Generate AES CBC Signature
According to MDRM there is Generate 3DES CBC signature functionality in the cards. I’m wondering whether this is signature/MAC functionality also available with the AES cipher. or will be?
This shouldn’t be that difficult, since the construct is the same, only using a different block cipher.
An effecient AES equivalent to the Generate Triple DES CBC Signature primitive is to use the Block Encipher primitive and specify OutputAddr to be the same as InputAddr. Take the last block of output as your signature.
If you don’t want to overwrite the input you have a couple options: a) use a separate output buffer (could be wasteful depending on the size of the message) or b) call the primitive once per block and use the IV input (could be slower).
Otherwise, yes, if there’s a demand for it a new primitive could be added.
Actually, I didn’t check the specifications correctly. The signature/mac I’m looking for is AES-CMAC. This is the standardised AES mac algorithm. But from you answer I guess I’ll have to implement it myself.