0

I am trying to calculate AES-MAC (RFC 4493) with Pkcs11 wrapper in java. and it seems that the hsm sends the last bloc of AES-CBC which is not the expected result. Here is the how I send my PKCS11 request:

            CK_MECHANISM mec = new CK_MECHANISM();
                        
            mec.mechanism = Mechanism.AES_MAC_GENERAL.getMechanismCode();
            mec.pParameter = new MacGeneralParameters(16L).getPKCS11ParamsObject();
            
            cryptoki.C_SignInit(ckiSession, mec, key, true);
            Mac = cryptoki.C_Sign(ckiSession, data);

and here is the result:

key                   = 00000000000000000000000000000000
data                  = 00000000000000000000000000000000
AES_CBC(key, data)    = 66E94BD4EF8A2C3B884CFA59CA342B2E
cmac(key, data)       = 66E94BD4EF8A2C3B884CFA59CA342B2E
expected cmac         = 763CBCDE81DF9131BF897712C088EDAD

Can you please help to fix this issue?

Thank you!

zero
  • 43
  • 4

1 Answers1

2

Your code uses the AES_MAC_GENERAL mechanism which is a CBC-MAC (see here and here).

For AES-CMAC you should use CKM_AES_CMAC/CKM_AES_CMAC_GENERAL (see here).

Note that this mechanism might not be supported by your HSM.

Good luck with your project!

EDIT>

I don't have access to IAIK wrapper right now, but given the javadoc you might want to try something like:

CK_MECHANISM mec = new CK_MECHANISM();
mec.mechanism = PKCS11Constants.CKM_AES_CMAC_GENERAL;
mec.pParameter = new MacGeneralParameters(16L).getPKCS11ParamsObject();
vlp
  • 7,811
  • 2
  • 23
  • 51
  • Thank you, in fact. I think CMAC is not supported by the hsm (or the iaik wrapper). I didn't found AES-CMAC in Mechanism attributes list. – zero Feb 02 '21 at 09:37
  • @zero See my updated answer for setting the `CKM_AES_CMAC_GENERAL` mechanism (`CKM_AES_CMAC` without parameter is worth trying as well). HSM support for particular mechanism is in the vendor provided documentation and can be queried using [`C_GetMechanismList`](http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html#_Toc235002331). A firmware update might be needed. – vlp Feb 02 '21 at 13:06
  • Thank you a lot !! it works !! (using CKM_AES_CMAC) :D :D – zero Feb 02 '21 at 15:58
  • I have another question if you don't mind. Do you know if it's possible to encrypt a key k1 in the hsm with another key k2 in the same hsm with PKCS11 ? – zero Feb 02 '21 at 16:18
  • @zero Have a look at [C_WrapKey](http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html#_Toc235002393) call ([here](http://javadoc.iaik.tugraz.at/pkcs11_wrapper/current/iaik/pkcs/pkcs11/wrapper/PKCS11.html#C_WrapKey-long-iaik.pkcs.pkcs11.wrapper.CK_MECHANISM-long-long-boolean-) is a IAIK wrapper javadoc). I am glad it works. – vlp Feb 02 '21 at 20:01