Closed armando-basile closed 2 years ago
armando-basile
commented
2 years ago It required use of CKM_AES_CMAC_GENERAL instead CKM_AES_CMAC and pass output length as MacGeneralParameters
But i did not used PKCS11Constants.CKM_AES_CMAC_GENERAL (0x108b) because CKM_AES_CMAC_GENERAL because constant seems wrong: https://www.oasis-open.org/committees/download.php/55622/AES-XTS.pdf
xipki
commented
2 years ago The PKCS11Constants are derived from https://github.com/xipki/pkcs11wrapper/blob/sunpkcs11/dev/resources/pkcs11t.h, a copy of http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/os/include/pkcs11-v2.40/pkcs11t.h.
#define CKM_AES_CCM 0x00001088UL
#define CKM_AES_CTS 0x00001089UL
#define CKM_AES_CMAC 0x0000108AUL
#define CKM_AES_CMAC_GENERAL 0x0000108BUL
#define CKM_AES_XCBC_MAC 0x0000108CUL
#define CKM_AES_XCBC_MAC_96 0x0000108DUL
#define CKM_AES_GMAC 0x0000108EULThe AES-XTS.pdf seems to be the first v2.40 version http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html. Which is deprecated by http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/pkcs11-base-v2.40-errata01-complete.html.
Hi Xipki, i tring to generate an AES CMAC using a 128 bit key but i receive a 64 bit MAC instead 128 bit. I saw that
i use a simple code to generate mac but i don't konw how specify MAC length, seems that CKM_AES_CMAC have not parameter
could you help me ?
2021-09-29 update: seems that could be an HSM bug, SafeNet ProtectServer appliance. I opened a case on Thales Customer Support system. I will keep the post updated.