DeriveKey Mechanisms

In the following table, "Unrestricted", "FIPS 140 Level 3", and "Common Criteria CMTS" refer to the Security World mode designation. The cells in these columns detail any restrictions for the corresponding feature in each of the Security World modes. A blank cell means that the feature has no restrictions.

FIPS 140 Level 3: In v3 Security Worlds, in FIPS 140 Level 3 mode, some smaller key sizes are disabled.

Key Wrapping (see also IES variants)

Feature Unrestricted FIPS 140 Level 3 Common Criteria CMTS

EncryptMarshalled
(DeriveMech_EncryptMarshalled,
DeriveMech_DecryptMarshalled)

AESKeyWrapPadded &
RSApPKCS1OAEPhSHA512 only

AESKW non-default ICV

Forbidden (wrap & unwrap)

Raw encryption
(DeriveMech_RawEncrypt,
DeriveMech_Decrypt)
permitted mechanisms

AESKeyWrapPadded,
RijndaelmGCM,
AESmGCM,
OAEP with NIST hashes

Padded raw encryption
(DeriveMech_RawEncryptZeroPad,
DeriveMech_RawDecryptZeroPad)

Forbidden

PKCS#8 wrap
(DeriveMech_PKCS8Encrypt,
DeriveMech_PKCS8Decrypt,
DeriveMech_PKCS8DecryptEx)
permitted mechanisms

AESKeyWrapPadded,
RijndaelmGCM,
AESmGCM,
OAEP with NIST hashes

AES Key Wrap
(DeriveMech_AESKeyWrap,
DeriveMech_AEKeyUnwrap)
(see also Mech_AESKeyWrapPadded)

Key Derivation

Feature Unrestricted FIPS 140 Level 3 Common Criteria CMTS

MAC on a key
(DeriveMech_RawSign)

KeyType_Random output only

NIST SP800-56Cr1 KDF
(DeriveMech_ConcatenationKDF)
with SHA1 or SHA-2

NIST SP800-56Cr1 KDF
(DeriveMech_ConcatenationKDF)
with RIPEMD160 hash

Forbidden

ANSI X9.63 KDF
(DeriveMech_ConcatenationKDF)

Forbidden

Either ConcatenationKDF with RSA key agreement
(DeriveMech_ConcatenationKDF)

Forbidden

Either ConcatenationKDF with ECDHC key agreement
(DeriveMech_ConcatenationKDF)

Either ConcatenationKDF with ECDH key agreement
(DeriveMech_ConcatenationKDF) with h=1

Either ConcatenationKDF with ECDH
(DeriveMech_ConcatenationKDF) with h>1

Forbidden

SP800-108 KDF with AES-CMAC
(DeriveMech_NISTKDFmCTRpRijndaelCMACr32)

SP800-108 KDF with AES-CMAC or HMAC SHA-256,
HMAC SHA-384 or HMAC-384
(DeriveMech_NISTKDFmCTRr8)

DES split/join XOR
(DeriveMech_DESsplitXOR,
DeriveMech_DESjoinXOR,
DeriveMech_DESjoinXORsetParity,
DeriveMech_DES2splitXOR,
DeriveMech_DES2joinXOR,
DeriveMech_DES2joinXORsetParity,
DeriveMech_DES3splitXOR,
DeriveMech_DES3joinXOR,
DeriveMech_DES3joinXORsetParity)

Forbidden

Random split/join XOR
(DeriveMech_RandsplitXOR,
DeriveMech_RandjoinXOR)

AES split/join XOR
(DeriveMech_AESsplitXOR,
DeriveMech_AESjoinXOR)

Key concatenation
(DeriveMech_ConcatenateBytes)

Public from private
(DeriveMech_PublicFromPrivate)

Key Agreement

Feature Unrestricted FIPS 140 Level 3 Common Criteria CMTS

ECCMQV with ANSI X9.63 KDF
(DeriveMech_ECCMQV)

Forbidden

ECCMQV with SP800-56Ar3 KDF
(DeriveMech_ECCMQVdNISTCKDF)

ECDH key agreement
(DeriveMech_ECDHKA)

Forbidden

DH key agreement
(DeriveMech_DHKA)

Forbidden

X25519 key agreement
(DeriveMech_X25519KA)

Forbidden

IES Variants

Feature Unrestricted FIPS 140 Level 3 Common Criteria CMTS

ECIES
(DeriveMech_ECIESKeyWrap,
DeriveMech_ECIESKeyUnwrap)
with ECDH/ECDHC and ANSI X9.63 KDF

Forbidden

X25519 ECIES
(DeriveMech_ECIESKeyWrap,
DeriveMech_ECIESKeyUnwrap)

Forbidden

RSA key wrap of symmetric key
(DeriveMech_RSAKeyWrap,
DeriveMech_RSAKeyUnwrap)
with OAEP and AES-KWP

RSA key wrap of asymmetric key
(DeriveMech_RSAKeyWrap,
DeriveMech_RSAKeyUnwrap)
with OAEP, AES-KWP and PKCS#8

Rainbow

Feature Unrestricted FIPS 140 Level 3 Common Criteria CMTS

ARQC verification
(DeriveMech_CompositeARQCVerify)

Forbidden

Watchword sign/verify
(DeriveMech_CompositeWatchWordVerify,
DeriveMech_CompositeWatchWordSign)

Forbidden

HyperLedger

Feature Unrestricted FIPS 140 Level 3 Common Criteria CMTS

HyperLedger client key derivation
(DeriveMech_HyperledgerClient)

Forbidden

MILENAGE

Feature Unrestricted FIPS 140 Level 3 Common Criteria CMTS

MILENAGEOP key generation

Forbidden

MILENAGESubscriber key generation

Forbidden

MILENAGERC key generation

Forbidden

MILENAGEOPC key derivation

Forbidden

MILENAGEAV key derivation (f1…​f5)

Forbidden

MILENAGEResync (f1s/f5s)

Forbidden

MILENAGEGenAUTS (for testing)

Forbidden

TUAK

Feature Unrestricted FIPS 140 Level 3 Common Criteria CMTS

TUAKSubscriber key generation

Forbidden

TUAKTOP key generation

Forbidden

TUAKf1 key derivation

Forbidden

TUAKf1s key derivation

Forbidden

TUAKf2345 key derivation

Forbidden

TUAKf5s key derivation

Forbidden

Hashing

Feature Unrestricted FIPS 140 Level 3 Common Criteria CMTS

SHA-1
(Mech_SHA1Hash)

SHA-2
(Mech_SHA224Hash,
Mech_SHA256Hash,
Mech_SHA384Hash,
Mech_SHA512Hash)

SHA-3
(Mech_SHA3b224Hash,
Mech_SHA3b256Hash,
Mech_SHA3b384Hash,
Mech_SHA3b512Hash)

HAS160
(Mech_HAS160Hash)

Forbidden

RIPEMD160
(Mech_RIPEMDS160Hash)

Forbidden

Tiger
(Mech_TigerHash)

Forbidden