CT_DerEncodeNamedCurve

Synopsis

CK_RV CT_DerEncodeNamedCurve(
CK_BYTE_PTR buf,
CK_SIZE_PTR len,
const char *name);

Description

Helper function to provide the DER encoding of a supported named curve. This function is typically used to populate the CKA_EC_PARAMS attribute of the template used during EC key pair generation.

Supported curve names are:

Name

OID

c2tnb191v1

{ iso(1) member-body(2) US(840) x9-62(10045) curves(3) characteristicTwo(0) c2tnb191v1(5) }

P-192 (also known as  “prime192v1” “secp192r1”)

{ iso(1) member-body(2) US(840) x9-62(10045) curves(3) prime(1) prime192v1(1) }

P-224 (also known as “secp224r1”)

{ iso(1) identified-organization(3) Certicom(132) certicom_ellipticCurve(0) secp224r1(33) }

P-256 (also known as  (“prime256v1 ” “secp256r1”)

{ iso(1) member-body(2) US(840) x9-62(10045) curves(3) prime(1) prime256v1(7) }

P-384 (also known as  “secp384r1”)

{ iso(1) identified-organization(3) Certicom(132) certicom_ellipticCurve(0) secp384r1(34) }

P-521 (also known as “secp521r1”)

{ iso(1) identified-organization(3) Certicom(132) certicom_ellipticCurve(0) secp521r1(35) }

c2tnb191v1e (Non FIPS curve)

{ iso(1) member-body(2) US(840) x9-62(10045) curves(3) characteristicTwo(0) c2tnb191v1e (15) }

Curve25519 {iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) 3029 algorithm(1) ecc(5) curvey25519(1)}

Parameters

buf

Buffer to hold the DER encoding

len

*len is total number of bytes referenced by buf

name

String name of the curve to get the encoding for

On successful return

buf — contains a string.

Example: “hh:mm:ss DD/MM/YYYY“ *len Number of bytes copied to buf 

To determine the encoding length, pass in NULL for buf and check the resulting value of *len.

Curve25519

Supported Operations

Encrypt and Decrypt

No

Sign and Verify

No

SignRecover and VerifyRecover

No

Digest

No

Generate Key/Key-Pair

Yes

Wrap and Unwrap

No

Derive

Yes

FIPS-approved

No

NOTE   The generated public key is the same length as the generated private key. As such, Curve25519 should only be used for ECDH operations. It cannot be used for signing or verifying crypto objects.

Parameters

Curve25519 uses the CKM_ECDH1_DERIVE mechanism. Users are required to use the CKM_ECDH1_DERIVE mechanism and fill in the CK_ECDH1_DERIVE PARAMS structure to access Curve25519.

For more information about the key derivation mechanism see CKM_ECDH1_DERIVE