[PKCS#11] HMAC-SHA256 min key length: need 128-bit support #7635
Description
PKCS#11 enforces key size range for HMAC mechanisms:
• For CKM_SHA256_HMAC or CKM_SHA256_HMAC_GENERAL, the key length must be within 192 to 1024 bits (24–128 bytes).
Issue:
• Facing issue while passing a 128-bit key (16 bytes), which is below the minimum (192 bits).
• Hence, the use case fails with CKR_KEY_SIZE_RANGE.
RFC4868 Behavior
• RFC4868 specifies that padding is applied if the key is shorter than the hash block size (512 bits for SHA-256).
PKCS#11 does not handle padding:
o PKCS#11 only validates key length against mechanism constraints.
o Padding logic is implemented by the crypto layer not PKCS#11.
Possible Workaround:
-
Set the minimum key length to 128 bits for the CKM_SHA256_HMAC mechanism.
This adjustment would allow the requirement to be met without violating the mechanism’s integrity. -
Consider aligning key length behavior with PKCS#11’s maximum key length enforcement.
Currently, PKCS#11 ensures that the key length does not exceed the maximum allowed size. Similarly, for cases where the provided key length is less than the mechanism’s minimum, we could set the key length and its value to match the minimum key length instead of rejecting the operation.