Nitrokey HSM2 derivation AES-CMAC


Is the Nitrokey HSM2 capable of performing the derivation of an AES key via simple AES-CMAC as explained by NXP in this document:

This corresponds to NIST:
Which PKCS # 11 mechanism is available CKM_AES_CMAC? CKM_AES_CMAC_GENERAL?

Thank you.

HSM2: Supported AES Modes? - looks like it does not. Just tried some other random smartcard I have and it does not seem to have it, too,

Quick Internet search reveals there are some chips and other solutions that support it. I think it cannot be added in the PKCS#11 provider (software talking to the smartcard) because K1 and K2 subkey generation needs to be done in secret, too.

Update for the archives - now I think it can:

Reading SmartCard-HSM AGD User Manual for Version 3.5:

5.5.10 Derive Symmetric Key

The Derive Symmetric Key command allows the terminal to derive a key value from a
symmetric AES key. The derived key value is returned to the terminal.
With algorithm ‘99’, the device calculates a derived key value using the Extraction-then-
Expansion key derivation algorithm from [SP800-56C] with HMAC-SHA256. The key used
in the extraction step is a sequence of 32 0-bytes. The AES key value of the key selected
in P1 is the shared secret Z. The input to the HMAC in the key expansion step (FixedInfo)
must be provided in C-Data.
Algorithms ‘10’ and ‘11’ allow deriving a key using AES CBC encryption or decryption. The
input block length must be a multiple of 16.
The AES-CMAC algorithm can be selected with ‘18’. The input provided in C-Data is used
as CMAC input and 16 bytes are returned.

See also