CKM_ECDH1_DERIVE
Elliptic Curve Diffie-Hellman is an anonymous key-agreement protocol. CKM_ECDH1_DERIVE is the derive function for that protocol.
NOTE To enhance performance, we have created a proprietary call CA_DeriveKeyAndWrap, which is an optimization of C_DeriveKey with C_Wrap, merging the two functions into one (the in and out constraints are the same as for the individual functions). A further optimization is applied when mechanism CKM_ECDH1_DERIVE is used with CA_DeriveKeyAndWrap.
If CA_DeriveKeyAndWrap is called with other mechanisms, those would not be optimized.
NOTE CKM_ECDH1_DERIVE can be used with X25519 Montgomery curve only, and not with X25519 curve.
Firmware 7.3.0 and Newer Summary
FIPS approved? | Yes |
Supported functions | Derive |
Functions restricted from FIPS use | None |
Minimum key length (bits) | 105 |
Minimum key length for FIPS use (bits) | 224 |
Minimum legacy key length for FIPS use (bits) | 160 |
Maximum key length (bits) | 571 |
Block size | 0 |
Digest size | 0 |
Key types | ECDSA | EC_MONT | BIP32 |
Algorithms | None |
Modes | None |
Flags | None |
Firmware 7.2.0 and Older Summary
FIPS approved? | Yes |
Supported functions | Derive |
Minimum key length (bits) | 105 |
Minimum key length for FIPS use (bits) | 224 |
Minimum legacy key length for FIPS use (bits) | 160 |
Maximum key length (bits) | 571 |
Block size | 0 |
Digest size | 0 |
Key types | ECDSA | EC_MONT |
Algorithms | None |
Modes | None |
Flags | None |