Cryptographic Token Interface Standard

PKCS#11


SEED


Sections

SEED secret key objects
SEED key generation
SEED-ECB
SEED-CBC
SEED-CBC with PKCS padding
General-length SEED-MAC
SEED-MAC

Detailed Description

SEED is a symmetric block cipher developed by the South Korean Information Security Agency (KISA). It has a 128-bit key size and a 128-bit block size.

Its specification has been published as Internet [RFC 4269].

RFCs have been published defining the use of SEED in

TLS ftp://ftp.rfc-editor.org/in-notes/rfc4162.txt

IPsec ftp://ftp.rfc-editor.org/in-notes/rfc4196.txt

CMS ftp://ftp.rfc-editor.org/in-notes/rfc4010.txt

TLS cipher suites that use SEED include:

CipherSuite TLS_RSA_WITH_SEED_CBC_SHA = { 0x00, 0x96};
CipherSuite TLS_DH_DSS_WITH_SEED_CBC_SHA = { 0x00, 0x97};
CipherSuite TLS_DH_RSA_WITH_SEED_CBC_SHA = { 0x00, 0x98};
CipherSuite TLS_DHE_DSS_WITH_SEED_CBC_SHA = { 0x00, 0x99};
CipherSuite TLS_DHE_RSA_WITH_SEED_CBC_SHA = { 0x00, 0x9A};
CipherSuite TLS_DH_anon_WITH_SEED_CBC_SHA = { 0x00, 0x9B};

As with any block cipher, it can be used in the ECB, CBC, OFB and CFB modes of operation, as well as in a MAC algorithm such as HMAC.

OIDs have been published for all these uses. A list may be seen at http://www.alvestrand.no/objectid/1.2.410.200004.1.html

 
Functions
           
Mechanism
Encrypt
&
Decrypt
Sign
&
Verify
SR
&
VR1
Digest
Gen.
Key/
Key
Pair
Wrap
&
Unwrap
Derive
CKM_SEED_KEY_GEN        
X
   
CKM_SEED_ECB    
X
       
CKM_SEED_CBC    
X
       
CKM_SEED_CBC_PAD
X
       
X
 
CKM_SEED_MAC_GENERAL    
X
       
CKM_SEED_MAC      
X
     
CKM_SEED_ECB_ENCRYPT_DATA            
X
CKM_SEED_CBC_ENCRYPT_DATA            
X

This section defines the key type "CKK_SEED" for type CK_KEY_TYPE as used in the CKA_KEY_TYPE attribute of key objects.

Mechanisms:

CKM_SEED_KEY_GEN 
CKM_SEED_ECB 
CKM_SEED_CBC 
CKM_SEED_MAC 
CKM_SEED_MAC_GENERAL 
CKM_SEED_CBC_PAD

For all of these mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO are always 16.


RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v230mechanism1