Cryptographic Token Interface Standard

PKCS#11


AES GCM and CCM Mechanism parameters

CK_GCM _PARAMS; CK_GCM _PARAMS_PTR

CK_GCM_PARAMS is a structure that provides the parameters to the CKM_AES_GCM mechanism. It is defined as follows:

typedef struct CK_GCM_PARAMS {
CK_BYTE_PTR pIv;
CK_ULONG ulIvLen;
CK_BYTE_PTR pAAD;
CK_ULONG ulAADLen;
CK_ULONG ulTagBits;
} CK_GCM_PARAMS;

pIv pointer to initialization vector
ulIvLen length of initialization vector in bytes. The length of the initialization vector can be any number between 1 and 256. 96-bit (12 byte) IV values can be processed more efficiently, so that length is recommended for situations in which efficiency is critical.
pAAD pointer to additional authentication data. This data is authenticated but not encrypted''.''
ulAADLen length of ''pAAD'' in bytes.
ulTagBits length of authentication tag (output following cipher text) in bits. Can be any value between 0 and 128.

CK_GCM_PARAMS_PTR is a pointer to a CK_GCM_PARAMS.

CK_CCM _PARAMS; CK_CCM _PARAMS_PTR

CK_CCM_PARAMS is a structure that provides the parameters to the CKM_AES_CCM mechanism. It is defined as follows:

typedef struct CK_CCM_PARAMS {
CK_ULONG ulDataLen; /*plaintext or ciphertext*/
CK_BYTE_PTR pNonce;
CK_ULONG ulNonceLen;
CK_BYTE_PTR pAAD;
CK_ULONG ulAADLen;
CK_ULONG ulMACLen;
} CK_CCM_PARAMS;

ulDataLen length of the data where 0 <= ''ulDataLen'' < 28L.
pNonce the nonce.
ulNonceLen length of ''pNonce'' (<= 15-L) in bytes.
pAAD Additional authentication data. This data is authenticated but not encrypted.
ulAADLen length of ''pAuthData'' in bytes.
ulMACLen length of the MAC (output following cipher text) in bytes. Valid values are 4, 6, 8, 10, 12, 14, and 16.

CK_CCM_PARAMS_PTR is a pointer to a CK_CCM_PARAMS.


RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v230