DeriveKey Mechanisms

In the following table, "Unrestricted", "FIPS 140 Level 3", and "Common Criteria CMTS" refer to the Security World mode designation. The cells in these columns detail any restrictions for the corresponding feature in each of the Security World modes. A blank cell means that the feature has no restrictions.

FIPS 140 Level 3: In v3 Security Worlds, in FIPS 140 Level 3 mode, some smaller key sizes are disabled.

Key Wrapping

Feature Unrestricted FIPS 140 Level 3 Common Criteria CMTS

EncryptMarshalled
(DeriveMech_EncryptMarshalled)

HSM selects mechanism

DecryptMarshalled
(DeriveMech_DecryptMarshalled)
permitted mechanisms

AESKeyWrapPadded (since V12.60),
RijndaelmGCM &
RSApPKCS1OAEPhSHA512 only

AESKW non-default ICV

Forbidden (wrap & unwrap)

Raw encryption
(DeriveMech_RawEncrypt)
permitted mechanisms

AESKeyWrapPadded (since V12.60),
AESmGCM (since V12.70),
OAEP with NIST hashes

Raw decryption
(DeriveMech_RawDecrypt)
permitted mechanisms

AESKeyWrapPadded (since V12.60),
RijndaelmGCM,
AESmGCM (since V12.70),
OAEP with NIST hashes

Zero-padded raw encryption & decryption
(DeriveMech_RawEncryptZeroPad,
DeriveMech_RawDecryptZeroPad)

Forbidden

PKCS#8 wrap
(DeriveMech_PKCS8Encrypt)
permitted mechanisms

AESKeyWrapPadded (since V12.60),
AESmGCM (since V12.70),
OAEP with NIST hashes

PKCS#8 unwrap
(DeriveMech_PKCS8Decrypt,
DeriveMech_PKCS8DecryptEx)
permitted mechanisms

AESKeyWrapPadded (since V12.60),
RijndaelmGCM,
AESmGCM (since V12.70),
OAEP with NIST hashes

AES Key Wrap
(DeriveMech_AESKeyWrap,
DeriveMech_AEKeyUnwrap)
(see also Mech_AESKeyWrapPadded)

ECIES
(DeriveMech_ECIESKeyWrap,
DeriveMech_ECIESKeyUnwrap)
with ECDH/ECDHC and ANSI X9.63 KDF
(introduced in V12.70)

Forbidden

ECIES
(DeriveMech_ECIESKeyWrap,
DeriveMech_ECIESKeyUnwrap)
with ECDHC and SP800-56Cr2 one-step KDF
(introduced in V13.7)

X25519 ECIES
(DeriveMech_ECIESKeyWrap,
DeriveMech_ECIESKeyUnwrap)
(introduced in V13.3)

Forbidden

RSA key wrap of symmetric key
(DeriveMech_RSAKeyWrap,
DeriveMech_RSAKeyUnwrap)
with OAEP and AES-KWP
(introduced in V13.3)

RSA key wrap of asymmetric key
(DeriveMech_RSAKeyWrap,
DeriveMech_RSAKeyUnwrap)
with OAEP, AES-KWP and PKCS#8
(introduced in V13.3)

Global Platform encrypt+MAC AES keys
(DeriveMech_KSDEncryptAES)
(introduced in V13.7)

Global Platform encrypt+MAC of RSA key components
(DeriveMech_KSDEncrypt)
(introduced in V13.7)

PKCS#8 Support

The PKCS#8 mechanisms serialize keys as an (RFC5208) PrivateKeyInfo in DER format. The following private key types are supported:

Key Type Reference

RSA

RFC8017

DSA

RFC5958 & RFC3279

ECDH/ECDSA

RFC5915

X25519
Ed25519
Ed448

RFC8410

Key Derivation

Feature Unrestricted FIPS 140 Level 3 Common Criteria CMTS

MAC on a key
(DeriveMech_RawSign)

KeyType_Random output only

SP800-56Cr2 KDF
(DeriveMech_ConcatenationKDF)
with SHA1 or SHA-2

SP800-56Cr2 KDF
(DeriveMech_ConcatenationKDF)
with RIPEMD160 hash

Forbidden

ANSI X9.63 KDF
(DeriveMech_ConcatenationKDF)

Forbidden

Either ConcatenationKDF with RSA key agreement
(DeriveMech_ConcatenationKDF)

Forbidden

Either ConcatenationKDF with ECDHC key agreement
(DeriveMech_ConcatenationKDF)

Either ConcatenationKDF with ECDH key agreement
(DeriveMech_ConcatenationKDF) with h=1

Either ConcatenationKDF with ECDH
(DeriveMech_ConcatenationKDF) with h>1

Forbidden

SP800-108 counter KDF with AES-CMAC
(DeriveMech_NISTKDFmCTRpRijndaelCMACr32)

SP800-108 counter KDF with AES-CMAC or HMAC SHA-256,
HMAC SHA-384 or HMAC-384
(DeriveMech_NISTKDFmCTRr8)

Generic SP800-108 counter/feedback KDF
(DeriveMech_NISTKDFmGeneric)
(introduced in V13.5)

DES split/join XOR
(DeriveMech_DESsplitXOR,
DeriveMech_DESjoinXOR,
DeriveMech_DESjoinXORsetParity,
DeriveMech_DES2splitXOR,
DeriveMech_DES2joinXOR,
DeriveMech_DES2joinXORsetParity,
DeriveMech_DES3splitXOR,
DeriveMech_DES3joinXOR,
DeriveMech_DES3joinXORsetParity)

Forbidden

Random split/join XOR
(DeriveMech_RandsplitXOR,
DeriveMech_RandjoinXOR)

AES split/join XOR
(DeriveMech_AESsplitXOR,
DeriveMech_AESjoinXOR)

Key concatenation
(DeriveMech_ConcatenateBytes)

Public from private
(DeriveMech_PublicFromPrivate)

Key Agreement

Feature Unrestricted FIPS 140 Level 3 Common Criteria CMTS

ECCMQV with ANSI X9.63 KDF
(DeriveMech_ECCMQV)

Forbidden

ECCMQV with SP800-56Cr2 one-step KDF
(DeriveMech_ECCMQVdNISTCKDF)

ECDH key agreement
(DeriveMech_ECDHKA)

Forbidden

DH key agreement
(DeriveMech_DHKA)

Forbidden

X25519 key agreement
(DeriveMech_X25519KA)

Forbidden

Rainbow

Feature Unrestricted FIPS 140 Level 3 Common Criteria CMTS

ARQC verification
(DeriveMech_CompositeARQCVerify)

Forbidden

Watchword sign/verify
(DeriveMech_CompositeWatchWordVerify,
DeriveMech_CompositeWatchWordSign)

Forbidden

HyperLedger

Feature Unrestricted FIPS 140 Level 3 Common Criteria CMTS

HyperLedger client key derivation
(DeriveMech_HyperledgerClient)

Forbidden

MILENAGE

Feature Unrestricted FIPS 140 Level 3 Common Criteria CMTS

MILENAGEOP key generation

Forbidden

MILENAGESubscriber key generation

Forbidden

MILENAGERC key generation

Forbidden

MILENAGEOPC key derivation

Forbidden

MILENAGEAV key derivation (f1…​f5)

Forbidden

MILENAGEResync (f1s/f5s)

Forbidden

MILENAGEGenAUTS (for testing)

Forbidden

TUAK

Feature Unrestricted FIPS 140 Level 3 Common Criteria CMTS

TUAKSubscriber key generation

Forbidden

TUAKTOP key generation

Forbidden

TUAKf1 key derivation

Forbidden

TUAKf1s key derivation

Forbidden

TUAKf2345 key derivation

Forbidden

TUAKf5s key derivation

Forbidden

Hashing

Feature Unrestricted FIPS 140 Level 3 Common Criteria CMTS

SHA-1
(Mech_SHA1Hash)

SHA-2
(Mech_SHA224Hash,
Mech_SHA256Hash,
Mech_SHA384Hash,
Mech_SHA512Hash)

SHA-3
(Mech_SHA3b224Hash,
Mech_SHA3b256Hash,
Mech_SHA3b384Hash,
Mech_SHA3b512Hash)
(introduced in V12.80)

SHAKE
(Mech_SHAKE128,
Mech_SHAKE256)
(introduced in V13.8)

HAS160
(Mech_HAS160Hash)

Forbidden

RIPEMD160
(Mech_RIPEMDS160Hash)

Forbidden

Tiger
(Mech_TigerHash)
(Removed in V13.5)

Forbidden