Advanced Encryption Standard

Cipher Block Chaining Mode

Part 1. AES CBC Overview

The Advanced Encryption Standard specifies a set of cryptographic algorithms for the symmetric encryption and decryption of binary data. AES is a block cipher based on the Rijndael key schedule. An AES key can have a length of 128, 192, or 256 bits. AES input/output blocks are sequences of 128 bits.

A confidentiality mode of operation defines how exactly some data is enciphered or recovered to its original format. The typical modes of AES encryption are ECB (Electronic Codebook), CBC (Cipher Block Chaining), CFB (Cipher Feedback), OFB (Output Feedback), CTR (Counter) and GCM (Galois/Counter Mode). Some of the modes are implemented in browsers as part of the modern Web Cryptography API. In this article we'll exemplify the use of the AES CBC mode chaining each successive input block with an output block obtained at the previous stage of operation.

The CBC mode has the following features:

  • the primary input passed to the AES encryption engine is a data chunk called the initialization vector, or IV; an IV can be viewed as a "seed" for encryption: the first input block is formed by XORing the initial block of the plaintext with the IV;
  • the same initialization vector must be used for both encryption and decryption of the same message;
  • in CBC decryption, the first ciphertext block is decrypted, then the resulting data is XORed with the IV to obtain the first block of the plaintext;
  • an IV for AES CBC operations must have an exact length of 16 bytes;
  • the IV need not be secret, though it must be unpredictable.
Secret Key Generation

Client-side creation of an AES key is performed by calling the generateKey() method of the SubtleCrypto. The method has a number of parameters: these are

  • an AesKeyGenParams object providing the name of the cryptographic algorithm and the length of the secret key in bits;
  • a boolean value showing whether raw key material can be exported by the Web application or not;
  • an array specifying types of cryptographic operations permitted for the generated key.

The variables below hold values required for key generation in JavaScript:

var algorithm={name: "AES-CBC", length: 256}; // AesKeyGenParams object
var isExtractable=true; // key is allowed to be exported
var keyOperations=["encrypt", "decrypt"]; // values for symmetric encryption

An attempt to generate an AES key instantiates a new Promise. If the attempt proves successful, the Promise moves to the fulfilled state. The created key is passed over to a handler of the state: in our example, the handler is a named function (showSecretKeyInfo). The Promise rejection is parsed in a separate routine:

crypto.subtle.generateKey(algorithm, isExtractable, keyOperations).then(showSecretKeyInfo, keyGenerationFailure);

function showSecretKeyInfo(key) { // key is an instance of Key/CryptoKey
 console.info("The secret key has been generated successfully.");
 . . .
}

function keyGenerationFailure(eObj) { // Promise rejection callback
 console.error("The secret key cannot be generated: "+eObj.message.toLowerCase()+".");
}

The generated data structure (key) is an instance of Key (in Chrome and Opera) or CryptoKey (in Firefox). The properties of the object indicates the type of the key (secret) and reflects cryptographic parameters specified during its creation:

console.log(key.type); // "secret"
console.log(key.algorithm); // {name: "AES-CBC", length: 256}
console.log(key.extractable); // true
console.log(key.usages); // ["encrypt", "decrypt"]

An erroneos key parameter will launch the keyGenerationFailure handler; for example, declaring an incorrect value of the key length will raise a DataError with the following message:

Data provided to an operation does not meet requirements