AES-GCM Algorithm is missing tag properties for input params and result value from Israel Hilerio on 2013-05-10 (public-webcrypto@w3.org from May 2013)

From: Israel Hilerio <israelh@microsoft.com>
Date: Fri, 10 May 2013 00:13:17 +0000
To: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
CC: Marcin Stankiewicz <Marcin.Stankiewicz@microsoft.com>
Message-ID: <f6046d7aa3524466853cce9ff90ad724@BN1PR03MB085.namprd03.prod.outlook.com>

Another piece of feedback we provided during the F2F was that the input parameters for AES-GCM need a tag property and the result value for AES-GCM needs to contain a tag parameter in addition to the ciphertext.

This implies that we'll need to update the AesGcmParams dictionary the following way:

dictionary AesGcmParams : Algorithm {
  // The initialization vector to use. May be up to 2^56 bytes long.
  ArrayBufferView? iv;
  // The additional authentication data to include.
  ArrayBufferView? additionalData;
  // The desired length of the authentication tag. May be 0 - 128.
  [EnforceRange] octet? tagLength;


  // The authentication tag value for decryption
  ArrayBufferView? tag;


};

This changes will impact section 20.12.3 of the spec.

In addition, since we can't return dictionaries I was thinking we could add a new interface:

interface AesGcmResult {
	readonly attribute ArrayBuffer? tag;
	readonly attribute ArrayBuffer ciphertext;
}

This will impact the result values of section 20.12 AES-GCM registration table. We'll have to return this new interface for encrypt only.  Alternatively, we could return it also for decrypt with the tag value being null or set from the input parameter.

Let us know what you think.

Thanks,

Israel

Received on Friday, 10 May 2013 00:17:15 UTC