3.1.5.2.1 Content Encryption for AES in Counter Mode

The AES in counter mode [FIPS197] encryption is applied to separate segments of content data. The definitions for data segment, data segment ID, and block ID MAY vary for different content types and are further discussed in later sections.

Each data segment MUST be encrypted using AES in counter mode [FIPS197]. The following diagram illustrates the procedure for encrypting a data segment using this technique.

Figure 7: Data Segment Encryption Using AES Counter Mode

AES in counter mode creates a stream of bytes that MUST be XOR'd with the clear text bytes of the content to create the encrypted content. The key stream generator MUST use an AES round to generate 16-byte blocks of key stream at a time. The inputs to the AES round MUST be the content encryption key (KC) and the 128-bit concatenation of a data segment ID and the block ID within the data segment.

The output of the key stream generator MUST be XOR'd byte by byte with the data from the corresponding block (i) of the data segment. In case the data segment is not evenly divisible by 16 bytes, only the remaining bytes of the data segment from the last block MUST be XOR'd with the key stream and retained for the encrypted data segment.

The data segment ID values MUST be unique for a given KC.