CKM_MILENAGE_SIGN
Supported Operations
Encrypt and Decrypt | No |
Sign and Verify | Yes (Single-part sign only) |
SignRecover and VerifyRecover | No |
Digest | No |
Generate Key/Key-Pair | No |
Wrap and Unwrap | No |
Derive | No |
Available in FIPS Mode | No |
Key Size Range (bytes) and Parameters
Minimum | 16 |
Maximum | 16 |
Parameter | CK_MILENAGE_SIGN_PARAMS
|
Description
This mechanism is used to perform MAC calculation for MILENAGE functions F1, F1* and F2 as per the specification available at http://www.3gpp.org/specifications/60-confidentiality-algorithms, using the PKCS functions C_SignInit() and C_Sign().
The mechanism requires the 16-byte milenage key 'K' to be initialized as an AES key on the HSM slot. The key should have the CKA_SIGN attribute set to TRUE. The 16-byte Operator Variant key should be stored on the HSM slot as a Generic Secret key (CKK_GENERIC_SECRET).
The mechanism takes a parameter, CK_MILENAGE_SIGN_PARAMS. See ctvdef.h for description.
NOTE Only a 16-byte AES key and a 16-byte Operator Variant are supported with this mechanism.
Return to ProtectToolkit-C Mechanisms