You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've read the comment in the code and understand if there is no intent to fix it, but just so it's documented:
If anyone is coming here while working with a Thales Luna HSM 7 using Firmware version 7.8.4 in FIPS mode and are having issues with AES-GCM, the issue may be related to that field being set to 0.
The specific issue I was having was that I was able to encrypt but not decrypt. Presumably this is due to the HSM, when in FIPS mode, not expecting an IV for AES-GCM encryption, as it provides its own, making ulIvLen 0 as well.
Presumably this is due to the cryptoki library Thales operates with being v2.20 rather than 2.40.
The text was updated successfully, but these errors were encountered:
I am happy to make the changes to the file to make setting the ulIvBits value optional as well as handling the CK_ULONG exception a bit more gracefully if that's of interest.
I've read the comment in the code and understand if there is no intent to fix it, but just so it's documented:
If anyone is coming here while working with a Thales Luna HSM 7 using Firmware version 7.8.4 in FIPS mode and are having issues with AES-GCM, the issue may be related to that field being set to 0.
The specific issue I was having was that I was able to encrypt but not decrypt. Presumably this is due to the HSM, when in FIPS mode, not expecting an IV for AES-GCM encryption, as it provides its own, making ulIvLen 0 as well.
Presumably this is due to the cryptoki library Thales operates with being v2.20 rather than 2.40.
The text was updated successfully, but these errors were encountered: