TechQA.

pkcs11 cmac calculation in java

490 views Asked by At

I am trying to calculate AES-MAC (RFC 4493) with Pkcs11 wrapper in java. and it seems that the hsm sends the last bloc of AES-CBC which is not the expected result. Here is the how I send my PKCS11 request:

            CK_MECHANISM mec = new CK_MECHANISM();
                        
            mec.mechanism = Mechanism.AES_MAC_GENERAL.getMechanismCode();
            mec.pParameter = new MacGeneralParameters(16L).getPKCS11ParamsObject();
            
            cryptoki.C_SignInit(ckiSession, mec, key, true);
            Mac = cryptoki.C_Sign(ckiSession, data);

and here is the result:

key                   = 00000000000000000000000000000000
data                  = 00000000000000000000000000000000
AES_CBC(key, data)    = 66E94BD4EF8A2C3B884CFA59CA342B2E
cmac(key, data)       = 66E94BD4EF8A2C3B884CFA59CA342B2E
expected cmac         = 763CBCDE81DF9131BF897712C088EDAD

Can you please help to fix this issue?

Thank you!

java wrapper pkcs#11 hsm iaik-jce
Original Q&A
1

There are 1 answers

5
vlp On

Your code uses the AES_MAC_GENERAL mechanism which is a CBC-MAC (see here and here).

For AES-CMAC you should use CKM_AES_CMAC/CKM_AES_CMAC_GENERAL (see here).

Note that this mechanism might not be supported by your HSM.

Good luck with your project!

EDIT>

I don't have access to IAIK wrapper right now, but given the javadoc you might want to try something like:

CK_MECHANISM mec = new CK_MECHANISM();
mec.mechanism = PKCS11Constants.CKM_AES_CMAC_GENERAL;
mec.pParameter = new MacGeneralParameters(16L).getPKCS11ParamsObject();

Related Questions in JAVA

Related Questions in WRAPPER

Related Questions in PKCS#11

Related Questions in HSM

Related Questions in IAIK-JCE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions