Counter Mode KDF Mechanisms
The Luna Network HSMs support the following two vendor defined mechanisms. They can be used to perform Counter Mode KDF (key derivation functions) using various CMAC algorithms (DES3, AES, ARIA, SEED) as the PRF (pseudo-random function). See NIST SP 800-108.
#define CKM_NIST_PRF_KDF (CKM_VENDOR_DEFINED + 0xA02) #define CKM_PRF_KDF (CKM_VENDOR_DEFINED + 0xA03) /* Parameter and values used with CKM_PRF_KDF and * CKM_NIST_PRF_KDF. */ typedef CK_ULONG CK_KDF_PRF_TYPE; typedef CK_ULONG CK_KDF_PRF_ENCODING_SCHEME; /** PRF KDF types */ #define CK_NIST_PRF_KDF_DES3_CMAC 0x00000001 #define CK_NIST_PRF_KDF_AES_CMAC 0x00000002 #define CK_PRF_KDF_ARIA_CMAC 0x00000003 #define CK_PRF_KDF_SEED_CMAC 0x00000004 #define LUNA_PRF_KDF_ENCODING_SCHEME_1 0x00000000 #define LUNA_PRF_KDF_ENCODING_SCHEME_2 0x00000001 typedef struct CK_KDF_PRF_PARAMS { CK_KDF_PRF_TYPE prfType; CK_BYTE_PTR pLabel; CK_ULONG ulLabelLen; CK_BYTE_PTR pContext; CK_ULONG ulContextLen; CK_ULONG ulCounter; CK_KDF_PRF_ENCODING_SCHEME ulEncodingScheme; } CK_PRF_KDF_PARAMS; typedef CK_PRF_KDF_PARAMS CK_PTR CK_KDF_PRF_PARAMS_PTR;