CT_DerEncodeNamedCurve
Helper function to provide the DER encoding of a supported named curve. This function is typically used to populate the CKA_EC_PARAMS attribute of the template used during EC key pair generation.
Synopsis
CK_RV CT_DerEncodeNamedCurve(
CK_BYTE_PTR buf,
CK_SIZE_PTR len,
const char *name);
| Parameter | Description |
|---|---|
| buf | Buffer to hold the DER encoding |
| len | *len is total number of bytes referenced by buf |
| name | String name of the curve to get the encoding for |
Supported Curves
|
Curve |
OID |
|---|---|
| brainpoolP160r1 | { iso(1) identified-organization(3) TeleTrusT(36) algorithm(3) signatureAlgorithm(3) ecSign(2) ecStdCurvesAndGeneration(8) ellipticCurve(1) versionOne(1) brainpoolP160r1(1) } |
| brainpoolP160t1 | { iso(1) identified-organization(3) TeleTrusT(36) algorithm(3) signatureAlgorithm(3) ecSign(2) ecStdCurvesAndGeneration(8) ellipticCurve(1) versionOne(1) brainpoolP160t1(2) } |
| brainpoolP192r1 | { iso(1) identified-organization(3) TeleTrusT(36) algorithm(3) signatureAlgorithm(3) ecSign(2) ecStdCurvesAndGeneration(8) ellipticCurve(1) versionOne(1) brainpoolP192r1(3) } |
| brainpoolP192t1 | { iso(1) identified-organization(3) TeleTrusT(36) algorithm(3) signatureAlgorithm(3) ecSign(2) ecStdCurvesAndGeneration(8) ellipticCurve(1) versionOne(1) brainpoolP192t1(4) } |
| brainpoolP224r1 | { iso(1) identified-organization(3) TeleTrusT(36) algorithm(3) signatureAlgorithm(3) ecSign(2) ecStdCurvesAndGeneration(8) ellipticCurve(1) versionOne(1) brainpoolP224r1(5) } |
| brainpoolP224t1 | { iso(1) identified-organization(3) TeleTrusT(36) algorithm(3) signatureAlgorithm(3) ecSign(2) ecStdCurvesAndGeneration(8) ellipticCurve(1) versionOne(1) brainpoolP224t1(6) } |
| brainpoolP256r1 | { iso(1) identified-organization(3) TeleTrusT(36) algorithm(3) signatureAlgorithm(3) ecSign(2) ecStdCurvesAndGeneration(8) ellipticCurve(1) versionOne(1) brainpoolP256r1(7) } |
| brainpoolP256t1 | { iso(1) identified-organization(3) TeleTrusT(36) algorithm(3) signatureAlgorithm(3) ecSign(2) ecStdCurvesAndGeneration(8) ellipticCurve(1) versionOne(1) brainpoolP256t1(8) } |
| brainpoolP320r1 | { iso(1) identified-organization(3) TeleTrusT(36) algorithm(3) signatureAlgorithm(3) ecSign(2) ecStdCurvesAndGeneration(8) ellipticCurve(1) versionOne(1) brainpoolP320r1(9) } |
| brainpoolP320t1 | { iso(1) identified-organization(3) TeleTrusT(36) algorithm(3) signatureAlgorithm(3) ecSign(2) ecStdCurvesAndGeneration(8) ellipticCurve(1) versionOne(1) brainpoolP320t1(10) } |
| brainpoolP384r1 | { iso(1) identified-organization(3) TeleTrusT(36) algorithm(3) signatureAlgorithm(3) ecSign(2) ecStdCurvesAndGeneration(8) ellipticCurve(1) versionOne(1) brainpoolP384r1(11) } |
| brainpoolP384t1 | { iso(1) identified-organization(3) TeleTrusT(36) algorithm(3) signatureAlgorithm(3) ecSign(2) ecStdCurvesAndGeneration(8) ellipticCurve(1) versionOne(1) brainpoolP384t1(12) } |
| brainpoolP512r1 | { iso(1) identified-organization(3) TeleTrusT(36) algorithm(3) signatureAlgorithm(3) ecSign(2) ecStdCurvesAndGeneration(8) ellipticCurve(1) versionOne(1) brainpoolP512r1(13) } |
| brainpoolP512t1 | { iso(1) identified-organization(3) TeleTrusT(36) algorithm(3) signatureAlgorithm(3) ecSign(2) ecStdCurvesAndGeneration(8) ellipticCurve(1) versionOne(1) brainpoolP512t1(14) } |
| c2tnb191v1 | { iso(1) member-body(2) US(840) x9-62(10045) curves(3) characteristicTwo(0) c2tnb191v1(5) } |
| c2tnb191v1e (Non FIPS curve) | { iso(1) member-body(2) US(840) x9-62(10045) curves(3) characteristicTwo(0) c2tnb191v1e (15) } |
| curve25519 | { iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) 3029 algorithm(1) ecc(5) curvey25519(1) } |
| ed25519 | { iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprises(1) GNUProject(11591) ellipticCurve(15) ed25519(1) } |
| P-192 (prime192v1 / secp192r1) | { iso(1) member-body(2) US(840) x9-62(10045) curves(3) prime(1) prime192v1(1) } |
| P-224 (secp224r1) | { iso(1) identified-organization(3) Certicom(132) certicom_ellipticCurve(0) secp224r1(33) } |
| P-256 (prime256v1 / secp256r1) | { iso(1) member-body(2) US(840) x9-62(10045) curves(3) prime(1) prime256v1(7) } |
| P-384 (secp384r1) | { iso(1) identified-organization(3) Certicom(132) certicom_ellipticCurve(0) secp384r1(34) } |
| P-521 (secp521r1) | { iso(1) identified-organization(3) Certicom(132) certicom_ellipticCurve(0) secp521r1(35) } |
On successful return
buf — contains a string.
Example: “hh:mm:ss DD/MM/YYYY“ *len Number of bytes copied to buf
To determine the encoding length, pass in NULL for buf and check the resulting value of *len.
curve25519
Supported Operations
|
Encrypt and Decrypt |
No |
|
Sign and Verify |
No |
|
SignRecover and VerifyRecover |
No |
|
Digest |
No |
|
Generate Key/Key-Pair |
Yes |
|
Wrap and Unwrap |
No |
|
Derive |
Yes |
|
FIPS-approved |
No |
NOTE The generated public key is the same length as the generated private key. As such, Curve25519 should only be used for ECDH operations. It cannot be used for signing or verifying crypto objects.
Parameters
Curve25519 uses the CKM_ECDH1_DERIVE mechanism. Users are required to use the CKM_ECDH1_DERIVE mechanism and fill in the CK_ECDH1_DERIVE_PARAMS structure to access Curve25519.
For more information about the key derivation mechanism see CKM_ECDH1_DERIVE
ed25519
Supported Operations
|
Encrypt and Decrypt |
No |
|
Sign and Verify |
Yes |
|
SignRecover and VerifyRecover |
No |
|
Digest |
No |
|
Generate Key/Key-Pair |
Yes |
|
Wrap and Unwrap |
No |
|
Derive |
No |
|
FIPS-approved |
No |
