Cryptographic Token Interface Standard

PKCS#11

Elliptic Curve


Sections

EC Signatures
ECDSA public key objects
Elliptic curve private key objects
Elliptic curve key pair generation
ECDSA without hashing
ECDSA with SHA-1
EC mechanism parameters
Elliptic curve Diffie-Hellman key derivation
Elliptic curve Diffie-Hellman with cofactor key derivation
Elliptic curve Menezes-Qu-Vanstone key derivation

Detailed Description

The Elliptic Curve (EC) cryptosystem (also related to ECDSA) in this document is the one described in the ANSI X9.62 and X9.63 standards developed by the ANSI X9F1 working group. 




 Table 54, Mechanism Information Flags   
CKF_EC_F_P 0x00100000 True if the mechanism can be used with EC domain parameters over Fp    


CKF_EC_F_2M 0x00200000 True if the mechanism can be used with EC domain parameters over F 2 m    


CKF_EC_ECPARAMETERS 0x00400000 True if the mechanism can be used with EC domain parameters of the choice ecParameters    


CKF_EC_NAMEDCURVE 0x00800000 True if the mechanism can be used with EC domain parameters of the choice namedCurve    


CKF_EC_UNCOMPRESS 0x01000000 True if the mechanism can be used with elliptic curve point uncompressed   


CKF_EC_COMPRESS 0x02000000 True if the mechanism can be used with elliptic curve point compressed   

 



In these standards, there are two different varieties of EC defined:



    

  1. EC using a field with an odd prime number of elements (i.e. the finite field Fp ). 
    

    

  2. EC using a field of characteristic two (i.e. the finite field F 2 m ). 
    

    


An EC key in Cryptoki contains information about which variety of EC it is suited for. It is preferable that a Cryptoki library, which can perform EC mechanisms, be capable of performing operations with the two varieties of EC, however this is not required. The CK_MECHANISM_INFO structure CKF_EC_F_P flag identifies a Cryptoki library supporting EC keys over Fp  whereas the CKF_EC_F_2M flag identifies a Cryptoki library supporting EC keys over F 2 m  . A Cryptoki library that can perform EC mechanisms must set either or both of these flags for each EC mechanism.


In these specifications there are also three representation methods to define the domain parameters for an EC key. Only the ecParameters  and the namedCurve choices are supported in Cryptoki. The CK_MECHANISM_INFO structure CKF_EC_ECPARAMETERS flag identifies a Cryptoki library supporting the ecParameters choice whereas the CKF_EC_NAMEDCURVE flag identifies a Cryptoki library supporting the namedCurve choice. A Cryptoki library that can perform EC mechanisms must set either or both of these flags for each EC mechanism.


In these specifications, an EC public key (i.e. EC point Q) or the base point G when the ecParameters  choice is used can be represented as an octet string of the uncompressed form or the compressed form. The CK_MECHANISM_INFO structure CKF_EC_UNCOMPRESS  flag identifies a Cryptoki library supporting the uncompressed form whereas the CKF_EC_COMPRESS flag identifies a Cryptoki library supporting the compressed form. A Cryptoki library that can perform EC mechanisms must set either or both of these flags for each EC mechanism.


Note that an implementation of a Cryptoki library supporting EC with only one variety, one representation of domain parameters or one form may encounter difficulties achieving interoperability with other implementations.


If an attempt to create, generate, derive, or unwrap an EC key of an unsupported variety (or of an unsupported size of a supported variety) is made, that attempt should fail with the error code CKR_TEMPLATE_INCONSISTENT. If an attempt to create, generate, derive, or unwrap an EC key with invalid or of an unsupported representation of domain parameters is made, that attempt should fail with the error code CKR_DOMAIN_PARAMS_INVALID. If an attempt to create, generate, derive, or unwrap an EC key of an unsupported form is made, that attempt should fail with the error code CKR_TEMPLATE_INCONSISTENT.


 
 



RSA Security Inc. Public-Key Cryptography Standards - 
PKCS#11 - v220