CT_DerEncodeNamedCurve
Synopsis
CK_RV CT_DerEncodeNamedCurve(
CK_BYTE_PTR buf,
CK_SIZE_PTR len,
const char *name);
Description
Helper function to provide the DER encoding of a supported named curve. This function is typically used to populate the CKA_EC_PARAMS attribute of the template used during EC key pair generation.
Supported curve names are:
Name |
OID |
---|---|
c2tnb191v1 |
{ iso(1) member-body(2) US(840) x9-62(10045) curves(3) characteristicTwo(0) c2tnb191v1(5) } |
P-192 (also known as “prime192v1” “secp192r1”) |
{ iso(1) member-body(2) US(840) x9-62(10045) curves(3) prime(1) prime192v1(1) } |
P-224 (also known as “secp224r1”) |
{ iso(1) identified-organization(3) Certicom(132) certicom_ellipticCurve(0) secp224r1(33) } |
P-256 (also known as (“prime256v1 ” “secp256r1”) |
{ iso(1) member-body(2) US(840) x9-62(10045) curves(3) prime(1) prime256v1(7) } |
P-384 (also known as “secp384r1”) |
{ iso(1) identified-organization(3) Certicom(132) certicom_ellipticCurve(0) secp384r1(34) } |
P-521 (also known as “secp521r1”) |
{ iso(1) identified-organization(3) Certicom(132) certicom_ellipticCurve(0) secp521r1(35) } |
c2tnb191v1e (Non FIPS curve) |
{ iso(1) member-body(2) US(840) x9-62(10045) curves(3) characteristicTwo(0) c2tnb191v1e (15) } |
Curve25519 | {iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) 3029 algorithm(1) ecc(5) curvey25519(1)} |
Parameters
buf |
Buffer to hold the DER encoding |
len |
*len is total number of bytes referenced by buf |
name |
String name of the curve to get the encoding for |
On successful return
buf — contains a string.
Example: “hh:mm:ss DD/MM/YYYY“ *len Number of bytes copied to buf
To determine the encoding length, pass in NULL
for buf and check the resulting value of *len
.
Curve25519
Supported Operations
Encrypt and Decrypt |
No |
Sign and Verify |
No |
SignRecover and VerifyRecover |
No |
Digest |
No |
Generate Key/Key-Pair |
Yes |
Wrap and Unwrap |
No |
Derive |
Yes |
FIPS-approved |
No |
NOTE The generated public key is the same length as the generated private key. As such, Curve25519 should only be used for ECDH operations. It cannot be used for signing or verifying crypto objects.
Parameters
Curve25519 uses the CKM_ECDH1_DERIVE mechanism. Users are required to use the CKM_ECDH1_DERIVE mechanism and fill in the CK_ECDH1_DERIVE PARAMS structure to access Curve25519.
For more information about the key derivation mechanism see CKM_ECDH1_DERIVE