This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 24760 - Specify correct padding algorithm for AES-CBC
Summary: Specify correct padding algorithm for AES-CBC
Status: RESOLVED FIXED
Alias: None
Product: Web Cryptography
Classification: Unclassified
Component: Web Cryptography API Document (show other bugs)
Version: unspecified
Hardware: PC All
: P2 normal
Target Milestone: ---
Assignee: Mark Watson
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-02-21 01:12 UTC by Mark Watson
Modified: 2014-02-28 17:00 UTC (History)
0 users

See Also:

Attachments

Description Mark Watson 2014-02-21 01:12:07 UTC 
Jim writes:

Let’s start with a discussion of what reference(s) we should be using for the padding algorithm.  The problem with both of the current one is that they are setup for 64-bit encryption block algorithms and not the current 128-bit block size.  The best reference that I can give you for now would be RFC 5652 (Cryptographic Message Syntax) which is the official successor to PKCS #7 in any event.  The section that describes the padding algorithm is section 6.3

 

The unpadding algorithm in step 5 of decrypt needs to state “If p is zero or greater than 16”
Comment 1 Mark Watson 2014-02-28 16:12:20 UTC 
The normative procedure in WebCrypto currently references RFC2898, which indeed says "the padding string PS consists of 8-(||M|| mod 8) octets each with value 8-(||M|| mod 8).​"​

So this is clearly wrong.

I propose to replace this with a reference to RFC2315.
Comment 2 Mark Watson 2014-02-28 17:00:39 UTC 
Changeset 7f7c2917970d