CKM_ECIES
Supported Operations
|
Encrypt and Decrypt |
Yes (Single part operation only) |
|
Sign and Verify |
No |
|
SignRecover and VerifyRecover |
No |
|
Digest |
No |
|
Generate Key/Key-Pair |
No |
|
Wrap and Unwrap |
No |
|
Derive |
No |
|
FIPS-approved |
No |
Key Size Range (bytes) and Parameters
| Minimum | 64 |
| FIPS Minimum |
N/A |
| Maximum | 571 |
| Parameter | CK_ECIES_PARAM
|
Description
The Elliptic Curve Integrated Encryption Scheme (ECIES) mechanism, denoted CKM_ECIES, performs single-part encryption and decryption operations. The operations performed are as described in ANSI X9.63-2001.
This mechanism has a parameter, a CK_ECIES_PARAMS structure. This structure is defined as follows:
typedef struct CK_ECIES_PARAMS
{
CK_EC_DH_PRIMITIVE dhPrimitive;
CK_EC_KDF_TYPE kdf;
CK_ULONG ulSharedDataLen1;
CK_BYTE_PTR pSharedData1;
CK_EC_ENC_SCHEME encScheme;
CK_ULONG ulEncKeyLenInBits;
CK_EC_MAC_SCHEME macScheme;
CK_ULONG ulMacKeyLenInBits;
CK_ULONG ulMacLenInBits;
CK_ULONG ulSharedDataLen2;
CK_BYTE_PTR pSharedData2;
} CK_ECIES_PARAMS;
The fields of this structure have the following meanings:
| dhPrimitive |
This is the Diffie-Hellman primitive used to derive the shared secret value. Valid value: CKDHP_STANDARD
|
| kdf |
This is the key derivation function used on the shared secret value. Valid value: CKD_SHA1_KDF
|
| ulSharedDataLen1 |
This is the length in bytes of the key derivation shared data. |
| pSharedData1 |
This is the key derivation padding data shared between the two parties. |
| encScheme |
This is the encryption scheme used to transform the input data. Valid value: CKES_XOR
|
| ulEncKeyLenInBits |
This is the bit length of the key to use for the encryption scheme. |
| macScheme |
This is the MAC scheme used for MAC generation or validation. Valid values: CKMS_HMAC_SHA1CKMS_SHA1
NOTE The MAC scheme |
| ulMacKeyLenInBits |
This is the bit length of the key to use for the MAC scheme. |
| ulMacLenInBits |
This is the bit length of the MAC scheme output. |
| ulSharedDataLen2 |
This is the length in bytes of the MAC shared data. |
| pSharedData2 |
This is the MAC padding data shared between the two parties. |
The pSharedData1 and pSharedData2 parameters are optional, and if not supplied then they must be NULL and the ulSharedDataLen1 and ulSharedDataLen2 parameters must be zero. With the MAC scheme CKMS_SHA1, any supplied shared data is ignored.
With the encryption scheme CKES_XOR, the ulEncKeyLenInBits parameter MUST be zero. With any other encryption scheme, the ulEncKeyLenInBits parameter must be set to the applicable key length in bits.
With the MAC scheme CKMS_SHA1, the ulMacKeyLenInBits parameter must be 0. With any other MAC scheme, the ulMacKeyLenInBits parameter must be a minimum of 80 bits, and a multiple of 8 bits.
The ulMacLenInBits parameter must be a minimum of 80 bits, a multiple of 8 bits, and not greater than the maximum output length for the specified Hash.
Constraints on key types and the length of the data are summarized in the following table.
|
Function |
Key Type |
Input Length |
Output Length |
|---|---|---|---|
| C_Encrypt |
EC public key |
any |
1 + 2modLen + any + macLen |
| C_Decrypt |
EC private key |
1 + 2modLen + any + macLen |
any |
Where:
>modLen is the curve modulus length
>macLen is the length of the produced MAC
The encrypted data is in the format QE||EncData||MAC, where:
>QE is the uncompressed bit string of the ephemeral EC public key
>EncData is the encrypted data
>MAC is the generated MAC
Return to SafeNet ProtectToolkit-C Mechanisms
