General block cipher MAC

Cipher <NAME> has a MACing mechanism, "<NAME>-MAC", denoted CKM_<NAME>_MAC. This mechanism is a special case of the CKM_<NAME>_MAC_GENERAL mechanism described above. It always produces an output of size half as large as <NAME>'s blocksize.

This mechanism has no parameters.

Constraints on key types and the length of data are summarized in the following table:

Table 330, General Block Cipher MAC: Key And Data Length
Function Key type Data length Signature length

C_Sign <NAME> any LOWER(blocksize/2)

C_Verify <NAME> any LOWER(blocksize/2)

For this mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure may or may not be used. The CAST, CAST3, and CAST128 (CAST5) ciphers have variable key sizes, and so for these ciphers, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the supported range of key sizes, in bytes. For the DES, DES3 (triple-DES), IDEA, and CDMF ciphers, these fields are not used.

RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v230

Function	Key type	Data length	Signature length
C_Sign	<NAME>	any	LOWER(blocksize/2)
C_Verify	<NAME>	any	LOWER(blocksize/2)