Cryptographic Token Interface Standard

PKCS#11


AES-MAC

AES-MAC, denoted by CKM_AES_MAC, is a special case of the general-length AES-MAC mechanism. AES-MAC always produces and verifies MACs that are half the block size in length.

It does not have a parameter.

Constraints on key types and the length of data are summarized in the following table:

Table 90, AES-MAC: Key And Data Length
Function Key type
Data length
Signature length
C_Sign AES
any
1/2 block size (8 bytes)
C_Verify AES
any
1/2 block size (8 bytes)

For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the supported range of AES key sizes, in bytes.


RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v220