CKM_ECDH1_DERIVE
Elliptic Curve Diffie-Hellman is an anonymous key-agreement protocol. CKM_ECDH1_DERIVE is the derive function for that protocol.
NOTE To enhance performance, we have created a proprietary call CA_DeriveKeyAndWrap, which is an optimization of C_DeriveKey with C_Wrap, merging the two functions into one (the in and out constraints are the same as for the individual functions). A further optimization is applied when mechanism CKM_ECDH1_DERIVE is used with CA_DeriveKeyAndWrap.
If CA_DeriveKeyAndWrap is called with other mechanisms, those would not be optimized.
Firmware 7.7.3 and Newer Summary
| FIPS approved? | Yes |
| Supported functions | Derive |
| Functions restricted from FIPS use | None |
| Minimum key length (bits) | 105 |
| Minimum key length for FIPS use (bits) | 224 |
| Minimum legacy key length for FIPS use (bits) | 160 |
| Maximum key length (bits) | 571 |
| Block size | 0 |
| Digest size | 0 |
| Key types | ECDSA | EC_MONT | BIP32 |
| Algorithms | None |
| Modes | None |
| Flags | FIPS-approved curves only |
NOTE Using Luna USB HSM 7 Firmware 7.7.3 or newer, this mechanism now verifies that the specified EC curve is FIPS-approved, and rejects operations that specify non-approved curves.
Firmware 7.7.2 Summary
| FIPS approved? | Yes |
| Supported functions | Derive |
| Functions restricted from FIPS use | None |
| Minimum key length (bits) | 105 |
| Minimum key length for FIPS use (bits) | 224 |
| Minimum legacy key length for FIPS use (bits) | 160 |
| Maximum key length (bits) | 571 |
| Block size | 0 |
| Digest size | 0 |
| Key types | ECDSA | EC_MONT | BIP32 |
| Algorithms | None |
| Modes | None |
| Flags | None |
