Cryptographic Token Interface Standard |
PKCS#11 |
The OAEP key wrapping for SET mechanism, denoted CKM_KEY_WRAP_SET_OAEP, is a mechanism for wrapping and unwrapping a DES key with an RSA key. The hash of some plaintext data and/or some extra data may optionally be wrapped together with the DES key. This mechanism is defined in the SET protocol specifications.
It takes a parameter, a CK_KEY_WRAP_SET_OAEP_PARAMS structure. This structure holds the "Block Contents" byte of the data and the concatenation of the hash of plaintext data (if present) and the extra data to be wrapped (if present). If neither the hash nor the extra data is present, this is indicated by the ulXLen field having the value 0.
When this mechanism is used to unwrap a key, the concatenation of the hash of plaintext data (if present) and the extra data (if present) is returned following the convention described in Section 11.2 on producing output. Note that if the inputs to C_UnwrapKey are such that the extra data is not returned (e.g., the buffer supplied in the CK_KEY_WRAP_SET_OAEP_PARAMS structure is NULL_PTR), then the unwrapped key object will not be created, either.
Be aware that when this mechanism is used to unwrap a key, the bBC and pX fields of the parameter supplied to the mechanism may be modified.
If an application uses C_UnwrapKey with CKM_KEY_WRAP_SET_OAEP, it may be preferable for it simply to allocate a 128-byte buffer for the concatenation of the hash of plaintext data and the extra data (this concatenation is never larger than 128 bytes), rather than calling C_UnwrapKey twice. Each call of C_UnwrapKey with CKM_KEY_WRAP_SET_OAEP requires an RSA decryption operation to be performed, and this computational overhead can be avoided by this means.