source-git / opencryptoki

Clone
Source Code
GIT

Files

  1.   8aa27dc2edbd225ad179b0db77a7f01cbfdeff9a
  2.   usr
  3.   lib
  4.   ep11_stdll
  5.   ep11cpfilter.conf
Blob Blame History Raw 
#
# EP11 token CP-filter configuration
#
# The list of mechanisms returned by C_GetMechanismList is filtered
# using the control point settings of the used crypto adapters.
# The EP11 CP-filter config file is used to associate certain control
# points with mechanisms that are dependent on these control points.
# 
# Syntax:
#       cp: mech1, mech2, ...
#
# Both, cp as well as mech is specified as name or in decimal, octal
# (with leading 0) or hexadecimal (with leading 0x):
#
#       XCP_CPB_SIGN_SYMM: CKM_SHA256_HMAC, CKM_SHA256_HMAC_GENERAL
#       4: 0x00000251, 0x00000252
#
# sign with HMAC or CMAC
XCP_CPB_SIGN_SYMM: CKM_SHA256_HMAC, CKM_SHA256_HMAC_GENERAL, CKM_SHA224_HMAC, CKM_SHA224_HMAC_GENERAL, CKM_SHA384_HMAC, CKM_SHA384_HMAC_GENERAL, CKM_SHA512_HMAC, CKM_SHA512_HMAC_GENERAL, CKM_SHA_1_HMAC, CKM_SHA_1_HMAC_GENERAL, CKM_IBM_SHA3_224_HMAC, CKM_IBM_SHA3_256_HMAC,CKM_IBM_SHA3_384_HMAC, CKM_IBM_SHA3_512_HMAC, CKM_IBM_CMAC, CKM_DES3_CMAC, CKM_DES3_CMAC_GENERAL, CKM_AES_CMAC, CKM_AES_CMAC_GENERAL

# verify with HMAC or CMAC
XCP_CPB_SIGVERIFY_SYMM: CKM_SHA256_HMAC, CKM_SHA256_HMAC_GENERAL, CKM_SHA224_HMAC, CKM_SHA224_HMAC_GENERAL, CKM_SHA384_HMAC, CKM_SHA384_HMAC_GENERAL, CKM_SHA512_HMAC, CKM_SHA512_HMAC_GENERAL, CKM_SHA_1_HMAC, CKM_SHA_1_HMAC_GENERAL, CKM_IBM_SHA3_224_HMAC, CKM_IBM_SHA3_256_HMAC,CKM_IBM_SHA3_384_HMAC, CKM_IBM_SHA3_512_HMAC, CKM_IBM_CMAC, CKM_DES3_CMAC, CKM_DES3_CMAC_GENERAL, CKM_AES_CMAC, CKM_AES_CMAC_GENERAL

# sign with private keys
XCP_CPB_SIGN_ASYMM: CKM_RSA_PKCS, CKM_RSA_PKCS_PSS, CKM_SHA1_RSA_X9_31, CKM_SHA1_RSA_PKCS, CKM_SHA1_RSA_PKCS_PSS, CKM_SHA256_RSA_PKCS, CKM_SHA256_RSA_PKCS_PSS, CKM_SHA224_RSA_PKCS, CKM_SHA224_RSA_PKCS_PSS, CKM_SHA384_RSA_PKCS, CKM_SHA384_RSA_PKCS_PSS, CKM_SHA512_RSA_PKCS, CKM_SHA512_RSA_PKCS_PSS, CKM_ECDSA, CKM_ECDSA_SHA1, CKM_DSA, CKM_DSA_SHA1, CKM_RSA_X9_31, CKM_ECDSA_SHA224, CKM_ECDSA_SHA256, CKM_ECDSA_SHA384, CKM_ECDSA_SHA512

# encrypt with symmetric keys
XCP_CPB_ENCRYPT_SYMM: CKM_AES_ECB, CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_DES3_ECB, CKM_DES3_CBC, CKM_DES3_CBC_PAD, CKM_DES_ECB, CKM_DES_CBC

#decrypt with private keys
XCP_CPB_DECRYPT_ASYMM: CKM_RSA_PKCS

# decrypt with symmetric keys
XCP_CPB_DECRYPT_SYMM: CKM_AES_ECB, CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_DES3_ECB, CKM_DES3_CBC, CKM_DES3_CBC_PAD, CKM_DES_ECB, CKM_DES_CBC

# key export with public keys
XCP_CPB_WRAP_ASYMM: CKM_RSA_PKCS

# key export with symmetric keys
XCP_CPB_WRAP_SYMM: CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_DES3_CBC, CKM_DES3_CBC_PAD

#key import with private keys
XCP_CPB_UNWRAP_ASYMM: CKM_RSA_PKCS

# key import with symmetric keys
XCP_CPB_UNWRAP_SYMM: CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_DES3_CBC, CKM_DES3_CBC_PAD

# generate asymmetric keypairs
XCP_CPB_KEYGEN_ASYMM: CKM_RSA_PKCS_KEY_PAIR_GEN, CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_EC_KEY_PAIR_GEN, CKM_DSA_KEY_PAIR_GEN, CKM_DH_PKCS_KEY_PAIR_GEN

# generate or derive symmetric keys, including DSA parameters
XCP_CPB_KEYGEN_SYMM: CKM_AES_KEY_GEN, CKM_DES2_KEY_GEN, CKM_DES3_KEY_GEN, CKM_DSA_PARAMETER_GEN, CKM_DH_PKCS_PARAMETER_GEN, CKM_PBE_SHA1_DES3_EDE_CBC, CKM_DES_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN

# RSA private-key or key-encrypt use
XCP_CPB_ALG_RSA: CKM_RSA_PKCS, CKM_RSA_PKCS_KEY_PAIR_GEN, CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_PKCS_PSS, CKM_SHA1_RSA_X9_31, CKM_SHA1_RSA_PKCS, CKM_SHA1_RSA_PKCS_PSS, CKM_SHA256_RSA_PKCS, CKM_SHA256_RSA_PKCS_PSS, CKM_SHA224_RSA_PKCS, CKM_SHA224_RSA_PKCS_PSS, CKM_SHA384_RSA_PKCS, CKM_SHA384_RSA_PKCS_PSS, CKM_SHA512_RSA_PKCS, CKM_SHA512_RSA_PKCS_PSS, CKM_RSA_X9_31

# DSA private-key use
XCP_CPB_ALG_DSA: CKM_DSA_PARAMETER_GEN, CKM_DSA_KEY_PAIR_GEN, CKM_DSA, CKM_DSA_SHA1

# EC private-key use
XCP_CPB_ALG_EC: CKM_EC_KEY_PAIR_GEN, CKM_ECDH1_DERIVE, CKM_ECDSA, CKM_ECDSA_SHA224, CKM_ECDSA_SHA256, CKM_ECDSA_SHA384, CKM_ECDSA_SHA512

# Diffie-Hellman use (private keys)
XCP_CPB_ALG_DH: CKM_ECDH1_DERIVE, CKM_DH_PKCS_PARAMETER_GEN, CKM_DH_PKCS_KEY_PAIR_GEN, CKM_DH_PKCS_DERIVE

# allow key derivation (symmetric+EC/DH)
XCP_CPB_DERIVE: CKM_SHA1_KEY_DERIVATION, CKM_SHA256_KEY_DERIVATION, CKM_SHA384_KEY_DERIVATION, CKM_SHA512_KEY_DERIVATION, CKM_SHA224_KEY_DERIVATION, CKM_ECDH1_DERIVE, CKM_DH_PKCS_DERIVE

# enable support of curve25519, c448 and related algorithms incl. EdDSA (ed25519 and ed448)
XCP_CPB_ALG_EC_25519: CKM_IBM_EC_C25519, CKM_IBM_ED25519_SHA512, CKM_IBM_EC_C448, CKM_IBM_ED448_SHA3

#allow non-BSI algorithms (as of 2017) including non-BSI keysizes
XCP_CPB_ALG_NBSI2017: CKM_RSA_PKCS, CKM_SHA1_RSA_PKCS, CKM_SHA224_RSA_PKCS, CKM_SHA256_RSA_PKCS, CKM_SHA384_RSA_PKCS, CKM_SHA512_RSA_PKCS

#enable support of Dilithium
XCP_CPB_ALG_PQC_DILITHIUM: CKM_IBM_DILITHIUM

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation