24760 2014-02-21 01:12:07 +0000 Specify correct padding algorithm for AES-CBC 2014-02-28 17:00:39 +0000 1 1 1 Unclassified Web Cryptography Web Cryptography API Document unspecified PC All RESOLVED FIXED P2 normal --- 1 watsonm watsonm oldest_to_newest 101083 0 watsonm 2014-02-21 01:12:07 +0000 Jim writes: Let’s start with a discussion of what reference(s) we should be using for the padding algorithm. The problem with both of the current one is that they are setup for 64-bit encryption block algorithms and not the current 128-bit block size. The best reference that I can give you for now would be RFC 5652 (Cryptographic Message Syntax) which is the official successor to PKCS #7 in any event. The section that describes the padding algorithm is section 6.3 The unpadding algorithm in step 5 of decrypt needs to state “If p is zero or greater than 16” 101622 1 watsonm 2014-02-28 16:12:20 +0000 The normative procedure in WebCrypto currently references RFC2898, which indeed says "the padding string PS consists of 8-(||M|| mod 8) octets each with value 8-(||M|| mod 8).​"​ So this is clearly wrong. I propose to replace this with a reference to RFC2315. 101636 2 watsonm 2014-02-28 17:00:39 +0000 Changeset 7f7c2917970d