Subject: RE: [pkcs11] Groups - GMAC corrections and enhancements uploaded
I agree it doesn’t make a lot of sense, especially considering we don’t allow CKM_AES_CMAC to derive (according to 2.40).
If we did ever want to allow a GMAC/CMAC/HMAC based derivation we could define a separate mechanism much like CKM_SHAXXX_KEY_DERIVATION exists for the SHA based digest mechanisms.
If nobody has a counter opinion I’ll remove that check in an updated revision.
David and all TC members,
While reviewing the GMAC proposal I noticed that table 60 allows CKM_AES_GMAC not only for functions “Sign & Verify” but also for function “Derive”. Does that make sense? CKM_AES_MAC, CKM_AES_CMAC and CKM_SHAnnn_HMAC are also not foreseen for key derivation. I suggest to remove the “√” symbol for the Derive function.
On Behalf Of David Gascon
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.