General-length AES-MAC

General-length AES-MAC, denoted CKM_AES_MAC_GENERAL, is a mechanism for single- and multiple-part signatures and verification, based on NIST Advanced Encryption Standard as defined in FIPS PUB 197 and data authentication as defined in FIPS PUB 113.

It has a parameter, a CK_MAC_GENERAL_PARAMS structure, which specifies the output length desired from the mechanism.

The output bytes from this mechanism are taken from the start of the final AES cipher block produced in the MACing process.

Constraints on key types and the length of data are summarized in the following table:

Table 89, General-length AES-MAC: Key And Data Length
Function Key type Data length Signature length

C_Sign AES any 0-block size, as specified in parameters

C_Verify AES any 0-block size, as specified in parameters

For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the supported range of AES key sizes, in bytes.

RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v220

Function	Key type	Data length	Signature length
C_Sign	AES	any	0-block size, as specified in parameters
C_Verify	AES	any	0-block size, as specified in parameters