ECDH with Key Derive Function
HSM mechanisms supporting key derivation include DH, ECDH, ECIES.
For the concatenation KDF the X9 and NIST variants differ. For example, the X9 variant is not compliant with KDFs defined in SP800-56.
You will need to determine with which standard your solution should comply.
The mechanism parameter for CKM_ECDH1_DERIVE (in most cases, probably CKM_ECDH1_COFACTOR_DERIVE) has a “kdf” parameter that defines the type of KDF to use.
At the PKCS#11 level, both variants are supported by the Luna HSMs and the Luna Cloud HSM; for example CKD_SHA256_KDF vs CKD_SHA256_NIST_KDF.
PKCS#11 standard KDFs supported in Luna HSM
| PKCS#11 | Available since | |
|---|---|---|
| #define CKD_NULL | 0x00000001UL | Luna HSM Firmware 7.0.1 |
| #define CKD_SHA1_KDF | 0x00000002UL | Luna HSM Firmware 7.0.1 |
| #define CKD_SHA1_KDF_ASN1 | 0x00000003UL | Luna HSM Firmware 7.0.1 |
| #define CKD_SHA1_KDF_CONCATENATE | 0x00000004UL | Luna HSM Firmware 7.0.1 |
| #define CKD_SHA224_KDF | 0x00000005UL | Luna HSM Firmware 7.0.1 |
| #define CKD_SHA256_KDF | 0x00000006UL | Luna HSM Firmware 7.0.1 |
| #define CKD_SHA384_KDF | 0x00000007UL | Luna HSM Firmware 7.0.1 |
| #define CKD_SHA512_KDF | 0x00000008UL | Luna HSM Firmware 7.0.1 |
| #define CKD_SHA3_224_KDF | 0x0000000AUL | Luna HSM Firmware 7.4.2 |
| #define CKD_SHA3_256_KDF | 0x0000000BUL | Luna HSM Firmware 7.4.2 |
| #define CKD_SHA3_384_KDF | 0x0000000CUL | Luna HSM Firmware 7.4.2 |
| #define CKD_SHA3_512_KDF | 0x0000000DUL | Luna HSM Firmware 7.4.2 |
| #define CKD_SHA1_KDF_SP800 | 0x0000000EUL | Luna HSM Client 10.5.0 |
| #define CKD_SHA224_KDF_SP800 | 0x0000000FUL | Luna HSM Client 10.5.0 |
| #define CKD_SHA256_KDF_SP800 | 0x00000010UL | Luna HSM Client 10.5.0 |
| #define CKD_SHA384_KDF_SP800 | 0x00000011UL | Luna HSM Client 10.5.0 |
| #define CKD_SHA512_KDF_SP800 | 0x00000012UL | Luna HSM Client 10.5.0 |
| #define CKD_SHA3_224_KDF_SP800 | 0x00000013UL | Luna HSM Client 10.5.0 |
| #define CKD_SHA3_256_KDF_SP800 | 0x00000014UL | Luna HSM Client 10.5.0 |
| #define CKD_SHA3_384_KDF_SP800 | 0x00000015UL | Luna HSM Client 10.5.0 |
| #define CKD_SHA3_512_KDF_SP800 | 0x00000016UL | Luna HSM Client 10.5.0 |
Vendor defined KDFs
The "_NIST_" KDFs map to the SP800 KDFs above.
The "_OLD" KDFs map to their non-"_OLD" equivalents above.
| Vendor Defined | Value |
|---|---|
| #define CKD_SHA224_KDF_OLD | 0x80000003 |
| #define CKD_SHA256_KDF_OLD | 0x80000004 |
| #define CKD_SHA384_KDF_OLD | 0x80000005 |
| #define CKD_SHA512_KDF_OLD | 0x80000006 |
| #define CKD_RIPEMD160_KDF | 0x80000007 |
| #define CKD_SHA1_NIST_KDF | 0x00000012 |
| #define CKD_SHA224_NIST_KDF | 0x80000013 |
| #define CKD_SHA256_NIST_KDF | 0x80000014 |
| #define CKD_SHA384_NIST_KDF | 0x80000015 |
| #define CKD_SHA512_NIST_KDF | 0x80000016 |
| #define CKD_RIPEMD160_NIST_KDF | 0x80000017 |
| #define CKD_SHA3_224_NIST_KDF | 0x8000001A |
| #define CKD_SHA3_256_NIST_KDF | 0x8000001B |
| #define CKD_SHA3_384_NIST_KDF | 0x8000001C |
| #define CKD_SHA3_512_NIST_KDF | 0x8000001D |
| #define CKD_SHA1_SES_KDF | 0x82000000 |
| #define CKD_SHA224_SES_KDF | 0x83000000 |
| #define CKD_SHA256_SES_KDF | 0x84000000 |
| #define CKD_SHA384_SES_KDF | 0x85000000 |
| #define CKD_SHA512_SES_KDF | 0x86000000 |
| #define CKD_RIPEMD160_SES_KDF | 0x87000000 |
| #define CKD_SHA3_224_SES_KDF | 0x8A000000 |
| #define CKD_SHA3_256_SES_KDF | 0x8B000000 |
| #define CKD_SHA3_384_SES_KDF | 0x8C000000 |
| #define CKD_SHA3_512_SES_KDF | 0x8D000000 |
| #define CKD_SHA1_KDF_CONCATENATE_X9_42 CKD_SHA1_KDF_CONCATENATE |
|
| #define CKD_SHA1_KDF_CONCATENATE_NIST | 0x80000001 |
| JCPROV | Value | Equivalent Available in JSP |
|---|---|---|
| public static final long CKD_NULL = | 0x00000001 | Yes |
| public static final long CKD_SHA1_KDF = | 0x00000002 | Yes |
| public static final long CKD_SHA224_KDF = | 0x00000005 | Yes |
| public static final long CKD_SHA256_KDF = | 0x00000006 | Yes |
| public static final long CKD_SHA384_KDF = | 0x00000007 | Yes |
| public static final long CKD_SHA512_KDF = | 0x00000008 | Yes |
| public static final long CKD_RIPEMD160_KDF = | 0x80000007 | No |
| public static final long CKD_SHA1_NIST_KDF = | 0x80000012 | No |
| public static final long CKD_SHA224_NIST_KDF = | 0x80000013 | No |
| public static final long CKD_SHA256_NIST_KDF = | 0x80000014 | Yes |
| public static final long CKD_SHA384_NIST_KDF = | 0x80000015 | No |
| public static final long CKD_SHA512_NIST_KDF = | 0x80000016 | No |
| public static final long CKD_RIPEMD160_NIST_KDF= | 0x80000017 | No |
| public static final long CKD_SHA1_SES_KDF = | 0x82000000 | No |
| public static final long CKD_SHA224_SES_KDF = | 0x83000000 | No |
| public static final long CKD_SHA256_SES_KDF = | 0x84000000 | No |
| public static final long CKD_SHA384_SES_KDF = | 0x85000000 | No |
| public static final long CKD_SHA512_SES_KDF = | 0x86000000 | No |
| public static final long CKD_RIPEMD160_SES_KDF= | 0x87000000 | No |
| /* counter values for TR-03111 session keys */ | ||
| public static final long CKD_SES_ENC_CTR = | 0x00000001 | No |
| public static final long CKD_SES_AUTH_CTR = | 0x00000002 | No |
| public static final long CKD_SES_ALT_ENC_CTR = | 0x00000003 | No |
| public static final long CKD_SES_ALT_AUTH_CTR = | 0x00000004 | No |
| public static final long CKD_SES_MAX_CTR = | 0x0000FFFF | No |
| public static final long CKD_SHA3_224_KDF | 0x0000000A | No |
| public static final long CKD_SHA3_256_KDF | 0x0000000B | No |
| public static final long CKD_SHA3_384_KDF | 0x0000000C | No |
| public static final long CKD_SHA3_512_KDF | 0x0000000D | No |
| public static final long CKD_SHA1_KDF_SP800 = | 0x0000000E | No |
| public static final long CKD_SHA224_KDF_SP800 = | 0x0000000F | No |
| public static final long CKD_SHA256_KDF_SP800 = | 0x00000010 | No |
| public static final long CKD_SHA384_KDF_SP800 = | 0x00000011 | No |
| public static final long CKD_SHA512_KDF_SP800 = | 0x00000012 | No |
| public static final long CKD_SHA3_224_KDF_SP800 = | 0x00000013 | No |
| public static final long CKD_SHA3_256_KDF_SP800 = | 0x00000014 | No |
| public static final long CKD_SHA3_384_KDF_SP800 = | 0x00000015 | No |
| public static final long CKD_SHA3_512_KDF_SP800 = | 0x00000016 | No |
| public static final long CKD_RIPEMD160_KDF = | 0x80000007 | No |
