runtime docs: Remove storage from cryptographic mailbox #1795
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
swenson
requested review from
jhand2,
fdamato,
rusty1968,
bluegate010,
mhatrevi and
vsonims
as code owners
bluegate010
reviewed
Nov 15, 2024
|
(Discussion offline: we'll change AES to use the init / update / final flow, so that we can remove CMK from the update / final ones, which reduces some of the confusion around that I think.) |
Mostly. We need to keep a limited amount of storage per AES-256-GCM key to track usage, since these keys can only be used a certain number of times due to their IV problems. For HMAC, we don't specify a key usage on the output MAC, since it has to be imported back into Caliptra to be used as a key, where its usage will have to be specified. We also fix a few other minor issues with the mailbox documentation: Fixes #1753 Fixes #1754 Fixes #1755 Fixes #1756
swenson
force-pushed
the
docs/crypto-mailbox-fixes
branch
from
0ef0012 to
c6b1916
Compare
bluegate010
reviewed
Nov 21, 2024
bluegate010
reviewed
Dec 18, 2024
bluegate010
reviewed
Feb 5, 2025
bluegate010
previously approved these changes
Feb 5, 2025
…caliptra-sw into docs/crypto-mailbox-fixes
bluegate010
approved these changes
Feb 5, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Mostly.
We need to keep a limited amount of storage per AES-256-GCM key to track usage, since these keys can only be used a certain number of times due to their IV problems. We can keep track of this storage (and remove things from it) using the
CM_STATUS, etc., commands we had previously, though we will have to also keep track that we don't allow deleted CMKs to be used again.We also have some potential issues across resets, since this data is not persistent.
For HMAC, we don't specify a key usage on the output MAC, since it has to be imported back into Caliptra to be used as a key, where its usage will have to be specified.
We also fix a few other minor issues with the mailbox documentation:
Fixes #1753
Fixes #1754
Fixes #1755
Fixes #1756