Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GcmParams ulIvBits being set to 0 causes issues with Thales HSMs #247

Open
jaeparker22 opened this issue Mar 12, 2025 · 2 comments · May be fixed by #249
Open

GcmParams ulIvBits being set to 0 causes issues with Thales HSMs #247

jaeparker22 opened this issue Mar 12, 2025 · 2 comments · May be fixed by #249

Comments

@jaeparker22
Copy link

I've read the comment in the code and understand if there is no intent to fix it, but just so it's documented:

If anyone is coming here while working with a Thales Luna HSM 7 using Firmware version 7.8.4 in FIPS mode and are having issues with AES-GCM, the issue may be related to that field being set to 0.

The specific issue I was having was that I was able to encrypt but not decrypt. Presumably this is due to the HSM, when in FIPS mode, not expecting an IV for AES-GCM encryption, as it provides its own, making ulIvLen 0 as well.

Presumably this is due to the cryptoki library Thales operates with being v2.20 rather than 2.40.

@jaeparker22
Copy link
Author

I am happy to make the changes to the file to make setting the ulIvBits value optional as well as handling the CK_ULONG exception a bit more gracefully if that's of interest.

@hug-dev
Copy link
Member

hug-dev commented Mar 14, 2025

YEs absolutely, feel free to send a PR, that would be great!

@hug-dev hug-dev linked a pull request Mar 19, 2025 that will close this issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants