SSH-KDF is similar to SP800 KDF and PBKDF2 in some ways, but it uses just a hash instead of a proper HMAC and no counter, instead re-hashes in the previous hash when expansion is needed.
This means none of the standard PKCS#11 KDFs really cover it and will need to elaborate a new proposal, starting with implementing a vendor namespaced version to kick the tires.
SSH-KDF is similar to SP800 KDF and PBKDF2 in some ways, but it uses just a hash instead of a proper HMAC and no counter, instead re-hashes in the previous hash when expansion is needed.
This means none of the standard PKCS#11 KDFs really cover it and will need to elaborate a new proposal, starting with implementing a vendor namespaced version to kick the tires.