GcmParams ulIvBits being set to 0 causes issues with Thales HSMs #247
Comments
|
I am happy to make the changes to the file to make setting the ulIvBits value optional as well as handling the CK_ULONG exception a bit more gracefully if that's of interest. |
|
YEs absolutely, feel free to send a PR, that would be great! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I've read the comment in the code and understand if there is no intent to fix it, but just so it's documented:
If anyone is coming here while working with a Thales Luna HSM 7 using Firmware version 7.8.4 in FIPS mode and are having issues with AES-GCM, the issue may be related to that field being set to 0.
The specific issue I was having was that I was able to encrypt but not decrypt. Presumably this is due to the HSM, when in FIPS mode, not expecting an IV for AES-GCM encryption, as it provides its own, making ulIvLen 0 as well.
Presumably this is due to the cryptoki library Thales operates with being v2.20 rather than 2.40.
The text was updated successfully, but these errors were encountered: