PKCS#11
|
| Cryptographic Token Interface Standard |
PKCS#11 |
typedef CK_ULONG CK_X9_42_DH_KDF_TYPE;
The following table lists the defined functions.
Table 234, X9.42 Diffie-Hellman Key Derivation Functions
| Source Identifier |
| CKD_NULL |
| CKD_SHA1_KDF_ASN1 |
| CKD_SHA1_KDF_CONCATENATE |
The key derivation function CKD_NULL produces a raw shared secret value without applying any key derivation function whereas the key derivation functions CKD_SHA1_KDF_ASN1 and CKD_SHA1_KDF_CONCATENATE, which are both based on SHA-1, derive keying data from the shared secret value as defined in the ANSI X9.42 standard.
CK_X9_42_DH_KDF_TYPE_PTR is a pointer to a CK_X9_42_DH_KDF_TYPE.
typedef struct CK_X9_42_DH1_DERIVE_PARAMS { CK_X9_42_DH_KDF_TYPE kdf; CK_ULONG ulOtherInfoLen; CK_BYTE_PTR pOtherInfo; CK_ULONG ulPublicDataLen; CK_BYTE_PTR pPublicData; } CK_X9_42_DH1_DERIVE_PARAMS;
| kdf | key derivation function used on the shared secret value |
| ulOtherInfoLen | the length in bytes of the other info |
| pOtherInfo | some data shared between the two parties |
| ulPublicDataLen | the length in bytes of the other party's X9.42 Diffie-Hellman public key |
| pPublicData | pointer to other party's X9.42 Diffie-Hellman public key value |
With the key derivation function CKD_NULL, pOtherInfo must be NULL and ulOtherInfoLen must be zero. With the key derivation function CKD_SHA1_KDF_ASN1, pOtherInfo must be supplied, which contains an octet string, specified in ASN.1 DER encoding, consisting of mandatory and optional data shared by the two parties intending to share the shared secret. With the key derivation function CKD_SHA1_KDF_CONCATENATE, an optional pOtherInfo may be supplied, which consists of some data shared by the two parties intending to share the shared secret. Otherwise, pOtherInfo must be NULL and ulOtherInfoLen must be zero.
CK_X9_42_DH1_DERIVE_PARAMS_PTR is a pointer to a CK_X9_42_DH1_DERIVE_PARAMS.
typedef struct CK_X9_42_DH2_DERIVE_PARAMS { CK_X9_42_DH_KDF_TYPE kdf; CK_ULONG ulOtherInfoLen; CK_BYTE_PTR pOtherInfo; CK_ULONG ulPublicDataLen; CK_BYTE_PTR pPublicData; CK_ULONG ulPrivateDataLen; CK_OBJECT_HANDLE hPrivateData; CK_ULONG ulPublicDataLen2; CK_BYTE_PTR pPublicData2; } CK_X9_42_DH2_DERIVE_PARAMS;
| kdf | key derivation function used on the shared secret value |
| ulOtherInfoLen | the length in bytes of the other info |
| pOtherInfo | some data shared between the two parties |
| ulPublicDataLen | the length in bytes of the other party's first X9.42 Diffie-Hellman public key |
| pPublicData | pointer to other party's first X9.42 Diffie-Hellman public key value |
| ulPrivateDataLen | the length in bytes of the second X9.42 Diffie-Hellman private key |
| hPrivateData | key handle for second X9.42 Diffie-Hellman private key value |
| ulPublicDataLen2 | the length in bytes of the other party's second X9.42 Diffie-Hellman public key |
| pPublicData2 | pointer to other party's second X9.42 Diffie-Hellman public key value |
With the key derivation function CKD_NULL, pOtherInfo must be NULL and ulOtherInfoLen must be zero. With the key derivation function CKD_SHA1_KDF_ASN1, pOtherInfo must be supplied, which contains an octet string, specified in ASN.1 DER encoding, consisting of mandatory and optional data shared by the two parties intending to share the shared secret. With the key derivation function CKD_SHA1_KDF_CONCATENATE, an optional pOtherInfo may be supplied, which consists of some data shared by the two parties intending to share the shared secret. Otherwise, pOtherInfo must be NULL and ulOtherInfoLen must be zero.
CK_X9_42_DH2_DERIVE_PARAMS_PTR is a pointer to a CK_X9_42_DH2_DERIVE_PARAMS.
typedef struct CK_X9_42_MQV_DERIVE_PARAMS { CK_X9_42_DH_KDF_TYPE kdf; CK_ULONG ulOtherInfoLen; CK_BYTE_PTR pOtherInfo; CK_ULONG ulPublicDataLen; CK_BYTE_PTR pPublicData; CK_ULONG ulPrivateDataLen; CK_OBJECT_HANDLE hPrivateData; CK_ULONG ulPublicDataLen2; CK_BYTE_PTR pPublicData2; CK_OBJECT_HANDLE publicKey; } CK_X9_42_MQV_DERIVE_PARAMS;
| kdf | key derivation function used on the shared secret value |
| ulOtherInfoLen | the length in bytes of the other info |
| pOtherInfo | some data shared between the two parties |
| ulPublicDataLen | the length in bytes of the other party's first X9.42 Diffie-Hellman public key |
| pPublicData | pointer to other party's first X9.42 Diffie-Hellman public key value |
| ulPrivateDataLen | the length in bytes of the second X9.42 Diffie-Hellman private key |
| hPrivateData | key handle for second X9.42 Diffie-Hellman private key value |
| ulPublicDataLen2 | the length in bytes of the other party's second X9.42 Diffie-Hellman public key |
| pPublicData2 | pointer to other party's second X9.42 Diffie-Hellman public key value |
| publicKey | Handle to the first party's ephemeral public key |
With the key derivation function CKD_NULL, pOtherInfo must be NULL and ulOtherInfoLen must be zero. With the key derivation function CKD_SHA1_KDF_ASN1, pOtherInfo must be supplied, which contains an octet string, specified in ASN.1 DER encoding, consisting of mandatory and optional data shared by the two parties intending to share the shared secret. With the key derivation function CKD_SHA1_KDF_CONCATENATE, an optional pOtherInfo may be supplied, which consists of some data shared by the two parties intending to share the shared secret. Otherwise, pOtherInfo must be NULL and ulOtherInfoLen must be zero.
CK_X9_42_MQV_DERIVE_PARAMS_PTR is a pointer to a CK_X9_42_MQV_DERIVE_PARAMS.