Cryptographic Token Interface Standard

PKCS#11

EC mechanism parameters

CK_EC_KDF_TYPE, CK_EC_KDF_TYPE_PTR

CK_EC_KDF_TYPE is used to indicate the Key Derivation Function (KDF) applied to derive keying data from a shared secret. The key derivation function will be used by the EC key agreement schemes. It is defined as follows: 

typedef CK_ULONG CK_EC_KDF_TYPE;

The following table lists the defined functions. 




 Table 78, EC: Key Derivation Functions   
Source Identifier  Value    


CKD_NULL 0x00000001   


CKD_ SHA1_KDF 0x00000002  

 



The key derivation function CKD_NULL produces a raw shared secret value without applying any key derivation function whereas the key derivation function CKD_SHA1_KDF, which is  based on SHA-1, derives keying data from the shared secret value as defined in the ANSI X9.63 draft.


CK_EC_KDF_TYPE_PTR is a pointer to a CK_EC_KDF_TYPE.



 CK_ECDH1_DERIVE_PARAMS, CK_ECDH1_DERIVE_PARAMS_PTR

 CK_ECDH1_DERIVE_PARAMS is a structure that provides the parameters for the  CKM_ECDH1_DERIVE and  CKM_ECDH1_COFACTOR_DERIVE key derivation mechanisms, where each party contributes one key pair. The structure is defined as follows:







typedef struct CK_ECDH1_DERIVE_PARAMS {
CK_EC_KDF_TYPE kdf;
CK_ULONG ulSharedDataLen;
CK_BYTE_PTR pSharedData;
CK_ULONG ulPublicDataLen;
CK_BYTE_PTR pPublicData;
} CK_ECDH1_DERIVE_PARAMS;




 
kdf key derivation function used on the shared secret value 


ulSharedDataLen the length in bytes of the shared info 


pSharedData some data shared between the two parties 


ulPublicDataLen the length in bytes of the other party's EC public key 


pPublicData pointer to other party's EC public key value 




With the key derivation function CKD_NULL, pSharedData must be NULL and ulSharedDataLen must be zero. With the key derivation function CKD_SHA1_KDF, an optional pSharedData may be supplied, which consists of some data shared by the two parties intending to share the shared secret. Otherwise, pSharedData must be NULL and ulSharedDataLen must be zero.


CK_ECDH1_DERIVE_PARAMS_PTR is a pointer to a CK_ECDH1_DERIVE_PARAMS.



 CK_ECDH2_DERIVE_PARAMS, CK_ECDH2_DERIVE_PARAMS_PTR

  CK_ECDH2_DERIVE_PARAMS is a structure that provides the parameters to the  CKM_ECMQV_DERIVE key derivation mechanism, where each party contributes two key pairs. The structure is defined as follows:







typedef struct CK_ECDH2_DERIVE_PARAMS {
CK_EC_KDF_TYPE kdf;
CK_ULONG ulSharedDataLen;
CK_BYTE_PTR pSharedData;
CK_ULONG ulPublicDataLen;
CK_BYTE_PTR pPublicData;
CK_ULONG ulPrivateDataLen;
CK_OBJECT_HANDLE hPrivateData;
CK_ULONG ulPublicDataLen2;
CK_BYTE_PTR pPublicData2;
} CK_ECDH2_DERIVE_PARAMS;




 
kdf key derivation function used on the shared secret value 


ulSharedDataLen the length in bytes of the shared info 


pSharedData some data shared between the two parties 


ulPublicDataLen the length in bytes of the other party's first EC public key 


pPublicData pointer to other party's first EC public key value 


ulPrivateDataLen the length in bytes of the second EC private key 


hPrivateData key handle for second EC private key value 


ulPublicDataLen2 the length in bytes of the other party's second EC public key 


pPublicData2 pointer to other party's second EC public key value 




With the key derivation function CKD_NULL, pSharedData must be NULL and ulSharedDataLen must be zero. With the key derivation function CKD_SHA1_KDF, an optional pSharedData may be supplied, which consists of some data shared by the two parties intending to share the shared secret. Otherwise, pSharedData must be NULL and ulSharedDataLen must be zero.


CK_ECDH2_DERIVE_PARAMS_PTR is a pointer to a CK_ECDH2_DERIVE_PARAMS.


 
 



RSA Security Inc. Public-Key Cryptography Standards - 
PKCS#11 - v211