Hello,
Is the Nitrokey HSM2 capable of performing the derivation of an AES key via simple AES-CMAC as explained by NXP in this document:
This corresponds to NIST: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38b.pdf
Which PKCS # 11 mechanism is available CKM_AES_CMAC? CKM_AES_CMAC_GENERAL?
Thank you.
HSM2: Supported AES Modes? - looks like it does not. Just tried some other random smartcard I have and it does not seem to have it, too,
Quick Internet search reveals there are some chips and other solutions that support it. I think it cannot be added in the PKCS#11 provider (software talking to the smartcard) because K1 and K2 subkey generation needs to be done in secret, too.
Update for the archives - now I think it can:
Reading SmartCard-HSM AGD User Manual for Version 3.5:
5.5.10 Derive Symmetric Key
The Derive Symmetric Key command allows the terminal to derive a key value from a
symmetric AES key. The derived key value is returned to the terminal.
With algorithm ‘99’, the device calculates a derived key value using the Extraction-then-
Expansion key derivation algorithm from [SP800-56C] with HMAC-SHA256. The key used
in the extraction step is a sequence of 32 0-bytes. The AES key value of the key selected
in P1 is the shared secret Z. The input to the HMAC in the key expansion step (FixedInfo)
must be provided in C-Data.
Algorithms ‘10’ and ‘11’ allow deriving a key using AES CBC encryption or decryption. The
input block length must be a multiple of 16.
The AES-CMAC algorithm can be selected with ‘18’. The input provided in C-Data is used
as CMAC input and 16 bytes are returned.
See also
