commit 447558df12ba054818569cf8b35869ea8bb136de
author Hanno Becker <hanno.becker@arm.com> Thu May 28 07:36:33 2020 +0100
committer Hanno Becker <hanno.becker@arm.com> Thu May 28 10:32:23 2020 +0100
tree e36301a4f195efe0cb9fc66270751017f815959e
parent c0eefa8b921f2e08f0357b6bc2ef446c5aac3095

Improve documentation of ssl_populate_transform()

Signed-off-by: Hanno Becker <hanno.becker@arm.com>

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index fd0c8a7..116d2a2 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -973,9 +973,12 @@
         transform->taglen =
             ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
 
-        /* All modes haves 96-bit IVs;
-         * GCM and CCM has 4 implicit and 8 explicit bytes
-         * ChachaPoly has all 12 bytes implicit
+        /* All modes haves 96-bit IVs, but the length of the static parts vary
+         * with mode and version:
+         * - For GCM and CCM in TLS 1.2, there's a static IV of 4 Bytes
+         *   (to be concatenated with a dynamically chosen IV of 8 Bytes)
+         * - For ChaChaPoly in TLS 1.2, there's a static IV of 12 Bytes
+         *   (to be XOR'ed with the 8 Byte record sequence number).
          */
         transform->ivlen = 12;
         if( cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY )