2025-04-17 8:41 AM
Hi everyone,
I am trying to use the X-Cube-Cryptolib library to decrypt an array encrypted by an external application.
The original data has been encrypted with the AES-GCM 128 using a key of 16 bytes and an IV of 1 byte.
Now, I am getting an error where trying to set the IV to a length other than 12 byte.
Can you confirm that the method "cmox_cipher_setIV" only accept an IV of 12 byte? It is strange that the method documentation does not contain such info..
I tried with an other library that perform a GHASH padding of the IV and it can decrypt my input data.
Is there any similar implementation of a standard compliant method to perform an IV padding to be used with the ST library?
Thanks,
regards
Arianna
2025-04-23 4:10 PM
Hi @AGhez
I agree that for handling non-standard IV lengths, you might need to implement a padding mechanism similar to GHASH padding, as you mentioned above.
According to the NIST specifications for AES-GCM, the computation of the initial counter block J0 depends on the length of the IV.
a) If len(IV)=96, then let J0 = IV || 0^31 ||1 b) If len(IV) ≠ 96, then J0= GHASH(IV||0^s+64||[len(IV)]64)
It appears that the cmox_cipher_setIV
method in the X-Cube-Cryptolib library does not explicitly document constraints on the IV length.
I will check internally if the library have limitations regarding the IV length ?
Best regards