--- a/spec/Overview-WebCryptoAPI.xml Wed Oct 15 12:48:12 2014 -0700
+++ b/spec/Overview-WebCryptoAPI.xml Wed Oct 15 14:10:36 2014 -0700
@@ -5399,34 +5399,6 @@
<p>Let <var>keyData</var> be the key data to be imported.</p>
</li>
<li>
- <p>
- Perform any <a href="#dfn-rsa-pss-extended-import-steps">key import steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
- specifications</a>, passing <var>keyData</var> and obtaining <var>result</var>.
- <dl class="switch">
- <dt>
- If <var>result</var> is a <a href="#dfn-CryptoKey">CryptoKey</a>
- object
- </dt>
- <dd>
- <p>
- Return <var>result</var>.
- </p>
- </dd>
- <dt>
- If <var>result</var> is an error with a name that is not
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
- </dt>
- <dd>
- <p>
- <a href="#concept-return-an-error">Return an error</a> with the same name
- as <var>result</var>.
- </p>
- </dd>
- </dl>
- </p>
- </li>
- <li>
<dl class="switch">
<dt>If <var>format</var> is <code>"spki"</code>:</dt>
<dd>
@@ -5455,7 +5427,7 @@
</li>
<li>
<p>
- Let <var>hash</var> be a string whose initial value is undefined.
+ Let <var>hash</var> be undefined.
</p>
</li>
<li>
@@ -5549,13 +5521,30 @@
</dd>
<dt>Otherwise:</dt>
<dd>
- <p>
- <a href="#concept-return-an-error">Return an error</a> named
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
- </p>
+ <ol>
+ <li>
+ <p>
+ Perform any <a href="#dfn-rsa-pss-extended-import-steps">key
+ import steps</a> defined by
+ <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>format</var>, <var>spki</var>
+ and obtaining <var>hash</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If an error occured or there are no
+ <a href="#dfn-applicable-specifications">applicable
+ specifications</a>,
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ </ol>
</dd>
</dl>
</li>
+
<li>
<p>
If the <code>algorithm</code> object identifier field of the
@@ -5589,22 +5578,32 @@
</dl>
</li>
<li>
- <p>
- If <var>hash</var> is defined, and is not equal to the <a
- href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
- href="#dfn-RsaHashedImportParams-hash">hash</a> member of
- <var>normalizedAlgorithm</var>, <a
- href="#concept-return-an-error">return an error</a> named <a
- href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Set <var>hash</var> to the <a
- href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
- href="#dfn-RsaHashedImportParams-hash">hash</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
+ <dl>
+ <dt>
+ If <var>hash</var> is not undefined:
+ </dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>normalizedHash</var> be the result of
+ <a href="#dfn-normalize-an-algorithm">normalize an algorithm</a>
+ with <code>alg</code> set to <var>hash</var> and <code>op</code> set
+ to <code>digest</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>normalizedHash</var> is not equal to the
+ <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+ <var>normalizedAlgorithm</var>, <a
+ href="#concept-return-an-error">return an error</a> named <a
+ href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ </dl>
</li>
<li>
<p>
@@ -5666,7 +5665,7 @@
</li>
<li>
<p>
- Let <var>hash</var> be a string whose initial value is undefined.
+ Let <var>hash</var> be undefined.
</p>
</li>
<li>
@@ -5760,10 +5759,26 @@
</dd>
<dt>Otherwise:</dt>
<dd>
- <p>
- <a href="#concept-return-an-error">Return an error</a> named
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
- </p>
+ <ol>
+ <li>
+ <p>
+ Perform any <a href="#dfn-rsa-pss-extended-import-steps">key
+ import steps</a> defined by
+ <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>format</var>, <var>privateKeyInfo</var>
+ and obtaining <var>hash</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If an error occured or there are no
+ <a href="#dfn-applicable-specifications">applicable
+ specifications</a>,
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ </ol>
</dd>
</dl>
</li>
@@ -5800,22 +5815,32 @@
</dl>
</li>
<li>
- <p>
- If <var>hash</var> is defined, and is not equal to the <a
- href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
- href="#dfn-RsaHashedImportParams-hash">hash</a> member of
- <var>normalizedAlgorithm</var>, <a
- href="#concept-return-an-error">return an error</a> named <a
- href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Set <var>hash</var> to the <a
- href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
- href="#dfn-RsaHashedImportParams-hash">hash</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
+ <dl>
+ <dt>
+ If <var>hash</var> is not undefined:
+ </dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>normalizedHash</var> be the result of
+ <a href="#dfn-normalize-an-algorithm">normalize an algorithm</a>
+ with <code>alg</code> set to <var>hash</var> and <code>op</code> set
+ to <code>digest</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>normalizedHash</var> is not equal to the
+ <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+ <var>normalizedAlgorithm</var>, <a
+ href="#concept-return-an-error">return an error</a> named <a
+ href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ </dl>
</li>
<li>
<p>
@@ -5898,12 +5923,6 @@
</p>
</li>
<li>
- <p>
- Let <var>hash</var> be a be a string whose initial value is
- undefined.
- </p>
- </li>
- <li>
<dl class="switch">
<dt>
If the <code>"alg"</code> field of <var>jwk</var> is not
@@ -5952,10 +5971,54 @@
</dd>
<dt>Otherwise:</dt>
<dd>
- <p>
- <a href="#concept-return-an-error">Return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
+ <ol>
+ <li>
+ <p>
+ Perform any <a href="#dfn-rsa-pss-extended-import-steps">key
+ import steps</a> defined by
+ <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>format</var>, <var>jwk</var>
+ and obtaining <var>hash</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If an error occured or there are no
+ <a href="#dfn-applicable-specifications">applicable
+ specifications</a>,
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ </dl>
+ </li>
+ <li>
+ <dl>
+ <dt>
+ If <var>hash</var> is not undefined:
+ </dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>normalizedHash</var> be the result of
+ <a href="#dfn-normalize-an-algorithm">normalize an algorithm</a>
+ with <code>alg</code> set to <var>hash</var> and <code>op</code> set
+ to <code>digest</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>normalizedHash</var> is not equal to the
+ <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+ <var>normalizedAlgorithm</var>, <a
+ href="#concept-return-an-error">return an error</a> named <a
+ href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ </ol>
</dd>
</dl>
</li>
@@ -6058,8 +6121,9 @@
<li>
<p>
Set the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of
- <var>algorithm</var> to a new <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a>
- whose <a href="#dfn-KeyAlgorithm-name">name</a> attribute is <var>hash</var>.
+ <var>algorithm</var> to the <a
+ href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+ <var>normalizedAlgorithm</var>.
</p>
</li>
<li>
@@ -6091,44 +6155,6 @@
</p>
</li>
<li>
- <p>
- Perform any <a href="#dfn-rsa-pss-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
- specifications</a>, passing <var>key</var> and obtaining <var>result</var>.
- <dl class="switch">
- <dt>
- If <var>format</var> is <code>"spki"</code> or <code>"pkcs8"</code> and
- <var>result</var> is an <a href="#dfn-ArrayBuffer">ArrayBuffer</a>
- object
- </dt>
- <dd>
- <p>
- Return <var>result</var>.
- </p>
- </dd>
- <dt>
- If <var>format</var> is <code>"jwk"</code> and
- <var>result</var> is not an error
- </dt>
- <dd>
- <p>
- Return <var>result</var>.
- </p>
- </dd>
- <dt>
- If <var>result</var> is an error with a name that is not
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
- </dt>
- <dd>
- <p>
- <a href="#concept-return-an-error">Return an error</a> with the same name
- as <var>result</var>.
- </p>
- </dd>
- </dl>
- </p>
- </li>
- <li>
<dl class="switch">
<dt>If <var>format</var> is <code>"spki"</code></dt>
<dd>
@@ -6186,7 +6212,8 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha1</code> defined in <a
href="#RFC3447">RFC 3447</a>.
</p>
@@ -6201,7 +6228,8 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha256</code> defined in <a
href="#RFC3447">RFC 3447</a>.
</p>
@@ -6216,7 +6244,8 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha384</code> defined in <a
href="#RFC3447">RFC 3447</a>.
</p>
@@ -6231,11 +6260,42 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha512</code> defined in <a
href="#RFC3447">RFC 3447</a>.
</p>
</dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Perform any <a href="#dfn-rsa-pss-extended-export-steps">key export steps</a>
+ defined by <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>format</var> and the
+ <a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+ the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
+ internal slot of <var>key</var>
+ and obtaining <var>hashOid</var> and <var>hashParams</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to <var>hashOid</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <var>params</var> field of <var>hashAlgorithm</var>
+ to
+ <var>hashParams</var> if <var>hashParams</var> is not
+ undefined and omit the <var>params</var> field otherwise.
+ </p>
+ </li>
+ </ol>
+ </dd>
</dl>
</li>
<li>
@@ -6357,7 +6417,8 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha1</code> defined in <a
href="#RFC3447">RFC 3447</a>.
</p>
@@ -6372,7 +6433,8 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha256</code> defined in <a
href="#RFC3447">RFC 3447</a>.
</p>
@@ -6387,7 +6449,8 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha384</code> defined in <a
href="#RFC3447">RFC 3447</a>.
</p>
@@ -6402,11 +6465,42 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha512</code> defined in <a
href="#RFC3447">RFC 3447</a>.
</p>
</dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Perform any <a href="#dfn-rsa-pss-extended-export-steps">key export steps</a>
+ defined by <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>format</var> and the
+ <a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+ the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
+ internal slot of <var>key</var>
+ and obtaining <var>hashOid</var> and <var>hashParams</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to <var>hashOid</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <var>params</var> field of <var>hashAlgorithm</var>
+ to
+ <var>hashParams</var> if <var>hashParams</var> is not
+ undefined and omit the <var>params</var> field otherwise.
+ </p>
+ </li>
+ </ol>
+ </dd>
</dl>
</li>
<li>
@@ -6525,10 +6619,24 @@
</dd>
<dt>Otherwise:</dt>
<dd>
- <p>
- <a href="#concept-return-an-error">Return an error</a> named
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
- </p>
+ <ol>
+ <li>
+ <p>
+ Perform any <a href="#dfn-rsa-pss-extended-export-steps">key export steps</a>
+ defined by <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>format</var> and the
+ <a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+ the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
+ internal slot of <var>key</var>
+ and obtaining <var>alg</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <code>alg</code> attribute of <var>jwk</var> to <var>alg</var>.
+ </p>
+ </li>
+ </ol>
</dd>
</dl>
</li>
--- a/spec/Overview.html Wed Oct 15 12:48:12 2014 -0700
+++ b/spec/Overview.html Wed Oct 15 14:10:36 2014 -0700
@@ -4701,44 +4701,6 @@
</p>
</li>
<li>
- <p>
- Perform any <a href="#dfn-rsa-ssa-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
- specifications</a>, passing <var>key</var> and obtaining <var>result</var>.
- <dl class="switch">
- <dt>
- If <var>format</var> is <code>"spki"</code> or <code>"pkcs8"</code> and
- <var>result</var> is an <a href="#dfn-ArrayBuffer">ArrayBuffer</a>
- object
- </dt>
- <dd>
- <p>
- Return <var>result</var>.
- </p>
- </dd>
- <dt>
- If <var>format</var> is <code>"jwk"</code> and
- <var>result</var> is not an error
- </dt>
- <dd>
- <p>
- Return <var>result</var>.
- </p>
- </dd>
- <dt>
- If <var>result</var> is an error with a name that is not
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
- </dt>
- <dd>
- <p>
- <a href="#concept-return-an-error">Return an error</a> with the same name
- as <var>result</var>.
- </p>
- </dd>
- </dl>
- </p>
- </li>
- <li>
<dl class="switch">
<dt>If <var>format</var> is <code>"spki"</code></dt>
<dd>
@@ -5327,34 +5289,6 @@
<p>Let <var>keyData</var> be the key data to be imported.</p>
</li>
<li>
- <p>
- Perform any <a href="#dfn-rsa-pss-extended-import-steps">key import steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
- specifications</a>, passing <var>keyData</var> and obtaining <var>result</var>.
- <dl class="switch">
- <dt>
- If <var>result</var> is a <a href="#dfn-CryptoKey">CryptoKey</a>
- object
- </dt>
- <dd>
- <p>
- Return <var>result</var>.
- </p>
- </dd>
- <dt>
- If <var>result</var> is an error with a name that is not
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
- </dt>
- <dd>
- <p>
- <a href="#concept-return-an-error">Return an error</a> with the same name
- as <var>result</var>.
- </p>
- </dd>
- </dl>
- </p>
- </li>
- <li>
<dl class="switch">
<dt>If <var>format</var> is <code>"spki"</code>:</dt>
<dd>
@@ -5383,7 +5317,7 @@
</li>
<li>
<p>
- Let <var>hash</var> be a string whose initial value is undefined.
+ Let <var>hash</var> be undefined.
</p>
</li>
<li>
@@ -5477,13 +5411,30 @@
</dd>
<dt>Otherwise:</dt>
<dd>
- <p>
- <a href="#concept-return-an-error">Return an error</a> named
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
- </p>
+ <ol>
+ <li>
+ <p>
+ Perform any <a href="#dfn-rsa-pss-extended-import-steps">key
+ import steps</a> defined by
+ <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>format</var>, <var>spki</var>
+ and obtaining <var>hash</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If an error occured or there are no
+ <a href="#dfn-applicable-specifications">applicable
+ specifications</a>,
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ </ol>
</dd>
</dl>
</li>
+
<li>
<p>
If the <code>algorithm</code> object identifier field of the
@@ -5513,16 +5464,30 @@
</dl>
</li>
<li>
- <p>
- If <var>hash</var> is defined, and is not equal to the <a href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
- <var>normalizedAlgorithm</var>, <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Set <var>hash</var> to the <a href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
+ <dl>
+ <dt>
+ If <var>hash</var> is not undefined:
+ </dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>normalizedHash</var> be the result of
+ <a href="#dfn-normalize-an-algorithm">normalize an algorithm</a>
+ with <code>alg</code> set to <var>hash</var> and <code>op</code> set
+ to <code>digest</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>normalizedHash</var> is not equal to the
+ <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+ <var>normalizedAlgorithm</var>, <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ </dl>
</li>
<li>
<p>
@@ -5581,7 +5546,7 @@
</li>
<li>
<p>
- Let <var>hash</var> be a string whose initial value is undefined.
+ Let <var>hash</var> be undefined.
</p>
</li>
<li>
@@ -5675,10 +5640,26 @@
</dd>
<dt>Otherwise:</dt>
<dd>
- <p>
- <a href="#concept-return-an-error">Return an error</a> named
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
- </p>
+ <ol>
+ <li>
+ <p>
+ Perform any <a href="#dfn-rsa-pss-extended-import-steps">key
+ import steps</a> defined by
+ <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>format</var>, <var>privateKeyInfo</var>
+ and obtaining <var>hash</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If an error occured or there are no
+ <a href="#dfn-applicable-specifications">applicable
+ specifications</a>,
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ </ol>
</dd>
</dl>
</li>
@@ -5711,16 +5692,30 @@
</dl>
</li>
<li>
- <p>
- If <var>hash</var> is defined, and is not equal to the <a href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
- <var>normalizedAlgorithm</var>, <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Set <var>hash</var> to the <a href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
+ <dl>
+ <dt>
+ If <var>hash</var> is not undefined:
+ </dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>normalizedHash</var> be the result of
+ <a href="#dfn-normalize-an-algorithm">normalize an algorithm</a>
+ with <code>alg</code> set to <var>hash</var> and <code>op</code> set
+ to <code>digest</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>normalizedHash</var> is not equal to the
+ <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+ <var>normalizedAlgorithm</var>, <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ </dl>
</li>
<li>
<p>
@@ -5802,12 +5797,6 @@
</p>
</li>
<li>
- <p>
- Let <var>hash</var> be a be a string whose initial value is
- undefined.
- </p>
- </li>
- <li>
<dl class="switch">
<dt>
If the <code>"alg"</code> field of <var>jwk</var> is not
@@ -5856,10 +5845,52 @@
</dd>
<dt>Otherwise:</dt>
<dd>
- <p>
- <a href="#concept-return-an-error">Return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
+ <ol>
+ <li>
+ <p>
+ Perform any <a href="#dfn-rsa-pss-extended-import-steps">key
+ import steps</a> defined by
+ <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>format</var>, <var>jwk</var>
+ and obtaining <var>hash</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If an error occured or there are no
+ <a href="#dfn-applicable-specifications">applicable
+ specifications</a>,
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ </dl>
+ </li>
+ <li>
+ <dl>
+ <dt>
+ If <var>hash</var> is not undefined:
+ </dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>normalizedHash</var> be the result of
+ <a href="#dfn-normalize-an-algorithm">normalize an algorithm</a>
+ with <code>alg</code> set to <var>hash</var> and <code>op</code> set
+ to <code>digest</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>normalizedHash</var> is not equal to the
+ <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+ <var>normalizedAlgorithm</var>, <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ </ol>
</dd>
</dl>
</li>
@@ -5958,8 +5989,8 @@
<li>
<p>
Set the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of
- <var>algorithm</var> to a new <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a>
- whose <a href="#dfn-KeyAlgorithm-name">name</a> attribute is <var>hash</var>.
+ <var>algorithm</var> to the <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+ <var>normalizedAlgorithm</var>.
</p>
</li>
<li>
@@ -5990,44 +6021,6 @@
</p>
</li>
<li>
- <p>
- Perform any <a href="#dfn-rsa-pss-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
- specifications</a>, passing <var>key</var> and obtaining <var>result</var>.
- <dl class="switch">
- <dt>
- If <var>format</var> is <code>"spki"</code> or <code>"pkcs8"</code> and
- <var>result</var> is an <a href="#dfn-ArrayBuffer">ArrayBuffer</a>
- object
- </dt>
- <dd>
- <p>
- Return <var>result</var>.
- </p>
- </dd>
- <dt>
- If <var>format</var> is <code>"jwk"</code> and
- <var>result</var> is not an error
- </dt>
- <dd>
- <p>
- Return <var>result</var>.
- </p>
- </dd>
- <dt>
- If <var>result</var> is an error with a name that is not
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
- </dt>
- <dd>
- <p>
- <a href="#concept-return-an-error">Return an error</a> with the same name
- as <var>result</var>.
- </p>
- </dd>
- </dl>
- </p>
- </li>
- <li>
<dl class="switch">
<dt>If <var>format</var> is <code>"spki"</code></dt>
<dd>
@@ -6081,7 +6074,8 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha1</code> defined in <a href="#RFC3447">RFC 3447</a>.
</p>
</dd>
@@ -6093,7 +6087,8 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha256</code> defined in <a href="#RFC3447">RFC 3447</a>.
</p>
</dd>
@@ -6105,7 +6100,8 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha384</code> defined in <a href="#RFC3447">RFC 3447</a>.
</p>
</dd>
@@ -6117,10 +6113,41 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha512</code> defined in <a href="#RFC3447">RFC 3447</a>.
</p>
</dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Perform any <a href="#dfn-rsa-pss-extended-export-steps">key export steps</a>
+ defined by <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>format</var> and the
+ <a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+ the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
+ internal slot of <var>key</var>
+ and obtaining <var>hashOid</var> and <var>hashParams</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to <var>hashOid</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <var>params</var> field of <var>hashAlgorithm</var>
+ to
+ <var>hashParams</var> if <var>hashParams</var> is not
+ undefined and omit the <var>params</var> field otherwise.
+ </p>
+ </li>
+ </ol>
+ </dd>
</dl>
</li>
<li>
@@ -6233,7 +6260,8 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha1</code> defined in <a href="#RFC3447">RFC 3447</a>.
</p>
</dd>
@@ -6245,7 +6273,8 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha256</code> defined in <a href="#RFC3447">RFC 3447</a>.
</p>
</dd>
@@ -6257,7 +6286,8 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha384</code> defined in <a href="#RFC3447">RFC 3447</a>.
</p>
</dd>
@@ -6269,10 +6299,41 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha512</code> defined in <a href="#RFC3447">RFC 3447</a>.
</p>
</dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Perform any <a href="#dfn-rsa-pss-extended-export-steps">key export steps</a>
+ defined by <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>format</var> and the
+ <a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+ the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
+ internal slot of <var>key</var>
+ and obtaining <var>hashOid</var> and <var>hashParams</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to <var>hashOid</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <var>params</var> field of <var>hashAlgorithm</var>
+ to
+ <var>hashParams</var> if <var>hashParams</var> is not
+ undefined and omit the <var>params</var> field otherwise.
+ </p>
+ </li>
+ </ol>
+ </dd>
</dl>
</li>
<li>
@@ -6385,10 +6446,24 @@
</dd>
<dt>Otherwise:</dt>
<dd>
- <p>
- <a href="#concept-return-an-error">Return an error</a> named
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
- </p>
+ <ol>
+ <li>
+ <p>
+ Perform any <a href="#dfn-rsa-pss-extended-export-steps">key export steps</a>
+ defined by <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>format</var> and the
+ <a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+ the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
+ internal slot of <var>key</var>
+ and obtaining <var>alg</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <code>alg</code> attribute of <var>jwk</var> to <var>alg</var>.
+ </p>
+ </li>
+ </ol>
</dd>
</dl>
</li>