Endianness for AES-CTR encryption/decryption

[alisa101rs]

A note for the community

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Problem

By default (and without having a choice) vector using AES-CTR encryption/decryption with Little Endian counter. However there is no clearly defined standard for BE vs LE, 99% implementations are using BE.

See

• (same problem in winzip) https://crypto.stackexchange.com/questions/95068/how-is-winzip-aes-different-from-normal-aes
• NIST in the example using BE (F.5.1) https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf

I think Vector should have an option between AES-128-CTR-BE and AES-128-CTR-LE, or it should use BE by default.

At least, the fact that it's using LE should be mentioned in the documentation.

Configuration

No response

Version

vector 0.30.0 (x86_64-apple-darwin 38c3f0b 2023-05-22 17:38:48.655488673)

Debug Output

No response

Example Data

No response

Additional Context

No response

References

Originally added in https://github.com/vectordotdev/vector/pull/12090 without any consideration for endianness

[alisa101rs]

https://github.com/vectordotdev/vrl/pull/299 adds a choice between LE and BE, but vector still needs to fix documentation

[jszwedko]

vectordotdev/vrl#299 adds a choice between LE and BE, but vector still needs to fix documentation

👍 the docs will be updated when the next release of Vector occurs (0.32.0). I'll mark this as resolved by the linked PR.