ECDH with Key Derive Function

HSM mechanisms supporting key derivation include DH, ECDH, ECIES.

For the concatenation KDF the X9 and NIST variants differ. For example, the X9 variant is not compliant with KDFs defined in SP800-56.

You will need to determine with which standard your solution should comply.

The mechanism parameter for CKM_ECDH1_DERIVE (in most cases, probably CKM_ECDH1_COFACTOR_DERIVE) has a “kdf” parameter that defines the type of KDF to use.

At the PKCS#11 level, both variants are supported by the Luna HSMs and the Luna Cloud HSM; for example CKD_SHA256_KDF vs CKD_SHA256_NIST_KDF.

PKCS#11 standard KDFs supported in Luna HSM

PKCS#11   Available since
#define CKD_NULL 0x00000001UL Luna HSM Firmware 7.0.1
#define CKD_SHA1_KDF 0x00000002UL Luna HSM Firmware 7.0.1
#define CKD_SHA1_KDF_ASN1 0x00000003UL Luna HSM Firmware 7.0.1
#define CKD_SHA1_KDF_CONCATENATE 0x00000004UL Luna HSM Firmware 7.0.1
#define CKD_SHA224_KDF 0x00000005UL Luna HSM Firmware 7.0.1
#define CKD_SHA256_KDF 0x00000006UL Luna HSM Firmware 7.0.1
#define CKD_SHA384_KDF 0x00000007UL Luna HSM Firmware 7.0.1
#define CKD_SHA512_KDF 0x00000008UL Luna HSM Firmware 7.0.1
#define CKD_SHA3_224_KDF 0x0000000AUL Luna HSM Firmware 7.4.2
#define CKD_SHA3_256_KDF 0x0000000BUL Luna HSM Firmware 7.4.2
#define CKD_SHA3_384_KDF 0x0000000CUL Luna HSM Firmware 7.4.2
#define CKD_SHA3_512_KDF 0x0000000DUL Luna HSM Firmware 7.4.2
#define CKD_SHA1_KDF_SP800 0x0000000EUL Luna HSM Client 10.5.0
#define CKD_SHA224_KDF_SP800 0x0000000FUL Luna HSM Client 10.5.0
#define CKD_SHA256_KDF_SP800 0x00000010UL Luna HSM Client 10.5.0
#define CKD_SHA384_KDF_SP800 0x00000011UL Luna HSM Client 10.5.0
#define CKD_SHA512_KDF_SP800 0x00000012UL Luna HSM Client 10.5.0
#define CKD_SHA3_224_KDF_SP800 0x00000013UL Luna HSM Client 10.5.0
#define CKD_SHA3_256_KDF_SP800 0x00000014UL Luna HSM Client 10.5.0
#define CKD_SHA3_384_KDF_SP800 0x00000015UL Luna HSM Client 10.5.0
#define CKD_SHA3_512_KDF_SP800 0x00000016UL Luna HSM Client 10.5.0

Vendor defined KDFs

The "_NIST_" KDFs map to the SP800 KDFs above.

The "_OLD" KDFs map to their non-"_OLD" equivalents above.

Vendor Defined Value
#define CKD_SHA224_KDF_OLD 0x80000003
#define CKD_SHA256_KDF_OLD 0x80000004
#define CKD_SHA384_KDF_OLD 0x80000005
#define CKD_SHA512_KDF_OLD 0x80000006
#define CKD_RIPEMD160_KDF 0x80000007
   
#define CKD_SHA1_NIST_KDF 0x00000012
#define CKD_SHA224_NIST_KDF 0x80000013
#define CKD_SHA256_NIST_KDF 0x80000014
#define CKD_SHA384_NIST_KDF 0x80000015
#define CKD_SHA512_NIST_KDF 0x80000016
#define CKD_RIPEMD160_NIST_KDF 0x80000017
#define CKD_SHA3_224_NIST_KDF 0x8000001A
#define CKD_SHA3_256_NIST_KDF 0x8000001B
#define CKD_SHA3_384_NIST_KDF 0x8000001C
#define CKD_SHA3_512_NIST_KDF 0x8000001D
   
#define CKD_SHA1_SES_KDF 0x82000000
#define CKD_SHA224_SES_KDF 0x83000000
#define CKD_SHA256_SES_KDF 0x84000000
#define CKD_SHA384_SES_KDF 0x85000000
#define CKD_SHA512_SES_KDF 0x86000000
#define CKD_RIPEMD160_SES_KDF 0x87000000
#define CKD_SHA3_224_SES_KDF 0x8A000000
#define CKD_SHA3_256_SES_KDF 0x8B000000
#define CKD_SHA3_384_SES_KDF 0x8C000000
#define CKD_SHA3_512_SES_KDF 0x8D000000
   
#define CKD_SHA1_KDF_CONCATENATE_X9_42
          CKD_SHA1_KDF_CONCATENATE
 
#define CKD_SHA1_KDF_CONCATENATE_NIST 0x80000001

JCPROV Value Equivalent Available in JSP
public static final long CKD_NULL = 0x00000001 Yes
public static final long CKD_SHA1_KDF = 0x00000002 Yes
     
public static final long CKD_SHA224_KDF = 0x00000005 Yes
public static final long CKD_SHA256_KDF = 0x00000006 Yes
public static final long CKD_SHA384_KDF = 0x00000007 Yes
public static final long CKD_SHA512_KDF = 0x00000008 Yes
public static final long CKD_RIPEMD160_KDF = 0x80000007 No
     
public static final long CKD_SHA1_NIST_KDF = 0x80000012 No
public static final long CKD_SHA224_NIST_KDF = 0x80000013 No
public static final long CKD_SHA256_NIST_KDF = 0x80000014 Yes
public static final long CKD_SHA384_NIST_KDF = 0x80000015 No
public static final long CKD_SHA512_NIST_KDF = 0x80000016 No
public static final long CKD_RIPEMD160_NIST_KDF= 0x80000017 No
     
public static final long CKD_SHA1_SES_KDF = 0x82000000 No
public static final long CKD_SHA224_SES_KDF = 0x83000000 No
public static final long CKD_SHA256_SES_KDF = 0x84000000 No
public static final long CKD_SHA384_SES_KDF = 0x85000000 No
public static final long CKD_SHA512_SES_KDF = 0x86000000 No
public static final long CKD_RIPEMD160_SES_KDF= 0x87000000 No
     
/* counter values for TR-03111 session keys */    
public static final long CKD_SES_ENC_CTR = 0x00000001 No
public static final long CKD_SES_AUTH_CTR = 0x00000002 No
public static final long CKD_SES_ALT_ENC_CTR = 0x00000003 No
public static final long CKD_SES_ALT_AUTH_CTR = 0x00000004 No
public static final long CKD_SES_MAX_CTR = 0x0000FFFF No
public static final long CKD_SHA3_224_KDF 0x0000000A No
public static final long CKD_SHA3_256_KDF 0x0000000B No
public static final long CKD_SHA3_384_KDF 0x0000000C No
public static final long CKD_SHA3_512_KDF 0x0000000D No
public static final long CKD_SHA1_KDF_SP800 = 0x0000000E No
public static final long CKD_SHA224_KDF_SP800 = 0x0000000F No
public static final long CKD_SHA256_KDF_SP800 = 0x00000010 No
public static final long CKD_SHA384_KDF_SP800 = 0x00000011 No
public static final long CKD_SHA512_KDF_SP800 = 0x00000012 No
public static final long CKD_SHA3_224_KDF_SP800 = 0x00000013 No
public static final long CKD_SHA3_256_KDF_SP800 = 0x00000014 No
public static final long CKD_SHA3_384_KDF_SP800 = 0x00000015 No
public static final long CKD_SHA3_512_KDF_SP800 = 0x00000016 No
     
public static final long CKD_RIPEMD160_KDF = 0x80000007 No