CKM_ECIES

Supported Operations

Encrypt and Decrypt Yes (Single-part operation only)
Sign and Verify No
SignRecover and VerifyRecover No
Digest No
Generate Key/Key-Pair No
Wrap and Unwrap No
Derive No
Available in FIPS Mode No

Key Size Range (bits) and Parameters

Minimum 64
Maximum 571
Parameter CK_ECIES_PARAM

Description

The Elliptic Curve Integrated Encryption Scheme (ECIES) mechanism, denoted CKM_ECIES, performs single-part encryption and decryption operations. The operations performed are as described in ANSI X9.63-2001.

This mechanism has a parameter, a CK_ECIES_PARAMS structure. This structure is defined as follows:

typedef struct CK_ECIES_PARAMS
{
CK_EC_DH_PRIMITIVE dhPrimitive;
    CK_EC_KDF_TYPE kdf;
    CK_ULONG ulSharedDataLen1;
    CK_BYTE_PTR pSharedData1;
    CK_EC_ENC_SCHEME encScheme;
    CK_ULONG ulEncKeyLenInBits;
    CK_EC_MAC_SCHEME macScheme;
    CK_ULONG ulMacKeyLenInBits;
    CK_ULONG ulMacLenInBits;
    CK_ULONG ulSharedDataLen2;
    CK_BYTE_PTR pSharedData2;
} CK_ECIES_PARAMS;

The fields of this structure have the following meanings:

dhPrimitive

This is the Diffie-Hellman primitive used to derive the shared secret value. Valid value:

CKDHP_STANDARD
kdf

This is the key derivation function used on the shared secret value. Valid value:

CKD_SHA1_KDF
ulSharedDataLen1

This is the length in bytes of the key derivation shared data.

pSharedData1

This is the key derivation padding data shared between the two parties.

encScheme

This is the encryption scheme used to transform the input data. Valid value:

CKES_XOR
ulEncKeyLenInBits

This is the bit length of the key to use for the encryption scheme.

macScheme

This is the MAC scheme used for MAC generation or validation. Valid values:

CKMS_HMAC_SHA1CKMS_SHA1

NOTE   The MAC scheme CKMS_SHA1, should only be used for compatability with RSA BSAFEĀ® Crypto-C, which uses a NON-STANDARD MAC scheme, which was defined in the 10/97 X9.63 Draft, but was removed from the released ANSI X9.63-2001 specification.

ulMacKeyLenInBits

This is the bit length of the key to use for the MAC scheme.

ulMacLenInBits

This is the bit length of the MAC scheme output.

ulSharedDataLen2

This is the length in bytes of the MAC shared data.

pSharedData2

This is the MAC padding data shared between the two parties.

The pSharedData1 and pSharedData2 parameters are optional, and if not supplied then they must be NULL and the ulSharedDataLen1 and ulSharedDataLen2 parameters must be zero. With the MAC scheme CKMS_SHA1, any supplied shared data is ignored.

With the encryption scheme CKES_XOR, the ulEncKeyLenInBits parameter MUST be zero. With any other encryption scheme, the ulEncKeyLenInBits parameter must be set to the applicable key length in bits.

With the MAC scheme CKMS_SHA1, the ulMacKeyLenInBits parameter must be 0.  With any other MAC scheme, the ulMacKeyLenInBits parameter must be a minimum of 80 bits, and a multiple of 8 bits.

The ulMacLenInBits parameter must be a minimum of 80 bits, a multiple of 8 bits, and not greater than the maximum output length for the specified Hash.

Constraints on key types and the length of the data are summarized in the following table.

Table 1: ECIES: Key  and Data Length

Function

Key Type

Input Length

Output Length

C_Encrypt

EC public key

any

1 + 2modLen + any + macLen

C_Decrypt

EC private key

1 + 2modLen + any + macLen

any

Where:

>modLen is the curve modulus length

>macLen is the length of the produced MAC

The encrypted data is in the format QE||EncData||MAC, where:

>QE is the uncompressed bit string of the ephemeral EC public key

>EncData is the encrypted data

>MAC is the generated MAC

Return to ProtectToolkit-C Mechanisms