22570 – AES-GCM should provide distinct inputs/outputs for the tag

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 22570 - AES-GCM should provide distinct inputs/outputs for the tag

Summary: AES-GCM should provide distinct inputs/outputs for the tag

Status:	RESOLVED FIXED

Alias:	None

Product:	Web Cryptography
Classification:	Unclassified
Component:	Web Cryptography API Document (show other bugs)
Version:	unspecified
Hardware:	PC Windows NT

Importance:	P2 normal
Target Milestone:	---
Assignee:	Mark Watson
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-07-04 01:03 UTC by Ryan Sleevi
Modified:	2014-02-20 20:54 UTC (History)
CC List:	3 users (show)

See Also:

Attachments

Description Ryan Sleevi 2013-07-04 01:03:05 UTC

Currently, AES-GCM handles the tag by appending it to the result.

However, it should instead provide distinct inputs/outputs for the ciphertext and the tag, per http://lists.w3.org/Archives/Public/public-webcrypto/2013May/0060.html

Comment 1 Mark Watson 2013-07-08 19:40:03 UTC

If this change is made it should apply to the input to unwrapKey and the output from wrapKey as well, for the case that AES-GCM is used as the wrapping algorithm.

Comment 2 Mark Watson 2014-01-27 22:48:00 UTC

Agreed on 1/27 call that we'll follow the approach of RFC5116/PKCS#11 where the tag is appended to the ciphertext.