ica_aes_gcm_kma_init_fips
Purpose
Initialize the GCM context as returned from ica_aes_gcm_kma_ctx_new(). In contrast to the ica_aes_gcm_kma_init() function, this API is intended to be used in FIPS mode and has no initialization vector (IV) parameter, as external IVs are not allowed in FIPS mode. An internal FIPS-compliant initialization vector is created and can be obtained from the context using the ica_aes_gcm_kma_get_iv() function (see ica_aes_gcm_kma_get_iv). The minimum length of the IV in FIPS mode is 12 bytes (parameter iv_length).
Format
int ica_aes_gcm_kma_init_fips(unsigned int direction,
unsigned int iv_length,
const unsigned char *key,
unsigned int key_length,
kma_ctx *ctx);
Required hardware support
- KIMD-GHASH
- KM-AES-128, KM-AES-192, or KM-AES-256
If available, KMA-GCM-AES-128, KMA-GCM-AES-192, and KMA-GCM-AES-256 are used transparently for better performance.
Parameters
- unsigned int direction
-
- 0
- Use the decrypt function.
- 1
- Use the encrypt function.
- unsigned int iv_length
- Length, in bytes, of the initialization vector in buffer iv. The value must be greater than 0 and less than 261. A length of 12 bytes is recommended and is the minimum length in FIPS mode.
- const unsigned char *key
- Pointer to a valid AES key.
- unsigned int key_length
- Length of the AES key in bytes. Supported sizes are 16, 24, and 32 for AES-128, AES-192 and AES-256 respectively. Therefore, you can use the macros AES_KEY_LEN128, AES_KEY_LEN192, and AES_KEY_LEN256.
- kma_ctx *ctx
- Pointer to a previously allocated GCM context. This buffer is internally used as a working area by all other ica_aes_gcm_kma API functions and must not be changed by the application. The ctx context must be established by calling ica_aes_gcm_ctx_new() before any call to any other ica_aes_gcm_kma function, and must be freed by calling ica_aes_gcm_ctx_free() after the last call to any ica_aes_gcm_kma function.
Return codes
- 0
- Success
- EIO
- If the operation fails.
For return codes indicating exceptions, see Return codes.