CKM_ECIES
Supported Operations
Encrypt and Decrypt | Yes (Single-part operation only) |
Sign and Verify | No |
SignRecover and VerifyRecover | No |
Digest | No |
Generate Key/Key-Pair | No |
Wrap and Unwrap | No |
Derive | No |
Available in FIPS Mode | No |
Key Size Range (bits) and Parameters
Minimum | 64 |
Maximum | 571 |
Parameter | CK_ECIES_PARAM
|
Description
The Elliptic Curve Integrated Encryption Scheme (ECIES) mechanism, denoted CKM_ECIES, performs single-part encryption and decryption operations. The operations performed are as described in ANSI X9.63-2001.
This mechanism has a parameter, a CK_ECIES_PARAMS structure. This structure is defined as follows:
typedef struct CK_ECIES_PARAMS {
CK_EC_DH_PRIMITIVE dhPrimitive;
CK_EC_KDF_TYPE kdf;
CK_ULONG ulSharedDataLen1;
CK_BYTE_PTR pSharedData1;
CK_EC_ENC_SCHEME encScheme;
CK_ULONG ulEncKeyLenInBits;
CK_EC_MAC_SCHEME macScheme;
CK_ULONG ulMacKeyLenInBits;
CK_ULONG ulMacLenInBits;
CK_ULONG ulSharedDataLen2;
CK_BYTE_PTR pSharedData2;
} CK_ECIES_PARAMS;
The fields of this structure have the following meanings:
dhPrimitive |
This is the Diffie-Hellman primitive used to derive the shared secret value. Valid value: CKDHP_STANDARD
|
kdf |
This is the key derivation function used on the shared secret value. Valid value: CKD_SHA1_KDF
|
ulSharedDataLen1 |
This is the length in bytes of the key derivation shared data. |
pSharedData1 |
This is the key derivation padding data shared between the two parties. |
encScheme |
This is the encryption scheme used to transform the input data. Valid value: CKES_XOR
|
ulEncKeyLenInBits |
This is the bit length of the key to use for the encryption scheme. |
macScheme |
This is the MAC scheme used for MAC generation or validation. Valid values: CKMS_HMAC_SHA1CKMS_SHA1
NOTE The MAC scheme |
ulMacKeyLenInBits |
This is the bit length of the key to use for the MAC scheme. |
ulMacLenInBits |
This is the bit length of the MAC scheme output. |
ulSharedDataLen2 |
This is the length in bytes of the MAC shared data. |
pSharedData2 |
This is the MAC padding data shared between the two parties. |
The pSharedData1 and pSharedData2 parameters are optional, and if not supplied then they must be NULL and the ulSharedDataLen1 and ulSharedDataLen2 parameters must be zero. With the MAC scheme CKMS_SHA1
, any supplied shared data is ignored.
With the encryption scheme CKES_XOR
, the ulEncKeyLenInBits parameter MUST be zero. With any other encryption scheme, the ulEncKeyLenInBits parameter must be set to the applicable key length in bits.
With the MAC scheme CKMS_SHA1
, the ulMacKeyLenInBits parameter must be 0. With any other MAC scheme, the ulMacKeyLenInBits parameter must be a minimum of 80 bits, and a multiple of 8 bits.
The ulMacLenInBits parameter must be a minimum of 80 bits, a multiple of 8 bits, and not greater than the maximum output length for the specified Hash.
Constraints on key types and the length of the data are summarized in the following table.
Function |
Key Type |
Input Length |
Output Length |
---|---|---|---|
C_Encrypt |
EC public key |
any |
1 + 2modLen + any + macLen |
C_Decrypt |
EC private key |
1 + 2modLen + any + macLen |
any |
Where:
>modLen is the curve modulus length
>macLen is the length of the produced MAC
The encrypted data is in the format QE||EncData||MAC, where:
>QE is the uncompressed bit string of the ephemeral EC public key
>EncData is the encrypted data
>MAC is the generated MAC
Return to ProtectToolkit-C Mechanisms