CKM_AES_GCM

Supported Operations

Encrypt and Decrypt

Yes

Sign and Verify

No

SignRecover and VerifyRecover

No

Digest

No

Generate Key/Key-Pair

No

Wrap and Unwrap

No

Derive

No

Available in FIPS Mode

Yes
Restrictions in FIPS Mode None

Key Size Range (bytes) and Parameters

Minimum 16
FIPS Minimum 16
Maximum 32
Parameter CK_GCM_PARAMS

Description

For a full description of this mechanism, refer to the PKCS#11 version 2.30 documentation from RSA Laboratories.

AES GCM is a single part encrypt/decrypt operation; the following sequence of PKCS#11 function calls may be used in applications:

C_EncryptInit(...)
C_Encrypt(...)
...
C_DecryptInit(...)
C_Decrypt(...)
 

PTK's implementation of AES GCM assumes the following limitations:

>IV maximum length is 128 octets (max value from NIST test vectors),

>AAD maximum length is 90 octets(max value from NIST test vectors),

>message maximum length is 126K (129024) octets.

Return to SafeNet ProtectToolkit-C Mechanisms