--- a/spec/Overview-WebCryptoAPI.xml Mon Sep 22 14:12:54 2014 -0700
+++ b/spec/Overview-WebCryptoAPI.xml Mon Sep 22 15:00:14 2014 -0700
@@ -13909,8 +13909,17 @@
<p class="norm">This section is non-normative.</p>
<p>
The <code>HMAC</code> algorithm calculates and verifies hash-based message
- authentication codes according to [<a href="#fips-pub-198-1">FIPS PUB 198-1</a>].
- </p>
+ authentication codes according to [<a href="#fips-pub-198-1">FIPS PUB 198-1</a>]
+ using the SHA hash functions defined in this specification.
+ </p>
+ <p>
+ <a href="#dfn-applicable-specification">Other specifications</a>
+ may specify the use of additional hash algorithms with HMAC. Such specifications
+ must define
+ <dfn id="dfn-hmac-extended-import-steps">key import steps</dfn> and
+ <dfn id="dfn-hmac-extended-export-steps">key export steps</dfn>.
+ </p>
+
</div>
<div id="hmac-registration" class="section">
<h4>Registration</h4>
@@ -14169,6 +14178,9 @@
<dd>
<ol>
<li>
+ <p>Let <var>keyData</var> be the key data to be imported.</p>
+ </li>
+ <li>
<p>
If <var>usages</var> contains an entry which is not
<code>"sign"</code> or <code>"verify"</code>,
@@ -14178,6 +14190,34 @@
</li>
<li>
<p>
+ Perform any <a href="#dfn-hmac-extended-import-steps">key import steps</a>
+ defined by <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>keyData</var> and obtaining <var>result</var>.
+ <dl class="switch">
+ <dt>
+ If <var>result</var> is a <a href="#dfn-CryptoKey">CryptoKey</a>
+ object
+ </dt>
+ <dd>
+ <p>
+ Return <var>result</var>.
+ </p>
+ </dd>
+ <dt>
+ If <var>result</var> is an error with a name that is not
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
+ </dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> with the same name
+ as <var>result</var>.
+ </p>
+ </dd>
+ </dl>
+ </p>
+ </li>
+ <li>
+ <p>
Let <var>hash</var> be a new <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a>.
</p>
</li>
@@ -14525,6 +14565,44 @@
</p>
</li>
<li>
+ <p>
+ Perform any <a href="#dfn-hmac-extended-export-steps">key export steps</a>
+ defined by <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>key</var> and obtaining <var>result</var>.
+ <dl class="switch">
+ <dt>
+ If <var>format</var> is not <code>"jwk"</code> and
+ <var>result</var> is an <a href="#dfn-ArrayBuffer">ArrayBuffer</a>
+ object
+ </dt>
+ <dd>
+ <p>
+ Return <var>result</var>.
+ </p>
+ </dd>
+ <dt>
+ If <var>format</var> is <code>"jwk"</code> and
+ <var>result</var> is not an error
+ </dt>
+ <dd>
+ <p>
+ Return <var>result</var>.
+ </p>
+ </dd>
+ <dt>
+ If <var>result</var> is an error with a name that is not
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
+ </dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> with the same name
+ as <var>result</var>.
+ </p>
+ </dd>
+ </dl>
+ </p>
+ </li>
+ <li>
<dl class="switch">
<dt>If <var>format</var> is <code>"raw"</code>:</dt>
<dd>
--- a/spec/Overview.html Mon Sep 22 14:12:54 2014 -0700
+++ b/spec/Overview.html Mon Sep 22 15:00:14 2014 -0700
@@ -13419,8 +13419,17 @@
<p class="norm">This section is non-normative.</p>
<p>
The <code>HMAC</code> algorithm calculates and verifies hash-based message
- authentication codes according to [<a href="#fips-pub-198-1">FIPS PUB 198-1</a>].
- </p>
+ authentication codes according to [<a href="#fips-pub-198-1">FIPS PUB 198-1</a>]
+ using the SHA hash functions defined in this specification.
+ </p>
+ <p>
+ <a href="#dfn-applicable-specification">Other specifications</a>
+ may specify the use of additional hash algorithms with HMAC. Such specifications
+ must define
+ <dfn id="dfn-hmac-extended-import-steps">key import steps</dfn> and
+ <dfn id="dfn-hmac-extended-export-steps">key export steps</dfn>.
+ </p>
+
</div>
<div id="hmac-registration" class="section">
<h4>33.2. Registration</h4>
@@ -13675,6 +13684,9 @@
<dd>
<ol>
<li>
+ <p>Let <var>keyData</var> be the key data to be imported.</p>
+ </li>
+ <li>
<p>
If <var>usages</var> contains an entry which is not
<code>"sign"</code> or <code>"verify"</code>,
@@ -13684,6 +13696,34 @@
</li>
<li>
<p>
+ Perform any <a href="#dfn-hmac-extended-import-steps">key import steps</a>
+ defined by <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>keyData</var> and obtaining <var>result</var>.
+ <dl class="switch">
+ <dt>
+ If <var>result</var> is a <a href="#dfn-CryptoKey">CryptoKey</a>
+ object
+ </dt>
+ <dd>
+ <p>
+ Return <var>result</var>.
+ </p>
+ </dd>
+ <dt>
+ If <var>result</var> is an error with a name that is not
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
+ </dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> with the same name
+ as <var>result</var>.
+ </p>
+ </dd>
+ </dl>
+ </p>
+ </li>
+ <li>
+ <p>
Let <var>hash</var> be a new <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a>.
</p>
</li>
@@ -14028,6 +14068,44 @@
</p>
</li>
<li>
+ <p>
+ Perform any <a href="#dfn-hmac-extended-export-steps">key export steps</a>
+ defined by <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>key</var> and obtaining <var>result</var>.
+ <dl class="switch">
+ <dt>
+ If <var>format</var> is not <code>"jwk"</code> and
+ <var>result</var> is an <a href="#dfn-ArrayBuffer">ArrayBuffer</a>
+ object
+ </dt>
+ <dd>
+ <p>
+ Return <var>result</var>.
+ </p>
+ </dd>
+ <dt>
+ If <var>format</var> is <code>"jwk"</code> and
+ <var>result</var> is not an error
+ </dt>
+ <dd>
+ <p>
+ Return <var>result</var>.
+ </p>
+ </dd>
+ <dt>
+ If <var>result</var> is an error with a name that is not
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
+ </dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> with the same name
+ as <var>result</var>.
+ </p>
+ </dd>
+ </dl>
+ </p>
+ </li>
+ <li>
<dl class="switch">
<dt>If <var>format</var> is <code>"raw"</code>:</dt>
<dd>