Cryptographic Token Interface Standard

PKCS#11

AES with Counter mechanism parameters

CK_AES_CTR_PARAMS; CK_AES_CTR_PARAMS_PTR

CK_AES_CTR_PARAMS is a structure that provides the parameters to the CKM_AES_CTR mechanism. It is defined as follows: 





typedef struct CK_AES_CTR_PARAMS {
CK_ULONG ulCounterBits;
CK_BYTE cb[16];
} CK_AES_CTR_PARAMS;




It's up to the caller to initialize all of the bits in the counter block including the counter bits. The counter bits are the least significant bits of the counter block (cb). They are a big-endian value usually starting with 1. The rest of 'cb' is for the nonce, and maybe an optional IV.


E.g. as defined in [RFC 3686]:


0 1 2 3


0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1


+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


Nonce |


+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


Initialization Vector (IV) |


|


+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


Block Counter |


+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


This construction permits each packet to consist of up to 232-1 blocks = 4,294,967,295 blocks = 68,719,476,720 octets.


CK_AES_CTR _PARAMS_PTR is a pointer to a CK_AES_CTR  _PARAMS. 



RSA Security Inc. Public-Key Cryptography Standards - 
PKCS#11 - v230