CKM_MILENAGE_SIGN
Supported Operations
Encrypt and Decrypt |
No |
Sign and Verify |
Yes (single-part sign only) |
SignRecover and VerifyRecover |
No |
Digest |
No |
Generate Key/Key-Pair |
No |
Wrap and Unwrap |
No |
Derive |
No |
FIPS-approved |
No |
Key Size Range (bytes) and Parameters
Minimum | 16 |
FIPS Minimum | N/A |
Maximum | 16 |
Parameter | CK_MILENAGE_SIGN_PARAMS
|
Description
This mechanism is used to perform MAC calculation for MILENAGE functions F1, F1* and F2 as per the specification available at http://www.3gpp.org/specifications/60-confidentiality-algorithms, using the PKCS functions C_SignInit() and C_Sign().
The mechanism requires the 16-byte milenage key 'K' to be initialized as an AES key on the HSM slot. The key should have the CKA_SIGN attribute set to TRUE. The 16-byte Operator Variant key should be stored on the HSM slot as a Generic Secret key (CKK_GENERIC_SECRET).
The mechanism takes a parameter, CK_MILENAGE_SIGN_PARAMS. See ctvdef.h for description.
NOTE Only a 16-byte AES key and a 16-byte Operator Variant are supported with this mechanism.
Return to SafeNet ProtectToolkit-C Mechanisms