Bug # 24410 - AES CTR descriptions

There is a potential missing check that the length of plaintext be less than
2^length.  It is easy for people to miss the requirement that all of the CTR
values be unique.

 

I realize that the restriction is to be imposed over all uses of the key,
but is a simple check that could be included.

 

** 

Do we really want to allow for wrapKey/unwrapKey to be permitted operations
for AES-CTR mode?  There is no integrity on the key and it's value is simple
to change.  This could be a potential security attack.  ( I note also that
the wrap and unwrap functions are not defined, so I assume this is a cut and
paste error).

 

 

Jim

 

 

From: Mark Watson [mailto:watsonm@netflix.com] 
Sent: Wednesday, February 19, 2014 4:54 PM
To: public-webcrypto@w3.org
Subject: Editors' Draft update

 

All,

 

I have just updated the Editors' Draft [1] as follows:

 

Bug 24410 - operation descriptions for AES CTR:
https://dvcs.w3.org/hg/webcrypto-api/rev/1d45ba72099d

Bug 24410 - operation descriptions for AES CBC:
https://dvcs.w3.org/hg/webcrypto-api/rev/50d83a6fae47

Bug 24410 - operation descriptions for AES CFB-8:
https://dvcs.w3.org/hg/webcrypto-api/rev/f7a0c1209ddf

Bug 24410 - operation descriptions for AES GCM:
https://dvcs.w3.org/hg/webcrypto-api/rev/1ed0fb7da636

Bug 20611 - specify JWK encoding as UTF-8:
https://dvcs.w3.org/hg/webcrypto-api/rev/66bec4453de5

Bug 24410 - operation descriptions for AES-CMAC:
https://dvcs.w3.org/hg/webcrypto-api/rev/768a11dba263

Bug 24410 - operation descriptions for AES-KW and associated method updates:
https://dvcs.w3.org/hg/webcrypto-api/rev/0fee8e979b4f

Stylistic consistency / correctness for operation descriptions:
https://dvcs.w3.org/hg/webcrypto-api/rev/fbc6ef272ace

 

Please review these changes and send comments to the list.

 

Best ... Mark

 

[1] https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html

Received on Thursday, 20 February 2014 22:06:24 UTC