W3C home > Mailing lists > Public > public-webcrypto@w3.org > February 2013

Incomplete blocks

From: Richard Barnes <rbarnes@bbn.com>
Date: Thu, 14 Feb 2013 14:13:42 -0500
Message-Id: <980BFFB1-1DCA-4818-8F01-E57C5728854E@bbn.com>
To: "public-webcrypto@w3.org Group" <public-webcrypto@w3.org>
Suppose I make the following call:

/* my_iv and my_key pre-defined */
var my_pt = new Uint8Array(24);
var my_ct;
var op = window.crypto.encrypt(
    {name: "AES-CBC", params: {iv: my_iv}}, 
    my_key, 
    my_pt
);
op.oncomplete = function(e) {
    my_ct = e.target.result;
}

That is, I've asked the API to encrypt 24 octets -- 1.5 blocks -- of data.  However, CBC only operates on whole blocks (unlike CTR, GCM).  What should then happen?  (Using enc() to represent encryption, and '+' for concatenation)

1) Complete, result = enc(my_pt[0:16]) 
2) Complete, result = enc(my_pt[0:16]) + my_pt[16:]
3) Complete, result = enc(my_pt + padding)
4) Error

Right now, PolyCrypt does (2), because that's what CryptoJS does if you tell it "no padding"; my development branch does (3).  I'm pretty sure both of these are wrong, and (1) or (4) should be the outcome.  

In terms of the spec, I believe this ambiguity relates to 12.1 / Step 2 / Steps 3/6 (in the branches, respectively).

Thoughts?
Received on Thursday, 14 February 2013 19:14:09 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 14 February 2013 19:14:10 GMT