- From: Richard Barnes <rbarnes@bbn.com>
- Date: Thu, 14 Feb 2013 14:13:42 -0500
- To: "public-webcrypto@w3.org Group" <public-webcrypto@w3.org>
Suppose I make the following call:
/* my_iv and my_key pre-defined */
var my_pt = new Uint8Array(24);
var my_ct;
var op = window.crypto.encrypt(
{name: "AES-CBC", params: {iv: my_iv}},
my_key,
my_pt
);
op.oncomplete = function(e) {
my_ct = e.target.result;
}
That is, I've asked the API to encrypt 24 octets -- 1.5 blocks -- of data. However, CBC only operates on whole blocks (unlike CTR, GCM). What should then happen? (Using enc() to represent encryption, and '+' for concatenation)
1) Complete, result = enc(my_pt[0:16])
2) Complete, result = enc(my_pt[0:16]) + my_pt[16:]
3) Complete, result = enc(my_pt + padding)
4) Error
Right now, PolyCrypt does (2), because that's what CryptoJS does if you tell it "no padding"; my development branch does (3). I'm pretty sure both of these are wrong, and (1) or (4) should be the outcome.
In terms of the spec, I believe this ambiguity relates to 12.1 / Step 2 / Steps 3/6 (in the branches, respectively).
Thoughts?
Received on Thursday, 14 February 2013 19:14:09 UTC