Each CMAC-AES algorithm capability advertised is a self-contained JSON object using [mac_caps_table]. Each capability object describes a separate permutation of direction and key length.
| JSON Value | Description | JSON type | Valid Values |
|---|---|---|---|
direction |
The MAC direction(s) to test |
array |
"gen" and/or "ver" |
keyLen |
The keyLen supported |
array of integer |
[128, 192, 256] |
msgLen |
The CMAC message lengths supported in bits, values MUST be mod 8 |
Domain |
Min: 0, Max: 524288, Inc: 8 |
macLen |
The supported mac sizes |
Domain |
Min: 1, Max: 128 |
'macLen' for CMAC is a Domain of values, the server MAY choose values defined by these rules:
-
The smallest CMAC length supported
-
A second CMAC length supported
-
The largest CMAC length supported
'msgLen' for CMAC is a Domain of values, the server MAY choose values defined by these rules:
-
The smallest message length supported
-
Two message lengths divisible by block size
-
Two message lengths NOT divisible by block size
-
The largest message length supported
The following is an example JSON object advertising support for CMAC-AES.
{
"algorithm": "CMAC-AES",
"revision": "1.0",
"capabilities": [
{
"direction": ["gen", "ver"],
"keyLen": [128],
"msgLen": [
{
"min": 0,
"max": 65536,
"increment": 8
}
],
"macLen": [
{
"min": 64,
"max": 128,
"increment": 8
}
]
},
{
"direction": ["gen", "ver"],
"keyLen": [192],
"msgLen": [
{
"min": 0,
"max": 65536,
"increment": 8
}
],
"macLen": [
{
"min": 64,
"max": 128,
"increment": 8
}
]
},
{
"direction": ["gen", "ver"],
"keyLen": [256],
"msgLen": [
{
"min": 0,
"max": 65536,
"increment": 8
}
],
"macLen": [
{
"min": 64,
"max": 128,
"increment": 8
}
]
}
]
}