• AVR Freaks

Hot!PIC32MZ Crypto Engine and TLS 1.3

Author
engine32
New Member
  • Total Posts : 20
  • Reward points : 0
  • Status: offline
2020/03/19 15:16:31 (permalink)
0

PIC32MZ Crypto Engine and TLS 1.3

  Hello
 
  I am working to implement TLS 1.3 in a PIC32MZ device. After reading the datasheet and TLS 1.3 specification I have an idea about how this works. However, there are some aspects I am not sure or I do not know at all. For symmetric encryption it looks like I need to use AES-GCM.
 
1. TLS 1.3 data require additional data which is the record header 5 bytes. This data is to be placed in the same data buffer with the actual data to be encrypted and the length of 5 written to ENCR_OFFSET word in the buffer descriptor ? Or it is the CEHDLEN register involved ?
 
2. For decryption with AES-GCM, how I know the actual length of the original data (text) ? I understand that the encrypted / authenticated data is slightly longer than the original.
 
3. Also for decryption, how I know if the authentication was a success or failed ?
 
4. The additional data (TLS record header) contains the length of data that follows. To provide this length as additional data for the Crypto Engine, how I can do it since I do not know the encrypted data length before encryption ?
 
5. The key and IV to encrypt the encrypted extensions is the same when encrypting application data ?
 
6. The encrypted extensions are to be sent in the same record with the server handshake or a separate record . If it is a separate record, the type of the record is handshake ?
#1

0 Replies Related Threads

    Jump to:
    © 2020 APG vNext Commercial Version 4.5