CKM_AES_GCM_OLD
This section provides a summary of CKM_AES_GCM_OLD.
Note
This mechanism is only available if you are using ProtectToolkit 7.1.0 or newer with ProtectServer 3 HSM Firmware 7.01.00 or newer.
In ProtectToolkit 7.0.0, CKM_AES GCM behaves identically to this mechanism. For a description of CKM_AES_GCM as it behaves when using ProtectToolkit 7.0.0, refer to the description below.
Supported operations
Operation | Support |
---|---|
Encrypt and Decrypt | Yes (Single-part operation only) |
Sign and Verify | No |
SignRecover and VerifyRecover | No |
Digest | No |
Generate Key/Key-Pair | No |
Wrap and Unwrap | No |
Derive | No |
FIPS Mode support
Available in FIPS Mode | Restrictions in FIPS Mode |
---|---|
Yes | A random IV is created when performing encryption |
Key size range (bytes) and parameters
Key size minimum/maximum | Value |
---|---|
Minimum | 16 |
FIPS Minimum | 16 |
Maximum | 32 |
Parameter
CK_GCM_PARAMS
Mechanism description
For a full description of this mechanism, refer to the PKCS#11 version 2.30 documentation from RSA Laboratories.
AES GCM is a single part encrypt/decrypt operation; the following sequence of PKCS#11 function calls can be used in applications:
C_EncryptInit(...)
C_Encrypt(...)
...
C_DecryptInit(...)
C_Decrypt(...)
C_Encrypt() returns the ciphertext, tag and IV.
When encrypting or decrypting, the caller must specify an IV using the pIV and ulIvLen fields of CK_GCM_PARAMS
. Passing NULL as the IV returns an error.
When encrypting and the HSM is in FIPS Mode, the HSM will replace the IV with random bytes. When the encryption completes, the new or original IV actually used in the operation is appended to the output (following the tag).
The PTK implementation of AES GCM assumes the following limitations:
-
IV maximum length is 128 octets (max value from NIST test vectors)
-
AAD maximum length is 32768 octets
-
ulTagBits must be >= 32 or <= 128 and a multiple of 8. If “FIPS Alg Only”, the value must be 128, 120, 112, 104 or 96.
-
Message maximum length is 63KB - ulAADLen octets.
Return to ProtectToolkit-C mechanisms.