Key derivation functions are performed in software.
For the SSL-KM and TLS-KM mechanisms, an attribute list
is required if encryption keys are to be generated.
For the IKE1PHA1, IKE2PHA1, IKE1PHA2, and IKE2PHA2 mechanisms,
the following attribute rules apply to the derived keys:
- Derivation keys will have the following attributes which may not
be overridden by other values in the attribute list:
- CKA_CLASS=CKO_SECRET_KEY
- CKA_KEY_TYPE=CKK_GENERIC_SECRET
- CKA_DERIVE=TRUE
- CKA_VALUE_LEN=as specified in the parms list
- Authentication keys will have the following attributes which may
not be overridden by other values in the attribute list:
- CKA_CLASS=CKO_SECRET_KEY
- CKA_KEY_TYPE=CKK_GENERIC_SECRET
- CKA_SIGN=TRUE=TRUE
- CKA_VERIFY=TRUE=TRUE
- CKA_VALUE_LEN= as specified in the parms list
- Encryption, GMAC, and GCM keys will be typed according to information
found in the attribute list. However, they will have the following
attributes which may not be overridden by other values in the attribute
list:
- CKA_CLASS=CKO_SECRET_KEY
- For key types other than CKK_DES, CKK_DES2, and CKK_DES3, CKA_VALUE_LEN= as specified in the parms list
- All key types will inherit the values of the CKA_SENSITIVE, CKA_ALWAYS_SENSITIVE,
CKA_EXTRACTABLE, and CKA_NEVER_EXTRACTABLE attributes from the base
key. These may not be overridden by other values in the attribute
list. If an additional key is specified, its values will be applied
after setting the base key values as follows:
- If the additional key has CKA_SENSITIVE=TRUE, so will the derived
key(s)
- If the additional key has CKA_EXTRACTABLE=FALSE, so will the derived
keys(s)
- If the additional key has CKA_ALWAYS_SENSITIVE=FALSE, so will
the derived keys(s)
- If the additional key has CKA_NEVER_EXTRACTABLE=FALSE, so will
the derived keys(s)
- If encryption, GMAC, or GCM keys are to be derived, an attribute
list is required for the key typing information. Otherwise, it is
optional. For all keys, other applicable secret key attributes may
be specified in the attribute list. Any attribute not specified will
be assigned the default value normally assigned to a newly created
secret key.
For the IKE1PHA1, IKE1PHA2, and IKE2PHA2 mechanisms,
the additional key must be a secret key (CKA_CLASS=CKO_SECRET_KEY)
capable of performing key derivation (CKA_DERIVE=TRUE). It must also
be contained in the same PKCS #11 token as the base key.
The IKE1PHA1, IKE2PHA1, IKE1PHA2, and IKE2PHA2 mechanisms
have the following limitations if the operation is FIPS 140 restricted:
- The MD5 PRF may not be specified.
- The length of the base key must be at least half the length of
the output of the PRF function.
|