Gemalto is now part of the Thales Group, find out more.

You are here

Executing PCKS impl throws "CKR_MECHANISM_PARAM_INVALID" for CKM_XOR_BASE_AND_DATA mechanism | Thales IoT Developer Community

May 3, 2019 - 8:53pm, 689 views

I'm not sure this is right forum to post this. Please guide me if this not the right forum for Safenet Luna HSM related question.

We have Luna HSM PCI K7 with firmware version (7.0.1) with Luna Client software version 7.3.0.

When we ran the list the supported mechanism command using LunaCM tool,  Luna didn't list 'CKM_XOR_BASE_AND_DATA' mechanism in supported list. Gemalto's team shared information that 7.0.1 do suppoort the mechanism, so, we proceeded with  Java PCKS implementation using JCProv, and when executing the mechanism 'CKM_XOR_BASE_AND_DATA' it throws an error

com.safenetinc.jcprov.CKR_Exception: C_DeriveKey rv=0x71 - CKR_MECHANISM_PARAM_INVALID
    at com.safenetinc.jcprov.CryptokiEx.C_DeriveKey(

// Below  code is our implementation part

CK_KEY_DERIVATION_STRING_DATA deriveString = new CK_KEY_DERIVATION_STRING_DATA(componentValue, componentValue.length);

       //Note: CKM_XOR_BASE_AND_DATA mechanism => 0x00000364
        CK_MECHANISM mechanism = new CK_MECHANISM(new CK_MECHANISM_TYPE(0x00000364));
        mechanism.pParameter = deriveString;
        mechanism.parameterLen = deriveString.len;
        CK_RV rv = CryptokiEx.C_DeriveKey(session, mechanism, hBaseKey, defaultAttrTemplate, defaultAttrTemplate.length, hResultKey);
        System.out.println("handleIntermediateComponent - derived key:  " + hResultKey.longValue());
        if(rv.longValue() != CKR.OK.longValue()){
            System.err.println("Failed to derive key");

Are we doing something wrong with mechanism parameter passing OR Luna HSM version doesn't support the mechanism? 

Thank you.