ica_aes_gcm_kma_init_fips

Purpose

Initialize the GCM context as returned from ica_aes_gcm_kma_ctx_new(). In contrast to the ica_aes_gcm_kma_init() function, this API is intended to be used in FIPS mode and has no initialization vector (IV) parameter, as external IVs are not allowed in FIPS mode. An internal FIPS-compliant initialization vector is created and can be obtained from the context using the ica_aes_gcm_kma_get_iv() function (see ica_aes_gcm_kma_get_iv). The minimum length of the IV in FIPS mode is 12 bytes (parameter iv_length).

Format


int ica_aes_gcm_kma_init_fips(unsigned int direction,
  unsigned int iv_length,
  const unsigned char *key, 
  unsigned int key_length,
  kma_ctx *ctx);

Required hardware support

  • KIMD-GHASH
  • KM-AES-128, KM-AES-192, or KM-AES-256

If available, KMA-GCM-AES-128, KMA-GCM-AES-192, and KMA-GCM-AES-256 are used transparently for better performance.

Parameters

unsigned int direction
0
Use the decrypt function.
1
Use the encrypt function.
unsigned int iv_length
Length, in bytes, of the initialization vector in buffer iv. The value must be greater than 0 and less than 261. A length of 12 bytes is recommended and is the minimum length in FIPS mode.
const unsigned char *key
Pointer to a valid AES key.
unsigned int key_length
Length of the AES key in bytes. Supported sizes are 16, 24, and 32 for AES-128, AES-192 and AES-256 respectively. Therefore, you can use the macros AES_KEY_LEN128, AES_KEY_LEN192, and AES_KEY_LEN256.
kma_ctx *ctx
Pointer to a previously allocated GCM context. This buffer is internally used as a working area by all other ica_aes_gcm_kma API functions and must not be changed by the application. The ctx context must be established by calling ica_aes_gcm_ctx_new() before any call to any other ica_aes_gcm_kma function, and must be freed by calling ica_aes_gcm_ctx_free() after the last call to any ica_aes_gcm_kma function.

Return codes

0
Success
EIO
If the operation fails.

For return codes indicating exceptions, see Return codes.