3072 and 4096-bit key sizes, and secure hash algorithms SHA-256 and SHA-512 [FIPS 180-4] for both the hash algorithm and Mask Generating Function (MGF1) [PKCS1-v2.2]
CKM_EDDSA									X	X					curve Ed25519ph [RFC 8032]
CKM_EDDSA (non prehash)									X	X					curve Ed25519 [RFC 8032] curve448
CKM_ECDSA									X	X					curve secp256r1 [SEC2-V2] using secure hash algorithm SHA-256 [FIPS 180-4] curve secp384r1 and SHA384 curve secp521r1 and SHA512
TBD Name (Custom SHA-512 derivation)												X			Used for a specific SSA key derivation