Cryptographic Token Interface Standard

PKCS#11

CK_ECDH1_DERIVE_PARAMS Reference

CK_ECDH1_DERIVE_PARAMS, CK_ECDH1_DERIVE_PARAMS_PTR

CK_ECDH1_DERIVE_PARAMS is a structure that provides the parameters for the CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE key derivation mechanisms, where each party contributes one key pair. More...


Data Fields

CK_EC_KDF_TYPE kdf
 key derivation function used on the shared secret value. More...

CK_ULONG ulSharedDataLen
 the length in bytes of the shared info. More...

CK_BYTE_PTR pSharedData
 some data shared between the two parties. More...

CK_ULONG ulPublicDataLen
 the length in bytes of the other party's EC public key. More...

CK_BYTE_PTR pPublicData
 

''The encoding in V2.20 was not specified and resulted in different implementations choosing different encodings. More...

Detailed Description

CK_ECDH1_DERIVE_PARAMS, CK_ECDH1_DERIVE_PARAMS_PTR

CK_ECDH1_DERIVE_PARAMS is a structure that provides the parameters for the CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE key derivation mechanisms, where each party contributes one key pair. The structure is defined as follows:
kdf key derivation function used on the shared secret value
ulSharedDataLen the length in bytes of the shared info
pSharedData some data shared between the two parties
ulPublicDataLen the length in bytes of the other party's EC public key
pPublicData

''The encoding in V2.20 was not specified and resulted in different implementations choosing different encodings. Applications relying only on a V2.20 encoding (e.g. the DER variant) other than the one specified now (raw) may not work with all V2.30 compliant tokens.''

pointer to other party's EC public key value. A token MUST be able to accept this value encoded as a raw octet string (as per section A.5.2 of [ANSI X9.62]). A token MAY, in addition, support accepting this value as a DER-encoded ECPoint (as per section E.6 of [ANSI X9.62]) i.e. the same as a CKA_EC_POINT encoding. The calling application is responsible for converting the offered public key to the compressed or uncompressed forms of these encodings if the token does not support the offered form.'' ''

With the key derivation function CKD_NULL, pSharedData must be NULL and ulSharedDataLen must be zero. With the key derivation function CKD_SHA1_KDF, an optional pSharedData may be supplied, which consists of some data shared by the two parties intending to share the shared secret. Otherwise, pSharedData must be NULL and ulSharedDataLen must be zero.

CK_ECDH1_DERIVE_PARAMS_PTR is a pointer to a CK_ECDH1_DERIVE_PARAMS.

CK_ ECMQV _DERIVE_PARAMS, CK_ ECMQV _DERIVE_PARAMS_PTR

CK_ ECMQV_DERIVE_PARAMS is a structure that provides the parameters to the CKM_ECMQV_DERIVE key derivation mechanism, where each party contributes two key pairs. The structure is defined as follows: 

 



Field Documentation





  

    
      

        

           CK_EC_KDF_TYPE kdf
      

    		
  





  

    
       
    
    



key derivation function used on the shared secret value.     

  







  

    
      

        

           CK_ULONG ulSharedDataLen
      

    		
  





  

    
       
    
    



the length in bytes of the shared info.     

  







  

    
      

        

           CK_BYTE_PTR pSharedData
      

    		
  





  

    
       
    
    



some data shared between the two parties.     

  







  

    
      

        

           CK_ULONG ulPublicDataLen
      

    		
  





  

    
       
    
    



the length in bytes of the other party's EC public key.     

  







  

    
      

        

           CK_BYTE_PTR pPublicData
      

    		
  





  

    
       
    
    







''The encoding in V2.20 was not specified and resulted in different implementations choosing different encodings. Applications relying only on a V2.20 encoding (e.g. the DER variant) other than the one specified now (raw) may not work with all V2.30 compliant tokens.''



pointer to other party's EC public key value. A token MUST be able to accept this value encoded as a raw octet string (as per section A.5.2 of [ANSI X9.62]). A token MAY, in addition, support accepting this value as a DER-encoded ECPoint (as per section E.6 of [ANSI X9.62]) i.e. the same as a CKA_EC_POINT encoding. The calling application is responsible for converting the offered public key to the compressed or uncompressed forms of these encodings if the token does not support the offered form.'' ''     

  







RSA Security Inc. Public-Key Cryptography Standards - 
PKCS#11 - v230