Question about the Key Agreement in the Passkey CTAP process:

I understand that during the CTAP process with a Passkey, a key agreement takes place when scanning the QR code and sending Bluetooth advertisements. Is the Diffie-Hellman algorithm used for the key agreement during this process?

The cross-platform sign in method used by passkeys is documented here in the CTAP 2.2 draft spec. In the spec it is known as the "hybrid" transport.

Question about the Key Agreement in the Passkey CTAP process: