- From: Wan-Teh Chang <wtc@google.com>
- Date: Mon, 15 Oct 2012 08:12:38 -0700
- To: Web Cryptography Working Group <public-webcrypto@w3.org>
- Cc: Ryan Sleevi <sleevi@google.com>, Vijay Bharadwaj <Vijay.Bharadwaj@microsoft.com>
Proposed resolution of crypto-ISSUE-27 (aes ctr):
In section 23.9.3 of the FPWD. the AesCtrParams dictionary is
specified as follows:
dictionary AesCtrParams : AlgorithmParameters {
// The initial value of the counter. counter MUST be 16 bytes.
ArrayBuffer counter;
// The length, in bits, of the counter
[EnforceRange] octet length;
};
I proposed that it be changed to:
dictionary AesCtrParams : AlgorithmParameters {
// The initial value of the counter block. counterBlock MUST be 16
// bytes (the AES block size). The counter bits are the rightmost
// counterBitsLength bits of the counter block. The rest of the
// counter block is for the nonce. The counter bits are incremented
// using the standard incrementing function specified in NIST SP
// 800-38A Appendix B.1: the counter bits are interpreted as a
// big-endian integer and incremented by one.
ArrayBuffer counterBlock;
// The number of bits in the counter block that shall be incremented.
[EnforceRange] octet counterBitsLength;
};
Note that the following two aspects are hardcoded:
1. The counter bits must be the rightmost bits.
2. The incrementing function must be the standard incrementing
function, which treats the counter bits as a big-endian integer
and increments them by one.
Wan-Teh
Received on Monday, 15 October 2012 15:13:13 UTC