CKM_AES_GMAC
GCM is the Galois/Counter Mode of operation of the AES algorithm for symmetric key encryption.
GMAC is a variant of GCM for sign/verify operation. If GCM input is confined to data that will not be encrypted, then GMAC is purely an authentication mode on the input data. The Luna Cloud HSM GMAC implementation, formerly invoked only via PKCS#11 interface, can now be accessed via JCPROV and via our Java Provider (see Notes, below).
The GMAC implementation follows NIST SP-800-38D. It supports AES symmetric key sizes of 128, 192, and 256 bits.
Usage Notes
Initialization Vector (IV)
If the HSM is in FIPS mode , the initialization vector (IV) is generated in the HSM and returned to the PKCS#11 function call. The buffer must be large enough to store the GMAC tag plus the generated IV (which has a length of 16 bytes).
If the HSM is not in FIPS mode, then the developer is responsible to specify an IV. Random IV is supported and recommended for GCM and GMAC. If you are not using random IV, then the most efficient IV value length is 12 bytes; any other size reduces performance and requires more work (per NIST SP-800-38D).
The internal IV is a randomly generated 16-byte IV.
Performance
For authentication, it is possible to use CKM_AES_GCM mechanism, when passing no data to encrypt (for strict compliance with NIST specification), and performance in that mode is better than in previous SafeNet releases.
The correlation is not exact but, as a general rule for a given mechanism, invocation by PKCS#11 API always provides the best performance, JSP performance is close but lower due to Java architecture, and JCPROV performance is somewhat lower still than PKCS#11 and JSP performance levels.
JCPROV
AES-GMAC and AES-GCM are supported in JCPROV. Use CK_AES_GCM_PARAMS.java to define the GMAC operation. Implementation is the same as for PKCS#11.
Java Provider (JSP)
Both GMC and GMAC are supported. "GmacAesDemo.java" provides a sample for using GMAC with Java.
Java Parameter Specification class LunaGmacParameterSpec.java defines default values recommended by the NIST specification.
Accumulating Data
Our GMAC and GCM are single part operations, so even if they are called using multi-part API, we accumulate the data (up to a maximum) and return data only on the “final” operation. That is the meaning of "Accumulating" in the table, below.
NA FIPS
| FIPS approved? | Yes |
| Supported functions | Sign | Verify |
| Functions restricted from FIPS use | None |
| Minimum key length (bits) | 128 |
| Minimum key length for FIPS use (bits) | 128 |
| Minimum legacy key length for FIPS use (bits) | N/A |
| Maximum key length (bits) | 256 |
| Block size | 16 |
| Digest size | 0 |
| Key types | AES |
| Algorithms | AES |
| Modes | GCM |
| Flags | Extractable | Accumulating |
NA non-FIPS
| FIPS approved? | Yes |
| Supported functions | Sign | Verify |
| Functions restricted from FIPS use | None |
| Minimum key length (bits) | 128 |
| Minimum key length for FIPS use (bits) | 128 |
| Minimum legacy key length for FIPS use (bits) | N/A |
| Maximum key length (bits) | 256 |
| Block size | 16 |
| Digest size | 0 |
| Key types | AES |
| Algorithms | AES |
| Modes | GCM |
| Flags | Extractable | Accumulating |
EU FIPS
| FIPS approved? | Yes |
| Supported functions | Sign | Verify |
| Functions restricted from FIPS use | None |
| Minimum key length (bits) | 128 |
| Minimum key length for FIPS use (bits) | 128 |
| Minimum legacy key length for FIPS use (bits) | N/A |
| Maximum key length (bits) | 256 |
| Block size | 16 |
| Digest size | 0 |
| Key types | AES |
| Algorithms | AES |
| Modes | GCM |
| Flags | Extractable | Accumulating |
EU non-FIPS
| FIPS approved? | Yes |
| Supported functions | Sign | Verify |
| Functions restricted from FIPS use | None |
| Minimum key length (bits) | 128 |
| Minimum key length for FIPS use (bits) | 128 |
| Minimum legacy key length for FIPS use (bits) | N/A |
| Maximum key length (bits) | 256 |
| Block size | 16 |
| Digest size | 0 |
| Key types | AES |
| Algorithms | AES |
| Modes | GCM |
| Flags | Extractable | Accumulating |
