CKM_AES_CCM

Supported Operations

Encrypt and Decrypt Yes (Single-part operation only)
Sign and Verify No
SignRecover and VerifyRecover No
Digest No
Generate Key/Key-Pair No
Wrap and Unwrap No
Derive No
Available in FIPS Mode Yes
Restrictions in FIPS Mode None

Key Size Range (bytes) and Parameters

Minimum 16
FIPS Minimum 16
Maximum 32
Parameter CK_CCM_PARAMS

Description

For a full description of this mechanism, refer to the PKCS#11 version 2.30 documentation from RSA Laboratories.

AES CCM is a single part encrypt/decrypt operation; the following sequence of PKCS#11 function calls may be used in applications:

C_EncryptInit(...)
C_Encrypt(...)
...
C_DecryptInit(...)
C_Decrypt(...)

PTK's implementation of AES CCM assumes the following limitations:

>maximum plain text size is 130032 octets, tested under the following conditions:

Key size: 16 octets

Nonce size: 7-13 octets

AAD size: 32 octets

Tag length: 8 octets

MAC length: 4, 6, 8, 10, 12, 14, or 16 octets

Return to ProtectToolkit-C Mechanisms