CKM_ECIES

TIP   HSM firmware 7.7.2 and onward adds the derivation of the Initial Counter block (ICB) for ECIES AES-CTR encryption scheme to support the 5G 3GPP TS 33.501 standard, for processing of SUbscription Concealed Identifier (SUCI) de-concealment requests.  

 

Decrypt operations with curve ed25519 are accelerated with firmware 7.7.2 and later - the 'sweet spot' is achieved with 10 program threads for standalone Luna HSMs, while the best gain for HSMs in an HA group is around 20 threads, with smaller improvements observed up to 50 threads.

Firmware 7.3.0 and Newer Summary

FIPS approved? Yes
Supported functions Encrypt | Decrypt
Functions restricted from FIPS use None
Minimum key length (bits) 105
Minimum key length for FIPS use (bits) 224
Minimum legacy key length for FIPS use (bits) 160
Maximum key length (bits) 571
Block size 0
Digest size 0
Key types ECDSA | EC_MONT | BIP32
Algorithms None
Modes None
Flags Accumulating

Firmware 7.2.0 and Older Summary

FIPS approved? Yes
Supported functions Encrypt | Decrypt
Minimum key length (bits) 105
Minimum key length for FIPS use (bits) 224
Minimum legacy key length for FIPS use (bits) 160
Maximum key length (bits) 571
Block size 0
Digest size 0
Key types ECDSA | EC_MONT
Algorithms None
Modes None
Flags Accumulating

NOTE   This is a single part operation, so even if it is called using multi-part API, we accumulate the data (up to a maximum) and return data only on the “final” operation. That is the meaning of "Accumulating" in the tables, above.