2

I am having problem setting the parameters for the AES GCM mechanism. I am receving the following error

#define CKR_MECHANISM_PARAM_INVALID           0x00000071UL

What am I doing wrong?

CK_BYTE iv[12] = { 0 };    
CK_MECHANISM mechanismAES = { CKM_AES_GCM, NULL_PTR, 0 };
CK_GCM_PARAMS params = {
    .pIv=iv,
    .ulIvLen=12,
    .ulIvBits=96,
    .pAAD=NULL,
    .ulAADLen=0,
    .ulTagBits=0
};
mechanismAES.pParameter = &params;
mechanismAES.ulParameterLen = sizeof(params);
C_EncryptInit(hSession, &mechanismAES, hKey);
Hskctity
  • 23
  • 3

1 Answers1

1

.ulTagBits=0 is very likely the issue. The tag size is the size of the authentication tag. You would not have an authenticated mode of encryption if you left it out.

Valid tag sizes of GCM are 128, 120, 112, 104 or 96 bits. Smaller tag sizes such as 64 bits may be acceptable by some API's. You are however strongly encouraged to keep to the 128 bit tag size, as the security of GCM strongly depends on it.

You may also want to specify either the IV len or the IV bits if the error doesn't go away.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • No luck, I tried with the following but still same thing CK_GCM_PARAMS params = { .pIv=iv, .ulIvLen=sizeof(iv), .pAAD=NULL_PTR, .ulAADLen=0, .ulTagBits=128 }; – Hskctity May 11 '18 at 07:38
  • Could you provide an actual code and indicate the language for the question? I see that you also changed NULL to NULL_PTR. I don't see how the bit size is part of the parameter structure. Too much strange stuff going on so the actual code seems required. – Maarten Bodewes May 11 '18 at 09:48