CKM_MILENAGE_DERIVE

Supported Operations

Encrypt and Decrypt No
Sign and Verify No
SignRecover and VerifyRecover No
Digest No
Generate Key/Key-Pair No
Wrap and Unwrap No
Derive Yes
Available in FIPS Mode No

Key Size Range (bytes) and Parameters

Minimum 16
Maximum 16
Parameter CK_MILENAGE_DERIVE_PARAMS

Description

This mechanism is used to perform key derivation for MILENAGE functions F3, F4, F5 and F5* as per the specification available at http://www.3gpp.org/specifications/60-confidentiality-algorithms using the PKCS function C_DeriveKey(). .

The mechanism requires the 16-byte milenage key 'K' to be initialized as an AES key on the HSM slot. The key should have the CKA_DERIVE attribute set to TRUE. The 16-byte Operator Variant key should be stored on the HSM slot as a Generic Secret key (CKK_GENERIC_SECRET).

The mechanism takes a parameter, CK_MILENAGE_DERIVE_PARAMS. See ctvdef.h for description.

The resultant derived key(s) are of the type "CKK_GENERIC_SECRET" using the supplied user template. Attempts to create any other type of key will result in an error.

NOTE   Only a 16-byte AES key and a 16-byte Operator Variant are supported with this mechanism.

Return to ProtectToolkit-C Mechanisms