CKM_AES_GCM
GCM is the Galois/Counter Mode of operation of the AES algorithm for symmetric key encryption.
Usage Notes
Data size
The maximum allowed data size for this mechanism is 64KB (64 * 1024).
Initialization Vector (IV)
Random initialization vector (IV) is supported and recommended for GCM and for GMAC. In FIPS mode, the HSM firmware does not accept the IV parameter, and instead returns a generated IV.
The internal IV is a randomly generated 16-byte IV.
JCPROV
AES-GMAC and AES-GCM are supported in JCPROV. Use CK_AES_CMAC_PARAMS.java to define the GMAC operation. Implementation is the same as for PKCS#11.
Accumulating data
Our GMAC and GCM are single part operations, so even if they are called using multi-part API, we accumulate the data (up to a maximum) and return data only on the “final” operation. That is the meaning of "Accumulating" in the table, below.
Summary
FIPS approved? | Yes |
Supported functions | Encrypt | Decrypt |
Minimum key length (bits) | 128 |
Minimum key length for FIPS use (bits) | N/A |
Minimum legacy key length for FIPS use (bits) | 128 |
Maximum key length (bits) | 256 |
Block size | 16 |
Digest size | 0 |
Key types | AES |
Algorithms | AES |
Modes | GCM |
Flags | Extractable | Accumulating |