Craton HSM

PKCS#11 Mechanisms

Craton HSM registers 41 PKCS#11 mechanisms with C_GetMechanismList. In FIPS approved mode the list is filtered to the approved subset (28 mechanisms: RSA, ECDSA, ECDH, AES, SHA-2, SHA-3 digests). This page is the canonical capability matrix.

Legend:

S/V — sign / verify
E/D — encrypt / decrypt
G — key or key-pair generation
W/U — wrap / unwrap
Dv — derive
MP — multi-part streaming
FIPS — approved in FIPS approved mode

RSA

Mechanism	S/V	E/D	G	MP	FIPS
`CKM_RSA_PKCS_KEY_PAIR_GEN`			✓		✓
`CKM_RSA_PKCS`	✓				✓
`CKM_SHA256_RSA_PKCS`	✓			✓	✓
`CKM_SHA384_RSA_PKCS`	✓			✓	✓
`CKM_SHA512_RSA_PKCS`	✓			✓	✓
`CKM_RSA_PKCS_PSS`	✓				✓
`CKM_SHA256_RSA_PKCS_PSS`	✓			✓	✓
`CKM_SHA384_RSA_PKCS_PSS`	✓			✓	✓
`CKM_SHA512_RSA_PKCS_PSS`	✓			✓	✓
`CKM_RSA_PKCS_OAEP`		✓			✓

Key sizes: 2048, 3072, 4096. Keys below 2048 are rejected unless algorithms.allow_weak_rsa = true, and always rejected in FIPS mode.

Elliptic curve

Mechanism	S/V	G	Dv	MP	FIPS
`CKM_EC_KEY_PAIR_GEN`		✓			✓
`CKM_ECDSA`	✓				✓
`CKM_ECDSA_SHA256`	✓			✓	✓
`CKM_ECDSA_SHA384`	✓			✓	✓
`CKM_ECDSA_SHA512`	✓			✓	✓
`CKM_ECDH1_DERIVE`			✓		✓
`CKM_ECDH1_COFACTOR_DERIVE`			✓		✓

Supported curves: P-256, P-384. Signatures are raw r || s. ECDH derivation pipes the shared secret through HKDF-SHA256 (SP 800-56C).

Edwards curve

Mechanism	S/V	E/D	G	W/U	Dv	MP	FIPS
`CKM_EDDSA`	✓		✓				✗

CKM_EDDSA is used both as the key-pair-generation mechanism and as the signing mechanism (PureEdDSA over Ed25519, RFC 8032). Not FIPS-approved until FIPS 186-6 is finalised.

AES

Mechanism	E/D	G	W/U	MP	FIPS
`CKM_AES_KEY_GEN`		✓			✓
`CKM_AES_GCM`	✓				✓
`CKM_AES_CBC`	✓			✓	✓
`CKM_AES_CBC_PAD`	✓			✓	✓
`CKM_AES_CTR`	✓			✓	✓
`CKM_AES_KEY_WRAP`			✓		✓
`CKM_AES_KEY_WRAP_KWP`			✓		✓

Key sizes: 128, 192, 256 bits. CKM_AES_GCM requires a 12-byte IV and enforces per-key nonce uniqueness. All-zero IVs are rejected at C_EncryptInit for CBC and CTR. CKM_AES_KEY_WRAP follows RFC 3394; CKM_AES_KEY_WRAP_KWP follows RFC 5649.

Digest

Mechanism	MP	FIPS
`CKM_SHA_1`	✓	digest only
`CKM_SHA256`	✓	✓
`CKM_SHA384`	✓	✓
`CKM_SHA512`	✓	✓
`CKM_SHA3_256`	✓	✓
`CKM_SHA3_384`	✓	✓
`CKM_SHA3_512`	✓	✓

In FIPS approved mode, CKM_SHA_1 is blocked entirely (even for digest-only operations) per SP 800-131A.

Post-quantum mechanisms

These are vendor-defined (number range 0x80000000+). See Post-quantum algorithms for security-category details.

Mechanism	Value	S/V	G	Dv	FIPS
`CKM_ML_KEM_512`	`0x80000001`		✓	✓	✗
`CKM_ML_KEM_768`	`0x80000002`		✓	✓	✗
`CKM_ML_KEM_1024`	`0x80000003`		✓	✓	✗
`CKM_ML_DSA_44`	`0x80000010`	✓	✓		✗
`CKM_ML_DSA_65`	`0x80000011`	✓	✓		✗
`CKM_ML_DSA_87`	`0x80000012`	✓	✓		✗
`CKM_SLH_DSA_SHA2_128S`	`0x80000020`	✓	✓		✗
`CKM_SLH_DSA_SHA2_256S`	`0x80000021`	✓	✓		✗
`CKM_HYBRID_ML_DSA_ECDSA`	`0x80000030`	✓	✓		✗
`CKM_HYBRID_X25519_ML_KEM_768`	`0x80000040`		✓	✓	✗

All PQC mechanisms are blocked in FIPS approved mode (validate_mechanism_for_policy returns CKR_MECHANISM_INVALID).

HMAC

HMAC is not exposed as a standalone signing mechanism. The HMAC construction is used internally by the DRBG (HMAC-SHA256), by PIN hashing (PBKDF2-HMAC-SHA256), and by POST KATs. C_DigestKey lets callers include a key's value in a SHA-2 / SHA-3 digest stream.

Querying the mechanism list

pkcs11-tool --module /opt/craton_hsm/libcraton_hsm.so --list-mechanisms

C_GetMechanismInfo reports, for each mechanism: minimum key size, maximum key size, and a bitmask of CKF_SIGN, CKF_VERIFY, CKF_ENCRYPT, CKF_DECRYPT, CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP, CKF_DERIVE. The CKF_HW flag is cleared (Craton HSM is software).