pkcs11 message

Subject: Re: [pkcs11] OAEP/PSS and SHA-2

From: Jakub Jelen <jjelen@redhat.com>
To: Jonathan Schulze-Hewett <schulze-hewett@infoseccorp.com>, "pkcs11@lists.oasis-open.org" <pkcs11@lists.oasis-open.org>
Date: Tue, 07 Jul 2020 11:38:14 +0200

On Mon, 2020-07-06 at 18:00 +0000, Jonathan Schulze-Hewett wrote:
> I can't find a way to query a token to see if it supports OAEP or PSS
> with
> SHA-2. Am I missing something or is this an item that we should look
> at
> addressing?

I see the following mechanism in version 2.4 [1] (and other SHA2
around):

CKM_SHA256_RSA_PKCS_PSS

There are no corresponding mechanisms for OAEP. But as OAEP is
encryption, the pre-hashing does not make sense.

On the other hand, if you talk about mechanism parameters, I do not
think there is any discovery mechanism at this moment.

[1] 
http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cs01/pkcs11-curr-v2.40-cs01.html#_Toc399398853

Regards,
-- 
Jakub Jelen
Senior Software Engineer
Security Technologies
Red Hat, Inc.

Follow-Ups:
- RE: [pkcs11] OAEP/PSS and SHA-2
  - From: Jonathan Schulze-Hewett <schulze-hewett@infoseccorp.com>

References:
- OAEP/PSS and SHA-2
  - From: Jonathan Schulze-Hewett <schulze-hewett@infoseccorp.com>