我正在尝试基于 HSM 上存储的密钥生成 Aes Cmac,并支持 Pkcs11Interop,这是我的逻辑
public byte[] GenerateCmac(byte[] data, byte[] iv)
{
// Helper to get the session, works fine
var session = pKCS11Connector.GetSession(SessionType.ReadWrite);
// Helper function to get existing Aes key, works fine
IObjectHandle obj = GetObj(session, "AesKey3");
var mechanism = session.Factories.MechanismFactory.Create(CKM.CKM_AES_CMAC, iv);
return session.Sign(mechanism, obj, data);
}
但我总是得到异常: Net.Pkcs11Interop.Common.Pkcs11Exception Method C_SignInit returned CKR_MECHANISM_PARAM_INVALID
关于如何生成 CMAC 的任何想法或示例