CKM_NIST_PRF

CKM_NIST_PRF_KDF

Summary

FIPS approved?	Yes
Supported functions	Derive
Functions restricted from FIPS use	None
Minimum key length (bits)	8
Minimum key length for FIPS use (bits)	112
Minimum legacy key length for FIPS use (bits)	N/A
Maximum key length (bits)	4096
Block size	0
Digest size	0
Key types	Symmetric
Algorithms	None
Modes	None
Flags	None

Usage

The CKM_NIST_PRF_KDF mechanism only supports counter mode. CKM_NIST_PRF_KDF is always allowed, whether HSM policy 12: Allow Non-FIPS algorithms is on or off. This mechanism can be used with the following mechanisms as the pseudorandom function:

>AES_CMAC

>DES3_CMAC

>HMAC_SHA1

>HMAC_SHA224

>HMAC_SHA256

>HMAC_SHA384

>HMAC_SHA512

NIST SP 800-108 allows for some variation on what/how information is encoded and describes some fields as optional. To accommodate this, there are multiple encoding schemes you can specify, with variations on what information is included and what order the fields are arranged in. All counters and lengths are represented in big endian format. The following schemes are available:

> LUNA_PRF_KDF_ENCODING_SCHEME_1: the Counter (4 bytes), Context, Separator byte, Label, and Length (4 bytes) fields are included.

> LUNA_PRF_KDF_ENCODING_SCHEME_2: the Counter (4 bytes), Context and Label fields are included.

>LUNA_PRF_KDF_ENCODING_SCHEME_3: the Counter (4 bytes), Label, Separator byte, Context, and Length (4 bytes) fields are included.

>LUNA_PRF_KDF_ENCODING_SCHEME_4: the Counter (4 bytes), Label and Context fields are included.

>LUNA_PRF_KDF_ENCODING_SCHEME_SCP03: the Label, Separator byte, Length (2 bytes), Counter, and Context fields are included.

>LUNA_PRF_KDF_ENCODING_SCHEME_HID_KD: the Counter, Label, Separator byte, Context, and Length (2 bytes) fields are included.

Example

/* Parameter and values used with CKM_PRF_KDF and CKM_NIST_PRF_KDF. */
typedef CK_ULONG CK_KDF_PRF_TYPE;
typedef CK_ULONG CK_KDF_PRF_ENCODING_SCHEME;
/** PRF KDF schemes */
#define CK_NIST_PRF_KDF_DES3_CMAC      0x00000001
#define CK_NIST_PRF_KDF_AES_CMAC       0x00000002
#define CK_PRF_KDF_ARIA_CMAC           0x00000003
#define CK_PRF_KDF_SEED_CMAC           0x00000004
#define CK_NIST_PRF_KDF_HMAC_SHA1      0x00000005
#define CK_NIST_PRF_KDF_HMAC_SHA224    0x00000006
#define CK_NIST_PRF_KDF_HMAC_SHA256    0x00000007
#define CK_NIST_PRF_KDF_HMAC_SHA384    0x00000008
#define CK_NIST_PRF_KDF_HMAC_SHA512    0x00000009
#define CK_PRF_KDF_HMAC_RIPEMD160      0x0000000A
#define LUNA_PRF_KDF_ENCODING_SCHEME_1     0x00000000 // Counter (4 bytes) || Context || 0x00 || Label || Length
#define LUNA_PRF_KDF_ENCODING_SCHEME_2     0x00000001 // Counter (4 bytes) || Context || Label
#define LUNA_PRF_KDF_ENCODING_SCHEME_3     0x00000002 // Counter (4 bytes) || Label || 0x00 || Context || Length
#define LUNA_PRF_KDF_ENCODING_SCHEME_4     0x00000003 // Counter (4 bytes) || Label || Context
#define LUNA_PRF_KDF_ENCODING_SCHEME_SCP03 0x00000004 // Label || 0x00 || Length (2 bytes) || Counter (1 byte) || Context
#define LUNA_PRF_KDF_ENCODING_SCHEME_HID_KD 0x00000005 // Counter (1 byte) || Label || 0x00 || Context || Length (2 bytes)
typedef struct CK_KDF_PRF_PARAMS {
CK_KDF_PRF_TYPE            prfType;
CK_BYTE_PTR                pLabel;
CK_ULONG                   ulLabelLen;
CK_BYTE_PTR                pContext;
CK_ULONG                   ulContextLen;
CK_ULONG                   ulCounter;
CK_KDF_PRF_ENCODING_SCHEME ulEncodingScheme;
} CK_PRF_KDF_PARAMS;
typedef CK_PRF_KDF_PARAMS CK_PTR CK_KDF_PRF_PARAMS_PTR;



	SUPPORT	LEGAL
Luna Network HSM 7 Documentation © Copyright 2001-2024, Thales Group Last Updated: 2024-05-06 11:28:46 GMT-04:00	Customer Release Notes Customer Support Portal Support Contacts	End User License Agreement Third Party Software Licenses Document Information