Update for the archives - now I think it can:
Reading SmartCard-HSM AGD User Manual for Version 3.5:
5.5.10 Derive Symmetric Key
The Derive Symmetric Key command allows the terminal to derive a key value from a
symmetric AES key. The derived key value is returned to the terminal.
With algorithm ‘99’, the device calculates a derived key value using the Extraction-then-
Expansion key derivation algorithm from [SP800-56C] with HMAC-SHA256. The key used
in the extraction step is a sequence of 32 0-bytes. The AES key value of the key selected
in P1 is the shared secret Z. The input to the HMAC in the key expansion step (FixedInfo)
must be provided in C-Data.
Algorithms ‘10’ and ‘11’ allow deriving a key using AES CBC encryption or decryption. The
input block length must be a multiple of 16.
The AES-CMAC algorithm can be selected with ‘18’. The input provided in C-Data is used
as CMAC input and 16 bytes are returned.
See also