CKM_ECIES
TIP HSM firmware 7.7.2 and onward adds the derivation of the Initial Counter block (ICB) for ECIES AES-CTR encryption scheme to support the 5G 3GPP TS 33.501 standard, for processing of SUbscription Concealed Identifier (SUCI) de-concealment requests.
Decrypt operations with curve ed25519 are accelerated with firmware 7.7.2 and later - the 'sweet spot' is achieved with 10 program threads for standalone Luna HSMs, while the best gain for HSMs in an HA group is around 20 threads, with smaller improvements observed up to 50 threads.
Firmware 7.3.0 and Newer Summary
FIPS approved? | Yes |
Supported functions | Encrypt | Decrypt |
Functions restricted from FIPS use | None |
Minimum key length (bits) | 105 |
Minimum key length for FIPS use (bits) | 224 |
Minimum legacy key length for FIPS use (bits) | 160 |
Maximum key length (bits) | 571 |
Block size | 0 |
Digest size | 0 |
Key types | ECDSA | EC_MONT | BIP32 |
Algorithms | None |
Modes | None |
Flags | Accumulating |
Firmware 7.2.0 and Older Summary
FIPS approved? | Yes |
Supported functions | Encrypt | Decrypt |
Minimum key length (bits) | 105 |
Minimum key length for FIPS use (bits) | 224 |
Minimum legacy key length for FIPS use (bits) | 160 |
Maximum key length (bits) | 571 |
Block size | 0 |
Digest size | 0 |
Key types | ECDSA | EC_MONT |
Algorithms | None |
Modes | None |
Flags | Accumulating |
NOTE This is a single part operation, so even if it is called using multi-part API, we accumulate the data (up to a maximum) and return data only on the “final” operation. That is the meaning of "Accumulating" in the tables, above.