ica_aes_gcm_initialize_fips
Purpose
Start and initialize a new session of AES-GCM for stream cipher requests.
The ica_aes_gcm_initialize_fips() API creates the initialization vector internally using an approved random source and passes it back to the application in the iv output parameter. Therefore, the application must provide a writable buffer of sufficient length to receive the internal initialization vector. The minimum iv_length in FIPS mode is 12 bytes.
Format
unsigned int ica_aes_gcm_initialize_fips(const unsigned char *iv,
unsigned int iv_length,
unsigned char *key,
unsigned int key_length,
unsigned char *icb,
unsigned char *ucb,
unsigned char *subkey,
unsigned int direction);
Required hardware support
- KM-AES-128, KM-AES-192 or KM-AES-256
- KIMD-GHASH
- KMCTR-AES-128, KMCTR_AES-192 or KMCTR-AES-256
If available, KMA-GCM-AES-128, KMA-GCM-AES-192, and KMA-GCM-AES-256 are used transparently for better performance.
Parameters
- unsigned char *iv
- Pointer to a readable buffer of size greater than or equal to iv_length bytes, that contains an initialization vector of size iv_length.
- unsigned int iv_length
- Length in bytes of the initialization vector in iv. It must be greater than 0 and less than 261. A length of 12 is recommended.
- unsigned char *key
- Pointer to a valid AES key.
- unsigned int key_length
- Length in bytes of the AES key. Supported sizes are 16, 24, and 32 for AES-128, AES-192 and AES-256 respectively. Therefore, you can use the macros: AES_KEY_LEN128, AES_KEY_LEN192, and AES_KEY_LEN256.
- unsigned char *icb
- Pointer to the initial counter block, which is a writable buffer of size AES_BLOCK_SIZE (16 bytes). This buffer is filled by ica_aes_gcm_initialize() and used in ica_aes_gcm_last() for the final tag computation.
- unsigned char *ucb
- Pointer to the usage counter block, which is a writable buffer of size AES_BLOCK_SIZE (16 bytes). This buffer is filled by ica_aes_gcm_initialize() and updated (increased) during the intermediate update operations.
- unsigned char *subkey
- Pointer to the subkey block, which is a writable buffer (subkey block) of size AES_BLOCK_SIZE (16 bytes). This buffer is filled by ica_aes_gcm_initialize() and used in ica_aes_gcm_intermediate() and ica_aes_gcm_last().
- unsigned int direction
-
- 0
- Verify message authentication code and decrypt encrypted payload.
- 1
- Encrypt payload and compute message authentication code for the additional authenticated data and the payload.
Return codes
- 0
- Success
- EIO
- If the operation fails.
- EFAULT
- If direction equals 0 and the verification of the message authentication code fails.
For return codes indicating exceptions, see Return codes.