![]() | Cryptographic Token Interface Standard |
PKCS#11 |
Data Fields | |
CK_ULONG | ulOldWrappedXLen |
length of old wrapped key in bytes. More... | |
CK_BYTE_PTR | pOldWrappedX |
pointer to old wrapper key. More... | |
CK_ULONG | ulOldPasswordLen |
length of the old password. More... | |
CK_BYTE_PTR | pOldPassword |
pointer to the buffer which contains the old user-supplied password. More... | |
CK_ULONG | ulOldPublicDataLen |
old key exchange public key size. More... | |
CK_BYTE_PTR | pOldPublicData |
pointer to old key exchange public key value. More... | |
CK_ULONG | ulOldRandomLen |
size of old random Ra in bytes. More... | |
CK_BYTE_PTR | pOldRandomA |
pointer to old Ra data. More... | |
CK_ULONG | ulNewPasswordLen |
length of the new password. More... | |
CK_BYTE_PTR | pNewPassword |
pointer to the buffer which contains the new user-supplied password. More... | |
CK_ULONG | ulNewPublicDataLen |
new key exchange public key size. More... | |
CK_BYTE_PTR | pNewPublicData |
pointer to new key exchange public key value. More... | |
CK_ULONG | ulNewRandomLen |
size of new random Ra in bytes. More... | |
CK_BYTE_PTR | pNewRandomA |
pointer to new Ra data. More... |
ulOldWrappedXLen | length of old wrapped key in bytes |
pOldWrappedX | pointer to old wrapper key |
ulOldPasswordLen | length of the old password |
pOldPassword | pointer to the buffer which contains the old user-supplied password |
ulOldPublicDataLen | old key exchange public key size |
pOldPublicData | pointer to old key exchange public key value |
ulOldRandomLen | size of old random Ra in bytes |
pOldRandomA | pointer to old Ra data |
ulNewPasswordLen | length of the new password |
pNewPassword | pointer to the buffer which contains the new user-supplied password |
ulNewPublicDataLen | new key exchange public key size |
pNewPublicData | pointer to new key exchange public key value |
ulNewRandomLen | size of new random Ra in bytes |
pNewRandomA | pointer to new Ra data CK_SKIPJACK_RELAYX_PARAMS_PTR |
CK_SKIPJACK_RELAYX_PARAMS_PTR points to a CK_SKIPJACK_RELAYX_PARAMS structure. It is implementation-dependent.
SKIPJACK mechanisms
SKIPJACK key generation
The SKIPJACK key generation mechanism, denoted CKM_SKIPJACK_KEY_GEN, is a key generation mechanism for SKIPJACK. The output of this mechanism is called a Message Encryption Key (MEK).
It does not have a parameter.
The mechanism contributes the CKA_CLASS, CKA_KEY_TYPE, and CKA_VALUE attributes to the new key.
SKIPJACK-ECB64
SKIPJACK-ECB64, denoted CKM_SKIPJACK_ECB64, is a mechanism for single- and multiple-part encryption and decryption with SKIPJACK in 64-bit electronic codebook mode as defined in FIPS PUB 185.
It has a parameter, a 24-byte initialization vector. During an encryption operation, this IV is set to some value generated by the token"in other words, the application cannot specify a particular IV when encrypting. It can, of course, specify a particular IV when decrypting.
Constraints on key types and the length of data are summarized in the following table:
Table 10-27, SKIPJACK-ECB64: Data and Length Constraints
Function | Key type | Output length | Comments | |
C_Encrypt | same as input length | no final part | ||
C_Decrypt | same as input length | no final part |
SKIPJACK-CBC64
SKIPJACK-CBC64, denoted CKM_SKIPJACK_CBC64, is a mechanism for single- and multiple-part encryption and decryption with SKIPJACK in 64-bit cipher-block chaining mode as defined in FIPS PUB 185.
It has a parameter, a 24-byte initialization vector. During an encryption operation, this IV is set to some value generated by the token"in other words, the application cannot specify a particular IV when encrypting. It can, of course, specify a particular IV when decrypting.
Constraints on key types and the length of data are summarized in the following table:
Table 10-28, SKIPJACK-CBC64: Data and Length Constraints
Function | Key type | Output length | Comments | |
C_Encrypt | same as input length | no final part | ||
C_Decrypt | same as input length | no final part |
SKIPJACK-OFB64
SKIPJACK-OFB64, denoted CKM_SKIPJACK_OFB64, is a mechanism for single- and multiple-part encryption and decryption with SKIPJACK in 64-bit output feedback mode as defined in FIPS PUB 185.
It has a parameter, a 24-byte initialization vector. During an encryption operation, this IV is set to some value generated by the token"in other words, the application cannot specify a particular IV when encrypting. It can, of course, specify a particular IV when decrypting.
Constraints on key types and the length of data are summarized in the following table:
Table 10-29, SKIPJACK-OFB64: Data and Length Constraints
Function | Key type | Output length | Comments | |
C_Encrypt | same as input length | no final part | ||
C_Decrypt | same as input length | no final part |
SKIPJACK-CFB64
SKIPJACK-CFB64, denoted CKM_SKIPJACK_CFB64, is a mechanism for single- and multiple-part encryption and decryption with SKIPJACK in 64-bit cipher feedback mode as defined in FIPS PUB 185.
It has a parameter, a 24-byte initialization vector. During an encryption operation, this IV is set to some value generated by the token"in other words, the application cannot specify a particular IV when encrypting. It can, of course, specify a particular IV when decrypting.
Constraints on key types and the length of data are summarized in the following table:
Table 10-30, SKIPJACK-CFB64: Data and Length Constraints
Function | Key type | Output length | Comments | |
C_Encrypt | same as input length | no final part | ||
C_Decrypt | same as input length | no final part |
SKIPJACK-CFB32
SKIPJACK-CFB32, denoted CKM_SKIPJACK_CFB32, is a mechanism for single- and multiple-part encryption and decryption with SKIPJACK in 32-bit cipher feedback mode as defined in FIPS PUB 185.
It has a parameter, a 24-byte initialization vector. During an encryption operation, this IV is set to some value generated by the token"in other words, the application cannot specify a particular IV when encrypting. It can, of course, specify a particular IV when decrypting.
Constraints on key types and the length of data are summarized in the following table:
Table 10-31, SKIPJACK-CFB32: Data and Length Constraints
Function | Key type | Output length | Comments | |
C_Encrypt | same as input length | no final part | ||
C_Decrypt | same as input length | no final part |
SKIPJACK-CFB16
SKIPJACK-CFB16, denoted CKM_SKIPJACK_CFB16, is a mechanism for single- and multiple-part encryption and decryption with SKIPJACK in 16-bit cipher feedback mode as defined in FIPS PUB 185.
It has a parameter, a 24-byte initialization vector. During an encryption operation, this IV is set to some value generated by the token"in other words, the application cannot specify a particular IV when encrypting. It can, of course, specify a particular IV when decrypting.
Constraints on key types and the length of data are summarized in the following table:
Table 10-32, SKIPJACK-CFB16: Data and Length Constraints
Function | Key type | Output length | Comments | |
C_Encrypt | same as input length | no final part | ||
C_Decrypt | same as input length | no final part |
SKIPJACK-CFB8
SKIPJACK-CFB8, denoted CKM_SKIPJACK_CFB8, is a mechanism for single- and multiple-part encryption and decryption with SKIPJACK in 8-bit cipher feedback mode as defined in FIPS PUB 185.
It has a parameter, a 24-byte initialization vector. During an encryption operation, this IV is set to some value generated by the token"in other words, the application cannot specify a particular IV when encrypting. It can, of course, specify a particular IV when decrypting.
Constraints on key types and the length of data are summarized in the following table:
Table 10-33, SKIPJACK-CFB8: Data and Length Constraints
Function | Key type | Output length | Comments | |
C_Encrypt | same as input length | no final part | ||
C_Decrypt | same as input length | no final part |
SKIPJACK-WRAP
The SKIPJACK-WRAP mechanism, denoted CKM_SKIPJACK_WRAP, is used to wrap and unwrap a secret key (MEK). It can wrap or unwrap SKIPJACK, BATON, and JUNIPER keys.
It does not have a parameter.
SKIPJACK-PRIVATE-WRAP
The SKIPJACK-PRIVATE-WRAP mechanism, denoted CKM_SKIPJACK_PRIVATE_WRAP, is used to wrap and unwrap a private key. It can wrap KEA and DSA private keys.
It has a parameter, a CK_SKIPJACK_PRIVATE_WRAP_PARAMS structure
SKIPJACK-RELAYX
The SKIPJACK-RELAYX mechanism, denoted CKM_SKIPJACK_RELAYX, is used with the C_WrapKey function to "change the wrapping" on a private key which was wrapped with the SKIPJACK-PRIVATE-WRAP mechanism (see Section).
It has a parameter, a CK_SKIPJACK_RELAYX_PARAMS structure.
Although the SKIPJACK-RELAYX mechanism is used with C_WrapKey, it differs from other key-wrapping mechanisms. Other key-wrapping mechanisms take a key handle as one of the arguments to C_WrapKey ; however, for the SKIPJACK_RELAYX mechanism, the [always invalid] value 0 should be passed as the key handle for C_WrapKey, and the already-wrapped key is passed in as part of the CK_SKIPJACK_RELAYX_PARAMS structure.
BATON mechanisms
BATON key generation
The BATON key generation mechanism, denoted CKM_BATON_KEY_GEN, is a key generation mechanism for BATON. The output of this mechanism is called a Message Encryption Key (MEK).
It does not have a parameter.
This mechanism contributes the CKA_CLASS, CKA_KEY_TYPE, and CKA_VALUE attributes to the new key.
BATON-ECB128
BATON-ECB128, denoted CKM_BATON_ECB128, is a mechanism for single- and multiple-part encryption and decryption with BATON in 128-bit electronic codebook mode.
It has a parameter, a 24-byte initialization vector. During an encryption operation, this IV is set to some value generated by the token"in other words, the application cannot specify a particular IV when encrypting. It can, of course, specify a particular IV when decrypting.
Constraints on key types and the length of data are summarized in the following table:
Table 10-34, BATON-ECB128: Data and Length Constraints
Function | Key type | Output length | Comments | |
C_Encrypt | same as input length | no final part | ||
C_Decrypt | same as input length | no final part |
BATON-ECB96
BATON-ECB96, denoted CKM_BATON_ECB96, is a mechanism for single- and multiple-part encryption and decryption with BATON in 96-bit electronic codebook mode.
It has a parameter, a 24-byte initialization vector. During an encryption operation, this IV is set to some value generated by the token"in other words, the application cannot specify a particular IV when encrypting. It can, of course, specify a particular IV when decrypting.
Constraints on key types and the length of data are summarized in the following table:
Table 10-35, BATON-ECB96: Data and Length Constraints
Function | Key type | Output length | Comments | |
C_Encrypt | same as input length | no final part | ||
C_Decrypt | same as input length | no final part |
BATON-CBC128
BATON-CBC128, denoted CKM_BATON_CBC128, is a mechanism for single- and multiple-part encryption and decryption with BATON in 128-bit cipher-block chaining mode.
It has a parameter, a 24-byte initialization vector. During an encryption operation, this IV is set to some value generated by the token"in other words, the application cannot specify a particular IV when encrypting. It can, of course, specify a particular IV when decrypting.
Constraints on key types and the length of data are summarized in the following table:
Table 10-36, BATON-CBC128: Data and Length Constraints
Function | Key type | Output length | Comments | |
C_Encrypt | same as input length | no final part | ||
C_Decrypt | same as input length | no final part |
BATON-COUNTER
BATON-COUNTER, denoted CKM_BATON_COUNTER, is a mechanism for single- and multiple-part encryption and decryption with BATON in counter mode.
It has a parameter, a 24-byte initialization vector. During an encryption operation, this IV is set to some value generated by the token"in other words, the application cannot specify a particular IV when encrypting. It can, of course, specify a particular IV when decrypting.
Constraints on key types and the length of data are summarized in the following table:
Table 10-37, BATON-COUNTER: Data and Length Constraints
Function | Key type | Output length | Comments | |
C_Encrypt | same as input length | no final part | ||
C_Decrypt | same as input length | no final part |
BATON-SHUFFLE
BATON-SHUFFLE, denoted CKM_BATON_SHUFFLE, is a mechanism for single- and multiple-part encryption and decryption with BATON in shuffle mode.
It has a parameter, a 24-byte initialization vector. During an encryption operation, this IV is set to some value generated by the token"in other words, the application cannot specify a particular IV when encrypting. It can, of course, specify a particular IV when decrypting.
Constraints on key types and the length of data are summarized in the following table:
Table 10-38, BATON-SHUFFLE: Data and Length Constraints
Function | Key type | Output length | Comments | |
C_Encrypt | same as input length | no final part | ||
C_Decrypt | same as input length | no final part |
BATON WRAP
The BATON wrap and unwrap mechanism, denoted CKM_BATON_WRAP, is a function used to wrap and unwrap a secret key (MEK). It can wrap and unwrap SKIPJACK, BATON, and JUNIPER keys.
It has no parameters.
When used to unwrap a key, this mechanism contributes the CKA_CLASS, CKA_KEY_TYPE, and CKA_VALUE attributes to it.
JUNIPER mechanisms
JUNIPER key generation
The JUNIPER key generation mechanism, denoted CKM_JUNIPER_KEY_GEN, is a key generation mechanism for JUNIPER. The output of this mechanism is called a Message Encryption Key (MEK).
It does not have a parameter.
The mechanism contributes the CKA_CLASS, CKA_KEY_TYPE, and CKA_VALUE attributes to the new key.
JUNIPER-ECB128
JUNIPER-ECB128, denoted CKM_JUNIPER_ECB128, is a mechanism for single- and multiple-part encryption and decryption with JUNIPER in 128-bit electronic codebook mode.
It has a parameter, a 24-byte initialization vector. During an encryption operation, this IV is set to some value generated by the token"in other words, the application cannot specify a particular IV when encrypting. It can, of course, specify a particular IV when decrypting.
Constraints on key types and the length of data are summarized in the following table. For encryption and decryption, the input and output data (parts) may begin at the same location in memory.
Table 10-39, JUNIPER-ECB128: Data and Length Constraints
Function | Key type | Output length | Comments | |
C_Encrypt | same as input length | no final part | ||
C_Decrypt | same as input length | no final part |
JUNIPER-CBC128
JUNIPER-CBC128, denoted CKM_JUNIPER_CBC128, is a mechanism for single- and multiple-part encryption and decryption with JUNIPER in 128-bit cipher-block chaining mode.
It has a parameter, a 24-byte initialization vector. During an encryption operation, this IV is set to some value generated by the token"in other words, the application cannot specify a particular IV when encrypting. It can, of course, specify a particular IV when decrypting.
Constraints on key types and the length of data are summarized in the following table. For encryption and decryption, the input and output data (parts) may begin at the same location in memory.
Table 10-40, JUNIPER-CBC128: Data and Length Constraints
Function | Key type | Output length | Comments | |
C_Encrypt | same as input length | no final part | ||
C_Decrypt | same as input length | no final part |
JUNIPER-COUNTER
JUNIPER COUNTER, denoted CKM_JUNIPER_COUNTER, is a mechanism for single- and multiple-part encryption and decryption with JUNIPER in counter mode.
It has a parameter, a 24-byte initialization vector. During an encryption operation, this IV is set to some value generated by the token"in other words, the application cannot specify a particular IV when encrypting. It can, of course, specify a particular IV when decrypting.
Constraints on key types and the length of data are summarized in the following table. For encryption and decryption, the input and output data (parts) may begin at the same location in memory.
Table 10-41, JUNIPER-COUNTER: Data and Length Constraints
Function | Key type | Output length | Comments | |
C_Encrypt | same as input length | no final part | ||
C_Decrypt | same as input length | no final part |
JUNIPER-SHUFFLE
JUNIPER-SHUFFLE, denoted CKM_JUNIPER_SHUFFLE, is a mechanism for single- and multiple-part encryption and decryption with JUNIPER in shuffle mode.
It has a parameter, a 24-byte initialization vector. During an encryption operation, this IV is set to some value generated by the token"in other words, the application cannot specify a particular IV when encrypting. It can, of course, specify a particular IV when decrypting.
Constraints on key types and the length of data are summarized in the following table. For encryption and decryption, the input and output data (parts) may begin at the same location in memory.
Table 10-42, JUNIPER-SHUFFLE: Data and Length Constraints
Function | Key type | Output length | Comments | |
C_Encrypt | same as input length | no final part | ||
C_Decrypt | same as input length | no final part |
JUNIPER WRAP
The JUNIPER wrap and unwrap mechanism, denoted CKM_JUNIPER_WRAP, is a function used to wrap and unwrap an MEK. It can wrap or unwrap SKIPJACK, BATON, and JUNIPER keys.
It has no parameters.
When used to unwrap a key, this mechanism contributes the CKA_CLASS, CKA_KEY_TYPE, and CKA_VALUE attributes to it.
MD2 mechanisms
MD2
The MD2 mechanism, denoted CKM_MD2, is a mechanism for message digesting, following the MD2 message-digest algorithm defined in RFC 1319.
It does not have a parameter.
Constraints on the length of data are summarized in the following table:
Table 10-43, MD2: Data Length Constraints
Function | ||
C_Digest |
General-length MD2-HMAC
The general-length MD2-HMAC mechanism, denoted CKM_MD2_HMAC_GENERAL, is a mechanism for signatures and verification. It uses the HMAC construction, based on the MD2 hash function. The keys it uses are generic secret keys.
It has a parameter, a CKA_MAC_GENERAL_PARAMS, which holds the length in bytes of the desired output. This length should be in the range 0-16 (the output size of MD2 is 16 bytes). Signatures produced by this mechanism will be taken from the start of the full 16-byte HMAC output.
Table 10-44, General-length MD2-HMAC: Key And Data Length Constraints
Function | Key type | ||
C_Sign | |||
C_Verify |
MD2-HMAC
The MD2-HMAC mechanism, denoted CKM_MD2_HMAC, is a special case of the general-length MD2-HMAC mechanism in Section .
It has no parameter, and always produces an output of length 16.
MD2 key derivation
MD2 key derivation, denoted CKM_MD2_KEY_DERIVATION, is a mechanism which provides the capability of deriving a secret key by digesting the value of another secret key with MD2.
The value of the base key is digested once, and the result is used to make the value of derived secret key.
This mechanism has the following rules about key sensitivity and extractability:
The MD5 mechanism, denoted CKM_MD5, is a mechanism for message digesting, following the MD5 message-digest algorithm defined in RFC 1321.
It does not have a parameter.
Constraints on the length of input and output data are summarized in the following table. For single-part digesting, the data and the digest may begin at the same location in memory.
Table 10-45, MD5: Data Length Constraints
Function | ||
C_Digest |
General-length MD5-HMAC
The general-length MD5-HMAC mechanism, denoted CKM_MD5_HMAC_GENERAL, is a mechanism for signatures and verification. It uses the HMAC construction, based on the MD5 hash function. The keys it uses are generic secret keys.
It has a parameter, a CKA_MAC_GENERAL_PARAMS, which holds the length in bytes of the desired output. This length should be in the range 0-16 (the output size of MD5 is 16 bytes). Signatures produced by this mechanism will be taken from the start of the full 16-byte HMAC output.
Table 10-46, General-length MD5-HMAC: Key And Data Length Constraints
Function | Key type | ||
C_Sign | |||
C_Verify |
MD5-HMAC
The MD5-HMAC mechanism, denoted CKM_MD5_HMAC, is a special case of the general-length MD5-HMAC mechanism in Section .
It has no parameter, and always produces an output of length 16.
MD5 key derivation
MD5 key derivation, denoted CKM_MD5_KEY_DERIVATION, is a mechanism which provides the capability of deriving a secret key by digesting the value of another secret key with MD5.
The value of the base key is digested once, and the result is used to make the value of derived secret key.
This mechanism has the following rules about key sensitivity and extractability:
The SHA-1 mechanism, denoted CKM_SHA_1, is a mechanism for message digesting, following the Secure Hash Algorithm defined in FIPS PUB 180, as subsequently amended by NIST.
It does not have a parameter.
Constraints on the length of input and output data are summarized in the following table. For single-part digesting, the data and the digest may begin at the same location in memory.
Table 10-47, SHA-1: Data Length Constraints
Function | ||
C_Digest |
General-length SHA-1-HMAC
The general-length SHA-1-HMAC mechanism, denoted CKM_SHA_1_HMAC_GENERAL, is a mechanism for signatures and verification. It uses the HMAC construction, based on the SHA-1 hash function. The keys it uses are generic secret keys.
It has a parameter, a CKA_MAC_GENERAL_PARAMS, which holds the length in bytes of the desired output. This length should be in the range 0-20 (the output size of SHA-1 is 20 bytes). Signatures produced by this mechanism will be taken from the start of the full 20-byte HMAC output.
Table 10-48, General-length SHA-1-HMAC: Key And Data Length Constraints
Function | Key type | ||
C_Sign | |||
C_Verify |
SHA-1-HMAC
The SHA-1-HMAC mechanism, denoted CKM_SHA_1_HMAC, is a special case of the general-length SHA-1-HMAC mechanism in Section .
It has no parameter, and always produces an output of length 20.
SHA-1 key derivation
SHA-1 key derivation, denoted CKM_SHA1_KEY_DERIVATION, is a mechanism which provides the capability of deriving a secret key by digesting the value of another secret key with SHA-1.
The value of the base key is digested once, and the result is used to make the value of derived secret key.
This mechanism has the following rules about key sensitivity and extractability:
The FASTHASH mechanism, denoted CKM_FASTHASH, is a mechanism for message digesting, following the U. S. government's algorithm.
It does not have a parameter.
Constraints on the length of input and output data are summarized in the following table:
Table 10-49, FASTHASH: Data Length Constraints
Function | ||
C_Digest |
Password-based encryption mechanism parameters
|
length of old wrapped key in bytes. |
|
pointer to old wrapper key. |
|
length of the old password. |
|
pointer to the buffer which contains the old user-supplied password. |
|
old key exchange public key size. |
|
pointer to old key exchange public key value. |
|
size of old random Ra in bytes. |
|
pointer to old Ra data. |
|
length of the new password. |
|
pointer to the buffer which contains the new user-supplied password. |
|
new key exchange public key size. |
|
pointer to new key exchange public key value. |
|
size of new random Ra in bytes. |
|
pointer to new Ra data. |