AN5185 specifies that encrypted keys should use AES-128 GCM, but the format of data sent to FUS isn't very well specified:
Byte0: key type:
• 0x00: None
• 0x01: Simple key
• 0x02: Master key
• 0x03: Encrypted key
Byte1: key size N in bytes
Byte2 to ByteN-1: key data (key value + IV if any)
In particular, two things are not clear to me from this description:
- What format should the key data take, i.e., specifically how should the key value, tag, and IV be arranged in the data sent to FUS?
- What value should the key size take? The application note says Byte 2 to Byte N-1 are key data, but doesn't seem right at all, since it suggests a 16-byte key would have N = 18 (i.e., it would occupy bytes 2 through 17).
Specifically, for an AES-256 encrypted key (with 32 byte cyphertext, 16 byte IV, and 16 byte tag), what value should be in byte 1, and how should data be arranged in bytes 2 and up?
Thank you!
