Unclear where to get the IV for CM_AES_DECRYPT #1755
Assignees
Comments
swenson
added a commit
that referenced
this issue
Nov 15, 2024
Mostly. We need to keep a limited amount of storage per AES-256-GCM key to track usage, since these keys can only be used a certain number of times due to their IV problems. For HMAC, we don't specify a key usage on the output MAC, since it has to be imported back into Caliptra to be used as a key, where its usage will have to be specified. We also fix a few other minor issues with the mailbox documentation: Fixes #1753 Fixes #1754 Fixes #1755 Fixes #1756
swenson
added a commit
that referenced
this issue
Nov 15, 2024
Mostly. We need to keep a limited amount of storage per AES-256-GCM key to track usage, since these keys can only be used a certain number of times due to their IV problems. For HMAC, we don't specify a key usage on the output MAC, since it has to be imported back into Caliptra to be used as a key, where its usage will have to be specified. We also fix a few other minor issues with the mailbox documentation: Fixes #1753 Fixes #1754 Fixes #1755 Fixes #1756
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://github.com/chipsalliance/caliptra-sw/blob/main-2.x/runtime/README.md describes
CM_AES_GCM_ENCRYPT/DECRYPT.DECRYPTaccepts an IV.ENCRYPTdoes not produce an IV.The text was updated successfully, but these errors were encountered: