CKM_AES_GCM
Supported Operations
|
Encrypt and Decrypt |
Yes |
|
Sign and Verify |
No |
|
SignRecover and VerifyRecover |
No |
|
Digest |
No |
|
Generate Key/Key-Pair |
No |
|
Wrap and Unwrap |
No |
|
Derive |
No |
|
Available in FIPS Mode |
Yes |
| Restrictions in FIPS Mode | None |
Key Size Range (bytes) and Parameters
| Minimum | 16 |
| FIPS Minimum | 16 |
| Maximum | 32 |
| Parameter | CK_GCM_PARAMS
|
Description
For a full description of this mechanism, refer to the PKCS#11 version 2.30 documentation from RSA Laboratories.
AES GCM is a single part encrypt/decrypt operation; the following sequence of PKCS#11 function calls may be used in applications:
C_EncryptInit(...)
C_Encrypt(...)
...
C_DecryptInit(...)
C_Decrypt(...)
PTK's implementation of AES GCM assumes the following limitations:
>IV maximum length is 128 octets (max value from NIST test vectors),
>AAD maximum length is 90 octets(max value from NIST test vectors),
>message maximum length is 126K (129024) octets.
Return to SafeNet ProtectToolkit-C Mechanisms
