IBM-specific key derivation functions

CKD_IBM_HYBRID_SHAnnn_KDF

Availability:

The key derivation functions CKD_IBM_HYBRID_NULL and CKD_IBM_HYBRID_SHAnnn_KDF are available with the EP11 token.

Description:

Key derivation functions (KDFs) are applied to derive key data from a shared secret. For key derivation from multiple secrets during a hybrid Kyber KEM operation, functions CKD_IBM_HYBRID_SHAnnn_KDF can be used to concatenate secrets in a generic secret key.

The SHA variants of the CKD_IBM_HYBRID_SHAnnn_KDF constants imply key derivation using the concatenated secrets according to ANSI X9.63 using the named hash function. This hybrid derivation is analogous to the key derivation by the PKCS #11 standard KDFs like CKD_SHA<nnn>_KDF.

Prerequisites:

An EP11 host library and a Crypto Express EP11 coprocessor version supporting the SHA3 algorithms are required.