PKCS#11
|
| Cryptographic Token Interface Standard |
PKCS#11 |
General-length AES-CMAC, denoted CKM_AES_CMAC_GENERAL, is a mechanism for single- and multiple-part signatures and verification, based on [ NIST sp800-38b] and [ RFC 4493]. NIST Special Publication 800-38B [2] and RFC 4493 [3].
It has a parameter, a CK_MAC_GENERAL_PARAMS structure, which specifies the output length desired from the mechanism.
The output bytes from this mechanism are taken from the start of the final AES cipher block produced in the MACing process.
Constraints on key types and the length of data are summarized in the following table:
Table 246, General-length AES-CMAC: Key And Data Length
| Function | Key type | ||
| C_Sign | CKK_AES | ||
| C_Verify | CKK_AES |
References [NIST sp800-38b] and [RFC 4493] recommend that the output MAC is not truncated to less than 64 bits. The MAC length must be specified before the communication starts, and must not be changed during the lifetime of the key. It is the caller's responsibility to follow these rules.
For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the supported range of AES key sizes, in bytes.