AES Cipher Object

Operation Supported : Encrypt, Decrypt, Multi-part MAC, Multi-part MAC Verify

Key Encoding

Supports 16, 24 and 32 byte key value.

Encrypt/Decrypt Modes

The least significant nibble (4 bits) determines the operational mode.

Possible values:

>SYM_MODE_ECB (0)

Electronic Code Book (ECB) mode.

>SYM_MODE_CBC (1)

Cipher Block Chaining (CBC) mode. It may be combined with a padding mode (see below).

>SYM_MODE_OFB (4)

Output Feed Back (OFB) mode.

Padding Mode

The most significant nibble defines the padding mode used.

Possible mode: SYM_MODE_PAD (0x90)

PKCS#1 padding is applied. This causes 1 to 8 bytes of padding to be added to the data. Note that the padding is applicable to SYM_MODE_CBC only.

MAC modes

For MAC generation and verification, available modes include:

>SYM_MODE_MAC_3 (0)

Standard CBC

>SYM_MODE_MAC_GEN (1)

Standard CBC with configurable MAC length

Encrypt/Decrypt Parameters

In SYM_MODE_CBC, the parameter buffer must contain the IV (16 bytes). In SYM_MODE_ECB, there are no parameters.

MAC Parameters

When mode is SYM_MODE_MAC_GEN, parameter buffer contains at least 4 bytes, which is the little-endian encoding of an integer. The integer value must contain a value from 1 to 8, indicating the number of bytes of the final IV that will be used as the MAC. This is optionally followed by 8 bytes containing the IV.


Customer Support Portal

SafeNet ProtectToolkit 5.9 Product Documentation  06 January 2020  Copyright 2009-2020 Thales. All rights reserved.