diff --git a/lib/util/pkcs11n.h b/lib/util/pkcs11n.h
--- a/lib/util/pkcs11n.h
+++ b/lib/util/pkcs11n.h
@@ -147,16 +147,22 @@
 #define CKM_NSS_AES_KEY_WRAP_PAD (CKM_NSS + 2)
 
 /* HKDF key derivation mechanisms. See CK_NSS_HKDFParams for documentation. */
 #define CKM_NSS_HKDF_SHA1 (CKM_NSS + 3)
 #define CKM_NSS_HKDF_SHA256 (CKM_NSS + 4)
 #define CKM_NSS_HKDF_SHA384 (CKM_NSS + 5)
 #define CKM_NSS_HKDF_SHA512 (CKM_NSS + 6)
 
+/* IKE mechanism (to be proposed to PKCS #11 */
+#define CKM_NSS_IKE_PRF_PLUS_DERIVE (CKM_NSS + 7)
+#define CKM_NSS_IKE_PRF_DERIVE (CKM_NSS + 8)
+#define CKM_NSS_IKE1_PRF_DERIVE (CKM_NSS + 9)
+#define CKM_NSS_IKE1_APP_B_PRF_DERIVE (CKM_NSS + 10)
+
 /* J-PAKE round 1 key generation mechanisms.
  *
  * Required template attributes: CKA_PRIME, CKA_SUBPRIME, CKA_BASE,
  *                               CKA_NSS_JPAKE_SIGNERID
  * Output key type: CKK_NSS_JPAKE_ROUND1
  * Output key class: CKO_PRIVATE_KEY
  * Parameter type: CK_NSS_JPAKERound1Params
  *
@@ -337,16 +343,82 @@ typedef struct CK_NSS_HKDFParams {
     CK_BYTE_PTR pSalt;
     CK_ULONG ulSaltLen;
     CK_BBOOL bExpand;
     CK_BYTE_PTR pInfo;
     CK_ULONG ulInfoLen;
 } CK_NSS_HKDFParams;
 
 /*
+ * CK_NSS_IKE_PRF_PLUS_PARAMS is a structure that provides the parameters to
+ * the CKM_NSS_IKE_PRF_PLUS_DERIVE mechanism.
+ * The fields of the structure have the following meanings:
+ *      prfMechanism    underlying MAC mechanism used to generate the prf.
+ *      bHasSeedKey     hSeed key is present.
+ *      hSeedKey        optional seed from key
+ *      pSeedData       optional seed from data.
+ *      ulSeedDataLen   length of optional seed data.
+ *        If no seed data is present this value is NULL.
+ */
+typedef struct CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS {
+    CK_MECHANISM_TYPE prfMechanism;
+    CK_BBOOL bHasSeedKey;
+    CK_OBJECT_HANDLE hSeedKey;
+    CK_BYTE_PTR pSeedData;
+    CK_ULONG ulSeedDataLen;
+} CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS;
+
+/* CK_NSS_IKE_PRF_DERIVE_PARAMS is a structure that provides the parameters to
+ *  the CKM_NSS_IKE_PRF_DERIVE mechanism.
+ *
+ * The fields of the structure have the following meanings:
+ *     prfMechanism underlying MAC mechanism used to generate the prf.
+ *     bRekey       hNewKey is present.
+ *     pNi          Ni value
+ *     ulNiLen      length of Ni
+ *     pNr          Nr value
+ *     ulNrLen      length of Nr
+ *     hNewKey      New key value to drive the rekey.
+ */
+typedef struct CK_NSS_IKE_PRF_DERIVE_PARAMS {
+    CK_MECHANISM_TYPE prfMechanism;
+    CK_BBOOL bDataAsKey;
+    CK_BBOOL bRekey;
+    CK_BYTE_PTR pNi;
+    CK_ULONG ulNiLen;
+    CK_BYTE_PTR pNr;
+    CK_ULONG ulNrLen;
+    CK_OBJECT_HANDLE hNewKey;
+} CK_NSS_IKE_PRF_DERIVE_PARAMS;
+
+/* CK_NSS_IKE1_PRF_DERIVE_PARAMS is a structure that provides the parameters
+ * to the CKM_NSS_IKE_PRF_DERIVE mechanism.
+ *
+ * The fields of the structure have the following meanings:
+ *     prfMechanism  underlying MAC mechanism used to generate the prf.
+ *     bRekey        hNewKey is present.
+ *     pCKYi         CKYi value
+ *     ulCKYiLen     length of CKYi
+ *     pCKYr         CKYr value
+ *     ulCKYrLen     length of CKYr
+ *     hNewKey       New key value to drive the rekey.
+ */
+typedef struct CK_NSS_IKE1_PRF_DERIVE_PARAMS {
+    CK_MECHANISM_TYPE prfMechanism;
+    CK_BBOOL bHasPrevKey;
+    CK_OBJECT_HANDLE hKeygxy;
+    CK_OBJECT_HANDLE hPrevKey;
+    CK_BYTE_PTR pCKYi;
+    CK_ULONG ulCKYiLen;
+    CK_BYTE_PTR pCKYr;
+    CK_ULONG ulCKYrLen;
+    CK_BYTE keyNumber;
+} CK_NSS_IKE1_PRF_DERIVE_PARAMS;
+
+/*
  * Parameter for the TLS extended master secret key derivation mechanisms:
  *
  *  * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE
  *  * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH
  *
  * For the TLS 1.2 PRF, the prfHashMechanism parameter determines the hash
  * function used. For earlier versions of the PRF, set the prfHashMechanism
  * value to CKM_TLS_PRF.
diff --git a/lib/util/pkcs11t.h b/lib/util/pkcs11t.h
--- a/lib/util/pkcs11t.h
+++ b/lib/util/pkcs11t.h
@@ -877,16 +877,18 @@ typedef CK_ULONG CK_MECHANISM_TYPE;
 #define CKM_AES_MAC_GENERAL 0x00001084
 #define CKM_AES_CBC_PAD 0x00001085
 /* new for v2.20 amendment 3 */
 #define CKM_AES_CTR 0x00001086
 /* new for v2.30 */
 #define CKM_AES_GCM 0x00001087
 #define CKM_AES_CCM 0x00001088
 #define CKM_AES_CTS 0x00001089
+#define CKM_AES_XCBC_MAC 0x0000108C
+#define CKM_AES_XCBC_MAC_96 0x0000108D
 
 /* BlowFish and TwoFish are new for v2.20 */
 #define CKM_BLOWFISH_KEY_GEN 0x00001090
 #define CKM_BLOWFISH_CBC 0x00001091
 #define CKM_TWOFISH_KEY_GEN 0x00001092
 #define CKM_TWOFISH_CBC 0x00001093
 
 /* Camellia is proposed for v2.20 Amendment 3 */