--- a/spec/Overview-WebCryptoAPI.xml Fri Nov 30 17:10:21 2012 -0800
+++ b/spec/Overview-WebCryptoAPI.xml Fri Nov 30 18:26:35 2012 -0800
@@ -603,6 +603,95 @@
</p>
</div>
+ <div id="RandomSource-interface" class="section">
+ <h2>RandomSource interface</h2>
+ <x:codeblock language="idl">
+[NoInterfaceObject]
+interface <dfn id="dfn-RandomSource">RandomSource</dfn> {
+ ArrayBufferView <a href="#dfn-RandomSource-method-getRandomValues">getRandomValues</a>(ArrayBufferView array);
+};
+ </x:codeblock>
+ <div id="RandomSource-description" class="section">
+ <h3>Description</h3>
+ <p>
+ The <a href="#dfn-RandomSource">RandomSource</a> interface represents an interface to a
+ cryptographically strong pseudo-random number generator seeded with truly random values.
+ </p>
+ <p class="implementation-note">
+ Implementation note: Implementations should generate cryptographically random values using
+ well-established cryptographic pseudo-random number generators seeded with high-quality
+ entropy, such as from an operating-system entropy source (e.g., "/dev/urandom"). This
+ specification provides no lower-bound on the information theoretic entropy present in
+ cryptographically random values, but implementations should make a best effort to provide
+ as much entropy as practicable.
+ </p>
+ <p class="implementation-note">
+ Implementation note: This interface defines a synchronous method for obtaining cryptographically
+ random values. While some devices and implementations may support truly random cryptographic
+ number generators or provide interfaces that block when there is insufficient entropy,
+ implementations are encouraged not to use these sources when implementing getRandomValues,
+ both for performance and to avoid depleting the system of entropy. Instead, these sources
+ should be used to seed a cryptographic pseudo-random number generator that can then return
+ suitable values efficiently.
+ </p>
+ </div>
+ <div id="RandomSource-interface-methods" class="section">
+ <h3>Methods and Parameters</h3>
+ <div id="RandomSource-method-getRandomValues" class="section">
+ <h4>The getRandomValues method</h4>
+ <p>
+ The <dfn id="dfn-RandomSource-method-getRandomValues"><code>getRandomValues</code></dfn>
+ method generates cryptographically random values. It must act as follows:
+ </p>
+ <ol>
+ <li>
+ <p>
+ If <var>array</var> is not of an integer type (i.e., Int8Array, Uint8Array,
+ Int16Array, Uint16Array, Int32Array, or Uint32Array), throw a
+ <code>TypeMismatchError</code> and
+ <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <code>byteLength</code> of <var>array</var> is greater than 65536, throw a
+ <code>QuotaExceededError</code> and
+ <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Overwrite all elements of <var>array</var> with cryptographically random values of
+ the appropriate type.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return <var>array</var>.
+ </p>
+ </li>
+ </ol>
+ <p>
+ Do not generate keys using the <code>getRandomValues</code> method. Use the
+ <a href="#dfn-Crypto-method-createKeyGenerator"><code>createKeyGenerator</code></a> method instead.
+ </p>
+ </div>
+ </div>
+
+ <div class="ednote">
+ <ul>
+ <li>
+ The <a href="#dfn-RandomSource-method-getRandomValues"><code>getRandomValues</code></a>
+ function has been implemented in several WebKit-based browsers,
+ including Google Chrome and Apple Safari. If the specification of
+ this function changes, steps will need to be taken to resolve the
+ inconsistency - including possibly renaming the function.
+ </li>
+ </ul>
+ </div>
+ </div>
+
+
<div id="algorithm-dictionary" class="section">
<h2>Algorithm dictionary</h2>
<p>
@@ -1417,9 +1506,9 @@
<a href="#dfn-KeyUsage">KeyUsage</a>[] keyUsages = []);
<a href="#dfn-KeyExporter">KeyExporter</a> <a href="#dfn-Crypto-method-createKeyExporter">createKeyExporter</a>(<a href="#dfn-KeyFormat">KeyFormat</a> format, <a href="#dfn-Key">Key</a> key);
readonly attribute <a href="#dfn-KeyStorage">KeyStorage</a> <a href="#dfn-Crypto-keys">keys</a>;
+};
- ArrayBufferView <a href="#dfn-Crypto-method-getRandomValues">getRandomValues</a>(ArrayBufferView array);
-};
+<a href="#dfn-Crypto">Crypto</a> implements <a href="#dfn-RandomSource">RandomSource</a>;
partial interface Window {
readonly attribute <a href="#dfn-Crypto">Crypto</a> crypto;
@@ -1428,13 +1517,6 @@
<div class="ednote">
<ul>
<li>
- The <a href="#dfn-Crypto-method-getRandomValues"><code>getRandomValues</code></a>
- function has been implemented in several WebKit-based browsers,
- including Google Chrome and Apple Safari. If the specification of
- this function changes, steps will need to be taken to resolve the
- inconsistency - including possibly renaming the function.
- </li>
- <li>
<a href="http://www.w3.org/2012/webcrypto/track/issues/26">ISSUE-26</a>:
When generating, importing, or deriving a key, should it be possible to specify
multiple origins that the key is automatically authorized for, beyond the
@@ -1795,56 +1877,17 @@
</p>
</div>
</div>
-
- <div id="Crypto-method-getRandomValues" class="section">
- <h4>The getRandomValues method</h4>
- <p>
- The <dfn id="dfn-Crypto-method-getRandomValues"><code>getRandomValues</code></dfn>
- method generates cryptographically random values. It must act as follows:
- </p>
- <ol>
- <li>
- <p>
- If <var>array</var> is not of an integer type (i.e., Int8Array, Uint8Array,
- Int16Array, Uint16Array, Int32Array, or Uint32Array), throw a
- <code>TypeMismatchError</code> and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
- </p>
- </li>
- <li>
- <p>
- If the <code>byteLength</code> of <var>array</var> is greater than 65536, throw a
- <code>QuotaExceededError</code> and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
- </p>
- </li>
- <li>
- <p>
- Overwrite all elements of <var>array</var> with cryptographically random values of
- the appropriate type.
- </p>
- </li>
- <li>
- <p>
- Return <var>array</var>.
- </p>
- </li>
- </ol>
- <p>
- Do not generate keys using the <code>getRandomValues</code> method. Use the
- <a href="#dfn-Crypto-method-createKeyGenerator"><code>createKeyGenerator</code></a> method instead.
- </p>
- </div>
</div>
</div>
<div id="WorkerCrypto-interface" class="section">
<h2>WorkerCrypto interface</h2>
<x:codeblock language="idl">
-interface <dfn id="dfn-WorkerCrypto">WorkerCrypto</dfn> {
- ArrayBufferView <a href="#dfn-WorkerCrypto-method-getRandomValues">getRandomValues</a>(ArrayBufferView array);
+interface WorkerCrypto {
};
+<a href="#dfn-WorkerCrypto">WorkerCrypto</a> implements <a href="#dfn-RandomSource">RandomSource</a>;
+
partial interface <a href="http://www.w3.org/TR/workers/#workerglobalscope">WorkerGlobalScope</a> {
readonly attribute <a href="#dfn-WorkerCrypto">WorkerCrypto</a> crypto;
};
@@ -1865,20 +1908,8 @@
</p>
</div>
</div>
- <div id="WorkerCrypto-methods" class="section">
- <h3>Methods and Parameters</h3>
- <div id="WorkerCrypto-method-getRandomValues" class="section">
- <h4>The getRandomValues method</h4>
- <p>
- The <dfn id="dfn-WorkerCrypto-method-getRandomValues">getRandomValues</dfn> method shall behave
- identical to the <a href="#dfn-Crypto"><code>Crypto</code></a>.<a href="#dfn-Crypto-method-getRandomValues"><code>getRandomValues</code></a> method.
- </p>
- </div>
- </div>
</div>
-
-
<div id="big-integer" class="section">
<h2>BigInteger</h2>
<x:codeblock language="idl">
@@ -3333,7 +3364,7 @@
Research Consortium</a> for supporting W3C/MIT.
</p>
<p>
- The <a href="#dfn-Crypto-method-getRandomValues"><code>getRandomValues</code></a> method
+ The <a href="#dfn-RandomSource-method-getRandomValues"><code>getRandomValues</code></a> method
in the <code>Crypto</code> interface was originally proposed by Adam Barth to the
<a href="http://wiki.whatwg.org/wiki/Crypto">WHATWG</a>.
</p>
--- a/spec/Overview.html Fri Nov 30 17:10:21 2012 -0800
+++ b/spec/Overview.html Fri Nov 30 18:26:35 2012 -0800
@@ -47,7 +47,7 @@
signing, and the confidentiality and integrity of communications.
</p>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div><p>There are 14 further editorial notes in the document.</p></div>
+ <div class="ednote"><div class="ednoteHeader">Editorial note</div><p>There are 15 further editorial notes in the document.</p></div>
</div>
<div class="section">
@@ -124,7 +124,7 @@
<div id="toc">
<h2>Table of Contents</h2>
- <div class="toc"><ul><li><a href="#introduction">1. Introduction</a></li><li><a href="#use-cases">2. Use Cases</a><ul><li><a href="#multifactor-authentication">2.1. Multi-factor Authentication</a></li><li><a href="#protected-document">2.2. Protected Document Exchange</a></li><li><a href="#cloud-storage">2.3. Cloud Storage</a></li><li><a href="#document-signing">2.4. Document Signing</a></li><li><a href="#data-integrity-protection">2.5. Data Integrity Protection</a></li><li><a href="#secure-messaging">2.6. Secure Messaging</a></li><li><a href="#jose">2.7. Javascript Object Signing and Encryption (JOSE)</a></li><li><a href="#out-of-band-keys">2.8. Out-of-Band Key Provisioning</a></li></ul></li><li><a href="#conformance">3. Conformance</a></li><li><a href="#scope">4. Scope</a><ul><li><a href="#scope-abstraction">4.1. Level of abstraction</a></li><li><a href="#scope-algorithms">4.2. Cryptographic algorithms</a></li><li><a href="#scope-operations">4.3. Operations</a></li><li><a href="#scope-out-of-scope">4.4. Out of scope</a></li></ul></li><li><a href="#security">5. Security considerations</a><ul><li><a href="#security-implementers">5.1. Security considerations for implementers</a></li><li><a href="#security-developers">5.2. Security considerations for developers</a></li></ul></li><li><a href="#privacy">6. Privacy considerations</a></li><li><a href="#dependencies">7. Dependencies</a></li><li><a href="#terminology">8. Terminology</a></li><li><a href="#algorithm-dictionary">9. Algorithm dictionary</a><ul><li><a href="#algorithm-dictionary-members">9.1. Algorithm Dictionary Members</a></li></ul></li><li><a href="#key-interface">10. Key interface</a><ul><li><a href="#key-interface-description">10.1. Description</a></li><li><a href="#key-interface-members">10.2. Key interface members</a></li></ul></li><li><a href="#cryptooperation-interface">11. CryptoOperation interface</a><ul><li><a href="#CryptoOperation-states">11.1. CryptoOperation states</a></li><li><a href="#cryptooperation-task-source">11.2. The CryptoOperation Task Source</a></li><li><a href="#cryptooperation-events">11.3. Event Handler Attributes</a></li><li><a href="#CryptoOperation-attributes">11.4. Attributes</a></li><li><a href="#CryptoOperation-methods">11.5. Methods and Parameters</a><ul><li><a href="#CryptoOperation-method-init">11.5.1. The init method</a></li><li><a href="#CryptoOperation-method-processData">11.5.2. The processData(ArrayBufferView buffer) method</a></li><li><a href="#CryptoOperation-method-complete">11.5.3. The complete() method</a></li><li><a href="#CryptoOperation-method-abort">11.5.4. The abort() method</a></li></ul></li></ul></li><li><a href="#KeyOperation-interface">12. KeyOperation interface</a></li><li><a href="#KeyGenerator-interface">13. KeyGenerator interface</a></li><li><a href="#KeyDeriver-interface">14. KeyDeriver interface</a></li><li><a href="#KeyImporter-interface">15. KeyImporter interface</a></li><li><a href="#KeyExporter-interface">16. KeyExporter interface</a></li><li><a href="#KeyStorage-interface">17. KeyStorage interface</a></li><li><a href="#crypto-interface">18. Crypto interface</a><ul><li><a href="#crypto-interface-methods">18.1. Methods and Parameters</a><ul><li><a href="#Crypto-method-createEncrypter">18.1.1. The createEncrypter method</a></li><li><a href="#Crypto-method-createDecrypter">18.1.2. The createDecrypter method</a></li><li><a href="#Crypto-method-createSigner">18.1.3. The createSigner method</a></li><li><a href="#Crypto-method-createVerifier">18.1.4. The createVerifier method</a></li><li><a href="#Crypto-method-createDigester">18.1.5. The createDigester method</a></li><li><a href="#Crypto-method-createKeyGenerator">18.1.6. The createKeyGenerator method</a></li><li><a href="#Crypto-method-createKeyDeriver">18.1.7. The createKeyDeriver method</a></li><li><a href="#Crypto-method-createKeyImporter">18.1.8. The createKeyImporter method</a></li><li><a href="#Crypto-method-createKeyExporter">18.1.9. The createKeyExporter method</a></li><li><a href="#Crypto-attribute-keys">18.1.10. The keys attribute</a></li><li><a href="#Crypto-method-getRandomValues">18.1.11. The getRandomValues method</a></li></ul></li></ul></li><li><a href="#WorkerCrypto-interface">19. WorkerCrypto interface</a><ul><li><a href="#WorkerCrypto-description">19.1. Description</a></li><li><a href="#WorkerCrypto-methods">19.2. Methods and Parameters</a><ul><li><a href="#WorkerCrypto-method-getRandomValues">19.2.1. The getRandomValues method</a></li></ul></li></ul></li><li><a href="#big-integer">20. BigInteger</a></li><li><a href="#keypair">21. KeyPair</a></li><li><a href="#named-curve">22. NamedCurve</a></li><li><a href="#ec-point">23. ECPoint</a></li><li><a href="#algorithms">24. Algorithms</a><ul><li><a href="#recommended-algorithms">24.1. Recommended algorithms</a></li><li><a href="#defining-an-algorithm">24.2. Defining an algorithm</a><ul><li><a href="#recognized-algorithm-name">24.2.1. Recognized algorithm name</a></li><li><a href="#supported-operations">24.2.2. Supported operations</a></li><li><a href="#algorithm-specific-params">24.2.3. Algorithm-specific parameters</a></li><li><a href="#algorithm-result">24.2.4. Algorithm results</a></li><li><a href="#algorithm-alias">24.2.5. Algorithm aliases</a></li></ul></li><li><a href="#rsaes-pkcs1">24.3. RSAES-PKCS1-v1_5</a><ul><li><a href="#rsaes-pkcs1-description">24.3.1. Description</a></li><li><a href="#rsaes-pkcs1-registration">24.3.2. Registration</a></li><li><a href="#RsaKeyGenParams-dictionary">24.3.3. RsaKeyGenParams dictionary</a></li><li><a href="#rsaes-pkcs1-operations">24.3.4. Operations</a></li></ul></li><li><a href="#rsassa-pkcs1">24.4. RSASSA-PKCS1-v1_5</a><ul><li><a href="#rsassa-pkcs1-description">24.4.1. Description</a></li><li><a href="#rsassa-pkcs1-registration">24.4.2. Registration</a></li><li><a href="#RsaSsaParams-dictionary">24.4.3. RsaSsaParams dictionary</a></li><li><a href="#rsassa-pkcs1-operations">24.4.4. Operations</a></li></ul></li><li><a href="#rsa-pss">24.5. RSA-PSS</a><ul><li><a href="#rsa-pss-description">24.5.1. Description</a></li><li><a href="#rsa-pss-registration">24.5.2. Registration</a></li><li><a href="#rsa-pss-params">24.5.3. RsaPssParams dictionary</a></li><li><a href="#rsa-pss-operations">24.5.4. Operations</a></li></ul></li><li><a href="#rsa-oaep">24.6. RSA-OAEP</a><ul><li><a href="#rsa-oaep-description">24.6.1. Description</a></li><li><a href="#rsa-oaep-registration">24.6.2. Registration</a></li><li><a href="#rsa-oaep-params">24.6.3. RsaOaepParams dictionary</a></li><li><a href="#rsa-oaep-operations">24.6.4. Operations</a></li></ul></li><li><a href="#ecdsa">24.7. ECDSA</a><ul><li><a href="#ecdsa-description">24.7.1. Description</a></li><li><a href="#ecdsa-registration">24.7.2. Registration</a></li><li><a href="#EcdsaParams-dictionary">24.7.3. EcdsaParams dictionary</a></li><li><a href="#EcKeyGenParams-dictionary">24.7.4. EcKeyGenParams dictionary</a></li><li><a href="#ecdsa-operations">24.7.5. Operations</a></li></ul></li><li><a href="#ecdh">24.8. ECDH</a><ul><li><a href="#ecdh-description">24.8.1. Description</a></li><li><a href="#ecdh-registration">24.8.2. Registration</a></li><li><a href="#dh-EcdhKeyDeriveParams">24.8.3. EcdhKeyDeriveParams dictionary</a></li><li><a href="#ecdh-operations">24.8.4. Operations</a></li></ul></li><li><a href="#aes-ctr">24.9. AES-CTR</a><ul><li><a href="#aes-ctr-description">24.9.1. Description</a></li><li><a href="#aes-ctr-registration">24.9.2. Registration</a></li><li><a href="#aes-ctr-params">24.9.3. AesCtrParams dictionary</a></li><li><a href="#aes-keygen-params">24.9.4. AesKeyGenParams dictionary</a></li><li><a href="#aes-ctr-operations">24.9.5. Operations</a></li></ul></li><li><a href="#aes-cbc">24.10. AES-CBC</a><ul><li><a href="#aes-cbc-description">24.10.1. Description</a></li><li><a href="#aes-cbc-registration">24.10.2. Registration</a></li><li><a href="#aes-cbc-params">24.10.3. AesCbcParams dictionary</a></li><li><a href="#aes-cbc-operations">24.10.4. Operations</a></li></ul></li><li><a href="#aes-gcm">24.11. AES-GCM</a><ul><li><a href="#aes-gcm-description">24.11.1. Description</a></li><li><a href="#aes-gcm-registration">24.11.2. Registration</a></li><li><a href="#aes-gcm-params">24.11.3. AesGcmParams dictionary</a></li><li><a href="#aes-gcm-operations">24.11.4. Operations</a></li></ul></li><li><a href="#hmac">24.12. HMAC</a><ul><li><a href="#hmac-description">24.12.1. Description</a></li><li><a href="#hmac-registration">24.12.2. Registration</a></li><li><a href="#hmac-params">24.12.3. HmacParams dictionary</a></li><li><a href="#hmac-operations">24.12.4. Operations</a></li></ul></li><li><a href="#dh">24.13. Diffie-Hellman</a><ul><li><a href="#dh-description">24.13.1. Description</a></li><li><a href="#dh-registration">24.13.2. Registration</a></li><li><a href="#dh-DhKeyGenParams">24.13.3. DhKeyGenParams dictionary</a></li><li><a href="#dh-DhKeyDeriveParams">24.13.4. DhKeyDeriveParams dictionary</a></li><li><a href="#dh-operations">24.13.5. Operations</a></li></ul></li><li><a href="#sha">24.14. SHA</a><ul><li><a href="#sha-description">24.14.1. Description</a></li><li><a href="#sha-registration">24.14.2. Registration</a></li><li><a href="#sha-operations">24.14.3. Operations</a></li></ul></li><li><a href="#pbkdf2">24.15. PBKDF2</a><ul><li><a href="#pbkdf2-description">24.15.1. Description</a></li><li><a href="#pbkdf2-registration">24.15.2. Registration</a></li><li><a href="#pbkdf2-params">24.15.3. Pbkdf2Params dictionary</a></li><li><a href="#pbkdf2-operations">24.15.4. Operations</a></li></ul></li></ul></li><li><a href="#algorithm-normalizing-rules">25. Algorithm normalizing rules</a></li><li><a href="#examples-section">26. JavaScript Example Code</a><ul><li><a href="#examples-signing">26.1. Generate a signing key pair, sign some data</a></li><li><a href="#examples-key-storage">26.2. Key Storage</a></li><li><a href="#examples-symmetric-encryption">26.3. Symmetric Encryption</a></li></ul></li><li><a href="#acknowledgements-section">27. Acknowledgements</a></li><li><a href="#references">28. References</a><ul><li><a href="#normative-references">28.1. Normative References</a></li><li><a href="#informative-references">28.2. Informative References</a></li></ul></li></ul></div>
+ <div class="toc"><ul><li><a href="#introduction">1. Introduction</a></li><li><a href="#use-cases">2. Use Cases</a><ul><li><a href="#multifactor-authentication">2.1. Multi-factor Authentication</a></li><li><a href="#protected-document">2.2. Protected Document Exchange</a></li><li><a href="#cloud-storage">2.3. Cloud Storage</a></li><li><a href="#document-signing">2.4. Document Signing</a></li><li><a href="#data-integrity-protection">2.5. Data Integrity Protection</a></li><li><a href="#secure-messaging">2.6. Secure Messaging</a></li><li><a href="#jose">2.7. Javascript Object Signing and Encryption (JOSE)</a></li><li><a href="#out-of-band-keys">2.8. Out-of-Band Key Provisioning</a></li></ul></li><li><a href="#conformance">3. Conformance</a></li><li><a href="#scope">4. Scope</a><ul><li><a href="#scope-abstraction">4.1. Level of abstraction</a></li><li><a href="#scope-algorithms">4.2. Cryptographic algorithms</a></li><li><a href="#scope-operations">4.3. Operations</a></li><li><a href="#scope-out-of-scope">4.4. Out of scope</a></li></ul></li><li><a href="#security">5. Security considerations</a><ul><li><a href="#security-implementers">5.1. Security considerations for implementers</a></li><li><a href="#security-developers">5.2. Security considerations for developers</a></li></ul></li><li><a href="#privacy">6. Privacy considerations</a></li><li><a href="#dependencies">7. Dependencies</a></li><li><a href="#terminology">8. Terminology</a></li><li><a href="#RandomSource-interface">9. RandomSource interface</a><ul><li><a href="#RandomSource-description">9.1. Description</a></li><li><a href="#RandomSource-interface-methods">9.2. Methods and Parameters</a><ul><li><a href="#RandomSource-method-getRandomValues">9.2.1. The getRandomValues method</a></li></ul></li></ul></li><li><a href="#algorithm-dictionary">10. Algorithm dictionary</a><ul><li><a href="#algorithm-dictionary-members">10.1. Algorithm Dictionary Members</a></li></ul></li><li><a href="#key-interface">11. Key interface</a><ul><li><a href="#key-interface-description">11.1. Description</a></li><li><a href="#key-interface-members">11.2. Key interface members</a></li></ul></li><li><a href="#cryptooperation-interface">12. CryptoOperation interface</a><ul><li><a href="#CryptoOperation-states">12.1. CryptoOperation states</a></li><li><a href="#cryptooperation-task-source">12.2. The CryptoOperation Task Source</a></li><li><a href="#cryptooperation-events">12.3. Event Handler Attributes</a></li><li><a href="#CryptoOperation-attributes">12.4. Attributes</a></li><li><a href="#CryptoOperation-methods">12.5. Methods and Parameters</a><ul><li><a href="#CryptoOperation-method-init">12.5.1. The init method</a></li><li><a href="#CryptoOperation-method-processData">12.5.2. The processData(ArrayBufferView buffer) method</a></li><li><a href="#CryptoOperation-method-complete">12.5.3. The complete() method</a></li><li><a href="#CryptoOperation-method-abort">12.5.4. The abort() method</a></li></ul></li></ul></li><li><a href="#KeyOperation-interface">13. KeyOperation interface</a></li><li><a href="#KeyGenerator-interface">14. KeyGenerator interface</a></li><li><a href="#KeyDeriver-interface">15. KeyDeriver interface</a></li><li><a href="#KeyImporter-interface">16. KeyImporter interface</a></li><li><a href="#KeyExporter-interface">17. KeyExporter interface</a></li><li><a href="#KeyStorage-interface">18. KeyStorage interface</a></li><li><a href="#crypto-interface">19. Crypto interface</a><ul><li><a href="#crypto-interface-methods">19.1. Methods and Parameters</a><ul><li><a href="#Crypto-method-createEncrypter">19.1.1. The createEncrypter method</a></li><li><a href="#Crypto-method-createDecrypter">19.1.2. The createDecrypter method</a></li><li><a href="#Crypto-method-createSigner">19.1.3. The createSigner method</a></li><li><a href="#Crypto-method-createVerifier">19.1.4. The createVerifier method</a></li><li><a href="#Crypto-method-createDigester">19.1.5. The createDigester method</a></li><li><a href="#Crypto-method-createKeyGenerator">19.1.6. The createKeyGenerator method</a></li><li><a href="#Crypto-method-createKeyDeriver">19.1.7. The createKeyDeriver method</a></li><li><a href="#Crypto-method-createKeyImporter">19.1.8. The createKeyImporter method</a></li><li><a href="#Crypto-method-createKeyExporter">19.1.9. The createKeyExporter method</a></li><li><a href="#Crypto-attribute-keys">19.1.10. The keys attribute</a></li></ul></li></ul></li><li><a href="#WorkerCrypto-interface">20. WorkerCrypto interface</a><ul><li><a href="#WorkerCrypto-description">20.1. Description</a></li></ul></li><li><a href="#big-integer">21. BigInteger</a></li><li><a href="#keypair">22. KeyPair</a></li><li><a href="#named-curve">23. NamedCurve</a></li><li><a href="#ec-point">24. ECPoint</a></li><li><a href="#algorithms">25. Algorithms</a><ul><li><a href="#recommended-algorithms">25.1. Recommended algorithms</a></li><li><a href="#defining-an-algorithm">25.2. Defining an algorithm</a><ul><li><a href="#recognized-algorithm-name">25.2.1. Recognized algorithm name</a></li><li><a href="#supported-operations">25.2.2. Supported operations</a></li><li><a href="#algorithm-specific-params">25.2.3. Algorithm-specific parameters</a></li><li><a href="#algorithm-result">25.2.4. Algorithm results</a></li><li><a href="#algorithm-alias">25.2.5. Algorithm aliases</a></li></ul></li><li><a href="#rsaes-pkcs1">25.3. RSAES-PKCS1-v1_5</a><ul><li><a href="#rsaes-pkcs1-description">25.3.1. Description</a></li><li><a href="#rsaes-pkcs1-registration">25.3.2. Registration</a></li><li><a href="#RsaKeyGenParams-dictionary">25.3.3. RsaKeyGenParams dictionary</a></li><li><a href="#rsaes-pkcs1-operations">25.3.4. Operations</a></li></ul></li><li><a href="#rsassa-pkcs1">25.4. RSASSA-PKCS1-v1_5</a><ul><li><a href="#rsassa-pkcs1-description">25.4.1. Description</a></li><li><a href="#rsassa-pkcs1-registration">25.4.2. Registration</a></li><li><a href="#RsaSsaParams-dictionary">25.4.3. RsaSsaParams dictionary</a></li><li><a href="#rsassa-pkcs1-operations">25.4.4. Operations</a></li></ul></li><li><a href="#rsa-pss">25.5. RSA-PSS</a><ul><li><a href="#rsa-pss-description">25.5.1. Description</a></li><li><a href="#rsa-pss-registration">25.5.2. Registration</a></li><li><a href="#rsa-pss-params">25.5.3. RsaPssParams dictionary</a></li><li><a href="#rsa-pss-operations">25.5.4. Operations</a></li></ul></li><li><a href="#rsa-oaep">25.6. RSA-OAEP</a><ul><li><a href="#rsa-oaep-description">25.6.1. Description</a></li><li><a href="#rsa-oaep-registration">25.6.2. Registration</a></li><li><a href="#rsa-oaep-params">25.6.3. RsaOaepParams dictionary</a></li><li><a href="#rsa-oaep-operations">25.6.4. Operations</a></li></ul></li><li><a href="#ecdsa">25.7. ECDSA</a><ul><li><a href="#ecdsa-description">25.7.1. Description</a></li><li><a href="#ecdsa-registration">25.7.2. Registration</a></li><li><a href="#EcdsaParams-dictionary">25.7.3. EcdsaParams dictionary</a></li><li><a href="#EcKeyGenParams-dictionary">25.7.4. EcKeyGenParams dictionary</a></li><li><a href="#ecdsa-operations">25.7.5. Operations</a></li></ul></li><li><a href="#ecdh">25.8. ECDH</a><ul><li><a href="#ecdh-description">25.8.1. Description</a></li><li><a href="#ecdh-registration">25.8.2. Registration</a></li><li><a href="#dh-EcdhKeyDeriveParams">25.8.3. EcdhKeyDeriveParams dictionary</a></li><li><a href="#ecdh-operations">25.8.4. Operations</a></li></ul></li><li><a href="#aes-ctr">25.9. AES-CTR</a><ul><li><a href="#aes-ctr-description">25.9.1. Description</a></li><li><a href="#aes-ctr-registration">25.9.2. Registration</a></li><li><a href="#aes-ctr-params">25.9.3. AesCtrParams dictionary</a></li><li><a href="#aes-keygen-params">25.9.4. AesKeyGenParams dictionary</a></li><li><a href="#aes-ctr-operations">25.9.5. Operations</a></li></ul></li><li><a href="#aes-cbc">25.10. AES-CBC</a><ul><li><a href="#aes-cbc-description">25.10.1. Description</a></li><li><a href="#aes-cbc-registration">25.10.2. Registration</a></li><li><a href="#aes-cbc-params">25.10.3. AesCbcParams dictionary</a></li><li><a href="#aes-cbc-operations">25.10.4. Operations</a></li></ul></li><li><a href="#aes-gcm">25.11. AES-GCM</a><ul><li><a href="#aes-gcm-description">25.11.1. Description</a></li><li><a href="#aes-gcm-registration">25.11.2. Registration</a></li><li><a href="#aes-gcm-params">25.11.3. AesGcmParams dictionary</a></li><li><a href="#aes-gcm-operations">25.11.4. Operations</a></li></ul></li><li><a href="#hmac">25.12. HMAC</a><ul><li><a href="#hmac-description">25.12.1. Description</a></li><li><a href="#hmac-registration">25.12.2. Registration</a></li><li><a href="#hmac-params">25.12.3. HmacParams dictionary</a></li><li><a href="#hmac-operations">25.12.4. Operations</a></li></ul></li><li><a href="#dh">25.13. Diffie-Hellman</a><ul><li><a href="#dh-description">25.13.1. Description</a></li><li><a href="#dh-registration">25.13.2. Registration</a></li><li><a href="#dh-DhKeyGenParams">25.13.3. DhKeyGenParams dictionary</a></li><li><a href="#dh-DhKeyDeriveParams">25.13.4. DhKeyDeriveParams dictionary</a></li><li><a href="#dh-operations">25.13.5. Operations</a></li></ul></li><li><a href="#sha">25.14. SHA</a><ul><li><a href="#sha-description">25.14.1. Description</a></li><li><a href="#sha-registration">25.14.2. Registration</a></li><li><a href="#sha-operations">25.14.3. Operations</a></li></ul></li><li><a href="#pbkdf2">25.15. PBKDF2</a><ul><li><a href="#pbkdf2-description">25.15.1. Description</a></li><li><a href="#pbkdf2-registration">25.15.2. Registration</a></li><li><a href="#pbkdf2-params">25.15.3. Pbkdf2Params dictionary</a></li><li><a href="#pbkdf2-operations">25.15.4. Operations</a></li></ul></li></ul></li><li><a href="#algorithm-normalizing-rules">26. Algorithm normalizing rules</a></li><li><a href="#examples-section">27. JavaScript Example Code</a><ul><li><a href="#examples-signing">27.1. Generate a signing key pair, sign some data</a></li><li><a href="#examples-key-storage">27.2. Key Storage</a></li><li><a href="#examples-symmetric-encryption">27.3. Symmetric Encryption</a></li></ul></li><li><a href="#acknowledgements-section">28. Acknowledgements</a></li><li><a href="#references">29. References</a><ul><li><a href="#normative-references">29.1. Normative References</a></li><li><a href="#informative-references">29.2. Informative References</a></li></ul></li></ul></div>
</div>
<div id="sections">
@@ -599,8 +599,97 @@
</p>
</div>
+ <div id="RandomSource-interface" class="section">
+ <h2>9. RandomSource interface</h2>
+ <div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
+[NoInterfaceObject]
+interface <dfn id="dfn-RandomSource">RandomSource</dfn> {
+ ArrayBufferView <a href="#dfn-RandomSource-method-getRandomValues">getRandomValues</a>(ArrayBufferView array);
+};
+ </code></pre></div></div>
+ <div id="RandomSource-description" class="section">
+ <h3>9.1. Description</h3>
+ <p>
+ The <a href="#dfn-RandomSource">RandomSource</a> interface represents an interface to a
+ cryptographically strong pseudo-random number generator seeded with truly random values.
+ </p>
+ <p class="implementation-note">
+ Implementation note: Implementations should generate cryptographically random values using
+ well-established cryptographic pseudo-random number generators seeded with high-quality
+ entropy, such as from an operating-system entropy source (e.g., "/dev/urandom"). This
+ specification provides no lower-bound on the information theoretic entropy present in
+ cryptographically random values, but implementations should make a best effort to provide
+ as much entropy as practicable.
+ </p>
+ <p class="implementation-note">
+ Implementation note: This interface defines a synchronous method for obtaining cryptographically
+ random values. While some devices and implementations may support truly random cryptographic
+ number generators or provide interfaces that block when there is insufficient entropy,
+ implementations are encouraged not to use these sources when implementing getRandomValues,
+ both for performance and to avoid depleting the system of entropy. Instead, these sources
+ should be used to seed a cryptographic pseudo-random number generator that can then return
+ suitable values efficiently.
+ </p>
+ </div>
+ <div id="RandomSource-interface-methods" class="section">
+ <h3>9.2. Methods and Parameters</h3>
+ <div id="RandomSource-method-getRandomValues" class="section">
+ <h4>9.2.1. The getRandomValues method</h4>
+ <p>
+ The <dfn id="dfn-RandomSource-method-getRandomValues"><code>getRandomValues</code></dfn>
+ method generates cryptographically random values. It must act as follows:
+ </p>
+ <ol>
+ <li>
+ <p>
+ If <var>array</var> is not of an integer type (i.e., Int8Array, Uint8Array,
+ Int16Array, Uint16Array, Int32Array, or Uint32Array), throw a
+ <code>TypeMismatchError</code> and
+ <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <code>byteLength</code> of <var>array</var> is greater than 65536, throw a
+ <code>QuotaExceededError</code> and
+ <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Overwrite all elements of <var>array</var> with cryptographically random values of
+ the appropriate type.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return <var>array</var>.
+ </p>
+ </li>
+ </ol>
+ <p>
+ Do not generate keys using the <code>getRandomValues</code> method. Use the
+ <a href="#dfn-Crypto-method-createKeyGenerator"><code>createKeyGenerator</code></a> method instead.
+ </p>
+ </div>
+ </div>
+
+ <div class="ednote"><div class="ednoteHeader">Editorial note</div>
+ <ul>
+ <li>
+ The <a href="#dfn-RandomSource-method-getRandomValues"><code>getRandomValues</code></a>
+ function has been implemented in several WebKit-based browsers,
+ including Google Chrome and Apple Safari. If the specification of
+ this function changes, steps will need to be taken to resolve the
+ inconsistency - including possibly renaming the function.
+ </li>
+ </ul>
+ </div>
+ </div>
+
+
<div id="algorithm-dictionary" class="section">
- <h2>9. Algorithm dictionary</h2>
+ <h2>10. Algorithm dictionary</h2>
<p>
The Algorithm object is a dictionary object [<cite><a href="#WebIDL">WebIDL</a></cite>]
which is used to specify an algorithm and any additional parameters required to fully
@@ -629,7 +718,7 @@
</ul>
</div>
<div id="algorithm-dictionary-members" class="section">
- <h3>9.1. <a href="#dfn-Algorithm">Algorithm</a> Dictionary Members</h3>
+ <h3>10.1. <a href="#dfn-Algorithm">Algorithm</a> Dictionary Members</h3>
<dl>
<dt id="dfn-Algorithm-name">
<code>name</code>
@@ -649,7 +738,7 @@
</div>
<div id="key-interface" class="section">
- <h2>10. Key interface</h2>
+ <h2>11. Key interface</h2>
<p>
The Key object represents an opaque reference to keying material that is managed by the
user agent.
@@ -696,7 +785,7 @@
};
</code></pre></div></div>
<div id="key-interface-description" class="section">
- <h3>10.1. Description</h3>
+ <h3>11.1. Description</h3>
<span class="normative">This section is non-normative</span>
<p>
This specification provides a uniform interface for many different kinds of keying material
@@ -715,7 +804,7 @@
</p>
</div>
<div id="key-interface-members" class="section">
- <h3>10.2. Key interface members</h3>
+ <h3>11.2. Key interface members</h3>
<dl>
<dt id="dfn-Key-id"><code>id</code></dt>
<dd>
@@ -811,7 +900,7 @@
</div>
<div id="cryptooperation-interface" class="section">
- <h2>11. CryptoOperation interface</h2>
+ <h2>12. CryptoOperation interface</h2>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
interface <dfn id="dfn-CryptoOperation">CryptoOperation</dfn> : <a href="#dfn-EventTarget">EventTarget</a> {
void <a href="#dfn-CryptoOperation-method-init">init</a>();
@@ -843,7 +932,7 @@
</ul>
</div>
<div id="CryptoOperation-states" class="section">
- <h3>11.1. CryptoOperation states</h3>
+ <h3>12.1. CryptoOperation states</h3>
<p>
The <code><a href="#dfn-CryptoOperation">CryptoOperation</a></code> can be in any one of
five states. This state is tracked internal to the
@@ -893,7 +982,7 @@
</dl>
</div>
<div id="cryptooperation-task-source" class="section">
- <h3>11.2. The CryptoOperation Task Source</h3>
+ <h3>12.2. The CryptoOperation Task Source</h3>
<p>
The <a href="#dfn-CryptoOperation"><code>CryptoOperation</code></a> interface enables
asynchronous cryptographic processing by firing events. Unless stated otherwise, the
@@ -904,7 +993,7 @@
</p>
</div>
<div id="cryptooperation-events" class="section">
- <h3>11.3. Event Handler Attributes</h3>
+ <h3>12.3. Event Handler Attributes</h3>
<p>
The following are the <a href="#event-handler-attributes">event handler attributes</a>
(and their corresponding <a href="#event-handler-event-type">event handler event
@@ -949,7 +1038,7 @@
</table>
</div>
<div id="CryptoOperation-attributes" class="section">
- <h3>11.4. Attributes</h3>
+ <h3>12.4. Attributes</h3>
<dl>
<dt id="dfn-CryptoOperation-key"><code>key</code></dt>
<dd>
@@ -993,9 +1082,9 @@
</dl>
</div>
<div id="CryptoOperation-methods" class="section">
- <h3>11.5. Methods and Parameters</h3>
+ <h3>12.5. Methods and Parameters</h3>
<div id="CryptoOperation-method-init" class="section">
- <h4>11.5.1. The <dfn id="dfn-CryptoOperation-method-init"><code>init</code></dfn> method</h4>
+ <h4>12.5.1. The <dfn id="dfn-CryptoOperation-method-init"><code>init</code></dfn> method</h4>
<p>
When <a href="#dfn-CryptoOperation-method-init"><code>init</code></a> method is called,
the user agent must run the steps below.
@@ -1044,7 +1133,7 @@
</ol>
</div>
<div id="CryptoOperation-method-processData" class="section">
- <h4>11.5.2. The <dfn id="dfn-CryptoOperation-method-processData"><code>processData(ArrayBufferView buffer)</code></dfn> method</h4>
+ <h4>12.5.2. The <dfn id="dfn-CryptoOperation-method-processData"><code>processData(ArrayBufferView buffer)</code></dfn> method</h4>
<p>
When <a href="#dfn-CryptoOperation-method-processData"><code>processData(ArrayBufferView buffer)</code></a>
method is called, the user agent must run the steps below.
@@ -1096,7 +1185,7 @@
</ol>
</div>
<div id="CryptoOperation-method-complete" class="section">
- <h4>11.5.3. The <dfn id="dfn-CryptoOperation-method-complete"><code>complete()</code></dfn> method</h4>
+ <h4>12.5.3. The <dfn id="dfn-CryptoOperation-method-complete"><code>complete()</code></dfn> method</h4>
<p>
When <a href="#dfn-CryptoOperation-method-complete"><code>complete()</code></a>
method is called, the user agent must run the steps below.
@@ -1157,7 +1246,7 @@
</ol>
</div>
<div id="CryptoOperation-method-abort" class="section">
- <h4>11.5.4. The <dfn id="dfn-CryptoOperation-method-abort"><code>abort()</code></dfn> method</h4>
+ <h4>12.5.4. The <dfn id="dfn-CryptoOperation-method-abort"><code>abort()</code></dfn> method</h4>
<p>
When <a href="#dfn-CryptoOperation-method-abort"><code>abort()</code></a>
method is called, the user agent must run the steps below.
@@ -1249,7 +1338,7 @@
</div>
<div id="KeyOperation-interface" class="section">
- <h2>12. KeyOperation interface</h2>
+ <h2>13. KeyOperation interface</h2>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
interface <dfn id="dfn-KeyOperation">KeyOperation</dfn> : EventTarget {
readonly attribute any <a href="#dfn-KeyOperation-result">result</a>;
@@ -1261,7 +1350,7 @@
</div>
<div id="KeyGenerator-interface" class="section">
- <h2>13. KeyGenerator interface</h2>
+ <h2>14. KeyGenerator interface</h2>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
interface <dfn id="dfn-KeyGenerator">KeyGenerator</dfn> : <a href="#dfn-KeyOperation">KeyOperation</a> {
void <a href="#dfn-KeyOperation-generate-method">generate</a>();
@@ -1270,7 +1359,7 @@
</div>
<div id="KeyDeriver-interface" class="section">
- <h2>14. KeyDeriver interface</h2>
+ <h2>15. KeyDeriver interface</h2>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
interface <dfn id="dfn-KeyDeriver">KeyDeriver</dfn> : <a href="#dfn-KeyOperation">KeyOperation</a> {
void <a href="#dfn-KeyOperation-derive-method">derive</a>();
@@ -1279,7 +1368,7 @@
</div>
<div id="KeyImporter-interface" class="section">
- <h2>15. KeyImporter interface</h2>
+ <h2>16. KeyImporter interface</h2>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
enum <dfn id="dfn-KeyFormat">KeyFormat</dfn> {
<span class="comment">// An unformatted sequence of bytes. Intended for secret keys.</span>
@@ -1305,7 +1394,7 @@
</div>
<div id="KeyExporter-interface" class="section">
- <h2>16. KeyExporter interface</h2>
+ <h2>17. KeyExporter interface</h2>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
interface <dfn id="dfn-KeyExporter">KeyExporter</dfn> : <a href="#dfn-KeyOperation">KeyOperation</a> {
void <a href="#dfn-KeyExporter-generate-method">export</a>();
@@ -1316,7 +1405,7 @@
</div>
<div id="KeyStorage-interface" class="section">
- <h2>17. KeyStorage interface</h2>
+ <h2>18. KeyStorage interface</h2>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
interface <dfn id="dfn-KeyStorage">KeyStorage</dfn> {
readonly attribute unsigned long <a href="#dfn-KeyStorage-attribute-length">length</a>;
@@ -1382,7 +1471,7 @@
</div>
<div id="crypto-interface" class="section">
- <h2>18. Crypto interface</h2>
+ <h2>19. Crypto interface</h2>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
<span class="comment">// TBD: <a href="http://www.w3.org/2012/webcrypto/track/issues/37">ISSUE-37</a></span>
interface <dfn id="dfn-crypto">Crypto</dfn> {
@@ -1413,9 +1502,9 @@
<a href="#dfn-KeyUsage">KeyUsage</a>[] keyUsages = []);
<a href="#dfn-KeyExporter">KeyExporter</a> <a href="#dfn-Crypto-method-createKeyExporter">createKeyExporter</a>(<a href="#dfn-KeyFormat">KeyFormat</a> format, <a href="#dfn-Key">Key</a> key);
readonly attribute <a href="#dfn-KeyStorage">KeyStorage</a> <a href="#dfn-Crypto-keys">keys</a>;
+};
- ArrayBufferView <a href="#dfn-Crypto-method-getRandomValues">getRandomValues</a>(ArrayBufferView array);
-};
+<a href="#dfn-Crypto">Crypto</a> implements <a href="#dfn-RandomSource">RandomSource</a>;
partial interface Window {
readonly attribute <a href="#dfn-Crypto">Crypto</a> crypto;
@@ -1424,13 +1513,6 @@
<div class="ednote"><div class="ednoteHeader">Editorial note</div>
<ul>
<li>
- The <a href="#dfn-Crypto-method-getRandomValues"><code>getRandomValues</code></a>
- function has been implemented in several WebKit-based browsers,
- including Google Chrome and Apple Safari. If the specification of
- this function changes, steps will need to be taken to resolve the
- inconsistency - including possibly renaming the function.
- </li>
- <li>
<a href="http://www.w3.org/2012/webcrypto/track/issues/26">ISSUE-26</a>:
When generating, importing, or deriving a key, should it be possible to specify
multiple origins that the key is automatically authorized for, beyond the
@@ -1459,9 +1541,9 @@
</ul>
</div>
<div id="crypto-interface-methods" class="section">
- <h3>18.1. Methods and Parameters</h3>
+ <h3>19.1. Methods and Parameters</h3>
<div id="Crypto-method-createEncrypter" class="section">
- <h4>18.1.1. The createEncrypter method</h4>
+ <h4>19.1.1. The createEncrypter method</h4>
<p>
The <dfn id="dfn-Crypto-method-createEncrypter"><code>createEncrypter</code></dfn>
method returns a new <a href="#dfn-CryptoOperation"><code>CryptoOperation</code></a>
@@ -1516,7 +1598,7 @@
</div>
<div id="Crypto-method-createDecrypter" class="section">
- <h4>18.1.2. The createDecrypter method</h4>
+ <h4>19.1.2. The createDecrypter method</h4>
<p>
The <dfn id="dfn-Crypto-method-createDecrypter"><code>createDecrypter</code></dfn>
method returns a new <a href="#dfn-CryptoOperation"><code>CryptoOperation</code></a>
@@ -1571,7 +1653,7 @@
</div>
<div id="Crypto-method-createSigner" class="section">
- <h4>18.1.3. The createSigner method</h4>
+ <h4>19.1.3. The createSigner method</h4>
<p>
The <dfn id="dfn-Crypto-method-createSigner"><code>createSigner</code></dfn> method
returns a new <a href="#dfn-CryptoOperation"><code>CryptoOperation</code></a>
@@ -1625,7 +1707,7 @@
</div>
<div id="Crypto-method-createVerifier" class="section">
- <h4>18.1.4. The createVerifier method</h4>
+ <h4>19.1.4. The createVerifier method</h4>
<p>
The <dfn id="dfn-Crypto-method-createVerifier"><code>createVerifier</code></dfn> method
returns a new <a href="#dfn-CryptoOperation"><code>CryptoOperation</code></a>
@@ -1679,7 +1761,7 @@
</div>
<div id="Crypto-method-createDigester" class="section">
- <h4>18.1.5. The createDigester method</h4>
+ <h4>19.1.5. The createDigester method</h4>
<p>
The <dfn id="dfn-Crypto-method-createDigester"><code>createDigester</code></dfn> method returns
a new <a href="#dfn-CryptoOperation"><code>CryptoOperation</code></a>
@@ -1733,7 +1815,7 @@
</div>
<div id="Crypto-method-createKeyGenerator" class="section">
- <h4>18.1.6. The createKeyGenerator method</h4>
+ <h4>19.1.6. The createKeyGenerator method</h4>
<p>
</p>
<div class="ednote"><div class="ednoteHeader">Editorial note</div>
@@ -1752,20 +1834,20 @@
</div>
<div id="Crypto-method-createKeyDeriver" class="section">
- <h4>18.1.7. The createKeyDeriver method</h4>
+ <h4>19.1.7. The createKeyDeriver method</h4>
<p></p>
</div>
<div id="Crypto-method-createKeyImporter" class="section">
- <h4>18.1.8. The createKeyImporter method</h4>
+ <h4>19.1.8. The createKeyImporter method</h4>
<p></p>
</div>
<div id="Crypto-method-createKeyExporter" class="section">
- <h4>18.1.9. The createKeyExporter method</h4>
+ <h4>19.1.9. The createKeyExporter method</h4>
<p></p>
</div>
<div id="Crypto-attribute-keys" class="section">
- <h4>18.1.10. The keys attribute</h4>
+ <h4>19.1.10. The keys attribute</h4>
<p>
The <dfn id="dfn-Crypto-Keys"><code>keys</code></dfn> attribute provides access to the
key storage of a particular origin. Keys that have been generated by, imported into, or
@@ -1791,62 +1873,23 @@
</p>
</div>
</div>
-
- <div id="Crypto-method-getRandomValues" class="section">
- <h4>18.1.11. The getRandomValues method</h4>
- <p>
- The <dfn id="dfn-Crypto-method-getRandomValues"><code>getRandomValues</code></dfn>
- method generates cryptographically random values. It must act as follows:
- </p>
- <ol>
- <li>
- <p>
- If <var>array</var> is not of an integer type (i.e., Int8Array, Uint8Array,
- Int16Array, Uint16Array, Int32Array, or Uint32Array), throw a
- <code>TypeMismatchError</code> and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
- </p>
- </li>
- <li>
- <p>
- If the <code>byteLength</code> of <var>array</var> is greater than 65536, throw a
- <code>QuotaExceededError</code> and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
- </p>
- </li>
- <li>
- <p>
- Overwrite all elements of <var>array</var> with cryptographically random values of
- the appropriate type.
- </p>
- </li>
- <li>
- <p>
- Return <var>array</var>.
- </p>
- </li>
- </ol>
- <p>
- Do not generate keys using the <code>getRandomValues</code> method. Use the
- <a href="#dfn-Crypto-method-createKeyGenerator"><code>createKeyGenerator</code></a> method instead.
- </p>
- </div>
</div>
</div>
<div id="WorkerCrypto-interface" class="section">
- <h2>19. WorkerCrypto interface</h2>
+ <h2>20. WorkerCrypto interface</h2>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
-interface <dfn id="dfn-WorkerCrypto">WorkerCrypto</dfn> {
- ArrayBufferView <a href="#dfn-WorkerCrypto-method-getRandomValues">getRandomValues</a>(ArrayBufferView array);
+interface WorkerCrypto {
};
+<a href="#dfn-WorkerCrypto">WorkerCrypto</a> implements <a href="#dfn-RandomSource">RandomSource</a>;
+
partial interface <a href="http://www.w3.org/TR/workers/#workerglobalscope">WorkerGlobalScope</a> {
readonly attribute <a href="#dfn-WorkerCrypto">WorkerCrypto</a> crypto;
};
</code></pre></div></div>
<div id="WorkerCrypto-description" class="section">
- <h3>19.1. Description</h3>
+ <h3>20.1. Description</h3>
<p>
The <a href="#dfn-WorkerCrypto">WorkerCrypto</a> interface provides cryptographic
functionality for background scripts, as specified by Web Workers [
@@ -1861,22 +1904,10 @@
</p>
</div>
</div>
- <div id="WorkerCrypto-methods" class="section">
- <h3>19.2. Methods and Parameters</h3>
- <div id="WorkerCrypto-method-getRandomValues" class="section">
- <h4>19.2.1. The getRandomValues method</h4>
- <p>
- The <dfn id="dfn-WorkerCrypto-method-getRandomValues">getRandomValues</dfn> method shall behave
- identical to the <a href="#dfn-Crypto"><code>Crypto</code></a>.<a href="#dfn-Crypto-method-getRandomValues"><code>getRandomValues</code></a> method.
- </p>
- </div>
- </div>
</div>
-
-
<div id="big-integer" class="section">
- <h2>20. BigInteger</h2>
+ <h2>21. BigInteger</h2>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
typedef Uint8Array <dfn id="dfn-BigInteger">BigInteger</dfn>;
</code></pre></div></div>
@@ -1891,7 +1922,7 @@
</div>
<div id="keypair" class="section">
- <h2>21. KeyPair</h2>
+ <h2>22. KeyPair</h2>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
interface <dfn id="dfn-KeyPair">KeyPair</dfn> {
<a href="#dfn-Key">Key</a> publicKey;
@@ -1905,7 +1936,7 @@
</div>
<div id="named-curve" class="section">
- <h2>22. NamedCurve</h2>
+ <h2>23. NamedCurve</h2>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
enum <dfn id="dfn-NamedCurve">NamedCurve</dfn> {
<span class="comment">// NIST recommended curve P-256, also known as secp256r1.</span>
@@ -1923,7 +1954,7 @@
</div>
<div id="ec-point" class="section">
- <h2>23. ECPoint</h2>
+ <h2>24. ECPoint</h2>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
typedef Uint8Array <dfn id="dfn-ECPoint">ECPoint</dfn>;
</code></pre></div></div>
@@ -1935,9 +1966,9 @@
</div>
<div id="algorithms" class="section">
- <h2>24. Algorithms</h2>
+ <h2>25. Algorithms</h2>
<div id="recommended-algorithms" class="section">
- <h3>24.1. Recommended algorithms</h3>
+ <h3>25.1. Recommended algorithms</h3>
<p class="norm">This section is non-normative</p>
<p>
As the API is meant to be extensible in order to keep up with future developments within
@@ -1960,7 +1991,7 @@
</p>
</div>
<div id="defining-an-algorithm" class="section">
- <h3>24.2. Defining an algorithm</h3>
+ <h3>25.2. Defining an algorithm</h3>
<p>
Each algorithm that is to be exposed via the Web Cryptography API
<span class="RFC2119">SHOULD</span> be registered via the Web Cryptography working group,
@@ -1969,7 +2000,7 @@
<span class="RFC2119">MUST</span> be processed as if the sections had been defined.
</p>
<div id="recognized-algorithm-name" class="section">
- <h4>24.2.1. Recognized algorithm name</h4>
+ <h4>25.2.1. Recognized algorithm name</h4>
<p>
Each registered algorithm <span class="RFC2119">MUST</span> have a canonical name
for which applications can refer to the algorithm. The canonical name
@@ -1980,14 +2011,14 @@
</p>
</div>
<div id="supported-operations" class="section">
- <h4>24.2.2. Supported operations</h4>
+ <h4>25.2.2. Supported operations</h4>
<p>
Each registered algorithm <span class="RFC2119">MUST</span> define the operations
that it supports.
</p>
</div>
<div id="algorithm-specific-params" class="section">
- <h4>24.2.3. Algorithm-specific parameters</h4>
+ <h4>25.2.3. Algorithm-specific parameters</h4>
<p>
Each registered algorithm <span class="RFC2119">MUST</span> define the expected
contents of the <a href="#dfn-Algorithm-params"><code>params</code></a> member of
@@ -2002,7 +2033,7 @@
</p>
</div>
<div id="algorithm-result" class="section">
- <h4>24.2.4. Algorithm results</h4>
+ <h4>25.2.4. Algorithm results</h4>
<p>
Each registered algorithm <span class="RFC2119">MUST</span> define the contents
of the <a href="#dfn-CryptoOperation-result"><code>result</code></a> attribute of the
@@ -2012,7 +2043,7 @@
</p>
</div>
<div id="algorithm-alias" class="section">
- <h4>24.2.5. <dfn id="dfn-algorithm-alias">Algorithm aliases</dfn></h4>
+ <h4>25.2.5. <dfn id="dfn-algorithm-alias">Algorithm aliases</dfn></h4>
<p>
Each registered algorithm <span class="RFC2119">MAY</span> define one or more aliases
that may define a fully normalized <a href="#dfn-Algorithm">Algorithm</a> object.
@@ -2035,9 +2066,9 @@
</div>
<div id="rsaes-pkcs1" class="section">
- <h3>24.3. RSAES-PKCS1-v1_5</h3>
+ <h3>25.3. RSAES-PKCS1-v1_5</h3>
<div id="rsaes-pkcs1-description" class="section">
- <h4>24.3.1. Description</h4>
+ <h4>25.3.1. Description</h4>
<p>
The <code>"RSAES-PKCS1-v1_5"</code> algorithm identifier is used to perform encryption
and decryption ordering to the RSAES-PKCS1-v1_5 algorithm specified in
@@ -2045,7 +2076,7 @@
</p>
</div>
<div id="rsaes-pkcs1-registration" class="section">
- <h4>24.3.2. Registration</h4>
+ <h4>25.3.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"RSAES-PKCS1-v1_5"</code>.
@@ -2078,7 +2109,7 @@
</table>
</div>
<div id="RsaKeyGenParams-dictionary" class="section">
- <h4>24.3.3. RsaKeyGenParams dictionary</h4>
+ <h4>25.3.3. RsaKeyGenParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-RsaKeyGenParams">RsaKeyGenParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
<span class="comment">// The length, in bits, of the RSA modulus</span>
@@ -2089,7 +2120,7 @@
</code></pre></div></div>
</div>
<div id="rsaes-pkcs1-operations" class="section">
- <h4>24.3.4. Operations</h4>
+ <h4>25.3.4. Operations</h4>
<dl>
<dt>Encrypt</dt>
<dd>
@@ -2219,9 +2250,9 @@
</div>
<div id="rsassa-pkcs1" class="section">
- <h3>24.4. RSASSA-PKCS1-v1_5</h3>
+ <h3>25.4. RSASSA-PKCS1-v1_5</h3>
<div id="rsassa-pkcs1-description" class="section">
- <h4>24.4.1. Description</h4>
+ <h4>25.4.1. Description</h4>
<p>
The <code>"RSASSA-PKCS1-v1_5"</code> algorithm identifier is used to perform
signing and verification using the RSASSA-PKCS1-v1_5 algorithm specified in
@@ -2229,7 +2260,7 @@
</p>
</div>
<div id="rsassa-pkcs1-registration" class="section">
- <h4>24.4.2. Registration</h4>
+ <h4>25.4.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"RSASSA-PKCS1-v1_5"</code>.
@@ -2262,7 +2293,7 @@
</table>
</div>
<div id="RsaSsaParams-dictionary" class="section">
- <h4>24.4.3. RsaSsaParams dictionary</h4>
+ <h4>25.4.3. RsaSsaParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-RsaSsaParams">RsaSsaParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
<span class="comment">// The hash algorithm to use</span>
@@ -2271,7 +2302,7 @@
</code></pre></div></div>
</div>
<div id="rsassa-pkcs1-operations" class="section">
- <h4>24.4.4. Operations</h4>
+ <h4>25.4.4. Operations</h4>
<ul>
<li>Sign</li>
<li>Verify</li>
@@ -2281,9 +2312,9 @@
</div>
<div id="rsa-pss" class="section">
- <h3>24.5. RSA-PSS</h3>
+ <h3>25.5. RSA-PSS</h3>
<div id="rsa-pss-description" class="section">
- <h4>24.5.1. Description</h4>
+ <h4>25.5.1. Description</h4>
<p>
The <code>"RSA-PSS"</code> algorithm identifier is used to perform signing
and verification using the RSASSA-PSS algorithm specified in
@@ -2291,7 +2322,7 @@
</p>
</div>
<div id="rsa-pss-registration" class="section">
- <h4>24.5.2. Registration</h4>
+ <h4>25.5.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"RSA-PSS"</code>.
@@ -2324,7 +2355,7 @@
</table>
</div>
<div id="rsa-pss-params" class="section">
- <h4>24.5.3. RsaPssParams dictionary</h4>
+ <h4>25.5.3. RsaPssParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-RsaPssParams">RsaPssParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
<span class="comment">// The hash function to apply to the message</span>
@@ -2337,7 +2368,7 @@
</code></pre></div></div>
</div>
<div id="rsa-pss-operations" class="section">
- <h4>24.5.4. Operations</h4>
+ <h4>25.5.4. Operations</h4>
<ul>
<li>Sign</li>
<li>Verify</li>
@@ -2347,9 +2378,9 @@
</div>
<div id="rsa-oaep" class="section">
- <h3>24.6. RSA-OAEP</h3>
+ <h3>25.6. RSA-OAEP</h3>
<div id="rsa-oaep-description" class="section">
- <h4>24.6.1. Description</h4>
+ <h4>25.6.1. Description</h4>
<p>
The <code>"RSA-OAEP"</code> algorithm identifier is used to perform encryption
and decryption ordering to the RSAES-OAEP algorithm specified in
@@ -2357,7 +2388,7 @@
</p>
</div>
<div id="rsa-oaep-registration" class="section">
- <h4>24.6.2. Registration</h4>
+ <h4>25.6.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"RSA-OAEP"</code>.
@@ -2391,7 +2422,7 @@
</div>
<div id="rsa-oaep-params" class="section">
- <h4>24.6.3. RsaOaepParams dictionary</h4>
+ <h4>25.6.3. RsaOaepParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-RsaOaepParams">RsaOaepParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
<span class="comment">// The hash function to apply to the message</span>
@@ -2404,7 +2435,7 @@
</code></pre></div></div>
</div>
<div id="rsa-oaep-operations" class="section">
- <h4>24.6.4. Operations</h4>
+ <h4>25.6.4. Operations</h4>
<ul>
<li>Encrypt</li>
<li>Decrypt</li>
@@ -2414,9 +2445,9 @@
</div>
<div id="ecdsa" class="section">
- <h3>24.7. ECDSA</h3>
+ <h3>25.7. ECDSA</h3>
<div id="ecdsa-description" class="section">
- <h4>24.7.1. Description</h4>
+ <h4>25.7.1. Description</h4>
<p>
The <code>"ECDSA"</code> algorithm identifier is used to perform signing
and verification using the ECDSA algorithm specified in
@@ -2424,7 +2455,7 @@
</p>
</div>
<div id="ecdsa-registration" class="section">
- <h4>24.7.2. Registration</h4>
+ <h4>25.7.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"ECDSA"</code>.
@@ -2458,7 +2489,7 @@
</table>
</div>
<div id="EcdsaParams-dictionary" class="section">
- <h4>24.7.3. EcdsaParams dictionary</h4>
+ <h4>25.7.3. EcdsaParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-EcdsaParams">EcdsaParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
<span class="comment">// The hash algorithm to use</span>
@@ -2467,7 +2498,7 @@
</code></pre></div></div>
</div>
<div id="EcKeyGenParams-dictionary" class="section">
- <h4>24.7.4. EcKeyGenParams dictionary</h4>
+ <h4>25.7.4. EcKeyGenParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-EcKeyGenParams">EcKeyGenParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
<span class="comment">// A named curve</span>
@@ -2476,7 +2507,7 @@
</code></pre></div></div>
</div>
<div id="ecdsa-operations" class="section">
- <h4>24.7.5. Operations</h4>
+ <h4>25.7.5. Operations</h4>
<dl>
<dt>Sign</dt>
<dd>
@@ -2602,16 +2633,16 @@
</div>
<div id="ecdh" class="section">
- <h3>24.8. ECDH</h3>
+ <h3>25.8. ECDH</h3>
<div id="ecdh-description" class="section">
- <h4>24.8.1. Description</h4>
+ <h4>25.8.1. Description</h4>
<p>
This describes using Elliptic Curve Diffie-Hellman (ECDH) for key generation and key agreement, as
specified by <a href="#X9.63">X9.63</a>.
</p>
</div>
<div id="ecdh-registration" class="section">
- <h4>24.8.2. Registration</h4>
+ <h4>25.8.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"ECDH"</code>.
@@ -2639,7 +2670,7 @@
</table>
</div>
<div id="dh-EcdhKeyDeriveParams" class="section">
- <h4>24.8.3. EcdhKeyDeriveParams dictionary</h4>
+ <h4>25.8.3. EcdhKeyDeriveParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-EcdhKeyDeriveParams">EcdhKeyDeriveParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
<span class="comment">// The peer's EC public key.</span>
@@ -2648,7 +2679,7 @@
</code></pre></div></div>
</div>
<div id="ecdh-operations" class="section">
- <h4>24.8.4. Operations</h4>
+ <h4>25.8.4. Operations</h4>
<ul>
<li>Generate Key</li>
<li>Derive Key</li>
@@ -2667,14 +2698,14 @@
</div>
<div id="aes-ctr" class="section">
- <h3>24.9. AES-CTR</h3>
+ <h3>25.9. AES-CTR</h3>
<div id="aes-ctr-description" class="section">
- <h4>24.9.1. Description</h4>
+ <h4>25.9.1. Description</h4>
<p>
</p>
</div>
<div id="aes-ctr-registration" class="section">
- <h4>24.9.2. Registration</h4>
+ <h4>25.9.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"AES-CTR"</code>.
@@ -2708,7 +2739,7 @@
</div>
<div id="aes-ctr-params" class="section">
- <h4>24.9.3. AesCtrParams dictionary</h4>
+ <h4>25.9.3. AesCtrParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-AesCtrParams">AesCtrParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
<span class="comment">// The initial value of the counter block. counter <span class="RFC2119">MUST</span> be 16 bytes
@@ -2726,7 +2757,7 @@
</code></pre></div></div>
</div>
<div id="aes-keygen-params" class="section">
- <h4>24.9.4. AesKeyGenParams dictionary</h4>
+ <h4>25.9.4. AesKeyGenParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-AesKeyGenParams">AesKeyGenParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
<span class="comment">// The length, in bits, of the key.</span>
@@ -2735,7 +2766,7 @@
</code></pre></div></div>
</div>
<div id="aes-ctr-operations" class="section">
- <h4>24.9.5. Operations</h4>
+ <h4>25.9.5. Operations</h4>
<ul>
<li>Encrypt</li>
<li>Decrypt</li>
@@ -2745,12 +2776,12 @@
</div>
<div id="aes-cbc" class="section">
- <h3>24.10. AES-CBC</h3>
+ <h3>25.10. AES-CBC</h3>
<div id="aes-cbc-description" class="section">
- <h4>24.10.1. Description</h4>
+ <h4>25.10.1. Description</h4>
</div>
<div id="aes-cbc-registration" class="section">
- <h4>24.10.2. Registration</h4>
+ <h4>25.10.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"AES-CBC"</code>.
@@ -2783,7 +2814,7 @@
</table>
</div>
<div id="aes-cbc-params" class="section">
- <h4>24.10.3. AesCbcParams dictionary</h4>
+ <h4>25.10.3. AesCbcParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-AesCbcParams">AesCbcParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
<span class="comment">// The initialization vector. <span class="RFC2119">MUST</span> be 16 bytes.</span>
@@ -2792,7 +2823,7 @@
</code></pre></div></div>
</div>
<div id="aes-cbc-operations" class="section">
- <h4>24.10.4. Operations</h4>
+ <h4>25.10.4. Operations</h4>
<ul>
<li>Encrypt</li>
<li>Decrypt</li>
@@ -2802,12 +2833,12 @@
</div>
<div id="aes-gcm" class="section">
- <h3>24.11. AES-GCM</h3>
+ <h3>25.11. AES-GCM</h3>
<div id="aes-gcm-description" class="section">
- <h4>24.11.1. Description</h4>
+ <h4>25.11.1. Description</h4>
</div>
<div id="aes-gcm-registration" class="section">
- <h4>24.11.2. Registration</h4>
+ <h4>25.11.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"AES-GCM"</code>.
@@ -2840,7 +2871,7 @@
</table>
</div>
<div id="aes-gcm-params" class="section">
- <h4>24.11.3. AesGcmParams dictionary</h4>
+ <h4>25.11.3. AesGcmParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-AesGcmParams">AesGcmParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
<span class="comment">// The initialization vector to use. May be up to 2^56 bytes long.</span>
@@ -2853,7 +2884,7 @@
</code></pre></div></div>
</div>
<div id="aes-gcm-operations" class="section">
- <h4>24.11.4. Operations</h4>
+ <h4>25.11.4. Operations</h4>
<ul>
<li>Encrypt</li>
<li>Decrypt</li>
@@ -2863,12 +2894,12 @@
</div>
<div id="hmac" class="section">
- <h3>24.12. HMAC</h3>
+ <h3>25.12. HMAC</h3>
<div id="hmac-description" class="section">
- <h4>24.12.1. Description</h4>
+ <h4>25.12.1. Description</h4>
</div>
<div id="hmac-registration" class="section">
- <h4>24.12.2. Registration</h4>
+ <h4>25.12.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"HMAC"</code>.
@@ -2901,7 +2932,7 @@
</table>
</div>
<div id="hmac-params" class="section">
- <h4>24.12.3. HmacParams dictionary</h4>
+ <h4>25.12.3. HmacParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-HmacParams">HmacParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
<span class="comment">// The inner hash function to use.</span>
@@ -2910,7 +2941,7 @@
</code></pre></div></div>
</div>
<div id="hmac-operations" class="section">
- <h4>24.12.4. Operations</h4>
+ <h4>25.12.4. Operations</h4>
<ul>
<li>Sign</li>
<li>Verify</li>
@@ -2919,16 +2950,16 @@
</div>
</div>
<div id="dh" class="section">
- <h3>24.13. Diffie-Hellman</h3>
+ <h3>25.13. Diffie-Hellman</h3>
<div id="dh-description" class="section">
- <h4>24.13.1. Description</h4>
+ <h4>25.13.1. Description</h4>
<p>
This describes using Diffie-Hellman for key generation and key agreement, as specified
by <a href="#PKCS3">PKCS #3</a>.
</p>
</div>
<div id="dh-registration" class="section">
- <h4>24.13.2. Registration</h4>
+ <h4>25.13.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"DH"</code>.
@@ -2956,7 +2987,7 @@
</table>
</div>
<div id="dh-DhKeyGenParams" class="section">
- <h4>24.13.3. DhKeyGenParams dictionary</h4>
+ <h4>25.13.3. DhKeyGenParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-DhKeyGenParams">DhKeyGenParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
<span class="comment">// The prime p.</span>
@@ -2967,7 +2998,7 @@
</code></pre></div></div>
</div>
<div id="dh-DhKeyDeriveParams" class="section">
- <h4>24.13.4. DhKeyDeriveParams dictionary</h4>
+ <h4>25.13.4. DhKeyDeriveParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-DhKeyDeriveParams">DhKeyDeriveParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
<span class="comment">// The peer's public value.</span>
@@ -2976,7 +3007,7 @@
</code></pre></div></div>
</div>
<div id="dh-operations" class="section">
- <h4>24.13.5. Operations</h4>
+ <h4>25.13.5. Operations</h4>
<ul>
<li>Generate Key</li>
<li>Derive Key</li>
@@ -2984,16 +3015,16 @@
</div>
</div>
<div id="sha" class="section">
- <h3>24.14. SHA</h3>
+ <h3>25.14. SHA</h3>
<div id="sha-description" class="section">
- <h4>24.14.1. Description</h4>
+ <h4>25.14.1. Description</h4>
<p>
This describes the SHA-1 and SHA-2 families, as specified by
[<a href="#FIPS180-4">FIPS 180-4</a>].
</p>
</div>
<div id="sha-registration" class="section">
- <h4>24.14.2. Registration</h4>
+ <h4>25.14.2. Registration</h4>
<p>
The following algorithms are added as <a href="#recognized-algorithm-name">
recognized algorithm names</a>:
@@ -3028,19 +3059,19 @@
</table>
</div>
<div id="sha-operations" class="section">
- <h4>24.14.3. Operations</h4>
+ <h4>25.14.3. Operations</h4>
<ul>
<li>Digest</li>
</ul>
</div>
</div>
<div id="pbkdf2" class="section">
- <h3>24.15. PBKDF2</h3>
+ <h3>25.15. PBKDF2</h3>
<div id="pbkdf2-description" class="section">
- <h4>24.15.1. Description</h4>
+ <h4>25.15.1. Description</h4>
</div>
<div id="pbkdf2-registration" class="section">
- <h4>24.15.2. Registration</h4>
+ <h4>25.15.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"PBKDF2"</code>.
@@ -3063,7 +3094,7 @@
</table>
</div>
<div id="pbkdf2-params" class="section">
- <h4>24.15.3. Pbkdf2Params dictionary</h4>
+ <h4>25.15.3. Pbkdf2Params dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-Pbkdf2Params">Pbkdf2Params</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
ArrayBufferView salt;
@@ -3082,7 +3113,7 @@
</div>
</div>
<div id="pbkdf2-operations" class="section">
- <h4>24.15.4. Operations</h4>
+ <h4>25.15.4. Operations</h4>
<ul>
<li>Derive Key</li>
</ul>
@@ -3091,7 +3122,7 @@
</div>
<div id="algorithm-normalizing-rules" class="section">
- <h2>25. Algorithm normalizing rules</h2>
+ <h2>26. Algorithm normalizing rules</h2>
<p>
The <a href="#dfn-AlgorithmIdentifier"><code>AlgorithmIdentifier</code></a> typedef
permits algorithms to be specified as either a <code>dictionary</code> or a DOMString.
@@ -3161,9 +3192,9 @@
</ol>
</div>
<div id="examples-section" class="section">
- <h2>26. JavaScript Example Code</h2>
+ <h2>27. JavaScript Example Code</h2>
<div id="examples-signing" class="section">
- <h3>26.1. Generate a signing key pair, sign some data</h3>
+ <h3>27.1. Generate a signing key pair, sign some data</h3>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
var publicExponent = new Uint8Array([0x01, 0x00, 0x01]);
@@ -3234,7 +3265,7 @@
</code></pre></div></div>
</div>
<div id="examples-key-storage" class="section">
- <h3>26.2. Key Storage</h3>
+ <h3>27.2. Key Storage</h3>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
var encryptionKey = window.crypto.keys.getKeyById("78966b83-b003-46ac-8122-3771e9d7f78");
@@ -3245,7 +3276,7 @@
</code></pre></div></div>
</div>
<div id="examples-symmetric-encryption" class="section">
- <h3>26.3. Symmetric Encryption</h3>
+ <h3>27.3. Symmetric Encryption</h3>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
var clearDataArrayBufferView = convertPlainTextToArrayBufferView("Plain Text Data");
<span class="comment">// TODO: create example utility function that converts text -> ArrayBufferView</span>
@@ -3314,7 +3345,7 @@
</div>
</div>
<div id="acknowledgements-section" class="section">
- <h2>27. Acknowledgements</h2>
+ <h2>28. Acknowledgements</h2>
<p>
The editors would like to thank Adam Barth, Ali Asad, Arun Ranganathan, Brian Smith,
Brian Warner, Channy Yun, Kai Engert, Mark Watson, Vijay Bharadwaj, Virginie Galindo,
@@ -3329,15 +3360,15 @@
Research Consortium</a> for supporting W3C/MIT.
</p>
<p>
- The <a href="#dfn-Crypto-method-getRandomValues"><code>getRandomValues</code></a> method
+ The <a href="#dfn-RandomSource-method-getRandomValues"><code>getRandomValues</code></a> method
in the <code>Crypto</code> interface was originally proposed by Adam Barth to the
<a href="http://wiki.whatwg.org/wiki/Crypto">WHATWG</a>.
</p>
</div>
<div id="references" class="section">
- <h2>28. References</h2>
+ <h2>29. References</h2>
<div id="normative-references" class="section">
- <h3>28.1. Normative References</h3>
+ <h3>29.1. Normative References</h3>
<dl>
<dt id="RFC2119">RFC2119</dt>
<dd>
@@ -3398,7 +3429,7 @@
</dl>
</div>
<div id="informative-references" class="section">
- <h3>28.2. Informative References</h3>
+ <h3>29.2. Informative References</h3>
<dl>
<dt id="PKCS11">PKCS11</dt>
<dd>