PKCS#11
|
| Cryptographic Token Interface Standard |
PKCS#11 |
Data Fields | |
| CK_ULONG | ulEffectiveBits |
| the effective number of bits in the RC2 search space. More... | |
| CK_ULONG | ulMacLength |
| length of the MAC produced, in bytes. More... | |
| ulEffectiveBits | the effective number of bits in the RC2 search space |
| ulMacLength | length of the MAC produced, in bytes CK_RC2_MAC_GENERAL_PARAMS_PTR |
CK_RC2_MAC_GENERAL_PARAMS_PTR points to a CK_RC2_MAC_GENERAL_PARAMS structure. It is implementation-dependent.
RC2 mechanisms
RC2 key generation
The RC2 key generation mechanism, denoted CKM_RC2_KEY_GEN, is a key generation mechanism for RSA Data Security's proprietary block cipher RC2.
It does not have a parameter.
The mechanism generates RC2 keys with a particular length in bytes, as specified in the CKA_VALUE_LEN attribute of the template for the key.
The mechanism contributes the CKA_CLASS, CKA_KEY_TYPE, and CKA_VALUE attributes to the new key. Other attributes supported by the RC2 key type (specifically, the flags indicating which functions the key supports) may be specified in the template for the key, or else are assigned default initial values.
For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the supported range of RC2 key sizes, in bits.
RC2-ECB
RC2-ECB, denoted CKM_RC2_ECB, is a mechanism for single- and multiple-part encryption and decryption; key wrapping; and key unwrapping, based on RSA Data Security's proprietary block cipher RC2 and electronic codebook mode as defined in FIPS PUB 81.
It has a parameter, a CK_RC2_PARAMS, which indicates the effective number of bits in the RC2 search space.
This mechanism can wrap and unwrap any secret key. Of course, a particular token may not be able to wrap/unwrap every secret key that it supports. For wrapping, the mechanism encrypts the value of the CKA_VALUE attribute of the key that is wrapped, padded on the trailing end with up to seven null bytes so that the resulting length is a multiple of eight. The output data is the same length as the padded input data. It does not wrap the key type, key length, or any other information about the key; the application must convey these separately.
For unwrapping, the mechanism decrypts the wrapped key, and truncates the result according to the CKA_KEY_TYPE attribute of the template and, if it has one, and the key type supports it, the CKA_VALUE_LEN attribute of the template. The mechanism contributes the result as the CKA_VALUE attribute of the new key; other attributes required by the key type must be specified in the template.
Constraints on key types and the length of data are summarized in the following table:
Table 10-11, RC2-ECB: Key And Data Length Constraints
| Function | Key type | Comments | ||
| C_Encrypt | no final part | |||
| C_Decrypt | no final part | |||
| C_WrapKey | ||||
| C_UnwrapKey |
For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the supported range of RC2 effective number of bits.
RC2-CBC
RC2-CBC, denoted CKM_RC2_CBC, is a mechanism for single- and multiple-part encryption and decryption; key wrapping; and key unwrapping, based on RSA Data Security's proprietary block cipher RC2 and cipher-block chaining mode as defined in FIPS PUB 81.
It has a parameter, a CK_RC2_CBC_PARAMS structure, where the first field indicates the effective number of bits in the RC2 search space, and the next field is the initialization vector for cipher block chaining mode.
This mechanism can wrap and unwrap any secret key. Of course, a particular token may not be able to wrap/unwrap every secret key that it supports. For wrapping, the mechanism encrypts the value of the CKA_VALUE attribute of the key that is wrapped, padded on the trailing end with up to seven null bytes so that the resulting length is a multiple of eight. The output data is the same length as the padded input data. It does not wrap the key type, key length, or any other information about the key; the application must convey these separately.
For unwrapping, the mechanism decrypts the wrapped key, and truncates the result according to the CKA_KEY_TYPE attribute of the template and, if it has one, and the key type supports it, the CKA_VALUE_LEN attribute of the template. The mechanism contributes the result as the CKA_VALUE attribute of the new key; other attributes required by the key type must be specified in the template.
Constraints on key types and the length of data are summarized in the following table:
Table 10-12, RC2-CBC: Key And Data Length Constraints
| Function | Key type | Comments | ||
| C_Encrypt | no final part | |||
| C_Decrypt | no final part | |||
| C_WrapKey | ||||
| C_UnwrapKey |
For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the supported range of RC2 effective number of bits.
RC2-CBC with PKCS padding
RC2-CBC with PKCS padding, denoted CKM_RC2_CBC_PAD, is a mechanism for single- and multiple-part encryption and decryption; key wrapping; and key unwrapping, based on RSA Data Security's proprietary block cipher RC2; cipher-block chaining mode as defined in FIPS PUB 81; and the block cipher padding method detailed in PKCS #7.
It has a parameter, a CK_RC2_CBC_PARAMS structure, where the first field indicates the effective number of bits in the RC2 search space, and the next field is the initialization vector.
The PKCS padding in this mechanism allows the length of the plaintext value to be recovered from the ciphertext value. Therefore, when unwrapping keys with this mechanism, no value should be specified for the CKA_VALUE_LEN attribute.
In addition to being able to wrap and unwrap secret keys, this mechanism can wrap and unwrap RSA, Diffie-Hellman, and DSA private keys (see Section for details). The entries in Table 10 -13 for data length constraints when wrapping and unwrapping keys do not apply to wrapping and unwrapping private keys.
Constraints on key types and the length of data are summarized in the following table:
Table 10-13, RC2-CBC with PKCS padding: Key And Data Length Constraints
| Function | Key type | ||
| C_Encrypt | |||
| C_Decrypt | |||
| C_WrapKey | |||
| C_UnwrapKey |
For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the supported range of RC2 effective number of bits.
General-length RC2-MAC
General-length RC2-MAC, denoted CKM_RC2_MAC_GENERAL, is a mechanism for single- and multiple-part signatures and verification, based on RSA Data Security's proprietary block cipher RC2 and data authentication as defined in FIPS PUB 113.
It has a parameter, a CK_RC2_MAC_GENERAL_PARAMS structure, which specifies the effective number of bits in the RC2 search space and the output length desired from the mechanism.
The output bytes from this mechanism are taken from the start of the final RC2 cipher block produced in the MACing process.
Constraints on key types and the length of data are summarized in the following table:
Table 10-14, General-length RC2-MAC: Key And Data Length Constraints
| Function | Key type | ||
| C_Sign | |||
| C_Verify |
For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the supported range of RC2 effective number of bits.
RC2-MAC
RC2-MAC, denoted by CKM_RC2_MAC, is a special case of the general-length RC2-MAC mechanism (see Section). Instead of taking a CK_RC2_MAC_GENERAL_PARAMS parameter, it takes a CK_RC2_PARAMS parameter, which only contains the effective number of bits in the RC2 search space. RC2-MAC always produces and verifies 4-byte MACs.
Constraints on key types and the length of data are summarized in the following table:
Table 10-15, RC2-MAC: Key And Data Length Constraints
| Function | Key type | ||
| C_Sign | |||
| C_Verify |
For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the supported range of RC2 effective number of bits.
RC4 mechanisms
RC4 key generation
The RC4 key generation mechanism, denoted CKM_RC4_KEY_GEN, is a key generation mechanism for RSA Data Security's proprietary stream cipher RC4.
It does not have a parameter.
The mechanism generates RC4 keys with a particular length in bytes, as specified in the CKA_VALUE_LEN attribute of the template for the key.
The mechanism contributes the CKA_CLASS, CKA_KEY_TYPE, and CKA_VALUE attributes to the new key. Other attributes supported by the RC4 key type (specifically, the flags indicating which functions the key supports) may be specified in the template for the key, or else are assigned default initial values.
For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the supported range of RC4 key sizes, in bits.
RC4
RC4, denoted CKM_RC4, is a mechanism for single- and multiple-part encryption and decryption based on RSA Data Security's proprietary stream cipher RC4.
It does not have a parameter.
Constraints on key types and the length of input and output data are summarized in the following table:
Table 10-16, RC4 Key And Data Length Constraints
| Function | Key type | Comments | ||
| C_Encrypt | no final part | |||
| C_Decrypt | no final part |
For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the supported range of RC4 key sizes, in bits.
The RC5 cipher
RC5 is a parametrizable block cipher for which RSA Data Security has applied for a patent. It has a variable wordsize, a variable keysize, and a variable number of rounds. The blocksize of RC5 is always equal to twice its wordsize.
RC5 mechanism parameters
|
|
the effective number of bits in the RC2 search space. |
|
|
length of the MAC produced, in bytes. |