Re: Spec for RSA-OAEP doesn't say what to do for null or missing or array buffer view labels

Richard,

There were multiple points, I was just addressing one aspect of them, which
is that the prose doesn't make an assumption, the spec language guarantees
the assumption is correct (wrt ArrayBuffer vs ArrayBufferView)

Regarding how to treat null, yes, we should treat it the same way AES-GCM
handles an empty additionalData (
https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#aes-gcm-operations
)


On Wed, Jul 9, 2014 at 12:24 PM, Richard Barnes <rlb@ipv.sx> wrote:

> I don't see how that answers the question.  It seems like the right
> outcome for things of this character is to assign a zero-length array.  How
> does that happen in the process you're linking to?
>
>
> On Wed, Jul 9, 2014 at 3:17 PM, Ryan Sleevi <sleevi@google.com> wrote:
>
>> Oh, and the "contents of" CryptoOperationData is handled by
>> https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#concept-clone-CryptoOperationData
>>
>>
>> On Wed, Jul 9, 2014 at 12:16 PM, Ryan Sleevi <sleevi@google.com> wrote:
>>
>>> This is covered in
>>> https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#algorithm-normalizing
>>> ("if alg is an IDL object -> if member is nullable")
>>>
>>>
>>> On Wed, Jul 9, 2014 at 12:05 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote:
>>>
>>>> The spec IDL says:
>>>>
>>>> dictionary RsaOaepParams : Algorithm {
>>>>   // The optional label/application data to associate with the message
>>>>   CryptoOperationData? label;
>>>> };
>>>>
>>>> but the prose assumes that "label" is an ArrayBuffer.  Specifically,
>>>> the prose says:
>>>>
>>>>   the contents of label member of normalizedAlgorithm as the label, L,
>>>>
>>>> where "content of" links to https://dvcs.w3.org/hg/
>>>> webcrypto-api/raw-file/tip/spec/Overview.html#concept-
>>>> contents-of-arraybuffer which is only defined for ArrayBuffer
>>>> instances.  But CryptoOperationData can be an array buffer view, and
>>>> "label" might be null or missing given the above IDL.
>>>>
>>>> I expect we actually want to remove the '?' from the IDL there, say
>>>> what L should be if "label" is missing, and define "content of" to work on
>>>> all CryptoOperationData, not just ArrayBuffers.
>>>>
>>>> -Boris
>>>>
>>>>
>>>
>>
>

Received on Wednesday, 9 July 2014 19:35:21 UTC