Modes of Usage

The mechanism can be use in three modes.

Full Key Agreement

In this mode, the mechanism executes a full SP800-56Ar3 key agreement with a SP800-56Cr2 s5 two-step (extraction-then-expansion) key derivation to derive key material.

  • The Extract flag must be set and the kx field must be present.

  • The same PRF is used for the expansion and extraction steps.

  • The kx field contains the ciphertext received from the peer.

  • The DeriveRole_BaseKey input must be the local private key.

For example, if ECDH key agreement is being used:

  • The kx field will be a Mech_ECDHKeyExchange ciphertext

  • The base key will be a KeyType_ECDHPrivate key.

Two-Step Key Derivation

In this mode, the mechanism executes just the SP800-56Cr2 two-step key derivation.

  • In this case the Extract flag must be set and the kx field must be absent.

  • The same PRF is used for the expansion and extraction steps.

  • The DeriveRole_BaseKey must be the input to the expansion step (called Z in SP800-56Cr2).

Expansion-only Key Derivation

In this mode, the mechanism executes just the SP800-108r1 key derivation function.

  • In this case the Extract flag must be clear and the kx field must be absent.

  • The DeriveRole_BaseKey must be the input to the extraction step (called KDK in SP800-56Cr2 and KIN in SP800-108r1).