CKM_TUAK_SIGN

Supported Operations

Encrypt and Decrypt No
Sign and Verify Yes (single-part sign only)
SignRecover and VerifyRecover No
Digest No
Generate Key/Key-Pair No
Wrap and Unwrap No
Derive No
Available in FIPS Mode Yes
Restrictions in FIPS Mode None

Key Size Range (bytes) and Parameters

Minimum 16
FIPS Minimum 16
Maximum 32
Parameter CK_TUAK_SIGN_PARAMS

Description

This mechanism is used to perform MAC calculation for TUAK functions F1, F1* and F2 as per the specification TS-35.231, available at http://www.3gpp.org, using the PKCS functions C_SignInit() and C_Sign().

The mechanism requires the 16- or 32-byte TUAK key 'K' to be initialized as an AES key on the HSM slot. The key should have the CKA_SIGN attribute set to TRUE. The 16- or 32-byte Operator Variant key should be stored on the HSM slot as a Generic Secret key (CKK_GENERIC_SECRET).

The mechanism takes a parameter, CK_TUAK_SIGN_PARAMS. See ctvdef.h for description.

NOTE   Only a 16- or 32-byte AES key and a 16- or 32-byte Operator Variant are supported with this mechanism.

Return to SafeNet ProtectToolkit-C Mechanisms