W3C home > Mailing lists > Public > public-webcrypto@w3.org > October 2012

Re: crypto-ISSUE-27 (aes ctr): Specification of AES-CTR mode counter bits [Web Cryptography API]

From: Wan-Teh Chang <wtc@google.com>
Date: Mon, 15 Oct 2012 08:12:38 -0700
Message-ID: <CALTJjxHUorZ0BkMTiS54tr9dNcaC=irPsFow86KYFMYcNmktVg@mail.gmail.com>
To: Web Cryptography Working Group <public-webcrypto@w3.org>
Cc: Ryan Sleevi <sleevi@google.com>, Vijay Bharadwaj <Vijay.Bharadwaj@microsoft.com>
Proposed resolution of crypto-ISSUE-27 (aes ctr):

In section 23.9.3 of the FPWD. the AesCtrParams dictionary is
specified as follows:

dictionary AesCtrParams : AlgorithmParameters {
  // The initial value of the counter. counter MUST be 16 bytes.
  ArrayBuffer counter;
  // The length, in bits, of the counter
  [EnforceRange] octet length;

I proposed that it be changed to:

dictionary AesCtrParams : AlgorithmParameters {
  // The initial value of the counter block. counterBlock MUST be 16
  // bytes (the AES block size). The counter bits are the rightmost
  // counterBitsLength bits of the counter block. The rest of the
  // counter block is for the nonce. The counter bits are incremented
  // using the standard incrementing function specified in NIST SP
  // 800-38A Appendix B.1: the counter bits are interpreted as a
  // big-endian integer and incremented by one.
  ArrayBuffer counterBlock;

  // The number of bits in the counter block that shall be incremented.
  [EnforceRange] octet counterBitsLength;

Note that the following two aspects are hardcoded:
1. The counter bits must be the rightmost bits.
2. The incrementing function must be the standard incrementing
   function, which treats the counter bits as a big-endian integer
   and increments them by one.

Received on Monday, 15 October 2012 15:13:13 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 15 October 2012 15:13:14 GMT