CKM_AES_CCM
Supported Operations
| Encrypt and Decrypt | Yes (Single-part operation only) |
| Sign and Verify | No |
| SignRecover and VerifyRecover | No |
| Digest | No |
| Generate Key/Key-Pair | No |
| Wrap and Unwrap | No |
| Derive | No |
| Available in FIPS Mode | Yes |
| Restrictions in FIPS Mode | None |
Key Size Range (bytes) and Parameters
| Minimum | 16 |
| FIPS Minimum | 16 |
| Maximum | 32 |
| Parameter | CK_CCM_PARAMS
|
Description
For a full description of this mechanism, refer to the PKCS#11 version 2.30 documentation from RSA Laboratories.
AES CCM is a single part encrypt/decrypt operation; the following sequence of PKCS#11 function calls may be used in applications:
C_EncryptInit(...) C_Encrypt(...) ... C_DecryptInit(...) C_Decrypt(...)
PTK's implementation of AES CCM assumes the following limitations:
>maximum plain text size is 130032 octets, tested under the following conditions:
•Key size: 16 octets
•Nonce size: 7-13 octets
•AAD size: 32 octets
•Tag length: 8 octets
•MAC length: 4, 6, 8, 10, 12, 14, or 16 octets
Return to ProtectToolkit-C Mechanisms
