HSM2: Supported AES Modes?

What AES modes are supported by the NitroKey HSM 2 (firmware 3.5)?

I’m using the sc-hsm-embedded library and I’ve gotten AES-KEYGEN and AES-CBC to work but not AES-CBC-PAD or AES-GCM. Is there a list of supported modes somewhere so I don’t have to test each one via trial-and-error?

The only AES mentioned in the mechanism list is: AES-KEY-GEN

  RSA-X-509, keySize={1024,4096}, hw, encrypt, decrypt, sign, verify
  RSA-PKCS, keySize={1024,4096}, hw, encrypt, decrypt, sign, verify
  RSA-PKCS-PSS, keySize={1024,4096}, hw, sign, verify
  SHA1-RSA-PKCS, keySize={1024,4096}, hw, sign, verify
  SHA256-RSA-PKCS, keySize={1024,4096}, hw, sign, verify
  SHA1-RSA-PKCS-PSS, keySize={1024,4096}, hw, sign, verify
  SHA256-RSA-PKCS-PSS, keySize={1024,4096}, hw, sign, verify
  ECDSA, keySize={192,521}, hw, sign, verify
  ECDSA-SHA1, keySize={192,521}, hw, sign, verify
  RSA-PKCS-OAEP, keySize={1024,4096}, hw, encrypt, decrypt
  SHA-1, digest
  SHA224, digest
  SHA256, digest
  SHA384, digest
  SHA512, digest
  ECDSA-KEY-PAIR-GEN, keySize={192,521}, hw, generate_key_pair
  RSA-PKCS-KEY-PAIR-GEN, keySize={1024,4096}, hw, generate_key_pair
  AES-KEY-GEN, keySize={128,256}, hw, encrypt, decrypt, generate, derive
  mechtype-0x80000001, keySize={1024,4096}, hw, sign, verify
  mechtype-0x80000003, keySize={1024,4096}, hw, sign, verify
  mechtype-0x80000010, keySize={192,521}, hw, sign, verify
  mechtype-0x80000011, keySize={192,521}, hw, sign, verify



On the CDN there should be an user manual (distributed only there), where the supported algos are listed and described. I read there that only AES CBC is supported (encryption, decryption, 128, 192, 256 bits).

Thank you! I found the manual for 3.4 (I guess 3.5 isn’t published yet) and you’re 100% right - only CBC is supported.