Re: Defaults issues with AES-GCM

On Wed, Apr 17, 2013 at 5:52 PM, Richard Barnes <rbarnes@bbn.com> wrote:
> Two minor issues with AesGcmParams:
>
> 1. AdditionalData is optional, but GCM requires an AAD string, even if it's empty (SP800-38D, Section 5.2.1.1).  So it might be helpful to note that if not present, it MUST be set to an ArrayBufferView representing the empty byte string.

+1

>
> 2. Why is the default tagLength zero?  If that's the case, you might as well just use CTR and save some effort.  Suggest changing the default to 128, the full tag length.  As a bonus, this is compatible with RFC 5116.

+1

>
> Proposed revised AesGcmParams:
>
> dictionary AesGcmParams : AlgorithmParameters {
>   // The initialization vector to use. May be up to 2^56 bytes long.
>   ArrayBufferView? iv;
>   // The additional authentication data to include.
>   // If not present, MUST be set to an ArrayBufferView representing
>   // the empty byte string.
>   ArrayBufferView? additionalData;
>   // The desired length of the authentication tag. May be 0 - 128.
>   [EnforceRange] octet? tagLength = 128;
> };

Received on Thursday, 18 April 2013 01:18:53 UTC