DeriveKey Mechanisms

In the following table, "Unrestricted", "FIPS 140 Level 3", and "Common Criteria CMTS" refer to the Security World mode designation. The cells in these columns detail any restrictions for the corresponding feature in each of the Security World modes. A blank cell means that the feature has no restrictions.

FIPS 140 Level 3: In v3 Security Worlds, in FIPS 140 Level 3 mode, some smaller key sizes are disabled.

Key Wrapping (see also IES variants)

Feature

Unrestricted

FIPS 140 Level 3

Common Criteria CMTS

EncryptMarshalled
(DeriveMech_EncryptMarshalled,
DeriveMech_DecryptMarshalled)

AESKeyWrapPadded &
RSApPKCS1OAEPhSHA512 only

AESKW non-default ICV

Forbidden (wrap & unwrap)

Raw encryption
(DeriveMech_RawEncrypt,
DeriveMech_Decrypt)
permitted mechanisms

AESKeyWrapPadded,
RijndaelmGCM,
AESmGCM,
OAEP with NIST hashes

Padded raw encryption
(DeriveMech_RawEncryptZeroPad,
DeriveMech_RawDecryptZeroPad)

Forbidden

PKCS#8 wrap
(DeriveMech_PKCS8Encrypt,
DeriveMech_PKCS8Decrypt,
DeriveMech_PKCS8DecryptEx)
permitted mechanisms

AESKeyWrapPadded,
RijndaelmGCM,
AESmGCM,
OAEP with NIST hashes

AES Key Wrap
(DeriveMech_AESKeyWrap,
DeriveMech_AEKeyUnwrap)
(see also Mech_AESKeyWrapPadded)

Key Derivation

Feature

Unrestricted

FIPS 140 Level 3

Common Criteria CMTS

MAC on a key
(DeriveMech_RawSign)

KeyType_Random output only

NIST SP800-56Cr1 KDF
(DeriveMech_ConcatenationKDF)
with SHA1 or SHA-2

NIST SP800-56Cr1 KDF
(DeriveMech_ConcatenationKDF)
with RIPEMD160 hash

Forbidden

ANSI X9.63 KDF
(DeriveMech_ConcatenationKDF)

Forbidden

Either ConcatenationKDF with RSA key agreement
(DeriveMech_ConcatenationKDF)

Forbidden

Either ConcatenationKDF with ECDHC key agreement
(DeriveMech_ConcatenationKDF)

Either ConcatenationKDF with ECDH key agreement
(DeriveMech_ConcatenationKDF) with h=1

Either ConcatenationKDF with ECDH
(DeriveMech_ConcatenationKDF) with h>1

Forbidden

SP800-108 KDF with AES-CMAC
(DeriveMech_NISTKDFmCTRpRijndaelCMACr32)

SP800-108 KDF with AES-CMAC or HMAC SHA-256,
HMAC SHA-384 or HMAC-384
(DeriveMech_NISTKDFmCTRr8)

DES split/join XOR
(DeriveMech_DESsplitXOR,
DeriveMech_DESjoinXOR,
DeriveMech_DESjoinXORsetParity,
DeriveMech_DES2splitXOR,
DeriveMech_DES2joinXOR,
DeriveMech_DES2joinXORsetParity,
DeriveMech_DES3splitXOR,
DeriveMech_DES3joinXOR,
DeriveMech_DES3joinXORsetParity)

Forbidden

Random split/join XOR
(DeriveMech_RandsplitXOR,
DeriveMech_RandjoinXOR)

AES split/join XOR
(DeriveMech_AESsplitXOR,
DeriveMech_AESjoinXOR)

Key concatenation
(DeriveMech_ConcatenateBytes)

Public from private
(DeriveMech_PublicFromPrivate)

Key Agreement

Feature

Unrestricted

FIPS 140 Level 3

Common Criteria CMTS

ECCMQV with ANSI X9.63 KDF
(DeriveMech_ECCMQV)

Forbidden

ECCMQV with SP800-56Ar3 KDF
(DeriveMech_ECCMQVdNISTCKDF)

ECDH key agreement
(DeriveMech_ECDHKA)

Forbidden

DH key agreement
(DeriveMech_DHKA)

Forbidden

X25519 key agreement
(DeriveMech_X25519KA)

Forbidden

IES Variants

Feature

Unrestricted

FIPS 140 Level 3

Common Criteria CMTS

ECIES
(DeriveMech_ECIESKeyWrap,
DeriveMech_ECIESKeyUnwrap)
with ECDH/ECDHC and ANSI X9.63 KDF

Forbidden

X25519 ECIES
(DeriveMech_ECIESKeyWrap,
DeriveMech_ECIESKeyUnwrap)

Forbidden

RSA key wrap of symmetric key
(DeriveMech_RSAKeyWrap,
DeriveMech_RSAKeyUnwrap)
with OAEP and AES-KWP

RSA key wrap of asymmetric key
(DeriveMech_RSAKeyWrap,
DeriveMech_RSAKeyUnwrap)
with OAEP, AES-KWP and PKCS#8

Rainbow

Feature	Unrestricted	FIPS 140 Level 3	Common Criteria CMTS
ARQC verification (DeriveMech_CompositeARQCVerify)		Forbidden
Watchword sign/verify (DeriveMech_CompositeWatchWordVerify, DeriveMech_CompositeWatchWordSign)		Forbidden

Feature

Unrestricted

FIPS 140 Level 3

Common Criteria CMTS

ARQC verification
(DeriveMech_CompositeARQCVerify)

Forbidden

Watchword sign/verify
(DeriveMech_CompositeWatchWordVerify,
DeriveMech_CompositeWatchWordSign)

Forbidden

HyperLedger

Feature	Unrestricted	FIPS 140 Level 3	Common Criteria CMTS
HyperLedger client key derivation (DeriveMech_HyperledgerClient)		Forbidden

Feature

Unrestricted

FIPS 140 Level 3

Common Criteria CMTS

HyperLedger client key derivation
(DeriveMech_HyperledgerClient)

Forbidden

MILENAGE

Feature	Unrestricted	FIPS 140 Level 3	Common Criteria CMTS
MILENAGEOP key generation		Forbidden
MILENAGESubscriber key generation		Forbidden
MILENAGERC key generation		Forbidden
MILENAGEOPC key derivation		Forbidden
MILENAGEAV key derivation (f1…f5)		Forbidden
MILENAGEResync (f1s/f5s)		Forbidden
MILENAGEGenAUTS (for testing)		Forbidden

Feature

Unrestricted

FIPS 140 Level 3

Common Criteria CMTS

MILENAGEOP key generation

Forbidden

MILENAGESubscriber key generation

Forbidden

MILENAGERC key generation

Forbidden

MILENAGEOPC key derivation

Forbidden

MILENAGEAV key derivation (f1…f5)

Forbidden

MILENAGEResync (f1s/f5s)

Forbidden

MILENAGEGenAUTS (for testing)

Forbidden

TUAK

Feature	Unrestricted	FIPS 140 Level 3	Common Criteria CMTS
TUAKSubscriber key generation		Forbidden
TUAKTOP key generation		Forbidden
TUAKf1 key derivation		Forbidden
TUAKf1s key derivation		Forbidden
TUAKf2345 key derivation		Forbidden
TUAKf5s key derivation		Forbidden

Feature

Unrestricted

FIPS 140 Level 3

Common Criteria CMTS

TUAKSubscriber key generation

Forbidden

TUAKTOP key generation

Forbidden

TUAKf1 key derivation

Forbidden

TUAKf1s key derivation

Forbidden

TUAKf2345 key derivation

Forbidden

TUAKf5s key derivation

Forbidden

Hashing

Feature

Unrestricted

FIPS 140 Level 3

Common Criteria CMTS

SHA-1
(Mech_SHA1Hash)

SHA-2
(Mech_SHA224Hash,
Mech_SHA256Hash,
Mech_SHA384Hash,
Mech_SHA512Hash)

SHA-3
(Mech_SHA3b224Hash,
Mech_SHA3b256Hash,
Mech_SHA3b384Hash,
Mech_SHA3b512Hash)

HAS160
(Mech_HAS160Hash)

Forbidden

RIPEMD160
(Mech_RIPEMDS160Hash)

Forbidden

Tiger
(Mech_TigerHash)

Forbidden