CKM_AES_CCM
Supported Operations
Encrypt and Decrypt | Yes (Single-part operation only) |
Sign and Verify | No |
SignRecover and VerifyRecover | No |
Digest | No |
Generate Key/Key-Pair | No |
Wrap and Unwrap | No |
Derive | No |
Available in FIPS Mode | Yes |
Restrictions in FIPS Mode | None |
Key Size Range (bytes) and Parameters
Minimum | 16 |
FIPS Minimum | 16 |
Maximum | 32 |
Parameter | CK_CCM_PARAMS
|
Description
For a full description of this mechanism, refer to the PKCS#11 version 2.30 documentation from RSA Laboratories.
AES CCM is a single part encrypt/decrypt operation; the following sequence of PKCS#11 function calls may be used in applications:
C_EncryptInit(...) C_Encrypt(...) ... C_DecryptInit(...) C_Decrypt(...)
PTK's implementation of AES CCM assumes the following limitations:
>maximum plain text size is 130032 octets, tested under the following conditions:
•Key size: 16 octets
•Nonce size: 7-13 octets
•AAD size: 32 octets
•Tag length: 8 octets
•MAC length: 4, 6, 8, 10, 12, 14, or 16 octets
Return to ProtectToolkit-C Mechanisms