NfWebCrypto Plugin: AES-GCM with 96bit IV

I have been implementing a crypto protocol that is browser-dependent and relies upon the NfWebCrypto plugin for a recent project. Following the NIST recommendations (for what its worth these days) per the AES-GCM block cipher mode of operation, I noted more than once that a 96 bit IV is recommended.

"For IVs, it is recommended that implementations restrict support to the length of 96 bits, to promote interoperability, efficiency, and simplicity of design."

So the above is for authenticated encryption, and if you look closely the 96 bit IV is concatenated with 31 0s and a 1. This recommendation is fine (sorry if you thought this was going to be a break), but NfWebCrypto currently doesn't support 96 bit IVs. Time to patch it in.

--- /home/micharu123/Documents/old_NfWebCrypto/crypto/CadmiumCryptoImpl.cpp 2014-03-07 22:57:46.909554454 -0500
+++ /home/micharu123/Documents/Projects/NfWebCrypto/crypto/CadmiumCryptoImpl.cpp 2014-02-20 01:25:05.075269102 -0500
@@ -1282,9 +1282,10 @@
     ivVec = str64toVuc(ivInStr64);
     if (ivVec.empty())
         return CAD_ERR_BADENCODING;
-    if (ivVec.size() < AesCbcCipher::BLOCKSIZE) // same block size for all AES ciphers
+    // Allow AES-GCM to have IV of size 96bits.
+    if (ivVec.size() < AesCbcCipher::BLOCKSIZE && ivVec.size() != 12) // same block size for all AES ciphers
     {
-        DLOG() << "CadmiumCrypto::aes: IV too short, must be " <<
+        DLOG() << "CadmiumCrypto::aes: IV too short, " << ivVec.size() << "bytes, must be " <<
                 AesCbcCipher::BLOCKSIZE << " bytes or longer\n";
         return CAD_ERR_BADIV;
     }

Another small snag I came across while working with NfWebCrypto was its JS API's failure as input to the closure compiler. A small patch for that and all is well.

--- /home/micharu123/Documents/old_NfWebCrypto/web/nfcrypto.js 2014-03-07 22:57:47.441554457 -0500
+++ /home/micharu123/Documents/Projects/msdadapter/src/nfcrypto.js 2014-02-16 21:33:43.397096414 -0500
@@ -384,7 +384,7 @@
             algorithm: algorithm,
             keyHandle: (key == null) ? key : key.handle,
             signature: (signature == null) ? signature : b64encode(signature),
-            buffer: (buffer == null) ? buffer : b64encode(buffer),
+            buffer: (buffer == null) ? buffer : b64encode(buffer)
         };
         messenger.postMessage(type, args);
 
@@ -441,7 +441,7 @@
             baseKeyHandle: (baseKey == null) ? baseKey : baseKey.handle,
             derivedAlgorithm : derivedKeyType,
             keyHandle: (key == null) ? key : key.handle,
-            keyName: keyName,
+            keyName: keyName
         };
         messenger.postMessage(type, args);
 
@@ -469,7 +469,7 @@
             } else {
                 newObj = {};
             }
-            for (i in this) {
+            for (var i in this) {
               if (i == 'clone') continue;
               if (this[i] && typeof this[i] == "object") {
                 newObj[i] = this[i].clone();

Try the following links {cadmium, nfcrypto} to my Google Code page for grabbing the patches. Be warned that I may have introduced any number of inconsistencies in execution by allowing 96 bit IVs. It is bleeding edge after all.

Ah, minor note. The developer has only tested the plugin on Ubuntu 12.04. I am testing on Ubuntu 13.10. The jasmine testing framework will fail when using the github page, but pass just fine using the jasmine framework on the local file system. AES-GCM works on an internet facing server. All confirmed.