ProtectServer 3 HSM and ProtectToolkit 7
Customer release notes
- ProtectToolkit 7 releases
  - Releases for FIPS 140-2 Level 3 deployments
  - Releases for FIPS 140-3 Level 3 deployments
- ProtectServer 3 HSM firmware releases
  - Releases for FIPS 140-2 Level 3 deployments
  - Releases for FIPS 140-3 Level 3 deployments
- ProtectServer 3 Network HSM Appliance Software releases
  - Releases for FIPS 140-2 Level 3 deployments
  - Releases for FIPS 140-3 Level 3 deployments
- Supported ProtectToolkit 7 platforms
- Supported ProtectServer 3 HSM firmware and boot loader versions
- Known and resolved issues
ProtectServer 3 HSM and ProtectToolkit 7 installation and configuration
- ProtectServer 3 PCIe hardware installation
- ProtectServer 3 External installation and configuration
  - ProtectServer 3 External overview
  - ProtectServer 3 External required items
  - Installing the ProtectServer 3 External hardware
  - Deployment guidelines
  - First log on and system test
  - Network configuration
  - Powering off the ProtectServer 3 External
  - Updating the ProtectServer 3 External appliance software image
- ProtectServer 3+ External installation and configuration
  - ProtectServer 3+ External overview
  - ProtectServer 3+ External required items
  - Installing the ProtectServer 3+ External in a server rack
  - Physical features
  - Deployment guidelines
  - First log on and system test
  - Network configuration
  - Powering off the ProtectServer 3+ External
  - Updating the ProtectServer 3+ External appliance software image
- ProtectToolkit 7 software installation
  - Installing ProtectToolkit 7 on Windows
  - Installing ProtectToolkit 7 on Unix/Linux
  - Installing ProtectToolkit 7 on Unix/Linux manually
  - Deploying ProtectToolkit 7 in a Docker container on Linux
  - Available ProtectToolkit 7 components
- Configuration items
- Utilities command reference
PSESH command reference
- Using PSESH
- PSESH commands
  - audit
    - audit audit
    - audit log
    - audit service
  - exit
  - files
    - files clear
    - files delete
    - files show
  - help
  - hsm
    - hsm cert
    - hsm factoryreset
    - hsm reset
    - hsm show
    - hsm state
  - network
    - network dns
    - network domain
    - network hostname
    - network interface
    - network iptables
    - network ping
    - network route
    - network show
  - package
    - package list
    - package install
    - package listfile
  - service
    - service list
    - service restart
    - service start
    - service status
    - service stop
  - status
    - status cpu
    - status date
    - status disk
    - status interface
    - status mac
    - status mem
    - status netstat
    - status ps
    - status time
    - status zone
  - sysconf
    - sysconf appliance
    - sysconf etnetcfg
    - sysconf snmp
    - sysconf time
    - sysconf timezone
  - syslog
    - syslog cleanup
    - syslog export
    - syslog period
    - syslog remotehost
    - syslog rotate
    - syslog rotations
    - syslog show
    - syslog tail
    - syslog tarlogs
  - user password
ProtectServer HSM migration
- Migrating keys from ProtectServer 2 HSMs to ProtectServer 3 HSMs
- Migrating functionality modules from ProtectServer 2 HSMs to ProtectServer 3 HSMs
ProtectToolkit-C administration
- Introduction
- Cryptoki configuration
  - ProtectToolkit-C model
  - Initial configuration
    - Trust management
    - ProtectServer owner and identity certificates
    - Secure messaging
    - Token replication
  - Changing the Cryptoki provider
  - Work Load Distribution and High Availability
    - WLD system setup
    - Operation in WLD Mode
    - Operation in High Availability Mode
  - Real-time clock
  - ProtectToolkit-C configuration items
- Security policies and user roles
  - Typical security policies
  - Security flags
  - Security policy options
  - User roles
- Audit logging
  - Audit logging overview
  - Configuring and using audit logging
  - Audit log entries and structure
- SNMP monitoring
- Self-tests
- Operational tasks
  - Changing a user or Security Officer PIN
  - Secure key backup and restoration
  - Adding and removing slots
  - Re-initializing a token
  - Multifactor authentication (one-time password)
  - Connecting and removing smart card readers
  - Using Transport Mode to avoid a board removal tamper
  - Adjusting the HSM clock
  - Changing secure messaging mode
  - Using the system event log
  - Updating the HSM firmware or boot loader
  - Installing a functionality module
  - Key entry via PIN pad
  - Resetting the HSM to factory settings
  - Resetting the ProtectServer 3 Network HSM appliance to factory settings
  - Tampering or decommissioning the HSM
  - RMA and shipping back to Thales
- Command-line utilities reference
  - ctcert
  - ctcheck
  - ctconf
  - ctfm
  - ctident
  - ctlimits
  - ctmultitoken
  - ctotp
  - ctkmu
  - ctperf
  - ctstat
  - auditverify
  - ptk7tokmigration
- PKCS#11 attributes
- Sample EC domain parameter files
ProtectToolkit-C programming
- Introduction to PKCS#11
- Environments
- Object classes
  - Creating, modifying, copying, and deleting objects
  - Additional attribute types
  - Common attributes
  - Hardware feature objects
  - Clock objects
  - Monotonic counter objects
  - Storage objects
  - Data objects
  - Certificate objects
  - Key objects
    - Public key objects
    - Private key objects
    - Secret key objects
    - Key parameter objects
- ProtectToolkit-C mechanisms
  - CKM_AES_CBC
  - CKM_AES_CBC_ENCRYPT_DATA
  - CKM_AES_CBC_PAD
  - CKM_AES_CCM
  - CKM_AES_CMAC
  - CKM_AES_CMAC_GENERAL
  - CKM_AES_CTR
  - CKM_AES_ECB
  - CKM_AES_ECB_ENCRYPT_DATA
  - CKM_AES_GCM
  - CKM_AES_GCM_OLD
  - CKM_AES_GMAC
  - CKM_AES_KEY_GEN
  - CKM_AES_KEY_WRAP
  - CKM_AES_KEY_WRAP_PAD
  - CKM_AES_KW
  - CKM_AES_KWP
  - CKM_AES_MAC
  - CKM_AES_MAC_GENERAL
  - CKM_AES_OFB
  - CKM_ARDFP
  - CKM_ARIA_CBC
  - CKM_ARIA_CBC_PAD
  - CKM_ARIA_ECB
  - CKM_ARIA_KEY_GEN
  - CKM_ARIA_MAC
  - CKM_ARIA_MAC_GENERAL
  - CKM_BIP32_CHILD_DERIVE
  - CKM_BIP32_MASTER_DERIVE
  - CKM_CAST128_CBC
  - CKM_CAST128_CBC_PAD
  - CKM_CAST128_ECB
  - CKM_CAST128_ECB_PAD
  - CKM_CAST128_KEY_GEN
  - CKM_CAST128_MAC
  - CKM_CAST128_MAC_GENERAL
  - CKM_CONCATENATE_BASE_AND_DATA
  - CKM_CONCATENATE_BASE_AND_KEY
  - CKM_CONCATENATE_DATA_AND_BASE
  - CKM_DECODE_PKCS_7
  - CKM_DECODE_X_509
  - CKM_DES2_KEY_GEN
  - CKM_DES3_BCF
  - CKM_DES3_CBC
  - CKM_DES3_CBC_ENCRYPT_DATA
  - CKM_DES3_CBC_PAD
  - CKM_DES3_CMAC
  - CKM_DES3_CMAC_GENERAL
  - CKM_DES3_DDD_CBC
  - CKM_DES3_DERIVE_CBC_DEPRECATED
  - CKM_DES3_DERIVE_ECB_DEPRECATED
  - CKM_DES3_ECB
  - CKM_DES3_ECB_ENCRYPT_DATA
  - CKM_DES3_ECB_PAD
  - CKM_DES3_KEY_GEN
  - CKM_DES3_MAC
  - CKM_DES3_MAC_GENERAL
  - CKM_DES3_OFB64
  - CKM_DES3_RETAIL_CFB_MAC
  - CKM_DES3_X919_MAC
  - CKM_DES3_X919_MAC_GENERAL
  - CKM_DES_BCF
  - CKM_DES_CBC
  - CKM_DES_CBC_ENCRYPT_DATA
  - CKM_DES_CBC_PAD
  - CKM_DES_DERIVE_CBC_DEPRECATED
  - CKM_DES_DERIVE_ECB_DEPRECATED
  - CKM_DES_ECB
  - CKM_DES_ECB_ENCRYPT_DATA
  - CKM_DES_ECB_PAD
  - CKM_DES_KEY_GEN
  - CKM_DES_MAC
  - CKM_DES_MAC_GENERAL
  - CKM_DES_MDC_2_PAD1
  - CKM_DES_OFB64
  - CKM_DH_PKCS_DERIVE
  - CKM_DH_PKCS_KEY_PAIR_GEN
  - CKM_DH_PKCS_PARAMETER_GEN
  - CKM_DSA
  - CKM_DSA_KEY_PAIR_GEN
  - CKM_DSA_PARAMETER_GEN
  - CKM_DSA_SHA1
  - CKM_DSA_SHA1_PKCS
  - CKM_DSA_SHA224
  - CKM_DSA_SHA224_PKCS
  - CKM_DSA_SHA256
  - CKM_DSA_SHA256_PKCS
  - CKM_DSA_SHA384
  - CKM_DSA_SHA384_PKCS
  - CKM_DSA_SHA512
  - CKM_DSA_SHA512_PKCS
  - CKM_EC_EDWARDS_KEY_PAIR_GEN
  - CKM_EC_KEY_PAIR_GEN
  - CKM_EC_MONTGOMERY_KEY_PAIR_GEN
  - CKM_ECDH1_DERIVE
  - CKM_ECDSA
  - CKM_ECDSA_GBCS_SHA256
  - CKM_ECDSA_SHA1
  - CKM_ECDSA_SHA224
  - CKM_ECDSA_SHA256
  - CKM_ECDSA_SHA384
  - CKM_ECDSA_SHA3_224
  - CKM_ECDSA_SHA3_256
  - CKM_ECDSA_SHA3_384
  - CKM_ECDSA_SHA3_512
  - CKM_ECDSA_SHA512
  - CKM_ECIES
  - CKM_EDDSA
  - CKM_ENCODE_ATTRIBUTES
  - CKM_ENCODE_PKCS_10
  - CKM_ENCODE_PUBLIC_KEY
  - CKM_ENCODE_X_509
  - CKM_ENCODE_X_509_LOCAL_CERT
  - CKM_EXTRACT_KEY_FROM_KEY
  - CKM_GENERIC_SECRET_KEY_GEN
  - CKM_IDEA_CBC
  - CKM_IDEA_CBC_PAD
  - CKM_IDEA_ECB
  - CKM_IDEA_ECB_PAD
  - CKM_IDEA_KEY_GEN
  - CKM_IDEA_MAC
  - CKM_IDEA_MAC_GENERAL
  - CKM_KECCAK_1600
  - CKM_KEY_TRANSLATION
  - CKM_KEY_WRAP_SET_OAEP
  - CKM_MD2
  - CKM_MD2_HMAC
  - CKM_MD2_HMAC_GENERAL
  - CKM_MD2_KEY_DERIVATION
  - CKM_MD2_RSA_PKCS
  - CKM_MD5
  - CKM_MD5_HMAC
  - CKM_MD5_HMAC_GENERAL
  - CKM_MD5_KEY_DERIVATION
  - CKM_MD5_RSA_PKCS
  - CKM_MILENAGE_DERIVE
  - CKM_MILENAGE_SIGN
  - CKM_NVB
  - CKM_PBA_SHA1_WITH_SHA1_HMAC
  - CKM_PBE_MD2_DES_CBC
  - CKM_PBE_MD5_CAST128_CBC
  - CKM_PBE_MD5_DES_CBC
  - CKM_PBE_SHA1_CAST128_CBC
  - CKM_PBE_SHA1_DES2_EDE_CBC
  - CKM_PBE_SHA1_DES3_EDE_CBC
  - CKM_PBE_SHA1_RC2_128_CBC
  - CKM_PBE_SHA1_RC2_40_CBC
  - CKM_PBE_SHA1_RC4_128
  - CKM_PBE_SHA1_RC4_40
  - CKM_PKCS12_PBE_EXPORT
  - CKM_PKCS12_PBE_IMPORT
  - CKM_PP_LOAD_SECRET
  - CKM_PP_LOAD_SECRET_2
  - CKM_RC2_CBC
  - CKM_RC2_CBC_PAD
  - CKM_RC2_ECB
  - CKM_RC2_ECB_PAD
  - CKM_RC2_KEY_GEN
  - CKM_RC2_MAC
  - CKM_RC2_MAC_GENERAL
  - CKM_RC4
  - CKM_RC4_KEY_GEN
  - CKM_REPLICATE_TOKEN_RSA_AES
  - CKM_RIPEMD128
  - CKM_RIPEMD128_HMAC
  - CKM_RIPEMD128_HMAC_GENERAL
  - CKM_RIPEMD128_RSA_PKCS
  - CKM_RIPEMD160
  - CKM_RIPEMD160_HMAC
  - CKM_RIPEMD160_HMAC_GENERAL
  - CKM_RIPEMD160_RSA_PKCS
  - CKM_RSA_9796
  - CKM_RSA_FIPS_186_4_PRIME_KEY_PAIR_ GEN
  - CKM_RSA_PKCS
  - CKM_RSA_PKCS_KEY_PAIR_GEN
  - CKM_RSA_PKCS_OAEP
  - CKM_RSA_PKCS_PSS
  - CKM_RSA_X9_31_KEY_PAIR_GEN
  - CKM_RSA_X_509
  - CKM_SECRET_RECOVER_WITH_ATTRIBUTES
  - CKM_SECRET_SHARE_WITH_ATTRIBUTES
  - CKM_SEED_CBC
  - CKM_SEED_CBC_PAD
  - CKM_SEED_ECB
  - CKM_SEED_ECB_PAD
  - CKM_SEED_KEY_GEN
  - CKM_SEED_MAC
  - CKM_SEED_MAC_GENERAL
  - CKM_SET_ATTRIBUTES
  - CKM_SHA1
  - CKM_SHA1_EDDSA
  - CKM_SHA1_HMAC
  - CKM_SHA1_HMAC_GENERAL
  - CKM_SHA1_KEY_DERIVATION
  - CKM_SHA1_RSA_PKCS
  - CKM_SHA1_RSA_PKCS_PSS
  - CKM_SHA1_RSA_PKCS_TIMESTAMP
  - CKM_SHA224
  - CKM_SHA224_EDDSA
  - CKM_SHA224_HMAC
  - CKM_SHA224_HMAC_GENERAL
  - CKM_SHA224_KEY_DERIVATION
  - CKM_SHA224_RSA_PKCS
  - CKM_SHA224_RSA_PKCS_PSS
  - CKM_SHA256
  - CKM_SHA256_EDDSA
  - CKM_SHA256_HMAC
  - CKM_SHA256_HMAC_GENERAL
  - CKM_SHA256_KEY_DERIVATION
  - CKM_SHA256_RSA_PKCS
  - CKM_SHA256_RSA_PKCS_PSS
  - CKM_SHA384
  - CKM_SHA384_EDDSA
  - CKM_SHA384_HMAC
  - CKM_SHA384_HMAC_GENERAL
  - CKM_SHA384_KEY_DERIVATION
  - CKM_SHA384_RSA_PKCS
  - CKM_SHA384_RSA_PKCS_PSS
  - CKM_SHA3_224
  - CKM_SHA3_224_EDDSA
  - CKM_SHA3_224_HMAC
  - CKM_SHA3_224_HMAC_GENERAL
  - CKM_SHA3_224_KEY_DERIVE
  - CKM_SHA3_224_RSA_PKCS
  - CKM_SHA3_224_RSA_PKCS_PSS
  - CKM_SHA3_256
  - CKM_SHA3_256_EDDSA
  - CKM_SHA3_256_HMAC
  - CKM_SHA3_256_HMAC_GENERAL
  - CKM_SHA3_256_KEY_DERIVE
  - CKM_SHA3_256_RSA_PKCS
  - CKM_SHA3_256_RSA_PKCS_PSS
  - CKM_SHA3_384
  - CKM_SHA3_384_EDDSA
  - CKM_SHA3_384_HMAC
  - CKM_SHA3_384_HMAC_GENERAL
  - CKM_SHA3_384_KEY_DERIVE
  - CKM_SHA3_384_RSA_PKCS
  - CKM_SHA3_384_RSA_PKCS_PSS
  - CKM_SHA3_512
  - CKM_SHA3_512_EDDSA
  - CKM_SHA3_512_HMAC
  - CKM_SHA3_512_HMAC_GENERAL
  - CKM_SHA3_512_KEY_DERIVE
  - CKM_SHA3_512_RSA_PKCS
  - CKM_SHA3_512_RSA_PKCS_PSS
  - CKM_SHA512
  - CKM_SHA512_EDDSA
  - CKM_SHA512_HMAC
  - CKM_SHA512_HMAC_GENERAL
  - CKM_SHA512_KEY_DERIVATION
  - CKM_SHA512_RSA_PKCS
  - CKM_SHA512_RSA_PKCS_PSS
  - CKM_SSL3_KEY_AND_MAC_DERIVE
  - CKM_SSL3_MASTER_KEY_DERIVE
  - CKM_SSL3_MD5_MAC
  - CKM_SSL3_PRE_MASTER_KEY_GEN
  - CKM_SSL3_SHA1_MAC
  - CKM_TDEA_TKW
  - CKM_TUAK_DERIVE
  - CKM_TUAK_SIGN
  - CKM_UNWRAP_TR31
  - CKM_VISA_CVV
  - CKM_WRAP_TR31_DERIVE
  - CKM_WRAP_TR31_VARIANT
  - CKM_WRAPKEY_AES_CBC
  - CKM_WRAPKEY_AES_KWP
  - CKM_WRAPKEY_DES3_CBC
  - CKM_WRAPKEY_DES3_ECB
  - CKM_WRAPKEYBLOB_AES_CBC
  - CKM_WRAPKEYBLOB_DES3_CBC
  - CKM_X9_42_DH_DERIVE
  - CKM_X9_42_DH_KEY_PAIR_GEN
  - CKM_X9_42_DH_PARAMETER_GEN
  - CKM_XOR_BASE_AND_DATA
  - CKM_XOR_BASE_AND_KEY
  - CKM_ZKA_MDC_2_KEY_DERIVATION
  - PTK-C vendor-defined error codes
- Supported ECC curves
- C sample programs
- Best practice guidelines
  - Application security
  - Application usability
  - Performance
  - Capacity
  - Setup and configuration
  - Maintainability
  - Debugging
  - Interoperability
  - Programming in FIPS Mode
  - Key management
  - Hierarchical deterministic wallets in ProtectToolkit
- ctbrowse - token browser
- API tutorial: development of a sample application
- PKCS#11 logger library
- PKCS#11 command reference
  - General purpose functions
  - Slot and token management functions
  - Session management functions
  - Object management functions
  - Encryption functions
  - Decryption functions
  - Message digesting functions
  - Signing and MACing functions
  - Functions for verifying signatures and MACs
  - Dual-function cryptographic functions
  - Key management functions
  - Random number generation functions
  - Parallel function management functions
  - Extra functions
- ctutil.h functionality reference
- ctextra.h library reference
- hex2bin.h library reference
- hsmadmin.h library reference
- Attribute certificate
ProtectToolkit-C management libraries programming
- KMLIB sample applications
- KMLIB callback prototypes reference
- KMLIB function reference
ProtectToolkit-J reference
- ProtectToolkit-J overview
- JCA/JCE API overview
  - Encryption and decryption
  - Message digests
  - Message authentication code (MAC)
  - Authentication
  - Key management
  - Error handling and exceptions
- Supported ciphers
  - DES
  - DESede
  - AES
  - IDEA
  - CAST128
  - RC2
  - RC4
  - PBE ciphers
  - RSA
- Supported signature algorithms
- Supported MAC algorithms
- Supported message digest algorithms
- Key Management Utility (KMU) reference
  - Compatibility issues
  - Main KMU interface
  - Logging into and out from tokens
  - Creating keys
  - Editing key attributes
  - Deleting a key
  - Display key check value
  - Importing and exporting keys
  - Key backup feature tutorial
- Administration Utility (gCTAdmin) reference
  - Logging in and out
  - Main gCTAdmin Interface
  - Slot and token management
  - HSM management
- KMU key check value (KCV) calculation
- Key generation
- Key management
- Best practice guidelines
- Java sample programs
- JCA/JCE API tutorial
  - Public key cryptography
  - FileCrypt application
  - File encryption
  - File decryption
  - Accessing public keys
  - Main()
- Random number generation
- References
ProtectToolkit-M reference
- Overview
- Setup and configuration
  - User roles
  - Initial configuration: mandatory steps
  - Security mode descriptions
  - Security mode flag descriptions
  - Allocating keyset space
  - Configuration options
  - SafeNet KSP for CNG registration utilities
  - Configuring IIS7 (Win2008) with CNG
- Administrative tasks
  - Changing the device administrator password
  - Allocating keyset space
  - De-allocating keyset space
  - Creating user keysets
  - Deleting a keyset
  - Setting the adapter Transport Mode
  - Correcting clock drift
  - Viewing and purging the HSM event log
  - Checking and upgrading HSM firmware
  - Tampering the HSM
  - Backing up a keyset
  - Restoring a keyset
  - Enabling private key clear export
- User tasks
- Administration and user utilities
  - Administration Utility
  - Keyset Management Utility
  - createcert
- Integration with Microsoft CA
  - Setting up a CA with ProtectToolkit-M
  - Certificate template support for SafeNet CSPs
  - CA replication (key backup and recovery)
  - Private key archiving and recovery
- Integration with IIS
  - Creating a certificate
  - Installing a certificate for use with IIS
- Work Load Distribution
- Registry configuration
FM SDK programming
- Overview
- FM architecture
- FM development
- FM samples
- Building sample FMs in Emulation Mode on Windows
- Configuring WSL 2 for FM development and deployment
- FM deployment
- Utilities reference
- Cipher object
  - FmCreateCipherObject
  - Cipher object functions
  - Algorithm-specific cipher information
- Hash object
  - FmCreateHashObject
  - Hash object functions
- Setting privilege level
- SMFS reference
- FMDEBUG reference
- Message Dispatch API reference
- HSM functions reference
  - HIFACE reply management functions
  - Functionality module dispatch switcher function
  - Serial communication functions
  - High resolution timer functions
  - Cprov function patching helper function
  - Current application ID functions
  - PKCS#11 state management functions
  - Functionality module header definition macro
- USB API reference
ProtectServer 3 HSM and ProtectToolkit 7 troubleshooting
- Installation troubleshooting
- ProtectToolkit-J troubleshooting
- ProtectToolkit-M troubleshooting
Third-Party Software Licenses

CKM_AES_GCM

This section provides a summary of CKM_AES_GCM.

Note

This section describes the behavior of CKM_AES_GCM from ProtectToolkit 7.1.0 onwards. In ProtectToolkit 7.0.0, CKM_AES GCM behaves identically to CKM_AES_GCM_OLD.

When using ProtectToolkit 7.1.0 or newer, refer to the description of CKM_AES_GCM shown below. For information about this mechanism's compatibility with ProtectToolkit 7.0.0 applications, refer to Compatibility with ProtectToolkit 7.0.0 Applications.
When using ProtectToolkit 7.0.0, refer to the description of CKM_AES_GCM_OLD. For more information, refer to CKM_AES_GCM_OLD.

Supported operations

Operation	Support
Encrypt and Decrypt	Yes (Single-part operation only)
Sign and Verify	No
SignRecover and VerifyRecover	No
Digest	No
Generate Key/Key-Pair	No
Wrap and Unwrap	Yes
Derive	No

FIPS Mode support

Available in FIPS Mode	Restrictions in FIPS Mode
Yes	User specified IV not allowed when performing encryption or wrapping

Key size range (bytes) and parameters

Key size minimum/maximum	Value
Minimum	16
FIPS Minimum	16
Maximum	32

Parameter

CK_GCM_PARAMS

Mechanism description

For a full description of this mechanism, refer to the PKCS#11 version 2.40 documentation from RSA Laboratories.

AES GCM is a single part encrypt/decrypt operation; the following sequence of PKCS#11 function calls can be used in applications:

C_EncryptInit(...)
C_Encrypt(...)
...
C_DecryptInit(...)
C_Decrypt(...)

C_EncryptInit() optionally returns a randomly generated IV.

C_Encrypt() returns the ciphertext and tag.

When encrypting or decrypting, the caller must specify an IV using the pIV and ulIvLen fields of CK_GCM_PARAMS. Passing NULL as the IV returns an error.

When encrypting, the caller may set the value of the IV to all zeros. If the caller sets the value of the IV to all zeros, the HSM will generate the same number of random bytes to use as the IV. When the encryption completes, the IV pointed at by the pIV in the mechanism parameter is updated with the new IV.

With FIPS Mode enabled, an error is returned from C_EncryptInit if the IV specified is not all zero; that is, random IV values must be used.

The PTK implementation of AES GCM assumes the following limitations:

IV maximum length is 128 octets (max value from NIST test vectors).
AAD maximum length is 32768 octets.
ulTagBits must be >= 32 or <= 128 and a multiple of 8. If “FIPS Alg Only” then value must be 128, 120, 112, 104 or 96.
Message maximum length is 63KB - ulAADLen octets.

Compatibility with ProtectToolkit 7.0.0 applications

Prior to ProtectToolkit 7.1.0, CKM_AES_GCM would always return the IV appended to the output. From ProtectToolkit 7.1.0 onwards, the IV is returned in the mechanism parameter during the C_EncryptInit call.

Applications designed for and expecting the old behavior should call the CKM_AES_GCM_OLD mechanism. For more information, refer to CKM_AES_GCM_OLD.

If you cannot change the application, the ET_PTKC_GENERAL_LEGACY_GCM configuration item can be used. Legacy applications that are written to call the CKM_AES_GCM mechanism but expect to see CKM_AES_GCM_OLD behavior should set this configuration value. For more information about this configuration item, refer to ProtectToolkit-C mechanism configuration items.

Example:

$ export ET_PTKC_GENERAL_LEGACY_GCM=YES

Return to ProtectToolkit-C mechanisms.

Suggest A Change

CKM_AES_GCM

Supported operations

FIPS Mode support

Key size range (bytes) and parameters

Parameter

Mechanism description

Compatibility with ProtectToolkit 7.0.0 applications

On this page