crypto-ISSUE-27 (aes ctr): Specification of AES-CTR mode counter bits [Web Cryptography API] from Web Cryptography Working Group Issue Tracker on 2012-08-22 (public-webcrypto@w3.org from August 2012)

From: Web Cryptography Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Wed, 22 Aug 2012 20:34:57 +0000
To: public-webcrypto@w3.org
Message-Id: <E1T4Hdh-00069R-Mt@tibor.w3.org>

crypto-ISSUE-27 (aes ctr): Specification of AES-CTR mode counter bits [Web Cryptography API]

http://www.w3.org/2012/webcrypto/track/issues/27

Raised by: Ryan Sleevi
On product: Web Cryptography API

Under the AesCtrParams [1], callers can currently specify an initial value for the counter, as well as a length for how many bits are used for the block counter. Such a specification matches the PKCS#11 definition for AES-CTR, although other APIs such as CDSA, CryptoAPI, and CNG, do not support explicit counter mode, and instead only support ECB as a foundation for CTR.

However, by only specifying the length in bits of the counter, it presumes that the counter bits are either in the most-significant or least-significant bytes. Different systems using AES-CTR may place the block counter in different places - some using the MSB, others using the LSB. Thus, should the API specify an 'offset' as well that, when combined with length, gives a clear position of where the block counter is (internally managed by the API), and where the message counter/nonce are (externally managed by the caller)

[1] http://www.w3.org/2012/webcrypto/WebCryptoAPI/#dfn-AesCtrParams

Received on Wednesday, 22 August 2012 20:35:13 UTC