Modes of Usage
The mechanism can be use in three modes.
Full Key Agreement
In this mode, the mechanism executes a full SP800-56Ar3 key agreement with a SP800-56Cr2 s5 two-step (extraction-then-expansion) key derivation to derive key material.
-
The
Extract
flag must be set and thekx
field must be present. -
The same PRF is used for the expansion and extraction steps.
-
The
kx
field contains the ciphertext received from the peer. -
The
DeriveRole_BaseKey
input must be the local private key.
For example, if ECDH key agreement is being used:
-
The
kx
field will be aMech_ECDHKeyExchange
ciphertext -
The base key will be a
KeyType_ECDHPrivate
key.
Two-Step Key Derivation
In this mode, the mechanism executes just the SP800-56Cr2 two-step key derivation.
-
In this case the
Extract
flag must be set and thekx
field must be absent. -
The same PRF is used for the expansion and extraction steps.
-
The
DeriveRole_BaseKey
must be the input to the expansion step (called Z in SP800-56Cr2).
Expansion-only Key Derivation
In this mode, the mechanism executes just the SP800-108r1 key derivation function.
-
In this case the
Extract
flag must be clear and thekx
field must be absent. -
The
DeriveRole_BaseKey
must be the input to the extraction step (called KDK in SP800-56Cr2 and KIN in SP800-108r1).