CKM_TUAK_DERIVE
Supported Operations
| Encrypt and Decrypt | No |
| Sign and Verify | No |
| SignRecover and VerifyRecover | No |
| Digest | No |
| Generate Key/Key-Pair | No |
| Wrap and Unwrap | No |
| Derive | Yes |
| Available in FIPS Mode | Yes |
| Restrictions in FIPS Mode | None |
Key Size Range (bytes) and Parameters
| Minimum | 16 |
| FIPS Minimum | 16 |
| Maximum | 32 |
| Parameter | CK_TUAK_DERIVE_PARAMS
|
Description
This mechanism is used to perform key derivation for TUAK functions F1, F1* and F2 as per the specification TS-35.231, available at http://www.3gpp.org, using the PKCS functions C_DeriveKey().
The mechanism requires the 16- or 32-byte TUAK key 'K' to be initialized as an AES key on the HSM slot. The key should have the CKA_DERIVE attribute set to TRUE. The 16- or 32-byte Operator Variant key should be stored on the HSM slot as a Generic Secret key (CKK_GENERIC_SECRET).
The mechanism takes a parameter, CK_TUAK_DERIVE_PARAMS. See ctvdef.h for description.
The resultant derived key(s) are of the type "CKK_GENERIC_SECRET" using the supplied user template. Attempts to create any other type of key will result in an error.
NOTE Only a 16- or 32-byte AES key and a 16- or 32-byte Operator Variant are supported with this mechanism.
Return to SafeNet ProtectToolkit-C Mechanisms
