--- a/spec/Overview-WebCryptoAPI.xml Wed Mar 05 21:41:08 2014 -0800
+++ b/spec/Overview-WebCryptoAPI.xml Thu Mar 06 16:26:41 2014 -0800
@@ -590,7 +590,9 @@
<li>
<p>
If <var>exactData</var> was specified, and all of the bytes of <var>data</var> were
- not consumed during the parsing phase, terminate this algorithm with an error.
+ not consumed during the parsing phase, then
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -639,14 +641,16 @@
</li>
<li>
<p>
- If <var>result</var> does not describe an Object type, terminate this algorithm with
- an error.
+ If <var>result</var> does not describe an Object type,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"kty"</code> field of <var>result</var> is not present, or is not a
- string value, terminate this algorithm with an error.
+ string value, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -677,14 +681,17 @@
<ol>
<li>
<p>
- If <var>data</var> is not an object, terminate this algorithm with an error.
+ If <var>data</var> is not an object,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If <var>structure</var> includes any non-optional field for which there is
- no property of <var>data</var> with the same name, terminate this
- algorithm with an error.
+ no property of <var>data</var> with the same name,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -709,19 +716,25 @@
<ol>
<li>
<p>
- If <var>data</var> is not an object, terminate this algorithm with an error.
+ If <var>data</var> is not an object,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If no property of <var>data</var> has a name which matches one of the fields
- of <var>structure</var>, terminate this alorithm with an error.
+ of <var>structure</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If more than one property of <var>data</var> has a name which matches one of
- the fields of <var>struture</var>, terminate this alorithm with an error.
+ the fields of <var>struture</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -746,7 +759,9 @@
<ol>
<li>
<p>
- If <var>data</var> is not an array, terminate this algorithm with an error.
+ If <var>data</var> is not an array,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -776,8 +791,9 @@
<ol>
<li>
<p>
- If <var>data</var> is an object or array, terminate this algorithm with an
- error.
+ If <var>data</var> is an object or array,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -1396,13 +1412,10 @@
<div id="subtlecrypto-interface-methods" class="section">
<h3>Methods and Parameters</h3>
- <div class="ednote">
- <p>
- All errors should be reported asynchronously. It is an open issue how to document that
- this should apply to WebIDL type mapping errors. Also, WebIDL type mapping for
- Algorithm input parameters needs to use the correct Algorithm subclass expected
- by the WebCrypto algorithm, not the Algorithm super-class specified in the function
- prototype.
+ <div class="note">
+ <p>
+ All errors are reported asynchronously by calling the reject handler of the returned
+ Promise. This includes WebIDL type mapping errors.
</p>
</div>
<div id="SubtleCrypto-method-encrypt" class="section">
@@ -1437,25 +1450,12 @@
</li>
<li>
<p>
- If an error occurs, run these substeps and then terminate the algorithm:
- </p>
- <ol>
- <li>
- <p>
- Let <var>result</var> be <code>null</code>.
- </p>
- </li>
- <li>
- <p>
- Execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
- <var>result</var> as the <code>value</code> argument.
- </p>
- </li>
- </ol>
- <div class="ednote">
- Determine whether to reject the algorithm with a DOMError or a
- <code>null</code> result.
- </div>
+ If the following steps or referenced procedures say to
+ <a href="#concept-return-an-error">return an error</a>,
+ execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
+ the returned error as the <code>value</code> argument and then
+ <a href="#terminate-the-algorithm">terminate the algorithm.</a>
+ </p>
</li>
<li>
<p>
@@ -1475,14 +1475,16 @@
If the <a href="#dfn-Algorith-name">name</a> member of
<var>normalizedAlgorithm</var> does not identify a
<a href="#algorithms">registered algorithm</a> that supports the
- encrypt operation, terminate this algorithm with an error.
+ encrypt operation, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-Key-usages">usages</a> property of <var>key</var> does not
contain an entry that is a case-sensitive string match for <code>"encrypt"</code>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -1532,25 +1534,12 @@
</li>
<li>
<p>
- If an error occurs, run these substeps and then terminate the algorithm:
- </p>
- <ol>
- <li>
- <p>
- Let <var>result</var> be <code>null</code>.
- </p>
- </li>
- <li>
- <p>
- Execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
- <var>result</var> as the <code>value</code> argument.
- </p>
- </li>
- </ol>
- <div class="ednote">
- Determine whether to reject the algorithm with a DOMError or a
- <code>null</code> result.
- </div>
+ If the following steps or referenced procedures say to
+ <a href="#concept-return-an-error">return an error</a>,
+ execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
+ the returned error as the <code>value</code> argument and then
+ <a href="#terminate-the-algorithm">terminate the algorithm.</a>
+ </p>
</li>
<li>
<p>
@@ -1570,14 +1559,16 @@
If the <a href="#dfn-Algorith-name">name</a> member of
<var>normalizedAlgorithm</var> does not identify a
<a href="#algorithms">registered algorithm</a> that supports the decrypt
- operation, terminate this algorithm with an error.
+ operation, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-Key-usages">usages</a> property of <var>key</var> does not
contain an entry that is a case-sensitive string match for <code>"decrypt"</code>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -1627,25 +1618,12 @@
</li>
<li>
<p>
- If an error occurs, run these substeps and then terminate the algorithm:
- </p>
- <ol>
- <li>
- <p>
- Let <var>result</var> be <code>null</code>.
- </p>
- </li>
- <li>
- <p>
- Execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
- <var>result</var> as the <code>value</code> argument.
- </p>
- </li>
- </ol>
- <div class="ednote">
- Determine whether to reject the algorithm with a DOMError or a
- <code>null</code> result.
- </div>
+ If the following steps or referenced procedures say to
+ <a href="#concept-return-an-error">return an error</a>,
+ execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
+ the returned error as the <code>value</code> argument and then
+ <a href="#terminate-the-algorithm">terminate the algorithm.</a>
+ </p>
</li>
<li>
<p>
@@ -1665,14 +1643,16 @@
If the <a href="#dfn-Algorith-name">name</a> member of
<var>normalizedAlgorithm</var> does not identify a
<a href="#algorithms">registered algorithm</a> that supports the sign
- operation, terminate this algorithm with an error.
+ operation, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-Key-usages">usages</a> property of <var>key</var> does not
contain an entry that is a case-sensitive string match for <code>"sign"</code>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -1721,25 +1701,12 @@
</li>
<li>
<p>
- If an error occurs, run these substeps and then terminate the algorithm:
- </p>
- <ol>
- <li>
- <p>
- Let <var>result</var> be <code>null</code>.
- </p>
- </li>
- <li>
- <p>
- Execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
- <var>result</var> as the <code>value</code> argument.
- </p>
- </li>
- </ol>
- <div class="ednote">
- Determine whether to reject the algorithm with a DOMError or a
- <code>null</code> result.
- </div>
+ If the following steps or referenced procedures say to
+ <a href="#concept-return-an-error">return an error</a>,
+ execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
+ the returned error as the <code>value</code> argument and then
+ <a href="#terminate-the-algorithm">terminate the algorithm.</a>
+ </p>
</li>
<li>
<p>
@@ -1759,14 +1726,16 @@
If the <a href="#dfn-Algorith-name">name</a> member of
<var>normalizedAlgorithm</var> does not identify a
<a href="#algorithms">registered algorithm</a> that supports the verify
- operation, terminate this algorithm with an error.
+ operation, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-Key-usages">usages</a> property of <var>key</var> does not
contain an entry that is a case-sensitive string match for <code>"verify"</code>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -1815,25 +1784,12 @@
</li>
<li>
<p>
- If an error occurs, run these substeps and then terminate the algorithm:
- </p>
- <ol>
- <li>
- <p>
- Let <var>result</var> be <code>null</code>.
- </p>
- </li>
- <li>
- <p>
- Execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
- <var>result</var> as the <code>value</code> argument.
- </p>
- </li>
- </ol>
- <div class="ednote">
- Determine whether to reject the algorithm with a DOMError or a
- <code>null</code> result.
- </div>
+ If the following steps or referenced procedures say to
+ <a href="#concept-return-an-error">return an error</a>,
+ execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
+ the returned error as the <code>value</code> argument and then
+ <a href="#terminate-the-algorithm">terminate the algorithm.</a>
+ </p>
</li>
<li>
<p>
@@ -1853,7 +1809,8 @@
If the <a href="#dfn-Algorith-name">name</a> member of
<var>normalizedAlgorithm</var> does not identify a
<a href="#algorithms">registered algorithm</a> that supports the digest
- operation, terminate this algorithm with an error.
+ operation, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
@@ -1903,25 +1860,12 @@
</li>
<li>
<p>
- If an error occurs, run these substeps and then terminate the algorithm:
- </p>
- <ol>
- <li>
- <p>
- Let <var>result</var> be <code>null</code>.
- </p>
- </li>
- <li>
- <p>
- Execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
- <var>result</var> as the <code>value</code> argument.
- </p>
- </li>
- </ol>
- <div class="ednote">
- Determine whether to reject the algorithm with a DOMError or a
- <code>null</code> result.
- </div>
+ If the following steps or referenced procedures say to
+ <a href="#concept-return-an-error">return an error</a>,
+ execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
+ the returned error as the <code>value</code> argument and then
+ <a href="#terminate-the-algorithm">terminate the algorithm.</a>
+ </p>
</li>
<li>
<p>
@@ -1941,14 +1885,16 @@
If the <a href="#dfn-Algorith-name">name</a> member of
<var>normalizedAlgorithm</var> does not identify a
<a href="#algorithms">registered algorithm</a> that supports the generate
- key operation, terminate this algorithm with an error.
+ key operation, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> includes a value that is not a case-sensitive string match
for a <a href="#dfn-RecognizedKeyUsage">recognized key usage value</a>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -1998,25 +1944,12 @@
</li>
<li>
<p>
- If an error occurs, run these substeps and then terminate the algorithm:
- </p>
- <ol>
- <li>
- <p>
- Let <var>result</var> be <code>null</code>.
- </p>
- </li>
- <li>
- <p>
- Execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
- <var>result</var> as the <code>value</code> argument.
- </p>
- </li>
- </ol>
- <div class="ednote">
- Determine whether to reject the algorithm with a DOMError or a
- <code>null</code> result.
- </div>
+ If the following steps or referenced procedures say to
+ <a href="#concept-return-an-error">return an error</a>,
+ execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
+ the returned error as the <code>value</code> argument and then
+ <a href="#terminate-the-algorithm">terminate the algorithm.</a>
+ </p>
</li>
<li>
<p>
@@ -2036,7 +1969,8 @@
If the <a href="#dfn-Algorith-name">name</a> member of
<var>normalizedAlgorithm</var> does not identify a
<a href="#algorithms">registered algorithm</a> that supports the derive bits
- operation, terminate this algorithm with an error.
+ operation, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
@@ -2051,23 +1985,25 @@
If the <a href="#dfn-Algorith-name">name</a> member of
<var>normalizedDerivedKeyAlgorithm</var> does not identify a
<a href="#algorithms">registered algorithm</a> that supports the get key length
- and import key operations, terminate this algorithm
- with an error.
+ and import key operations, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-Key-usages">usages</a> property of <var>baseKey</var> does not
contain an entry that is a case-sensitive string match for <code>"deriveKey"</code>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> includes a value that is not a case-sensitive string
match for a
- <a href="#dfn-RecognizedKeyUsage">recognized key usage value</a>, terminate
- this algorithm with an error.
+ <a href="#dfn-RecognizedKeyUsage">recognized key usage value</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -2132,25 +2068,12 @@
</li>
<li>
<p>
- If an error occurs, run these substeps and then terminate the algorithm:
- </p>
- <ol>
- <li>
- <p>
- Let <var>result</var> be <code>null</code>.
- </p>
- </li>
- <li>
- <p>
- Execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
- <var>result</var> as the <code>value</code> argument.
- </p>
- </li>
- </ol>
- <div class="ednote">
- Determine whether to reject the algorithm with a DOMError or a
- <code>null</code> result.
- </div>
+ If the following steps or referenced procedures say to
+ <a href="#concept-return-an-error">return an error</a>,
+ execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
+ the returned error as the <code>value</code> argument and then
+ <a href="#terminate-the-algorithm">terminate the algorithm.</a>
+ </p>
</li>
<li>
<p>
@@ -2170,14 +2093,16 @@
If the <a href="#dfn-Algorith-name">name</a> member of
<var>normalizedAlgorithm</var> does not identify a
<a href="#algorithms">registered algorithm</a> that supports the derive bits
- operation, terminate this algorithm with an error.
+ operation, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-Key-usages">usages</a> property of <var>baseKey</var> does not
contain an entry that is a case-sensitive string match for <code>"deriveBits"</code>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -2228,27 +2153,13 @@
</li>
<li>
<p>
- If an error occurs, run these substeps and then terminate the algorithm:
- </p>
- <ol>
- <li>
- <p>
- Let <var>result</var> be <code>null</code>.
- </p>
- </li>
- <li>
- <p>
- Execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
- <var>result</var> as the <code>value</code> argument.
- </p>
- </li>
- </ol>
- <div class="ednote">
- Determine whether to reject the algorithm with a DOMError or a
- <code>null</code> result.
- </div>
- </li>
-
+ If the following steps or referenced procedures say to
+ <a href="#concept-return-an-error">return an error</a>,
+ execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
+ the returned error as the <code>value</code> argument and then
+ <a href="#terminate-the-algorithm">terminate the algorithm.</a>
+ </p>
+ </li>
<li>
<p>
Perform type mapping as specified in [<a href="#WebIDL">WEBIDL</a>] for
@@ -2268,14 +2179,16 @@
If the <a href="#dfn-Algorith-name">name</a> member of
<var>normalizedAlgorithm</var> does not identify a
<a href="#algorithms">registered algorithm</a> that supports the import key
- operation, terminate this algorithm with an error.
+ operation, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
<p>
If <var>format</var> is not a case-sensitive string match for
a <a href="#dfn-RecognizedKeyFormats">recognized key
- format value</a>, terminate this algorithm with an error.
+ format value</a>, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -2283,7 +2196,8 @@
If <var>usages</var> includes a value that is not a case-sensitive string match
for a
<a href="#dfn-RecognizedKeyUsage">recognized key usage value</a>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -2332,25 +2246,12 @@
</li>
<li>
<p>
- If an error occurs, run these substeps and then terminate the algorithm:
- </p>
- <ol>
- <li>
- <p>
- Let <var>result</var> be <code>null</code>.
- </p>
- </li>
- <li>
- <p>
- Execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
- <var>result</var> as the <code>value</code> argument.
- </p>
- </li>
- </ol>
- <div class="ednote">
- Determine whether to reject the algorithm with a DOMError or a
- <code>null</code> result.
- </div>
+ If the following steps or referenced procedures say to
+ <a href="#concept-return-an-error">return an error</a>,
+ execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
+ the returned error as the <code>value</code> argument and then
+ <a href="#terminate-the-algorithm">terminate the algorithm.</a>
+ </p>
</li>
<li>
<p>
@@ -2362,13 +2263,24 @@
<p>
If <var>format</var> is not a case-sensitive string match for a
<a href="#dfn-RecognizedKeyFormats">recognized key
- format value</a>, terminate this algorithm with an error.
+ format value</a>, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <a href="#dfn-Algorith-name">name</a> member of
+ <var>normalizedAlgorithm</var> does not identify a
+ <a href="#algorithms">registered algorithm</a> that supports the export key
+ operation, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-Key-extractable">extractable</a> property of <var>key</var>
- is false, terminate this algorithm with an error.
+ is false, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -2416,25 +2328,12 @@
</li>
<li>
<p>
- If an error occurs, run these substeps and then terminate the algorithm:
- </p>
- <ol>
- <li>
- <p>
- Let <var>result</var> be <code>null</code>.
- </p>
- </li>
- <li>
- <p>
- Execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
- <var>result</var> as the <code>value</code> argument.
- </p>
- </li>
- </ol>
- <div class="ednote">
- Determine whether to reject the algorithm with a DOMError or a
- <code>null</code> result.
- </div>
+ If the following steps or referenced procedures say to
+ <a href="#concept-return-an-error">return an error</a>,
+ execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
+ the returned error as the <code>value</code> argument and then
+ <a href="#terminate-the-algorithm">terminate the algorithm.</a>
+ </p>
</li>
<li>
<p>
@@ -2454,27 +2353,39 @@
If the <a href="#dfn-Algorith-name">name</a> member of
<var>normalizedAlgorithm</var> does not identify a
<a href="#algorithms">registered algorithm</a> that supports the encrypt or wrap
- key operation, terminate this algorithm with an error.
+ key operation, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
<p>
If <var>format</var> is not a case-sensitive string match for algorithm a
<a href="#dfn-RecognizedKeyFormats">recognized key
- format value</a>, terminate this algorithm with an error.
+ format value</a>, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-Key-usages">usages</a> property of <var>wrappingKey</var>
does not contain an entry that is a case-sensitive string match for
- <code>"wrapKey"</code>, terminate this algorithm with an error.
+ <code>"wrapKey"</code>, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the algorithm identified by the <a href="#dfn-Key-algorithm">algorithm</a>
+ attibute of <var>key</var> does not support the export key operation,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-Key-extractable">extractable</a> property of <var>key</var>
- is false, terminate this algorithm with an error.
+ is false, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -2485,11 +2396,6 @@
</p>
</li>
<li>
- <p>
- If the export key operation failed, terminate this algorithm with an error.
- </p>
- </li>
- <li>
<dl class="switch">
<dt>If <var>normalizedAlgorithm</var> supports the wrap key operation:</dt>
<dd>
@@ -2510,16 +2416,14 @@
</p>
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
</dl>
</li>
<li>
<p>
- If the wrap key or encrypt operation failed, terminate this algorithm with an error.
- </p>
- </li>
- <li>
- <p>
Execute <var>resolver</var>'s <code>resolve(value)</code> algorithm, with
<var>result</var> as the <code>value</code> argument.
</p>
@@ -2560,25 +2464,12 @@
</li>
<li>
<p>
- If an error occurs, run these substeps and then terminate the algorithm:
- </p>
- <ol>
- <li>
- <p>
- Let <var>result</var> be <code>null</code>.
- </p>
- </li>
- <li>
- <p>
- Execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
- <var>result</var> as the <code>value</code> argument.
- </p>
- </li>
- </ol>
- <div class="ednote">
- Determine whether to reject the algorithm with a DOMError or a
- <code>null</code> result.
- </div>
+ If the following steps or referenced procedures say to
+ <a href="#concept-return-an-error">return an error</a>,
+ execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
+ the returned error as the <code>value</code> argument and then
+ <a href="#terminate-the-algorithm">terminate the algorithm.</a>
+ </p>
</li>
<li>
<p>
@@ -2600,7 +2491,8 @@
<var>normalizedAlgorithm</var> does not identify a
<a href="#algorithms">registered algorithm</a> that supports the unwrap key or
decrypt
- operation, terminate this algorithm with an error.
+ operation, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
@@ -2615,28 +2507,32 @@
If the <a href="#dfn-Algorith-name">name</a> member of
<var>normalizedKeyAlgorithm</var> does not identify a
<a href="#algorithms">registered algorithm</a> that supports the importKey
- operation, terminate this algorithm with an error.
+ operation, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-Key-usages">usages</a> property of <var>unwrappingKey</var>
does not contain an entry that is a case-sensitive string match for
- <code>"unwrapKey"</code>, terminate this algorithm with an error.
+ <code>"unwrapKey"</code>, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
<p>
If <var>format</var> is not a case-sensitive string match for a
<a href="#dfn-RecognizedKeyFormats">recognized key
- format value</a>, terminate this algorithm with an error.
+ format value</a>, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> includes a value that is not a case-sensitive string match
- for a <a href="#dfn-RecognizedKeyUsage">recognized key usage value</a>, terminate
- this algorithm with an error.
+ for a <a href="#dfn-RecognizedKeyUsage">recognized key usage value</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -2661,17 +2557,14 @@
<var>ciphertext</var>.
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
</dl>
</li>
<li>
<p>
- If the unwrap key or decrypt operation failed, terminate this algorithm with an
- error.
- </p>
- </li>
- <li>
- <p>
Let <var>result</var> be the result of performing the import key operation
specified by <var>normalizedKeyAlgorithm</var> using
<var>unwrappedKeyAlgorithm</var> as <var>algorithm</var>, <var>format</var>,
@@ -2682,11 +2575,6 @@
</li>
<li>
<p>
- If the import key algorithm failed, terminate this algorithm with an error.
- </p>
- </li>
- <li>
- <p>
Execute <var>resolver</var>'s <code>resolve(value)</code> algorithm, with
<var>result</var> as the <code>value</code> argument.
</p>
@@ -2694,8 +2582,73 @@
</ol>
</div>
</div>
+ <div id="SubtleCrypto-Exceptions" class="section">
+ <h3>Exceptions</h3>
+ <p>
+ The methods of the <a href="#dfn-SubtleCrypto">SubtleCrypto</a> interface return errors
+ by calling the reject handler of the returned promise with a
+ <a href="#dfn-DOMException">DOMException</a>. The following DOMException types from
+ [<a href="#DOM4">DOM4</a>] are used with messages as shown in the following table:
+ <table>
+ <tbody>
+ <tr>
+ <th>Type</th>
+ <th>Message (optional)</th>
+ </tr>
+ <tr>
+ <td><dfn id="dfn-NotSupportedError"><code>NotSupportedError</code></dfn></td>
+ <td>The algorithm is not supported</td>
+ </tr>
+ <tr>
+ <td><dfn id="dfn-SyntaxError"><code>SyntaxError</code></dfn></td>
+ <td>A required parameter was missing our out-of-range</td>
+ </tr>
+ <tr>
+ <td><dfn id="dfn-InvalidStateError"><code>InvalidStateError</code></dfn></td>
+ <td>The requested operation is not value for the current state of the provided key.</td>
+ </tr>
+ <tr>
+ <td><dfn id="dfn-InvalidAccessError"><code>InvalidAccessError</code></dfn></td>
+ <td>The requested operation is not valid for the provided key</td>
+ </tr>
+ </tbody>
+ </table>
+ </p>
+ <p>
+ The following new DOMException types are defined by this specification:
+ <table>
+ <tbody>
+ <tr>
+ <th>Type</th>
+ <th>Message (optional)</th>
+ </tr>
+ <tr>
+ <td><dfn id="dfn-UnknownError"><code>UnknownError</code></dfn></td>
+ <td>The operation failed for an unknown transient reason (e.g. out of memory)</td>
+ </tr>
+ <tr>
+ <td><dfn id="dfn-DataError"><code>DataError</code></dfn></td>
+ <td>Data provided to an operation does not meet requirements</td>
+ </tr>
+ <tr>
+ <td><dfn id="dfn-OperationError"><code>OperationError</code></dfn></td>
+ <td>The operation failed for an operation-specific reason</td>
+ </tr>
+ </tbody>
+ </table>
+ </p>
+ <p>
+ When this specification says to
+ <dfn id="concept-return-an-error">return an error</dfn> named <var>error</var>,
+ where <var>error</var>
+ is one of the above error names, the user agent must return a
+ <a href="#dfn-DOMException">DOMException</a> with name <var>error</var> and message as
+ defined in the above two tables.
+ </p>
+ </div>
</div>
+
<div id="WorkerCrypto-interface" class="section">
<h2>WorkerCrypto interface</h2>
<x:codeblock language="idl">
@@ -3312,8 +3265,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var>
- is not a case-sensitive string match for <code>"public"</code>, terminate this
- algorithm with an error.
+ is not a case-sensitive string match for <code>"public"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -3326,15 +3280,16 @@
</li>
<li>
<p>
- If performing the operation results in an error, terminate this algorithm with
- an error.
- </p>
- </li>
- <li>
- <p>
- Let <var>ciphertext</var> be a new ArrayBuffer
- containing the value <var>C</var> that results from performing the
- operation.
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>ciphertext</var> be a new ArrayBuffer
+ containing the value <var>C</var> that results from performing the
+ operation.
</p>
</li>
</ol>
@@ -3345,8 +3300,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var>
- is not a case-sensitive string match for <code>"private"</code>, terminate this
- algorithm with an error.
+ is not a case-sensitive string match for <code>"private"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>
</p>
</li>
<li>
@@ -3359,8 +3315,9 @@
</li>
<li>
<p>
- If performing the operation results in an error, terminate this algorithm with
- an error.
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -3385,16 +3342,18 @@
<li>
<p>
If any of the members of <a href="#dfn-RsaKeyGenParams">RsaKeyGenParams</a> are
- not present in <var>normalizedAlgorithm</var>, terminate this algorithm with
- an error.
+ not present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> contains an entry which is not a case-sensitive string
match for <code>"encrypt"</code>, <code>"decrypt"</code>,
- <code>"wrapKey"</code> or <code>"unwrapKey"</code>, terminate this algorithm
- with an error.
+ <code>"wrapKey"</code> or <code>"unwrapKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -3409,7 +3368,9 @@
</li>
<li>
<p>
- If generation of the key pair fails, terminate this algorithm with an error.
+ If generation of the key pair fails,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -3551,8 +3512,9 @@
</li>
<li>
<p>
- If an error occurred while parsing, terminate this algorithm with
- the error.
+ If an error occurred while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -3560,8 +3522,9 @@
If the <code>algorithm</code> object identifier field of the
<code>algorithm</code> AlgorithmIdentifier field of <var>spki</var>
is not equivalent to the <code>rsaEncryption</code> OID defined in
- Section 2.3.1 of <a href="#RFC3279">RFC 3279</a>, terminate this
- algorithm with an error.
+ Section 2.3.1 of <a href="#RFC3279">RFC 3279</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -3577,8 +3540,9 @@
</li>
<li>
<p>
- If an error occurred while parsing, terminate this algorithm with
- an error.
+ If an error occurred while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -3607,8 +3571,9 @@
</li>
<li>
<p>
- If an error occurred while parsing, terminate this algorithm with
- an error.
+ If an error occurred while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -3617,8 +3582,9 @@
<code>privateKeyAlgorithm</code> PrivateKeyAlgorithmIdentifier field
of <var>privateKeyInfo</var> is not equivalent to the
<code>rsaEncryption</code> OID defined in Section 2.3.1 of
- <a href="#RFC3279">RFC 3279</a>, terminate this algorithm with an
- error.
+ <a href="#RFC3279">RFC 3279</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -3634,8 +3600,9 @@
</li>
<li>
<p>
- If an error occurred while parsing, terminate this algorithm with
- an error.
+ If an error occurred while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -3665,15 +3632,17 @@
<li>
<p>
If the <code>"kty"</code> field of <var>jwk</var> is not a
- case-sensitive string match to <code>"RSA"</code>, terminate
- this algorithm with an error.
+ case-sensitive string match to <code>"RSA"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"use"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"enc"</code>, terminate
- this algorithm with an error.
+ not a case-sensitive string match to <code>"enc"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -3682,14 +3651,16 @@
is invalid according to the requirements of
<a href="#jwk">JSON Web Key</a> or
does not contain all of the specified <var>usages</var> values,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"RSA1_5"</code>, terminate
- this algorithm with an error.
+ not a case-sensitive string match to <code>"RSA1_5"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -3701,7 +3672,9 @@
<p>
If <var>jwk</var> does not meet the requirements of
Section 6.3.2 of <a href="#jwa">JSON Web
- Algorithms</a>, terminate this algorithm with an error.
+ Algorithms</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -3727,7 +3700,9 @@
<p>
If <var>jwk</var> does not meet the requirements of
Section 6.3.1 of <a href="#jwa">JSON Web
- Algorithms</a>, terminate this algorithm with an error.
+ Algorithms</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -3751,7 +3726,10 @@
</ol>
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
</dl>
</li>
<li>
@@ -3807,7 +3785,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var> is
- not <code>"public"</code>, terminate the algorithm with an error.
+ not <code>"public"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -3855,7 +3835,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var> is
- not <code>"private"</code>, terminate the algorithm with an error.
+ not <code>"private"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -3990,7 +3972,9 @@
</dd>
<dt>Otherwise</dt>
<dd>
- <p>Terminate this algorithm with an error.</p>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.</p>
</dd>
</dl>
</li>
@@ -4106,8 +4090,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var>
- is not a case-sensitive string match for <code>"private"</code>, terminate this
- algorithm with an error.
+ is not a case-sensitive string match for <code>"private"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -4123,8 +4108,9 @@
</li>
<li>
<p>
- If performing the operation results in an error, terminate this algorithm
- with an error.
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -4142,8 +4128,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var>
- is not a case-sensitive string match for <code>"public"</code>, terminate this
- algorithm with an error.
+ is not a case-sensitive string match for <code>"public"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -4160,8 +4147,9 @@
</li>
<li>
<p>
- If performing the operation results in an error, terminate this algorithm
- with an error.
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -4187,14 +4175,17 @@
<p>
If any of the members of
<a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a> are not present
- in <var>normalizedAlgorithm</var>, terminate this algorithm with an error.
+ in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> contains an entry which is not a case-sensitive string
- match for <code>"sign"</code> or <code>"verify"</code>, terminate this
- algorithm with an error.
+ match for <code>"sign"</code> or <code>"verify"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -4205,141 +4196,139 @@
<var>normalizedAlgorithm</var> and RSA public exponent equal to the
<a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a> property of
<var>normalizedAlgorithm</var>.
- <dl class="switch">
- <dt>If generation of the key pair fails:</dt>
- <dd>Terminate this algorithm with an error.</dd>
- <dt>Otherwise:</dt>
- <dd>
- <ol>
- <li>
- <p>
- Let <var>algorithm</var> be a new
- <a href="#dfn-RsaHashedKeyAlgorithm">RsaHashedKeyAlgorithm</a>
- object.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-KeyAlgorithm-name">name</a> property of
- <var>algorithm</var> to <code>"RSASSA-PKCS1-v1_5"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the
- <a href="#dfn-RsaKeyAlgorithm-modulusLength">modulusLength</a>
- property of <var>algorithm</var> to equal the
- <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a>
- property of <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the
- <a href="#dfn-RsaKeyAlgorithm-publicExponent">publicExponent</a>
- property of <var>algorithm</var> to equal the
- <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a>
- property of <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> property
- of <var>algorithm</var> to equal the
- <a href="#dfn-RsaHashedKeyGenParams">hash</a> property of
- <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Let <var>publicKey</var> be a new <a href="#dfn-Key">Key</a> object
- representing the public key of the generated key pair.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-type">type</a> property of <var>publicKey</var>
- to <code>"public"</code>
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-algorithm">algorithm</a> property of
- <var>publicKey</var> to be <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-extractable">extractable</a> property of
- <var>publicKey</var> to true.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-usages">usages</a> property of
- <var>publicKey</var> to be the
- <a href="concept-usage-intersection">usage intersection</a> of
- <var>usages</var> and <code>[ "verify" ]</code>.
- </p>
- </li>
- <li>
- <p>
- Let <var>privateKey</var> be a new <a href="#dfn-Key">Key</a> object
- representing the private key of the generated key pair.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-Type">type</a> property of <var>privateKey</var>
- to <code>"private"</code>
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-algorithm">algorithm</a> property of
- <var>privateKey</var> to be <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-extractable">extractable</a> property of
- <var>privateKey</var> to <var>extractable</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-usages">usages</a> property of
- <var>privateKey</var> to be the
- <a href="concept-usage-intersection">usage intersection</a> of
- <var>usages</var> and <code>[ "sign" ]</code>.
- </p>
- </li>
- <li>
- <p>
- Let <var>result</var> be a new <a href="#dfn-KeyPair">KeyPair</a>
- object.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#def-KeyPair-publicKey">publicKey</a> property
- of <var>result</var> to be <var>publicKey</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#def-KeyPair-privateKey">privateKey</a> property
- of <var>result</var> to be <var>privateKey</var>.
- </p>
- </li>
- <li>
- <p>
- Return <var>result</var>.
- </p>
- </li>
- </ol>
- </dd>
- </dl>
+ </p>
+ </li>
+ <li>
+ <p>
+ If generation of the key pair fails,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>algorithm</var> be a new
+ <a href="#dfn-RsaHashedKeyAlgorithm">RsaHashedKeyAlgorithm</a>
+ object.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-KeyAlgorithm-name">name</a> property of
+ <var>algorithm</var> to <code>"RSASSA-PKCS1-v1_5"</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the
+ <a href="#dfn-RsaKeyAlgorithm-modulusLength">modulusLength</a>
+ property of <var>algorithm</var> to equal the
+ <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a>
+ property of <var>normalizedAlgorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the
+ <a href="#dfn-RsaKeyAlgorithm-publicExponent">publicExponent</a>
+ property of <var>algorithm</var> to equal the
+ <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a>
+ property of <var>normalizedAlgorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> property
+ of <var>algorithm</var> to equal the
+ <a href="#dfn-RsaHashedKeyGenParams">hash</a> property of
+ <var>normalizedAlgorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>publicKey</var> be a new <a href="#dfn-Key">Key</a> object
+ representing the public key of the generated key pair.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-type">type</a> property of <var>publicKey</var>
+ to <code>"public"</code>
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-algorithm">algorithm</a> property of
+ <var>publicKey</var> to be <var>algorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-extractable">extractable</a> property of
+ <var>publicKey</var> to true.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-usages">usages</a> property of
+ <var>publicKey</var> to be the
+ <a href="concept-usage-intersection">usage intersection</a> of
+ <var>usages</var> and <code>[ "verify" ]</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>privateKey</var> be a new <a href="#dfn-Key">Key</a> object
+ representing the private key of the generated key pair.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-Type">type</a> property of <var>privateKey</var>
+ to <code>"private"</code>
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-algorithm">algorithm</a> property of
+ <var>privateKey</var> to be <var>algorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-extractable">extractable</a> property of
+ <var>privateKey</var> to <var>extractable</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-usages">usages</a> property of
+ <var>privateKey</var> to be the
+ <a href="concept-usage-intersection">usage intersection</a> of
+ <var>usages</var> and <code>[ "sign" ]</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>result</var> be a new <a href="#dfn-KeyPair">KeyPair</a>
+ object.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#def-KeyPair-publicKey">publicKey</a> property
+ of <var>result</var> to be <var>publicKey</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#def-KeyPair-privateKey">privateKey</a> property
+ of <var>result</var> to be <var>privateKey</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return <var>result</var>.
</p>
</li>
</ol>
@@ -4428,8 +4417,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var>
- is not a case-sensitive string match for <code>"private"</code>, terminate this
- algorithm with an error.
+ is not a case-sensitive string match for <code>"private"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -4442,8 +4432,9 @@
<li>
<p>
If any of the members of <a href="#dfn-RsaPssParams">RsaPssParams</a> are not
- present in <var>normalizedAlgorithm</var>, terminate this algorithm with an
- error.
+ present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -4464,8 +4455,9 @@
</li>
<li>
<p>
- If performing the operation results in an error, terminate this algorithm with
- an error.
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -4483,8 +4475,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var>
- is not a case-sensitive string match for <code>"public"</code>, terminate this
- algorithm with an error.
+ is not a case-sensitive string match for <code>"public"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -4497,8 +4490,9 @@
<li>
<p>
If any of the members of <a href="#dfn-RsaPssParams">RsaPssParams</a> are not
- present in <var>normalizedAlgorithm</var>, terminate this algorithm with an
- error.
+ present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -4519,8 +4513,9 @@
</li>
<li>
<p>
- If performing the operation results in an error, terminate this algorithm with
- an error.
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -4547,14 +4542,17 @@
<p>
If any of the members of
<a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a> are not present
- in <var>normalizedAlgorithm</var>, terminate this algorithm with an error.
+ in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> contains an entry which is not a case-sensitive string
- match for <code>"sign"</code> or <code>"verify"</code>, terminate this
- algorithm with an error.
+ match for <code>"sign"</code> or <code>"verify"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -4569,8 +4567,9 @@
</li>
<li>
<p>
- If performing the operation results in an error, terminate this algorithm with
- an error.
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -4788,8 +4787,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var>
- is not a case-sensitive string match for <code>"public"</code>, terminate this
- algorithm with an error.
+ is not a case-sensitive string match for <code>"public"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -4803,7 +4803,8 @@
<p>
If any of the members of <a href="#dfn-RsaOaepParams">RsaOaepParams</a> are
not present in <var>normalizedAlgorithm</var>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -4823,8 +4824,9 @@
</li>
<li>
<p>
- If performing the operation results in an error, terminate this algorithm with
- an error.
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -4842,8 +4844,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var>
- is not a case-sensitive string match for <code>"private"</code>, terminate this
- algorithm with an error.
+ is not a case-sensitive string match for <code>"private"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -4857,7 +4860,8 @@
<p>
If any of the members of <a href="#dfn-RsaOaepParams">RsaOaepParams</a> are
not present in <var>normalizedAlgorithm</var>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -4878,8 +4882,9 @@
</li>
<li>
<p>
- If performing the operation results in an error, terminate this algorithm with
- an error.
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -4905,15 +4910,18 @@
<p>
If any of the members of
<a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a> are not present
- in <var>normalizedAlgorithm</var>, terminate this algorithm with an error.
+ in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> contains an entry which is not a case-sensitive string
match for <code>"encrypt"</code>, <code>"decrypt</code>,
- <code>wrapKey</code> or <code>unwrapKey</code>, terminate this
- algorithm with an error.
+ <code>wrapKey</code> or <code>unwrapKey</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -4928,8 +4936,9 @@
</li>
<li>
<p>
- If performing the operation results in an error, terminate this algorithm with
- an error.
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -5192,7 +5201,8 @@
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var>
is not a case-sensitive string match for <code>"private"</code>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -5205,22 +5215,24 @@
<li>
<p>
If any of the properties of <a href="#dfn-EcdsaParams">EcdsaParams</a> are
- not present in <var>normalizedAlgorithm</var>, terminate this algorithm with
- an error.
+ not present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
Let <var>hashAlgorithm</var> be the <a href="#dfn-EcdsaParams-hash">hash</a>
- property of
- <var>normalizedAlgorithm</var>.
+ property of <var>normalizedAlgorithm</var>.
</p>
</li>
<li>
<p>
If <var>hashAlgorithm</var> does not describe a
<a href="#algorithms">registered algorithm</a> that supports the digest
- operation, terminate this algorithm with an error.
+ operation,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
@@ -5285,7 +5297,8 @@
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var>
is not a case-sensitive string match for <code>"public"</code>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -5298,8 +5311,9 @@
<li>
<p>
If any of the properties of <a href="#dfn-EcdsaParams">EcdsaParams</a> are
- not present in <var>normalizedAlgorithm</var>, terminate this algorithm with
- an error.
+ not present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -5313,7 +5327,9 @@
<p>
If <var>hashAlgorithm</var> does not describe a
<a href="#algorithms">registered algorithm</a> that supports the digest
- operation, terminate this algorithm with an error.
+ operation,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
@@ -5370,14 +5386,16 @@
<p>
If any of the members of <a href="#dfn-EcKeyGenParams">EcKeyGenParams</a> are
not present in <var>normalizedAlgorithm</var>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> contains a value which is not a case-sensitive string match
for one of <code>"sign"</code> or <code>"verify"</code>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -5390,8 +5408,9 @@
</li>
<li>
<p>
- If performing the key generation operation results in an error, terminate this
- algorithm with an error.
+ If performing the key generation operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -5523,8 +5542,9 @@
</li>
<li>
<p>
- If an error occurred while parsing, terminate this algorithm with
- an error.
+ If an error occurred while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -5533,14 +5553,16 @@
<code>algorithm</code> AlgorithmIdentifier field of <var>spki</var> is
not equal to the <code>id-ecPublicKey</code>
object identifier defined in <a href="#RFC5480">RFC 5480</a>,
- terminate the algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>parameters</code> field of the <code>algorithm</code>
AlgorithmIdentifier field of <var>spki</var> is absent,
- terminate the algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -5553,7 +5575,9 @@
<p>
If <var>params</var> is not an instance of the
<code>namedCurve</code> ASN.1 type defined in <a href="#RFC5480">RFC
- 5480</a>, terminate this algorithm with an error.
+ 5480</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -5615,7 +5639,12 @@
</p>
</dd>
<dt>Otherwise:</dt>
- <dd><p>Terminate the algorithm with an error</p></dd>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </dd>
</dl>
</li>
<li>
@@ -5638,8 +5667,9 @@
</li>
<li>
<p>
- If an error occurs while parsing, terminate this algorithm with an
- error.
+ If an error occurs while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -5648,15 +5678,18 @@
<code>privateKeyAlgorithm</code> PrivateKeyAlgorithm field of
<var>privateKeyInfo</var> is not equal to the
<code>id-ecPublicKey</code> object identifier defined in <a
- href="#RFC5480">RFC 5480</a>, terminate this algorithm with an error.
+ href="#RFC5480">RFC 5480</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>parameters</code> field of the
<code>privateKeyAlgorithm</code> PrivateKeyAlgorithmIdentifier field
- of <var>privateKeyInfo</var> is not present, terminate this algorithm
- with an error.
+ of <var>privateKeyInfo</var> is not present,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -5670,7 +5703,9 @@
<p>
If the <var>params</var> is not an instance of the
<code>namedCurve</code> ASN.1 type defined in <a href="#RFC5480">RFC
- 5480</a>, terminate this algorithm with an error.
+ 5480</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -5685,8 +5720,9 @@
</li>
<li>
<p>
- If an error occurred while parsing, terminate this algorithm with
- an error.
+ If an error occurred while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -5696,7 +5732,9 @@
type defined in <a href="#RFC5480">RFC 5480</a>, or does not contain
the same object identifier as the <code>parameters</code> field of the
<code>privateKeyAlgorithm</code> PrivateKeyAlgorithmIdentifier field
- of <var>privateKeyInfo</var>, terminate this algorithm with an error.
+ of <var>privateKeyInfo</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -5758,7 +5796,8 @@
</p>
</dd>
<dt>Otherwise:</dt>
- <dd><p>Terminate the algorithm with an error</p></dd>
+ <dd><p><a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</p></dd>
</dl>
</li>
<li>
@@ -5781,22 +5820,25 @@
</li>
<li>
<p>
- If an error occurred while parsing, terminate this algorithm with
- an error.
+ If an error occurred while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"kty"</code> field of <var>jwk</var> is not a
- case-sensitive string match to <code>"EC"</code>, terminate this
- algorithm with an error.
+ case-sensitive string match to <code>"EC"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"use"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"sig"</code>, terminate
- this algorithm with an error.
+ not a case-sensitive string match to <code>"sig"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -5804,14 +5846,17 @@
If the <code>"key_ops"</code> field of <var>jwk</var> is present, and
is invalid according to the requirements of <a href="#JWK">JSON Web
Key</a>, or it does not contain all of the specified <var>usages</var>
- values, terminate this algorithm with an error.
+ values,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"ext"</code> field of <var>jwk</var> is present and
has the value false and <var>extractable</var> is true,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -5822,8 +5867,9 @@
<li>
<p>
If <var>jwk</var> does not meet the requirements of Section
- 6.2.2 of <a href="#JWA">JSON Web Algorithms</a>, terminate
- this algorithm with an error.
+ 6.2.2 of <a href="#JWA">JSON Web Algorithms</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -5848,8 +5894,9 @@
<li>
<p>
If <var>jwk</var> does not meet the requirements of Section
- 6.2.1 of <a href="#JWA">JSON Web Algorithms</a>, terminate
- this algorithm with an error.
+ 6.2.1 of <a href="#JWA">JSON Web Algorithms</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -5915,7 +5962,12 @@
</p>
</dd>
<dt>Otherwise:</dt>
- <dd><p>Terminate the algorithm with an error</p></dd>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </dd>
</dl>
</li>
<li>
@@ -5927,7 +5979,12 @@
</ol>
</dd>
<dt>Otherwise:</dt>
- <dd><p>Terminate the algorithm with an error.</p></dd>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </p>
+ </dd>
</dl>
</li>
<li>
@@ -5954,7 +6011,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var> is
- not <code>"public"</code>, terminate this algorithm with an error.
+ not <code>"public"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -6022,10 +6081,6 @@
5480</a>
</p>
</dd>
- <dt>Otherwise:</dt>
- <dd>
- <p>Terminate this algorithm with an error</p>
- </dd>
</dl>
</li>
</ul>
@@ -6049,8 +6104,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var>
- is not <code>"private"</code>, terminate this algorithm with an
- error.
+ is not <code>"private"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -6123,10 +6179,6 @@
5480</a>
</p>
</dd>
- <dt>Otherwise:</dt>
- <dd>
- <p>Terminate this algorithm with an error</p>
- </dd>
</dl>
</li>
</ul>
@@ -6204,8 +6256,6 @@
Set the <code>crv</code> property of <var>jwk</var> to
<code>"P-521"</code>
</dd>
- <dt>Otherwise</dt>
- <dd><p>Terminate this algorithm with an error</p></dd>
</dl>
</li>
<li>
@@ -6264,8 +6314,13 @@
</p>
</li>
</ol>
+ </dd>
<dt>Otherwise:</dt>
- <dd><p>Terminate this algorithm with an error</p></dd>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </p>
</dd>
</dl>
</li>
@@ -6368,28 +6423,31 @@
<p>
If any of the members of <a href="#dfn-EcKeyGenParams">EcKeyGenParams</a> are
not present in <var>normalizedAlgorithm</var>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> contains a value which is not a case-sensitive string match
for one of <code>"deriveKey"</code> or <code>"deriveBits"</code>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
<p>
Generate an Elliptic Curve key pair, as defined in [<a href="#X9.63">X9.63</a>]
with domain parameters for the curve identified by
- the <a href="#dfn-ExKeyGenParams-namedCurve">namedCurve</a> property of
+ the <a href="#dfn-EcKeyGenParams-namedCurve">namedCurve</a> property of
<var>normalizedAlgorithm</var>.
</p>
</li>
<li>
<p>
- If performing the operation results in an error, terminate this algorithm
- with an error.
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -6506,8 +6564,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var>
- is not a case-sensitive string match for <code>"private"</code>, terminate this
- algorithm with an error.
+ is not a case-sensitive string match for <code>"private"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -6521,8 +6580,9 @@
<p>
If any of the members of <a
href="#dfn-EcdhKeyDeriveParams">EcdhKeyDeriveParams</a> are not present in
- <var>normalizedAlgorithm</var>, terminate this
- algorithm with an error.
+ <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -6537,14 +6597,18 @@
If the <a href="#dfn-KeyAlgorithm-name">name</a> property of the
<a href="#dfn-Key-algorithm">algorithm</a> property of <var>publicKey</var> is
not a case-sensitive string match for
- <code>"ECDH"</code>, terminate this algorithm with an error.
+ <code>"ECDH"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>publicKey</var>
is not a case-sensitive string match for
- <code>"public"</code>, terminate this algorithm with an error.
+ <code>"public"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -6554,7 +6618,8 @@
is not equal to the <a href="#dfn-EcKeyAlgorithm-namedCurve">namedCurve</a>
property of
the <a href="#dfn-Key-algorithm">algorithm</a> property of <var>key</var>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -6566,8 +6631,9 @@
</li>
<li>
<p>
- If performing the operation results in an error, terminate this algorithm
- with an error.
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -6589,7 +6655,10 @@
If the length of <var>secret</var> in bits is less than
<var>length</var>:
</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </dd>
<dt>Otherwise:</dt>
<dd>Return the first <var>length</var> bits of <var>secret</var>.</dd>
</dl>
@@ -6620,8 +6689,9 @@
</li>
<li>
<p>
- If an error occurred while parsing, terminate this algorithm with
- an error.
+ If an error occurred while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -6630,14 +6700,16 @@
<code>algorithm</code> AlgorithmIdentifier field of <var>spki</var> is
not equal to the <code>id-ecPublicKey</code> or <code>id-ecDH</code>
object identifiers defined in <a href="#RFC5480">RFC 5480</a>,
- terminate the algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>parameters</code> field of the <code>algorithm</code>
AlgorithmIdentifier field of <var>spki</var> is absent,
- terminate the algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -6650,7 +6722,9 @@
<p>
If <var>params</var> is not an instance of the
<code>namedCurve</code> ASN.1 type defined in <a href="#RFC5480">RFC
- 5480</a>, terminate this algorithm with an error.
+ 5480</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -6712,7 +6786,12 @@
</p>
</dd>
<dt>Otherwise:</dt>
- <dd><p>Terminate the algorithm with an error</p></dd>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </dd>
</dl>
</li>
<li>
@@ -6735,8 +6814,9 @@
</li>
<li>
<p>
- If an error occurs while parsing, terminate this algorithm with an
- error.
+ If an error occurs while parsing,
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -6745,16 +6825,18 @@
<code>privateKeyAlgorithm</code> PrivateKeyAlgorithm field of
<var>privateKeyInfo</var> is not equal to the
<code>id-ecPublicKey</code> or <code>id-ecDH</code> object identifiers
- defined in <a href="#RFC5480">RFC 5480</a>, terminate this algorithm
- with an error.
+ defined in <a href="#RFC5480">RFC 5480</a>,
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>parameters</code> field of the
<code>privateKeyAlgorithm</code> PrivateKeyAlgorithmIdentifier field
- of <var>privateKeyInfo</var> is not present, terminate this algorithm
- with an error.
+ of <var>privateKeyInfo</var> is not present,
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -6768,7 +6850,9 @@
<p>
If the <var>params</var> is not an instance of the
<code>namedCurve</code> ASN.1 type defined in <a href="#RFC5480">RFC
- 5480</a>, terminate this algorithm with an error.
+ 5480</a>,
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -6783,8 +6867,9 @@
</li>
<li>
<p>
- If an error occurred while parsing, terminate this algorithm with
- an error.
+ If an error occurred while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -6794,7 +6879,9 @@
type defined in <a href="#RFC5480">RFC 5480</a>, or does not contain
the same object identifier as the <code>parameters</code> field of the
<code>privateKeyAlgorithm</code> PrivateKeyAlgorithmIdentifier field
- of <var>privateKeyInfo</var>, terminate this algorithm with an error.
+ of <var>privateKeyInfo</var>,
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -6808,7 +6895,7 @@
<li>
<p>
Set the <a href="#dfn-Key-type">type</a> attribute of <var>key</var>
- to <code>"private"</code>
+ to <code>"private"</code>.
</p>
</li>
<li>
@@ -6856,7 +6943,12 @@
</p>
</dd>
<dt>Otherwise:</dt>
- <dd><p>Terminate the algorithm with an error</p></dd>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </dd>
</dl>
</li>
<li>
@@ -6879,21 +6971,24 @@
</li>
<li>
<p>
- If an error occurred while parsing, terminate this algorithm with
- an error.
+ If an error occurred while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"kty"</code> field of <var>jwk</var> is not a
- case-sensitive string match to <code>"EC"</code>, terminate this
- algorithm with an error.
+ case-sensitive string match to <code>"EC"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"use"</code> field of <var>jwk</var> is present,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -6901,14 +6996,16 @@
If the <code>"key_ops"</code> field of <var>jwk</var> is present, and
is invalid according to the requirements of <a href="#JWK">JSON Web
Key</a>, or it does not contain all of the specified <var>usages</var>
- values, terminate this algorithm with an error.
+ values, then <a href="#concept-return-an-error">return an error</a>
+ named <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"ext"</code> field of <var>jwk</var> is present and
has the value false and <var>extractable</var> is true,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -6919,8 +7016,9 @@
<li>
<p>
If <var>jwk</var> does not meet the requirements of Section
- 6.2.2 of <a href="#JWA">JSON Web Algorithms</a>, terminate
- this algorithm with an error.
+ 6.2.2 of <a href="#JWA">JSON Web Algorithms</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -6945,8 +7043,9 @@
<li>
<p>
If <var>jwk</var> does not meet the requirements of Section
- 6.2.1 of <a href="#JWA">JSON Web Algorithms</a>, terminate
- this algorithm with an error.
+ 6.2.1 of <a href="#JWA">JSON Web Algorithms</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -7012,7 +7111,12 @@
</p>
</dd>
<dt>Otherwise:</dt>
- <dd><p>Terminate the algorithm with an error</p></dd>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </dd>
</dl>
</li>
<li>
@@ -7030,8 +7134,9 @@
<p>
If any of the members of <a
href="#dfn-EcKeyImportParams">EcKeyImportParams</a> are not present in
- <var>normalizedAlgorithm</var> then terminate this algorithm with an
- error.
+ <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -7039,19 +7144,22 @@
If the <a href="#dfn-EcKeyImportParams-namedCurve">namedCurve</a>
property of <var>normalizedAlgorithm</var> is not a case-sensitive
string match for a <a href="#dfn-NamedCurve">named curve</a>,
- terminate this algorithm with an error.
- </p>
- </li>
- <li>
- <p>
- If <var>usages</var> is not the empty list, terminate this algorithm
- with an error.
- </p>
- </li>
- <li>
- <p>
- If <var>extractable</var> is false, terminate this algorithm with an
- error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>usages</var> is not the empty list,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>extractable</var> is false,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -7114,7 +7222,12 @@
</ol>
</dd>
<dt>Otherwise:</dt>
- <dd><p>Terminate the algorithm with an error.</p></dd>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </p>
+ </dd>
</dl>
</li>
<li>
@@ -7141,7 +7254,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var> is
- not <code>"public"</code>, terminate this algorithm with an error.
+ not <code>"public"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -7209,10 +7324,6 @@
5480</a>
</p>
</dd>
- <dt>Otherwise:</dt>
- <dd>
- <p>Terminate this algorithm with an error</p>
- </dd>
</dl>
</li>
</ul>
@@ -7236,8 +7347,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var>
- is not <code>"private"</code>, terminate this algorithm with an
- error.
+ is not <code>"private"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -7310,10 +7422,6 @@
5480</a>
</p>
</dd>
- <dt>Otherwise:</dt>
- <dd>
- <p>Terminate this algorithm with an error</p>
- </dd>
</dl>
</li>
</ul>
@@ -7391,8 +7499,6 @@
Set the <code>crv</code> property of <var>jwk</var> to
<code>"P-521"</code>
</dd>
- <dt>Otherwise</dt>
- <dd><p>Terminate this algorithm with an error</p></dd>
</dl>
</li>
<li>
@@ -7460,8 +7566,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var> is
- not a case-sensitive string match for <code>"public"</code>, terminate
- this algorithm with an error.
+ not a case-sensitive string match for <code>"public"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -7474,7 +7581,12 @@
</ol>
</dd>
<dt>Otherwise:</dt>
- <dd><p>Terminate this algorithm with an error</p></dd>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </p>
+ </dd>
</dl>
</li>
<li>
@@ -7616,22 +7728,27 @@
<li>
<p>
If any of the members of <a href="#aes-ctr-params">AesCtrParams</a> are not
- present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesCtrParams-counter">counter</a> property of
<var>normalizedAlgorithm</var> does not have length 16
- bytes, terminate this algorithm with an error.
+ bytes,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesCtrParams-length">length</a> property of
<var>normalizedAlgorithm</var> is zero or is greater
- than 128, terminate this algorithm with an error.
+ than 128,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -7669,22 +7786,27 @@
<li>
<p>
If any of the members of <a href="#aes-ctr-params">AesCtrParams</a> are not
- present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesCtrParams-counter">counter</a> property of
<var>normalizedAlgorithm</var> does not have length 16
- bytes, terminate this algorithm with an error.
+ bytes,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesCtrParams-length">length</a> property of
<var>normalizedAlgorithm</var> is zero or is greater
- than 128, terminate this algorithm with an error.
+ than 128,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -7722,23 +7844,27 @@
<li>
<p>
If any of the members of <a href="#aes-keygen-params">AesKeyGenParams</a> are
- not present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ not present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesKeyGenParams-length">length</a> property of
<var>normalizedAlgorithm</var> is not equal to one of
- 128, 192 or 256, terminate this algorithm with an error.
+ 128, 192 or 256,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> contains any entry which is not a case-sensitive string
match for one of <code>"encrypt"</code>, <code>"decrypt"</code>,
- <code>"wrapKey"</code> or <code>"unwrapKey"</code>, terminate this algorithm
- with an error.
+ <code>"wrapKey"</code> or <code>"unwrapKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -7750,7 +7876,9 @@
</li>
<li>
<p>
- If the key generation step fails, terminate this algorithm with an error.
+ If the key generation step fails,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -7812,8 +7940,9 @@
<p>
If <var>usages</var> contains an entry which is not a case-sensitive string
match for one of <code>"encrypt"</code>, <code>"decrypt"</code>,
- <code>"wrapKey"</code> or <code>"unwrapKey"</code>, terminate this algorithm
- with an error.
+ <code>"wrapKey"</code> or <code>"unwrapKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -7829,7 +7958,8 @@
<li>
<p>
If the length in bits of <var>data</var> is not 128, 192 or 256
- then terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
</ol>
@@ -7846,15 +7976,17 @@
<li>
<p>
If the <code>"kty"</code> field of <var>jwk</var> is not a
- case-sensitive string match to <code>"oct"</code>, terminate
- this algorithm with an error.
+ case-sensitive string match to <code>"oct"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If <var>jwk</var> does not meet the requirements of
- Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>, terminate this
- algorithm with an error.
+ Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -7867,25 +7999,31 @@
<dl class="switch">
<dt>If <var>data</var> has length 128 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A128CTR"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A128CTR"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>If <var>data</var> has length 192 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A192CTR"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A192CTR"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>If <var>data</var> has length 256 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A256CTR"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A256CTR"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
</dl>
</li>
<li>
<p>
If the <code>"use"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"enc"</code>, terminate
- this algorithm with an error.
+ not a case-sensitive string match to <code>"enc"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -7894,19 +8032,24 @@
is invalid according to the requirements of
<a href="#jwk">JSON Web Key</a> or
does not contain all of the specified <var>usages</var> values,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"ext"</code> field of <var>jwk</var> is present and
has the value false and <var>extractable</var> is true,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
</dl>
</li>
<li>
@@ -8063,15 +8206,17 @@
<p>
If any of the members of
<a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a> are not present in
- <var>normalizedDerivedKeyAlgorithm</var>, terminate this algorithm with an
- error.
+ <var>normalizedDerivedKeyAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
- <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256, terminate
- this algorithm with an error.
+ <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8177,15 +8322,18 @@
<li>
<p>
If any of the members of <a href="#aes-cbc-params">AesCbcParams</a> are not
- present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesCbcParams-iv">iv</a> property of
<var>normalizedAlgorithm</var> does not have length 16
- bytes, terminate this algorithm with an error.
+ bytes,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8226,15 +8374,18 @@
<li>
<p>
If any of the members of <a href="#aes-cbc-params">AesCbcParams</a> are not
- present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesCbcParams-iv">iv</a> property of
<var>normalizedAlgorithm</var> does not have length 16
- bytes, terminate this algorithm with an error.
+ bytes,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8256,7 +8407,8 @@
<p>
If <var>p</var> is zero or greater than 16, or if any of the last <var>p</var>
octets of <var>padded-plaintext</var> have a value which is not <var>p</var>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8285,23 +8437,27 @@
<li>
<p>
If any of the members of <a href="#aes-keygen-params">AesKeyGenParams</a> are
- not present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ not present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesKeyGenParams-length">length</a> property of
<var>normalizedAlgorithm</var> is not equal to one of
- 128, 192 or 256, terminate this algorithm with an error.
+ 128, 192 or 256,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> contains any entry which is not a case-sensitive string
match for one of <code>"encrypt"</code>, <code>"decrypt"</code>,
- <code>"wrapKey"</code> or <code>"unwrapKey"</code>, terminate this algorithm
- with an error.
+ <code>"wrapKey"</code> or <code>"unwrapKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8313,7 +8469,9 @@
</li>
<li>
<p>
- If the key generation step fails, terminate this algorithm with an error.
+ If the key generation step fails,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -8375,8 +8533,9 @@
<p>
If <var>usages</var> contains an entry which is not a case-sensitive string
match for one of <code>"encrypt"</code>, <code>"decrypt"</code>,
- <code>"wrapKey"</code> or <code>"unwrapKey"</code>, terminate this algorithm
- with an error.
+ <code>"wrapKey"</code> or <code>"unwrapKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8392,7 +8551,8 @@
<li>
<p>
If the length in bits of <var>data</var> is not 128, 192 or 256
- then terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
</ol>
@@ -8409,15 +8569,17 @@
<li>
<p>
If the <code>"kty"</code> field of <var>jwk</var> is not a
- case-sensitive string match to <code>"oct"</code>, terminate
- this algorithm with an error.
+ case-sensitive string match to <code>"oct"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If <var>jwk</var> does not meet the requirements of
- Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>, terminate this
- algorithm with an error.
+ Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8430,25 +8592,32 @@
<dl class="switch">
<dt>If <var>data</var> has length 128 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A128CBC"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A128CBC"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>If <var>data</var> has length 192 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A192CBC"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A192CBC"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>If <var>data</var> has length 256 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A256CBC"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A256CBC"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </dd>
</dl>
</li>
<li>
<p>
If the <code>"use"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"enc"</code>, terminate
- this algorithm with an error.
+ not a case-sensitive string match to <code>"enc"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8457,19 +8626,24 @@
is invalid according to the requirements of
<a href="#jwk">JSON Web Key</a> or
does not contain all of the specified <var>usages</var> values,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"ext"</code> field of <var>jwk</var> is present and
has the value false and <var>extractable</var> is true,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
+ </dd>
</dl>
</li>
<li>
@@ -8626,15 +8800,17 @@
<p>
If any of the members of
<a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a> are not present in
- <var>normalizedDerivedKeyAlgorithm</var>, terminate this algorithm with an
- error.
+ <var>normalizedDerivedKeyAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
- <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256, terminate
- this algorithm with an error.
+ <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8731,8 +8907,9 @@
</li>
<li>
<p>
- If <var>length</var> is zero or greater than 128, terminate this algorithm
- with an error.
+ If <var>length</var> is zero or greater than 128,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8769,8 +8946,9 @@
</li>
<li>
<p>
- If <var>length</var> is zero or greater than 128, terminate this algorithm
- with an error.
+ If <var>length</var> is zero or greater than 128,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8803,22 +8981,26 @@
<li>
<p>
If any of the members of <a href="#aes-keygen-params">AesKeyGenParams</a> are
- not present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ not present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesKeyGenParams-length">length</a> property of
<var>normalizedAlgorithm</var> is not equal to one of
- 128, 192 or 256, terminate this algorithm with an error.
+ 128, 192 or 256,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> contains any entry which is not a case-sensitive string
- match for <code>"sign"</code> or <code>"verify"</code>, terminate this
- algorithm with an error.
+ match for <code>"sign"</code> or <code>"verify"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8830,7 +9012,9 @@
</li>
<li>
<p>
- If the key generation step fails, terminate this algorithm with an error.
+ If the key generation step fails,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -8891,8 +9075,9 @@
<li>
<p>
If <var>usages</var> contains an entry which is not a case-sensitive string
- match for <code>"sign"</code> or <code>"verify"</code>, terminate this
- algorithm with an error.
+ match for <code>"sign"</code> or <code>"verify"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8908,7 +9093,8 @@
<li>
<p>
If the length in bits of <var>data</var> is not 128, 192 or 256
- then terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
</ol>
@@ -8925,15 +9111,17 @@
<li>
<p>
If the <code>"kty"</code> field of <var>jwk</var> is not a
- case-sensitive string match to <code>"oct"</code>, terminate
- this algorithm with an error.
+ case-sensitive string match to <code>"oct"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If <var>jwk</var> does not meet the requirements of
- Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>, terminate this
- algorithm with an error.
+ Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8946,25 +9134,32 @@
<dl class="switch">
<dt>If <var>data</var> has length 128 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A128CMAC"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A128CMAC"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>If <var>data</var> has length 192 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A192CMAC"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A192CMAC"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>If <var>data</var> has length 256 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A256CMAC"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A256CMAC"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </dd>
</dl>
</li>
<li>
<p>
If the <code>"use"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"enc"</code>, terminate
- this algorithm with an error.
+ not a case-sensitive string match to <code>"enc"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8973,19 +9168,24 @@
is invalid according to the requirements of
<a href="#jwk">JSON Web Key</a> or
does not contain all of the specified <var>usages</var> values,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"ext"</code> field of <var>jwk</var> is present and
has the value false and <var>extractable</var> is true,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
</dl>
</li>
<li>
@@ -9137,15 +9337,17 @@
<p>
If any of the members of
<a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a> are not present in
- <var>normalizedDerivedKeyAlgorithm</var>, terminate this algorithm with an
- error.
+ <var>normalizedDerivedKeyAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
- <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256, terminate
- this algorithm with an error.
+ <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -9248,28 +9450,35 @@
<p>
If the <a href="#dfn-AesGcmParams-iv">iv</a> property of
<a href="#aes-gcm-params">AesGcmParams</a> is not
- present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If <var>plaintext</var> has a length greater than 2^39 - 256
- bytes, terminate this algorithm with an error.
+ bytes,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesGcmParams-iv">iv</a> property of
<var>normalizedAlgorithm</var> has a length greater than 2^64 - 1
- bytes, terminate this algorithm with an error.
+ bytes,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property
of <var>normalizedAlgorithm</var> is present, is not null and has a length
- greater than 2^64 - 1 bytes, terminate this algorithm with an error.
+ greater than 2^64 - 1 bytes,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -9283,7 +9492,10 @@
<a href="#dfn-AesGcmParams-tagLength">tagLength</a> property of
<var>normalizedAlgorithm</var></dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </dd>
</dl>
</li>
<li>
@@ -9328,8 +9540,9 @@
<p>
If the <a href="#dfn-AesGcmParams-iv">iv</a> property of
<a href="#aes-gcm-params">AesGcmParams</a> is not
- present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -9343,20 +9556,26 @@
<a href="#dfn-AesGcmParams-tagLangth">tagLength</a> property of
<var>normalizedAlgorithm</var></dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </dd>
</dl>
</li>
<li>
<p>
If <var>plaintext</var> has a length less than <var>tagLength</var> bits,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesGcmParams-iv">iv</a> property of
<var>normalizedAlgorithm</var> has a length greater than 2^64 - 1
- bytes, terminate this algorithm with an error.
+ bytes,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -9364,7 +9583,9 @@
If the <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property
of <var>normalizedAlgorithm</var> is present, is not null and has a length
greater than 2^64 - 1
- bytes, terminate this algorithm with an error.
+ bytes,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -9400,7 +9621,10 @@
<dl class="switch">
<dt>If the result of the algorithm is the indication of inauthenticity,
"<var>FAIL</var>":</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>
+ </dd>
<dt>Otherwise:</dt>
<dd>Let <var>plaintext</var> be the output <var>P</var> of the Authenticated
Decryption Function.</dd>
@@ -9427,23 +9651,27 @@
<li>
<p>
If any of the members of <a href="#aes-keygen-params">AesKeyGenParams</a> are
- not present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ not present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesKeyGenParams-length">length</a> property of
<var>normalizedAlgorithm</var> is not equal to one of
- 128, 192 or 256, terminate this algorithm with an error.
+ 128, 192 or 256,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> contains any entry which is not a case-sensitive string
match for one of <code>"encrypt"</code>, <code>"decrypt"</code>,
- <code>"wrapKey"</code> or <code>"unwrapKey"</code>, terminate this algorithm
- with an error.
+ <code>"wrapKey"</code> or <code>"unwrapKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -9455,7 +9683,9 @@
</li>
<li>
<p>
- If the key generation step fails, terminate this algorithm with an error.
+ If the key generation step fails,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -9517,8 +9747,9 @@
<p>
If <var>usages</var> contains an entry which is not a case-sensitive string
match for one of <code>"encrypt"</code>, <code>"decrypt"</code>,
- <code>"wrapKey"</code> or <code>"unwrapKey"</code>, terminate this algorithm
- with an error.
+ <code>"wrapKey"</code> or <code>"unwrapKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -9534,7 +9765,8 @@
<li>
<p>
If the length in bits of <var>data</var> is not 128, 192 or 256
- then terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
</ol>
@@ -9551,15 +9783,17 @@
<li>
<p>
If the <code>"kty"</code> field of <var>jwk</var> is not a
- case-sensitive string match to <code>"oct"</code>, terminate
- this algorithm with an error.
+ case-sensitive string match to <code>"oct"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If <var>jwk</var> does not meet the requirements of
- Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>, terminate this
- algorithm with an error.
+ Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -9572,25 +9806,32 @@
<dl class="switch">
<dt>If <var>data</var> has length 128 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A128GCM"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A128GCM"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>If <var>data</var> has length 192 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A192GCM"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A192GCM"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>If <var>data</var> has length 256 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A256GCM"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A256GCM"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </dd>
</dl>
</li>
<li>
<p>
If the <code>"use"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"enc"</code>, terminate
- this algorithm with an error.
+ not a case-sensitive string match to <code>"enc"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -9599,19 +9840,24 @@
is invalid according to the requirements of
<a href="#jwk">JSON Web Key</a> or
does not contain all of the specified <var>usages</var> values,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"ext"</code> field of <var>jwk</var> is present and
has the value false and <var>extractable</var> is true,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
</dl>
</li>
<li>
@@ -9740,6 +9986,11 @@
</li>
</ol>
</dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </dd>
</dl>
</li>
<li>
@@ -9763,15 +10014,17 @@
<p>
If any of the members of
<a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a> are not present in
- <var>normalizedDerivedKeyAlgorithm</var>, terminate this algorithm with an
- error.
+ <var>normalizedDerivedKeyAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
- <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256, terminate
- this algorithm with an error.
+ <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -9871,15 +10124,18 @@
<li>
<p>
If any of the members of <a href="#aes-cfb-params">AesCfbParams</a> are not
- present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesCfbParams-iv">iv</a> property of
<var>normalizedAlgorithm</var> does not have length 16
- bytes, terminate this algorithm with an error.
+ bytes,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -9913,15 +10169,18 @@
<li>
<p>
If any of the members of <a href="#aes-cfb-params">AesCfbParams</a> are not
- present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesCfbParams-iv">iv</a> property of
<var>normalizedAlgorithm</var> does not have length 16
- bytes, terminate this algorithm with an error.
+ bytes,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -9955,23 +10214,27 @@
<li>
<p>
If any of the members of <a href="#aes-keygen-params">AesKeyGenParams</a> are
- not present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ not present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesKeyGenParams-length">length</a> property of
<var>normalizedAlgorithm</var> is not equal to one of
- 128, 192 or 256, terminate this algorithm with an error.
+ 128, 192 or 256,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> contains any entry which is not a case-sensitive string
match for one of <code>"encrypt"</code>, <code>"decrypt"</code>,
- <code>"wrapKey"</code> or <code>"unwrapKey"</code>, terminate this algorithm
- with an error.
+ <code>"wrapKey"</code> or <code>"unwrapKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -9983,7 +10246,9 @@
</li>
<li>
<p>
- If the key generation step fails, terminate this algorithm with an error.
+ If the key generation step fails,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -10045,8 +10310,9 @@
<p>
If <var>usages</var> contains an entry which is not a case-sensitive string
match for one of <code>"encrypt"</code>, <code>"decrypt"</code>,
- <code>"wrapKey"</code> or <code>"unwrapKey"</code>, terminate this algorithm
- with an error.
+ <code>"wrapKey"</code> or <code>"unwrapKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -10062,7 +10328,9 @@
<li>
<p>
If the length in bits of <var>data</var> is not 128, 192 or 256
- then terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
</ol>
@@ -10079,15 +10347,17 @@
<li>
<p>
If the <code>"kty"</code> field of <var>jwk</var> is not a
- case-sensitive string match to <code>"oct"</code>, terminate
- this algorithm with an error.
+ case-sensitive string match to <code>"oct"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If <var>jwk</var> does not meet the requirements of
- Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>, terminate this
- algorithm with an error.
+ Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -10100,25 +10370,31 @@
<dl class="switch">
<dt>If <var>data</var> has length 128 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A128CFB8"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A128CFB8"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>If <var>data</var> has length 192 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A192CFB8"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A192CFB8"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>If <var>data</var> has length 256 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A256CFB8"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A256CFB8"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
</dl>
</li>
<li>
<p>
If the <code>"use"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"enc"</code>, terminate
- this algorithm with an error.
+ not a case-sensitive string match to <code>"enc"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -10127,19 +10403,24 @@
is invalid according to the requirements of
<a href="#jwk">JSON Web Key</a> or
does not contain all of the specified <var>usages</var> values,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"ext"</code> field of <var>jwk</var> is present and
has the value false and <var>extractable</var> is true,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
</dl>
</li>
<li>
@@ -10296,15 +10577,17 @@
<p>
If any of the members of
<a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a> are not present in
- <var>normalizedDerivedKeyAlgorithm</var>, terminate this algorithm with an
- error.
+ <var>normalizedDerivedKeyAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
- <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256, terminate
- this algorithm with an error.
+ <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -10386,8 +10669,9 @@
<ol>
<li>
<p>
- If <var>plaintext</var> is not a multiple of 64 bits in length, terminate
- this algorithm with an error.
+ If <var>plaintext</var> is not a multiple of 64 bits in length,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -10418,8 +10702,9 @@
</li>
<li>
<p>
- If the Key Unwrap operation returns an error, terminate this algorithm with an
- error.
+ If the Key Unwrap operation returns an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -10442,27 +10727,33 @@
<li>
<p>
If any of the members of <a href="#aes-keygen-params">AesKeyGenParams</a> are
- not present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ not present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesKeyGenParams-length">length</a> property of
<var>normalizedAlgorithm</var> is not equal to one of
- 128, 192 or 256, terminate this algorithm with an error.
+ 128, 192 or 256,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> contains any entry which is not a case-sensitive string
- match for one of <code>"wrapKey"</code> or <code>"unwrapKey"</code>, terminate
- this algorithm with an error.
- </p>
- </li>
- <li>
- <p>
- If the key generation step fails, terminate this algorithm with an error.
+ match for one of <code>"wrapKey"</code> or <code>"unwrapKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the key generation step fails,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -10524,7 +10815,9 @@
<p>
If <var>usages</var> contains an entry which is not a case-sensitive string
match for one of <code>"wrapKey"</code> or <code>"unwrapKey"</code>,
- terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -10540,7 +10833,9 @@
<li>
<p>
If the length in bits of <var>data</var> is not 128, 192 or 256
- then terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
</ol>
@@ -10557,15 +10852,17 @@
<li>
<p>
If the <code>"kty"</code> field of <var>jwk</var> is not a
- case-sensitive string match to <code>"oct"</code>, terminate
- this algorithm with an error.
+ case-sensitive string match to <code>"oct"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If <var>jwk</var> does not meet the requirements of
- Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>, terminate this
- algorithm with an error.
+ Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -10578,25 +10875,32 @@
<dl class="switch">
<dt>If <var>data</var> has length 128 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A128KW"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A128KW"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>If <var>data</var> has length 192 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A192KW"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A192KW"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>If <var>data</var> has length 256 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A256KW"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A256KW"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </dd>
</dl>
</li>
<li>
<p>
If the <code>"use"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"enc"</code>, terminate
- this algorithm with an error.
+ not a case-sensitive string match to <code>"enc"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -10605,19 +10909,23 @@
is invalid according to the requirements of
<a href="#jwk">JSON Web Key</a> or
does not contain all of the specified <var>usages</var> values,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"ext"</code> field of <var>jwk</var> is present and
has the value false and <var>extractable</var> is true,
- terminate this algorithm with an error.
- </p>
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>. </p>
</li>
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
</dl>
</li>
<li>
@@ -10769,15 +11077,17 @@
<p>
If any of the members of
<a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a> are not present in
- <var>normalizedDerivedKeyAlgorithm</var>, terminate this algorithm with an
- error.
+ <var>normalizedDerivedKeyAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
- <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256, terminate
- this algorithm with an error.
+ <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -10951,8 +11261,9 @@
<li>
<p>
If the <a href="#dfn-HmacKeyGenParams-hash">hash</a> property is
- not present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ not present in <var>normalizedAlgorithm</var>, then
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -10976,14 +11287,18 @@
property of <var>normalizedAlgorithm</var>.
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </dd>
</dl>
</li>
<li>
<p>
If <var>usages</var> contains any entry which is not a case-sensitive string
- match for <code>"sign"</code> or <code>"verify"</code>, terminate this
- algorithm with an error.
+ match for <code>"sign"</code> or <code>"verify"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -10993,7 +11308,9 @@
</li>
<li>
<p>
- If the key generation step fails, terminate this algorithm with an error.
+ If the key generation step fails,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -11066,8 +11383,9 @@
<li>
<p>
If <var>usages</var> contains an entry which is not a case-sensitive string
- match for <code>"sign"</code> or <code>"verify"</code>, terminate this
- algorithm with an error.
+ match for <code>"sign"</code> or <code>"verify"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -11088,7 +11406,9 @@
<li>
<p>
If the length in bits of <var>data</var> is zero
- then terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -11105,7 +11425,10 @@
property of <var>normalizedAlgorithm</var>.
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </dd>
</dl>
</li>
</ol>
@@ -11122,15 +11445,17 @@
<li>
<p>
If the <code>"kty"</code> field of <var>jwk</var> is not a
- case-sensitive string match to <code>"oct"</code>, terminate
- this algorithm with an error.
+ case-sensitive string match to <code>"oct"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If <var>jwk</var> does not meet the requirements of
- Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>, terminate this
- algorithm with an error.
+ Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -11166,7 +11491,8 @@
<dd>
If the <code>"alg"</code> field of <var>jwk</var> is present
and is not a case-sensitive string match to <code>"HS1"</code>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</dd>
<dt>
If the <a href="#dfn-KeyAlgorithm-name">name</a> property of
@@ -11176,7 +11502,9 @@
<dd>
If the <code>"alg"</code> field of <var>jwk</var> is present
and is not a case-sensitive string match to <code>"HS224"</code>,
- terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</dd>
<dt>
If the <a href="#dfn-KeyAlgorithm-name">name</a> property of
@@ -11186,7 +11514,9 @@
<dd>
If the <code>"alg"</code> field of <var>jwk</var> is present
and is not a case-sensitive string match to <code>"HS256"</code>,
- terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</dd>
<dt>
If the <a href="#dfn-KeyAlgorithm-name">name</a> property of
@@ -11196,7 +11526,9 @@
<dd>
If the <code>"alg"</code> field of <var>jwk</var> is present
and is not a case-sensitive string match to <code>"HS384"</code>,
- terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</dd>
<dt>
If the <a href="#dfn-KeyAlgorithm-name">name</a> property of
@@ -11206,10 +11538,15 @@
<dd>
If the <code>"alg"</code> field of <var>jwk</var> is present
and is not a case-sensitive string match to <code>"HS512"</code>,
- terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </dd>
</dl>
</li>
</ol>
@@ -11220,7 +11557,9 @@
<li>
<p>
If the <code>alg</code> field of <var>jwk</var> is not present,
- terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -11266,7 +11605,10 @@
<var>hash</var> to <code>"SHA-512"</code>.
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorthm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </dd>
</dl>
</li>
</ol>
@@ -11276,8 +11618,9 @@
<li>
<p>
If the <code>"use"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"sign"</code>, terminate
- this algorithm with an error.
+ not a case-sensitive string match to <code>"sign"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -11286,19 +11629,26 @@
is invalid according to the requirements of
<a href="#jwk">JSON Web Key</a> or
does not contain all of the specified <var>usages</var> values,
- terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"ext"</code> field of <var>jwk</var> is present and
has the value false and <var>extractable</var> is true,
- terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
</dl>
</li>
<li>
@@ -11471,8 +11821,9 @@
<li>
<p>
If the <a href="#dfn-HmacImportParams-hash">hash</a> property is
- not present in <var>normalizedDerivedKeyAlgorithm</var>, terminate
- this algorithm with an error.
+ not present in <var>normalizedDerivedKeyAlgorithm</var>, then
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -11496,7 +11847,10 @@
property of <var>normalizedDerivedKeyAlgorithm</var>.
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </dd>
</dl>
</li>
<li>
@@ -11617,14 +11971,17 @@
<p>
If any of the members of <a href="#dfn-DhKeyGenParams">DhKeyGenParams</a> are
not present in <var>normalizedAlgorithm</var>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> contains a value which is not a case-sensitive string match
for one of <code>"deriveKey"</code> or <code>"deriveBits"</code>,
- terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -11639,8 +11996,9 @@
</li>
<li>
<p>
- If performing the operation results in an error, terminate this algorithm
- with an error.
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -11763,8 +12121,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var>
- is not a case-sensitive string match for <code>"private"</code>, terminate this
- algorithm with an error.
+ is not a case-sensitive string match for <code>"private"</code>, then
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -11778,8 +12137,9 @@
<p>
If any of the members of <a
href="#dfn-DhKeyDeriveParams">DhKeyDeriveParams</a> are not present in
- <var>normalizedAlgorithm</var>, terminate this
- algorithm with an error.
+ <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -11794,14 +12154,18 @@
If the <a href="#dfn-KeyAlgorithm-name">name</a> property of the
<a href="#dfn-Key-algorithm">algorithm</a> property of <var>publicKey</var> is
not a case-sensitive string match for
- <code>"DH"</code>, terminate this algorithm with an error.
+ <code>"DH"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>publicKey</var>
is not a case-sensitive string match for
- <code>"public"</code>, terminate this algorithm with an error.
+ <code>"public"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -11810,7 +12174,9 @@
<a href="#dfn-Key-algorithm">algorithm</a> property of <var>publicKey</var>
is not equal to the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> property of the
<a href="#dfn-Key-algorithm">algorithm</a> property of <var>key</var>,
- terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -11820,7 +12186,9 @@
is not equal to the <a href="#dfn-DhKeyAlgorithm-generator">generator</a>
property of the
<a href="#dfn-Key-algorithm">algorithm</a> property of <var>key</var>,
- terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -11833,7 +12201,10 @@
<var>normalizedAlgorithm</var> as the other's public value <var>PV'</var>.
<dl class="switch">
<dt>If performing the operation results in an error:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
+ </dd>
<dt>Otherwise:</dt>
<dd>
Let <var>secret</var> be the output of the DH Phase II, <var>SK</var>.
@@ -11848,7 +12219,10 @@
If the length of <var>secret</var> in bits is less than
<var>length</var>:
</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </dd>
<dt>Otherwise:</dt>
<dd>Return the first <var>length</var> bits of <var>secret</var>.</dd>
</dl>
@@ -11880,13 +12254,16 @@
<p>
If any of the members of <a
href="#dfn-DhImportKeyParams">DhImportKeyParams</a> are not present in
- <var>normalizedAlgorithm</var>, terminate this algorithm with an error.
+ <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
- If <var>extractable</var> is false, terminate this algorithm with an
- error.
+ If <var>extractable</var> is false,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -11979,7 +12356,9 @@
</li>
<li>
<p>
- If an error occured while parsing, terminate this algorithm with an error.
+ If an error occured while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -11987,14 +12366,17 @@
If the <code>algorithm</code> object identifier field of the
<code>algorithm</code> AlgorithmIdentifier field of <var>spki</var> is not
equivalent to the <code>dhKeyAgreement</code> OID defined in Section 9
- of [<a href="#PKCS3">PKCS #3</a>], terminate this algorithm with an error.
+ of [<a href="#PKCS3">PKCS #3</a>],
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>parameters</code> field of the <code>algorithm</code>
- AlgorithmIdentifier field of <var>spki</var> is absent, terminate
- the algorithm with an error.
+ AlgorithmIdentifier field of <var>spki</var> is absent,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -12007,7 +12389,9 @@
<p>
If <var>params</var> is not an instance of the <code>DHParameter</code>
ASN.1 type defined in Section 9 of <a href="#PKCS3">PKCS #3</a>,
- terminate the algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -12088,7 +12472,9 @@
<p>
If <var>usages</var> contains a value which is not a case-sensitive string
match for one of <code>"deriveKey"</code> or <code>"deriveBits"</code>,
- terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -12100,7 +12486,9 @@
</li>
<li>
<p>
- If an error occurred while parsing, terminate this algorithm with an error.
+ If an error occurred while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -12109,15 +12497,18 @@
<code>algorithm</code> AlgorithmIdentifier field of
<var>privateKeyInfo</var> is not
equivalent to the <code>dhKeyAgreement</code> OID defined in Section 9
- of [<a href="#PKCS3">PKCS #3</a>], terminate this algorithm with an error.
+ of [<a href="#PKCS3">PKCS #3</a>],
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>parameters</code> field of the
<code>privateKeyAlgorithm</code> PrivateKeyAlgorithmIdentifier field of
- <var>privateKeyInfo</var> is absent, terminate the algorithm with an
- error.
+ <var>privateKeyInfo</var> is absent,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -12131,7 +12522,9 @@
<p>
If <var>params</var> is not an instance of the <code>DHParameter</code>
ASN.1 type defined in Section 9 of <a href="#PKCS3">PKCS #3</a>,
- terminate the algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -12202,7 +12595,10 @@
</ol>
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
</dl>
</dd>
<dt>Export Key</dt>
@@ -12243,7 +12639,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var> is
- not <code>"public"</code>, terminate this algorithm with an error.
+ not <code>"public"</code>, then
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -12316,8 +12714,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var> is
- not <code>"private"</code>, terminate this algorithm with an
- error.
+ not <code>"private"</code>, then
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -12383,7 +12782,10 @@
</ol>
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
</dl>
</li>
<li>
@@ -12608,8 +13010,9 @@
<a href="#dfn-ConcatParams-algorithmId">algorithmId</a>,
<a href="#dfn-ConcatParams-partyUInfo">partyUInfo</a> or
<a href="#dfn-ConcatParams-partyVInfo">partyVInfo</a> properties are not
- present in <var>normalizedAlgorithm</var>, terminate this algorithm with an
- error.
+ present in <var>normalizedAlgorithm</var>, then
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -12636,7 +13039,9 @@
</li>
<li>
<p>
- If the operation fails, terminate this algorithm with an error.
+ If the operation fails,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -12658,7 +13063,9 @@
<p>
If <var>usages</var> contains a value that is not a case-sensitive string
match for <code>"deriveKey"</code> or <code>"deriveBits"</code>,
- terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -12713,7 +13120,10 @@
</ol>
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
</dl>
</dd>
<dt>Get length</dt>
@@ -12807,7 +13217,9 @@
<ol>
<li>
<p>
- If <var>length</var> is null, terminate this algorithm with an error.
+ If <var>length</var> is null,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -12820,16 +13232,18 @@
<li>
<p>
If any of the members of <a href="#dfn-HkdfCtrParams">HkdfCtrParams</a> are
- not present in <var>normalizedAlgorithm</var>, terminate this algorithm
- with an error.
+ not present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-HkdfCtrParams-hash">hash</a> property of
<var>normalizedAlgorithm</var> does not describe a <a href="#algorithms">
- recognised algorithm</a> that supports the digest operation, terminate
- this algorithm with an error.
+ recognised algorithm</a> that supports the digest operation, then
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
</p>
</li>
<li>
@@ -12905,8 +13319,9 @@
</li>
<li>
<p>
- If the key derivation operation terminates with an error, terminate this
- algorithm with an error.
+ If the key derivation operation fails,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -12928,7 +13343,9 @@
<p>
If <var>usages</var> contains a value that is not a case-sensitive string
match for <code>"deriveKey"</code> or <code>"deriveBits"</code>,
- terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -12983,7 +13400,10 @@
</ol>
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
</dl>
</dd>
<dt>Get length</dt>
@@ -13084,22 +13504,25 @@
<li>
<p>
If any of the members of <a href="#dfn-Pbkdf2Params">Pbkdf2Params</a> are
- not present in <var>normalizedAlgorithm</var>, terminate this algorithm with
- an error.
- </p>
- </li>
- <li>
- <p>
- If <var>length</var> is null or is not a multiple of 8, terminate this
- algorithm with an error.
+ not present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>length</var> is null or is not a multiple of 8,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-Pbkdf2Params-hash">hash</a> property of
<var>normalizedAlgorithm</var> does not describe a <a href="#algorithms">
- recognised algorithm</a> that supports the digest operation, terminate
- this algorithm with an error.
+ recognised algorithm</a> that supports the digest operation, then
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
</p>
</li>
<li>
@@ -13125,8 +13548,9 @@
</li>
<li>
<p>
- If the key derivation operation encounters an error, terminate this algorithm
- with an error.
+ If the key derivation operation fails,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -13142,12 +13566,16 @@
<li>
<p>
If <var>usages</var> contains any element that is not a case-sensitive string
- match for <code>"deriveKey"</code>, terminate this algorithm with an error.
- </p>
- </li>
- <li>
- <p>
- If <var>extractable</var> is true, terminate this algorithm with an error.
+ match for <code>"deriveKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>extractable</var> is true,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -13211,13 +13639,17 @@
<li>
<p>
If <var>format</var> is not a case-sensitive string match for
- <code>"raw"</code>, terminate this algorithm with an error.
+ <code>"raw"</code>,
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
</p>
</li>
<li>
<p>
If <var>usages</var> contains any element that is not a case-sensitive string
- match for <code>"deriveKey"</code>, terminate this algorithm with an error.
+ match for <code>"deriveKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -13323,7 +13755,8 @@
<li>
<p>
If <var>mappedAlgorithm</var> contains any non-ASCII characters,
- throw a <code>SyntaxError</code> and return from this algorithm.
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -13341,7 +13774,8 @@
</li>
<li>
<p>
- Otherwise, terminate this algorithm with an error.
+ Otherwise, <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
</ol>
--- a/spec/Overview.html Wed Mar 05 21:41:08 2014 -0800
+++ b/spec/Overview.html Thu Mar 06 16:26:41 2014 -0800
@@ -28,7 +28,7 @@
<link rel="stylesheet" href="//www.w3.org/StyleSheets/TR/W3C-ED" type="text/css" /></head>
<body>
- <div class="head"><div><a href="http://www.w3.org/"><img src="//www.w3.org/Icons/w3c_home" width="72" height="48" alt="W3C" /></a></div><h1>Web Cryptography API</h1><h2>W3C Editor’s Draft <em>5 March 2014</em></h2><dl><dt>Latest Editor’s Draft:</dt><dd><a href="http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html">http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html</a></dd><dt>Latest Published Version:</dt><dd><a href="http://www.w3.org/TR/WebCryptoAPI/">http://www.w3.org/TR/WebCryptoAPI/</a></dd><dt>Previous Version(s):</dt><dd><a href="https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html">https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html</a></dd><dt>Editors:</dt><dd><a href="http://www.google.com/">Ryan Sleevi</a>, Google, Inc. <sleevi@google.com></dd><dd><a href="http://www.netflix.com/">Mark Watson</a>, Netflix <watsonm@netflix.com></dd><dt>Participate:</dt><dd><p>Send feedback to <a href="mailto:public-webcrypto@w3.org?subject=%5BWebCryptoAPI%5D">public-webcrypto@w3.org</a> (<a href="http://lists.w3.org/Archives/Public/public-webcrypto/">archives</a>), or <a href="https://www.w3.org/Bugs/Public/enter_bug.cgi?product=Web%20Cryptography&component=Web%20Cryptography%20API%20Document">file a bug</a>
+ <div class="head"><div><a href="http://www.w3.org/"><img src="//www.w3.org/Icons/w3c_home" width="72" height="48" alt="W3C" /></a></div><h1>Web Cryptography API</h1><h2>W3C Editor’s Draft <em>6 March 2014</em></h2><dl><dt>Latest Editor’s Draft:</dt><dd><a href="http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html">http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html</a></dd><dt>Latest Published Version:</dt><dd><a href="http://www.w3.org/TR/WebCryptoAPI/">http://www.w3.org/TR/WebCryptoAPI/</a></dd><dt>Previous Version(s):</dt><dd><a href="https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html">https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html</a></dd><dt>Editors:</dt><dd><a href="http://www.google.com/">Ryan Sleevi</a>, Google, Inc. <sleevi@google.com></dd><dd><a href="http://www.netflix.com/">Mark Watson</a>, Netflix <watsonm@netflix.com></dd><dt>Participate:</dt><dd><p>Send feedback to <a href="mailto:public-webcrypto@w3.org?subject=%5BWebCryptoAPI%5D">public-webcrypto@w3.org</a> (<a href="http://lists.w3.org/Archives/Public/public-webcrypto/">archives</a>), or <a href="https://www.w3.org/Bugs/Public/enter_bug.cgi?product=Web%20Cryptography&component=Web%20Cryptography%20API%20Document">file a bug</a>
(see <a href="https://www.w3.org/Bugs/Public/buglist.cgi?product=Web%20Cryptography&component=Web%20Cryptography%20API%20Document&resolution=---">existing bugs</a>).</p></dd></dl><p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> © view <a href="http://www.w3.org/"><abbr title="World Wide Web Consortium">W3C</abbr></a><sup>®</sup> (<a href="http://www.csail.mit.edu/"><abbr title="Massachusetts Institute of Technology">MIT</abbr></a>, <a href="http://www.ercim.org/"><abbr title="European Research Consortium for Informatics and Mathematics">ERCIM</abbr></a>, <a href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. W3C <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply.</p></div><hr />
<div class="section">
@@ -44,7 +44,7 @@
communications.
</p>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div><p>There are 31 further editorial notes in the document.</p></div>
+ <div class="ednote"><div class="ednoteHeader">Editorial note</div><p>There are 18 further editorial notes in the document.</p></div>
</div>
<div class="section">
@@ -56,7 +56,7 @@
report can be found in the <a href="http://www.w3.org/TR/">W3C technical
reports index</a> at http://www.w3.org/TR/.
</em></p><p>
- This document is the 5 March 2014 <b>Editor’s Draft</b> of the
+ This document is the 6 March 2014 <b>Editor’s Draft</b> of the
<cite>Web Cryptography API</cite> specification.
Please send comments about this document to
@@ -134,7 +134,7 @@
<div id="toc">
<h2>Table of Contents</h2>
- <div class="toc"><ul><li><a href="#introduction">1. Introduction</a></li><li><a href="#use-cases">2. Use Cases</a><ul><li><a href="#multifactor-authentication">2.1. Multi-factor Authentication</a></li><li><a href="#protected-document">2.2. Protected Document Exchange</a></li><li><a href="#cloud-storage">2.3. Cloud Storage</a></li><li><a href="#document-signing">2.4. Document Signing</a></li><li><a href="#data-integrity-protection">2.5. Data Integrity Protection</a></li><li><a href="#secure-messaging">2.6. Secure Messaging</a></li><li><a href="#jose">2.7. Javascript Object Signing and Encryption (JOSE)</a></li></ul></li><li><a href="#conformance">3. Conformance</a></li><li><a href="#scope">4. Scope</a><ul><li><a href="#scope-abstraction">4.1. Level of abstraction</a></li><li><a href="#scope-algorithms">4.2. Cryptographic algorithms</a></li><li><a href="#scope-operations">4.3. Operations</a></li><li><a href="#scope-out-of-scope">4.4. Out of scope</a></li></ul></li><li><a href="#security">5. Security considerations</a><ul><li><a href="#security-implementers">5.1. Security considerations for implementers</a></li><li><a href="#security-developers">5.2. Security considerations for authors</a></li></ul></li><li><a href="#privacy">6. Privacy considerations</a></li><li><a href="#dependencies">7. Dependencies</a></li><li><a href="#terminology">8. Terminology</a></li><li><a href="#RandomSource-interface">9. RandomSource interface</a><ul><li><a href="#RandomSource-description">9.1. Description</a></li><li><a href="#RandomSource-interface-methods">9.2. Methods and Parameters</a><ul><li><a href="#RandomSource-method-getRandomValues">9.2.1. The getRandomValues method</a></li></ul></li></ul></li><li><a href="#algorithm-dictionary">10. Algorithm dictionary</a><ul><li><a href="#algorithm-dictionary-members">10.1. Algorithm Dictionary Members</a></li></ul></li><li><a href="#key-algorithm-interface">11. KeyAlgorithm interface</a><ul><li><a href="#key-algorithm-interface-description">11.1. Description</a></li><li><a href="#key-algorithm-interface-members">11.2. KeyAlgorithm interface members</a></li></ul></li><li><a href="#key-interface">12. Key interface</a><ul><li><a href="#key-interface-description">12.1. Description</a></li><li><a href="#key-interface-types">12.2. Key interface data types</a></li><li><a href="#key-interface-members">12.3. Key interface members</a></li><li><a href="#key-interface-clone">12.4. Structured clone algorithm</a></li></ul></li><li><a href="#crypto-interface">13. Crypto interface</a></li><li><a href="#subtlecrypto-interface">14. SubtleCrypto interface</a><ul><li><a href="#subtlecrypto-interface-description">14.1. Description</a></li><li><a href="#subtlecrypto-interface-datatypes">14.2. Data Types</a></li><li><a href="#subtlecrypto-interface-methods">14.3. Methods and Parameters</a><ul><li><a href="#SubtleCrypto-method-encrypt">14.3.1. The encrypt method</a></li><li><a href="#SubtleCrypto-method-decrypt">14.3.2. The decrypt method</a></li><li><a href="#SubtleCrypto-method-sign">14.3.3. The sign method</a></li><li><a href="#SubtleCrypto-method-verify">14.3.4. The verify method</a></li><li><a href="#SubtleCrypto-method-digest">14.3.5. The digest method</a></li><li><a href="#SubtleCrypto-method-generateKey">14.3.6. The generateKey method</a></li><li><a href="#SubtleCrypto-method-deriveKey">14.3.7. The deriveKey method</a></li><li><a href="#SubtleCrypto-method-deriveBits">14.3.8. The deriveBits method</a></li><li><a href="#SubtleCrypto-method-importKey">14.3.9. The importKey method</a></li><li><a href="#SubtleCrypto-method-exportKey">14.3.10. The exportKey method</a></li><li><a href="#SubtleCrypto-method-wrapKey">14.3.11. The wrapKey method</a></li><li><a href="#SubtleCrypto-method-unwrapKey">14.3.12. The unwrapKey method</a></li></ul></li></ul></li><li><a href="#WorkerCrypto-interface">15. WorkerCrypto interface</a><ul><li><a href="#WorkerCrypto-description">15.1. Description</a></li></ul></li><li><a href="#big-integer">16. BigInteger</a></li><li><a href="#keypair">17. KeyPair</a></li><li><a href="#algorithms">18. Algorithms</a><ul><li><a href="#algorithms-index">18.1. Registered algorithms</a></li><li><a href="#recommended-algorithms">18.2. Recommended algorithms</a></li><li><a href="#defining-an-algorithm">18.3. Defining an algorithm</a><ul><li><a href="#recognized-algorithm-name">18.3.1. Recognized algorithm name</a></li><li><a href="#supported-operations">18.3.2. Supported operations</a></li><li><a href="#algorithm-specific-params">18.3.3. Algorithm-specific parameters</a></li><li><a href="#algorithm-result">18.3.4. Algorithm results</a></li><li><a href="#algorithm-alias">18.3.5. Algorithm aliases</a></li></ul></li><li><a href="#rsaes-pkcs1">18.4. RSAES-PKCS1-v1_5</a><ul><li><a href="#rsaes-pkcs1-description">18.4.1. Description</a></li><li><a href="#rsaes-pkcs1-registration">18.4.2. Registration</a></li><li><a href="#RsaKeyGenParams-dictionary">18.4.3. RsaKeyGenParams dictionary</a></li><li><a href="#RsaKeyAlgorithm-interface">18.4.4. RsaKeyAlgorithm interface</a></li><li><a href="#rsaes-pkcs1-operations">18.4.5. Operations</a></li></ul></li><li><a href="#rsassa-pkcs1">18.5. RSASSA-PKCS1-v1_5</a><ul><li><a href="#rsassa-pkcs1-description">18.5.1. Description</a></li><li><a href="#rsassa-pkcs1-registration">18.5.2. Registration</a></li><li><a href="#RsaHashedKeyGenParams-dictionary">18.5.3. RsaHashedKeyGenParams dictionary</a></li><li><a href="#RsaHashedKeyAlgorithm-interface">18.5.4. RsaHashedKeyAlgorithm interface</a></li><li><a href="#RsaHashedImportParams-dictionary">18.5.5. RsaHashedImportParams dictionary</a></li><li><a href="#rsassa-pkcs1-operations">18.5.6. Operations</a></li></ul></li><li><a href="#rsa-pss">18.6. RSA-PSS</a><ul><li><a href="#rsa-pss-description">18.6.1. Description</a></li><li><a href="#rsa-pss-registration">18.6.2. Registration</a></li><li><a href="#RsaPssParams-dictionary">18.6.3. RsaPssParams dictionary</a></li><li><a href="#rsa-pss-operations">18.6.4. Operations</a></li></ul></li><li><a href="#rsa-oaep">18.7. RSA-OAEP</a><ul><li><a href="#rsa-oaep-description">18.7.1. Description</a></li><li><a href="#rsa-oaep-registration">18.7.2. Registration</a></li><li><a href="#rsa-oaep-params">18.7.3. RsaOaepParams dictionary</a></li><li><a href="#rsa-oaep-operations">18.7.4. Operations</a></li></ul></li><li><a href="#ecdsa">18.8. ECDSA</a><ul><li><a href="#ecdsa-description">18.8.1. Description</a></li><li><a href="#ecdsa-registration">18.8.2. Registration</a></li><li><a href="#EcdsaParams-dictionary">18.8.3. EcdsaParams dictionary</a></li><li><a href="#EcKeyGenParams-dictionary">18.8.4. EcKeyGenParams dictionary</a></li><li><a href="#EcKeyAlgorithm-interface">18.8.5. EcKeyAlgorithm interface</a></li><li><a href="#EcKeyImportParams-dictionary">18.8.6. EcKeyImportParams dictionary</a></li><li><a href="#ecdsa-operations">18.8.7. Operations</a></li></ul></li><li><a href="#ecdh">18.9. ECDH</a><ul><li><a href="#ecdh-description">18.9.1. Description</a></li><li><a href="#ecdh-registration">18.9.2. Registration</a></li><li><a href="#dh-EcdhKeyDeriveParams">18.9.3. EcdhKeyDeriveParams dictionary</a></li><li><a href="#ecdh-operations">18.9.4. Operations</a></li></ul></li><li><a href="#aes-ctr">18.10. AES-CTR</a><ul><li><a href="#aes-ctr-description">18.10.1. Description</a></li><li><a href="#aes-ctr-registration">18.10.2. Registration</a></li><li><a href="#aes-ctr-params">18.10.3. AesCtrParams dictionary</a></li><li><a href="#AesKeyAlgorithm-interface">18.10.4. </a></li><li><a href="#aes-keygen-params">18.10.5. AesKeyGenParams dictionary</a></li><li><a href="#aes-derivedkey-params">18.10.6. AesDerivedKeyParams dictionary</a></li><li><a href="#aes-ctr-operations">18.10.7. Operations</a></li></ul></li><li><a href="#aes-cbc">18.11. AES-CBC</a><ul><li><a href="#aes-cbc-description">18.11.1. Description</a></li><li><a href="#aes-cbc-registration">18.11.2. Registration</a></li><li><a href="#aes-cbc-params">18.11.3. AesCbcParams dictionary</a></li><li><a href="#aes-cbc-operations">18.11.4. Operations</a></li></ul></li><li><a href="#aes-cmac">18.12. AES-CMAC</a><ul><li><a href="#aes-cmac-description">18.12.1. Description</a></li><li><a href="#aes-cmac-registration">18.12.2. Registration</a></li><li><a href="#aes-keygen-params">18.12.3. AesCmacParams dictionary</a></li><li><a href="#aes-cmac-operations">18.12.4. Operations</a></li></ul></li><li><a href="#aes-gcm">18.13. AES-GCM</a><ul><li><a href="#aes-gcm-description">18.13.1. Description</a></li><li><a href="#aes-gcm-registration">18.13.2. Registration</a></li><li><a href="#aes-gcm-params">18.13.3. AesGcmParams dictionary</a></li><li><a href="#aes-gcm-operations">18.13.4. Operations</a></li></ul></li><li><a href="#aes-cfb">18.14. AES-CFB</a><ul><li><a href="#aes-cfb-description">18.14.1. Description</a></li><li><a href="#aes-cfb-registration">18.14.2. Registration</a></li><li><a href="#aes-cfb-params">18.14.3. AesCfbParams dictionary</a></li><li><a href="#aes-cfb-operations">18.14.4. Operations</a></li></ul></li><li><a href="#aes-kw">18.15. AES-KW</a><ul><li><a href="#aes-kw-description">18.15.1. Description</a></li><li><a href="#aes-kw-registration">18.15.2. Registration</a></li><li><a href="#aes-kw-operations">18.15.3. Operations</a></li></ul></li><li><a href="#hmac">18.16. HMAC</a><ul><li><a href="#hmac-description">18.16.1. Description</a></li><li><a href="#hmac-registration">18.16.2. Registration</a></li><li><a href="#hmac-importparams">18.16.3. HmacImportParams dictionary</a></li><li><a href="#hmac-keyalgorithm">18.16.4. HmacKeyAlgorithm interface</a></li><li><a href="#hmac-keygen-params">18.16.5. HmacKeyGenParams dictionary</a></li><li><a href="#hmac-derivedkey-params">18.16.6. HmacDerivedKeyParams dictionary</a></li><li><a href="#hmac-operations">18.16.7. Operations</a></li></ul></li><li><a href="#dh">18.17. Diffie-Hellman</a><ul><li><a href="#dh-description">18.17.1. Description</a></li><li><a href="#dh-registration">18.17.2. Registration</a></li><li><a href="#dh-DhKeyGenParams">18.17.3. DhKeyGenParams dictionary</a></li><li><a href="#dh-DhKeyAlgorithm">18.17.4. DhKeyAlgorithm interface</a></li><li><a href="#dh-DhKeyDeriveParams">18.17.5. DhKeyDeriveParams dictionary</a></li><li><a href="#dh-DhImportKeyParams">18.17.6. DhImportKeyParams dictionary</a></li><li><a href="#dh-operations">18.17.7. Operations</a></li></ul></li><li><a href="#sha">18.18. SHA</a><ul><li><a href="#sha-description">18.18.1. Description</a></li><li><a href="#sha-registration">18.18.2. Registration</a></li><li><a href="#sha-operations">18.18.3. Operations</a></li></ul></li><li><a href="#concatkdf">18.19. Concat KDF</a><ul><li><a href="#concatkdf-description">18.19.1. Description</a></li><li><a href="#concatkdf-registration">18.19.2. Registration</a></li><li><a href="#concat-params">18.19.3. ConcatParams dictionary</a></li><li><a href="#concat-operations">18.19.4. Operations</a></li></ul></li><li><a href="#hkdf-ctr">18.20. HKDF-CTR</a><ul><li><a href="#hkdf-ctr-description">18.20.1. Description</a></li><li><a href="#hkdf-ctr-registration">18.20.2. Registration</a></li><li><a href="#hkdf-ctr-params">18.20.3. HkdfCtrParams dictionary</a></li><li><a href="#hkdf2-ctr-operations">18.20.4. Operations</a></li></ul></li><li><a href="#pbkdf2">18.21. PBKDF2</a><ul><li><a href="#pbkdf2-description">18.21.1. Description</a></li><li><a href="#pbkdf2-registration">18.21.2. Registration</a></li><li><a href="#pbkdf2-params">18.21.3. Pbkdf2Params dictionary</a></li><li><a href="#pbkdf2-operations">18.21.4. Operations</a></li></ul></li></ul></li><li><a href="#algorithm-normalizing-rules">19. Algorithm normalizing rules</a></li><li><a href="#examples-section">20. JavaScript Example Code</a><ul><li><a href="#examples-signing">20.1. Generate a signing key pair, sign some data</a></li><li><a href="#examples-symmetric-encryption">20.2. Symmetric Encryption</a></li></ul></li><li><a href="#iana-section">21. IANA Considerations</a><ul><li><a href="#iana-section-jws-jwa">21.1. JSON Web Signature and Encryption Algorithms Registration</a></li><li><a href="#iana-section-jwk">21.2. JSON Web Key Parameters Registry</a></li></ul></li><li><a href="#acknowledgements-section">22. Acknowledgements</a></li><li><a href="#references">23. References</a><ul><li><a href="#normative-references">23.1. Normative References</a></li><li><a href="#informative-references">23.2. Informative References</a></li></ul></li></ul><ul><li><a href="#jwk-mapping">A. Mapping between JSON Web Key / JSON Web Algorithm</a><ul><li><a href="#jwk-mapping-alg">A.1. Algorithm mappings</a></li><li><a href="#jwk-mapping-usage">A.2. Usage mapping</a></li></ul></li><li><a href="#spki-mapping">B. Mapping between Algorithm and SubjectPublicKeyInfo</a></li><li><a href="#pkcs8-mapping">C. Mapping between Algorithm and PKCS#8 PrivateKeyInfo</a></li></ul></div>
+ <div class="toc"><ul><li><a href="#introduction">1. Introduction</a></li><li><a href="#use-cases">2. Use Cases</a><ul><li><a href="#multifactor-authentication">2.1. Multi-factor Authentication</a></li><li><a href="#protected-document">2.2. Protected Document Exchange</a></li><li><a href="#cloud-storage">2.3. Cloud Storage</a></li><li><a href="#document-signing">2.4. Document Signing</a></li><li><a href="#data-integrity-protection">2.5. Data Integrity Protection</a></li><li><a href="#secure-messaging">2.6. Secure Messaging</a></li><li><a href="#jose">2.7. Javascript Object Signing and Encryption (JOSE)</a></li></ul></li><li><a href="#conformance">3. Conformance</a></li><li><a href="#scope">4. Scope</a><ul><li><a href="#scope-abstraction">4.1. Level of abstraction</a></li><li><a href="#scope-algorithms">4.2. Cryptographic algorithms</a></li><li><a href="#scope-operations">4.3. Operations</a></li><li><a href="#scope-out-of-scope">4.4. Out of scope</a></li></ul></li><li><a href="#security">5. Security considerations</a><ul><li><a href="#security-implementers">5.1. Security considerations for implementers</a></li><li><a href="#security-developers">5.2. Security considerations for authors</a></li></ul></li><li><a href="#privacy">6. Privacy considerations</a></li><li><a href="#dependencies">7. Dependencies</a></li><li><a href="#terminology">8. Terminology</a></li><li><a href="#RandomSource-interface">9. RandomSource interface</a><ul><li><a href="#RandomSource-description">9.1. Description</a></li><li><a href="#RandomSource-interface-methods">9.2. Methods and Parameters</a><ul><li><a href="#RandomSource-method-getRandomValues">9.2.1. The getRandomValues method</a></li></ul></li></ul></li><li><a href="#algorithm-dictionary">10. Algorithm dictionary</a><ul><li><a href="#algorithm-dictionary-members">10.1. Algorithm Dictionary Members</a></li></ul></li><li><a href="#key-algorithm-interface">11. KeyAlgorithm interface</a><ul><li><a href="#key-algorithm-interface-description">11.1. Description</a></li><li><a href="#key-algorithm-interface-members">11.2. KeyAlgorithm interface members</a></li></ul></li><li><a href="#key-interface">12. Key interface</a><ul><li><a href="#key-interface-description">12.1. Description</a></li><li><a href="#key-interface-types">12.2. Key interface data types</a></li><li><a href="#key-interface-members">12.3. Key interface members</a></li><li><a href="#key-interface-clone">12.4. Structured clone algorithm</a></li></ul></li><li><a href="#crypto-interface">13. Crypto interface</a></li><li><a href="#subtlecrypto-interface">14. SubtleCrypto interface</a><ul><li><a href="#subtlecrypto-interface-description">14.1. Description</a></li><li><a href="#subtlecrypto-interface-datatypes">14.2. Data Types</a></li><li><a href="#subtlecrypto-interface-methods">14.3. Methods and Parameters</a><ul><li><a href="#SubtleCrypto-method-encrypt">14.3.1. The encrypt method</a></li><li><a href="#SubtleCrypto-method-decrypt">14.3.2. The decrypt method</a></li><li><a href="#SubtleCrypto-method-sign">14.3.3. The sign method</a></li><li><a href="#SubtleCrypto-method-verify">14.3.4. The verify method</a></li><li><a href="#SubtleCrypto-method-digest">14.3.5. The digest method</a></li><li><a href="#SubtleCrypto-method-generateKey">14.3.6. The generateKey method</a></li><li><a href="#SubtleCrypto-method-deriveKey">14.3.7. The deriveKey method</a></li><li><a href="#SubtleCrypto-method-deriveBits">14.3.8. The deriveBits method</a></li><li><a href="#SubtleCrypto-method-importKey">14.3.9. The importKey method</a></li><li><a href="#SubtleCrypto-method-exportKey">14.3.10. The exportKey method</a></li><li><a href="#SubtleCrypto-method-wrapKey">14.3.11. The wrapKey method</a></li><li><a href="#SubtleCrypto-method-unwrapKey">14.3.12. The unwrapKey method</a></li></ul></li><li><a href="#SubtleCrypto-Exceptions">14.4. Exceptions</a></li></ul></li><li><a href="#WorkerCrypto-interface">15. WorkerCrypto interface</a><ul><li><a href="#WorkerCrypto-description">15.1. Description</a></li></ul></li><li><a href="#big-integer">16. BigInteger</a></li><li><a href="#keypair">17. KeyPair</a></li><li><a href="#algorithms">18. Algorithms</a><ul><li><a href="#algorithms-index">18.1. Registered algorithms</a></li><li><a href="#recommended-algorithms">18.2. Recommended algorithms</a></li><li><a href="#defining-an-algorithm">18.3. Defining an algorithm</a><ul><li><a href="#recognized-algorithm-name">18.3.1. Recognized algorithm name</a></li><li><a href="#supported-operations">18.3.2. Supported operations</a></li><li><a href="#algorithm-specific-params">18.3.3. Algorithm-specific parameters</a></li><li><a href="#algorithm-result">18.3.4. Algorithm results</a></li><li><a href="#algorithm-alias">18.3.5. Algorithm aliases</a></li></ul></li><li><a href="#rsaes-pkcs1">18.4. RSAES-PKCS1-v1_5</a><ul><li><a href="#rsaes-pkcs1-description">18.4.1. Description</a></li><li><a href="#rsaes-pkcs1-registration">18.4.2. Registration</a></li><li><a href="#RsaKeyGenParams-dictionary">18.4.3. RsaKeyGenParams dictionary</a></li><li><a href="#RsaKeyAlgorithm-interface">18.4.4. RsaKeyAlgorithm interface</a></li><li><a href="#rsaes-pkcs1-operations">18.4.5. Operations</a></li></ul></li><li><a href="#rsassa-pkcs1">18.5. RSASSA-PKCS1-v1_5</a><ul><li><a href="#rsassa-pkcs1-description">18.5.1. Description</a></li><li><a href="#rsassa-pkcs1-registration">18.5.2. Registration</a></li><li><a href="#RsaHashedKeyGenParams-dictionary">18.5.3. RsaHashedKeyGenParams dictionary</a></li><li><a href="#RsaHashedKeyAlgorithm-interface">18.5.4. RsaHashedKeyAlgorithm interface</a></li><li><a href="#RsaHashedImportParams-dictionary">18.5.5. RsaHashedImportParams dictionary</a></li><li><a href="#rsassa-pkcs1-operations">18.5.6. Operations</a></li></ul></li><li><a href="#rsa-pss">18.6. RSA-PSS</a><ul><li><a href="#rsa-pss-description">18.6.1. Description</a></li><li><a href="#rsa-pss-registration">18.6.2. Registration</a></li><li><a href="#RsaPssParams-dictionary">18.6.3. RsaPssParams dictionary</a></li><li><a href="#rsa-pss-operations">18.6.4. Operations</a></li></ul></li><li><a href="#rsa-oaep">18.7. RSA-OAEP</a><ul><li><a href="#rsa-oaep-description">18.7.1. Description</a></li><li><a href="#rsa-oaep-registration">18.7.2. Registration</a></li><li><a href="#rsa-oaep-params">18.7.3. RsaOaepParams dictionary</a></li><li><a href="#rsa-oaep-operations">18.7.4. Operations</a></li></ul></li><li><a href="#ecdsa">18.8. ECDSA</a><ul><li><a href="#ecdsa-description">18.8.1. Description</a></li><li><a href="#ecdsa-registration">18.8.2. Registration</a></li><li><a href="#EcdsaParams-dictionary">18.8.3. EcdsaParams dictionary</a></li><li><a href="#EcKeyGenParams-dictionary">18.8.4. EcKeyGenParams dictionary</a></li><li><a href="#EcKeyAlgorithm-interface">18.8.5. EcKeyAlgorithm interface</a></li><li><a href="#EcKeyImportParams-dictionary">18.8.6. EcKeyImportParams dictionary</a></li><li><a href="#ecdsa-operations">18.8.7. Operations</a></li></ul></li><li><a href="#ecdh">18.9. ECDH</a><ul><li><a href="#ecdh-description">18.9.1. Description</a></li><li><a href="#ecdh-registration">18.9.2. Registration</a></li><li><a href="#dh-EcdhKeyDeriveParams">18.9.3. EcdhKeyDeriveParams dictionary</a></li><li><a href="#ecdh-operations">18.9.4. Operations</a></li></ul></li><li><a href="#aes-ctr">18.10. AES-CTR</a><ul><li><a href="#aes-ctr-description">18.10.1. Description</a></li><li><a href="#aes-ctr-registration">18.10.2. Registration</a></li><li><a href="#aes-ctr-params">18.10.3. AesCtrParams dictionary</a></li><li><a href="#AesKeyAlgorithm-interface">18.10.4. </a></li><li><a href="#aes-keygen-params">18.10.5. AesKeyGenParams dictionary</a></li><li><a href="#aes-derivedkey-params">18.10.6. AesDerivedKeyParams dictionary</a></li><li><a href="#aes-ctr-operations">18.10.7. Operations</a></li></ul></li><li><a href="#aes-cbc">18.11. AES-CBC</a><ul><li><a href="#aes-cbc-description">18.11.1. Description</a></li><li><a href="#aes-cbc-registration">18.11.2. Registration</a></li><li><a href="#aes-cbc-params">18.11.3. AesCbcParams dictionary</a></li><li><a href="#aes-cbc-operations">18.11.4. Operations</a></li></ul></li><li><a href="#aes-cmac">18.12. AES-CMAC</a><ul><li><a href="#aes-cmac-description">18.12.1. Description</a></li><li><a href="#aes-cmac-registration">18.12.2. Registration</a></li><li><a href="#aes-keygen-params">18.12.3. AesCmacParams dictionary</a></li><li><a href="#aes-cmac-operations">18.12.4. Operations</a></li></ul></li><li><a href="#aes-gcm">18.13. AES-GCM</a><ul><li><a href="#aes-gcm-description">18.13.1. Description</a></li><li><a href="#aes-gcm-registration">18.13.2. Registration</a></li><li><a href="#aes-gcm-params">18.13.3. AesGcmParams dictionary</a></li><li><a href="#aes-gcm-operations">18.13.4. Operations</a></li></ul></li><li><a href="#aes-cfb">18.14. AES-CFB</a><ul><li><a href="#aes-cfb-description">18.14.1. Description</a></li><li><a href="#aes-cfb-registration">18.14.2. Registration</a></li><li><a href="#aes-cfb-params">18.14.3. AesCfbParams dictionary</a></li><li><a href="#aes-cfb-operations">18.14.4. Operations</a></li></ul></li><li><a href="#aes-kw">18.15. AES-KW</a><ul><li><a href="#aes-kw-description">18.15.1. Description</a></li><li><a href="#aes-kw-registration">18.15.2. Registration</a></li><li><a href="#aes-kw-operations">18.15.3. Operations</a></li></ul></li><li><a href="#hmac">18.16. HMAC</a><ul><li><a href="#hmac-description">18.16.1. Description</a></li><li><a href="#hmac-registration">18.16.2. Registration</a></li><li><a href="#hmac-importparams">18.16.3. HmacImportParams dictionary</a></li><li><a href="#hmac-keyalgorithm">18.16.4. HmacKeyAlgorithm interface</a></li><li><a href="#hmac-keygen-params">18.16.5. HmacKeyGenParams dictionary</a></li><li><a href="#hmac-derivedkey-params">18.16.6. HmacDerivedKeyParams dictionary</a></li><li><a href="#hmac-operations">18.16.7. Operations</a></li></ul></li><li><a href="#dh">18.17. Diffie-Hellman</a><ul><li><a href="#dh-description">18.17.1. Description</a></li><li><a href="#dh-registration">18.17.2. Registration</a></li><li><a href="#dh-DhKeyGenParams">18.17.3. DhKeyGenParams dictionary</a></li><li><a href="#dh-DhKeyAlgorithm">18.17.4. DhKeyAlgorithm interface</a></li><li><a href="#dh-DhKeyDeriveParams">18.17.5. DhKeyDeriveParams dictionary</a></li><li><a href="#dh-DhImportKeyParams">18.17.6. DhImportKeyParams dictionary</a></li><li><a href="#dh-operations">18.17.7. Operations</a></li></ul></li><li><a href="#sha">18.18. SHA</a><ul><li><a href="#sha-description">18.18.1. Description</a></li><li><a href="#sha-registration">18.18.2. Registration</a></li><li><a href="#sha-operations">18.18.3. Operations</a></li></ul></li><li><a href="#concatkdf">18.19. Concat KDF</a><ul><li><a href="#concatkdf-description">18.19.1. Description</a></li><li><a href="#concatkdf-registration">18.19.2. Registration</a></li><li><a href="#concat-params">18.19.3. ConcatParams dictionary</a></li><li><a href="#concat-operations">18.19.4. Operations</a></li></ul></li><li><a href="#hkdf-ctr">18.20. HKDF-CTR</a><ul><li><a href="#hkdf-ctr-description">18.20.1. Description</a></li><li><a href="#hkdf-ctr-registration">18.20.2. Registration</a></li><li><a href="#hkdf-ctr-params">18.20.3. HkdfCtrParams dictionary</a></li><li><a href="#hkdf2-ctr-operations">18.20.4. Operations</a></li></ul></li><li><a href="#pbkdf2">18.21. PBKDF2</a><ul><li><a href="#pbkdf2-description">18.21.1. Description</a></li><li><a href="#pbkdf2-registration">18.21.2. Registration</a></li><li><a href="#pbkdf2-params">18.21.3. Pbkdf2Params dictionary</a></li><li><a href="#pbkdf2-operations">18.21.4. Operations</a></li></ul></li></ul></li><li><a href="#algorithm-normalizing-rules">19. Algorithm normalizing rules</a></li><li><a href="#examples-section">20. JavaScript Example Code</a><ul><li><a href="#examples-signing">20.1. Generate a signing key pair, sign some data</a></li><li><a href="#examples-symmetric-encryption">20.2. Symmetric Encryption</a></li></ul></li><li><a href="#iana-section">21. IANA Considerations</a><ul><li><a href="#iana-section-jws-jwa">21.1. JSON Web Signature and Encryption Algorithms Registration</a></li><li><a href="#iana-section-jwk">21.2. JSON Web Key Parameters Registry</a></li></ul></li><li><a href="#acknowledgements-section">22. Acknowledgements</a></li><li><a href="#references">23. References</a><ul><li><a href="#normative-references">23.1. Normative References</a></li><li><a href="#informative-references">23.2. Informative References</a></li></ul></li></ul><ul><li><a href="#jwk-mapping">A. Mapping between JSON Web Key / JSON Web Algorithm</a><ul><li><a href="#jwk-mapping-alg">A.1. Algorithm mappings</a></li><li><a href="#jwk-mapping-usage">A.2. Usage mapping</a></li></ul></li><li><a href="#spki-mapping">B. Mapping between Algorithm and SubjectPublicKeyInfo</a></li><li><a href="#pkcs8-mapping">C. Mapping between Algorithm and PKCS#8 PrivateKeyInfo</a></li></ul></div>
</div>
<div id="sections">
@@ -598,7 +598,9 @@
<li>
<p>
If <var>exactData</var> was specified, and all of the bytes of <var>data</var> were
- not consumed during the parsing phase, terminate this algorithm with an error.
+ not consumed during the parsing phase, then
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -647,14 +649,16 @@
</li>
<li>
<p>
- If <var>result</var> does not describe an Object type, terminate this algorithm with
- an error.
+ If <var>result</var> does not describe an Object type,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"kty"</code> field of <var>result</var> is not present, or is not a
- string value, terminate this algorithm with an error.
+ string value, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -685,14 +689,17 @@
<ol>
<li>
<p>
- If <var>data</var> is not an object, terminate this algorithm with an error.
+ If <var>data</var> is not an object,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If <var>structure</var> includes any non-optional field for which there is
- no property of <var>data</var> with the same name, terminate this
- algorithm with an error.
+ no property of <var>data</var> with the same name,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -717,19 +724,25 @@
<ol>
<li>
<p>
- If <var>data</var> is not an object, terminate this algorithm with an error.
+ If <var>data</var> is not an object,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If no property of <var>data</var> has a name which matches one of the fields
- of <var>structure</var>, terminate this alorithm with an error.
+ of <var>structure</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If more than one property of <var>data</var> has a name which matches one of
- the fields of <var>struture</var>, terminate this alorithm with an error.
+ the fields of <var>struture</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -754,7 +767,9 @@
<ol>
<li>
<p>
- If <var>data</var> is not an array, terminate this algorithm with an error.
+ If <var>data</var> is not an array,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -784,8 +799,9 @@
<ol>
<li>
<p>
- If <var>data</var> is an object or array, terminate this algorithm with an
- error.
+ If <var>data</var> is an object or array,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -1404,13 +1420,10 @@
<div id="subtlecrypto-interface-methods" class="section">
<h3>14.3. Methods and Parameters</h3>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div>
- <p>
- All errors should be reported asynchronously. It is an open issue how to document that
- this should apply to WebIDL type mapping errors. Also, WebIDL type mapping for
- Algorithm input parameters needs to use the correct Algorithm subclass expected
- by the WebCrypto algorithm, not the Algorithm super-class specified in the function
- prototype.
+ <div class="note"><div class="noteHeader">Note</div>
+ <p>
+ All errors are reported asynchronously by calling the reject handler of the returned
+ Promise. This includes WebIDL type mapping errors.
</p>
</div>
<div id="SubtleCrypto-method-encrypt" class="section">
@@ -1445,25 +1458,12 @@
</li>
<li>
<p>
- If an error occurs, run these substeps and then terminate the algorithm:
- </p>
- <ol>
- <li>
- <p>
- Let <var>result</var> be <code>null</code>.
- </p>
- </li>
- <li>
- <p>
- Execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
- <var>result</var> as the <code>value</code> argument.
- </p>
- </li>
- </ol>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div>
- Determine whether to reject the algorithm with a DOMError or a
- <code>null</code> result.
- </div>
+ If the following steps or referenced procedures say to
+ <a href="#concept-return-an-error">return an error</a>,
+ execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
+ the returned error as the <code>value</code> argument and then
+ <a href="#terminate-the-algorithm">terminate the algorithm.</a>
+ </p>
</li>
<li>
<p>
@@ -1483,14 +1483,16 @@
If the <a href="#dfn-Algorith-name">name</a> member of
<var>normalizedAlgorithm</var> does not identify a
<a href="#algorithms">registered algorithm</a> that supports the
- encrypt operation, terminate this algorithm with an error.
+ encrypt operation, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-Key-usages">usages</a> property of <var>key</var> does not
contain an entry that is a case-sensitive string match for <code>"encrypt"</code>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -1540,25 +1542,12 @@
</li>
<li>
<p>
- If an error occurs, run these substeps and then terminate the algorithm:
- </p>
- <ol>
- <li>
- <p>
- Let <var>result</var> be <code>null</code>.
- </p>
- </li>
- <li>
- <p>
- Execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
- <var>result</var> as the <code>value</code> argument.
- </p>
- </li>
- </ol>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div>
- Determine whether to reject the algorithm with a DOMError or a
- <code>null</code> result.
- </div>
+ If the following steps or referenced procedures say to
+ <a href="#concept-return-an-error">return an error</a>,
+ execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
+ the returned error as the <code>value</code> argument and then
+ <a href="#terminate-the-algorithm">terminate the algorithm.</a>
+ </p>
</li>
<li>
<p>
@@ -1578,14 +1567,16 @@
If the <a href="#dfn-Algorith-name">name</a> member of
<var>normalizedAlgorithm</var> does not identify a
<a href="#algorithms">registered algorithm</a> that supports the decrypt
- operation, terminate this algorithm with an error.
+ operation, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-Key-usages">usages</a> property of <var>key</var> does not
contain an entry that is a case-sensitive string match for <code>"decrypt"</code>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -1635,25 +1626,12 @@
</li>
<li>
<p>
- If an error occurs, run these substeps and then terminate the algorithm:
- </p>
- <ol>
- <li>
- <p>
- Let <var>result</var> be <code>null</code>.
- </p>
- </li>
- <li>
- <p>
- Execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
- <var>result</var> as the <code>value</code> argument.
- </p>
- </li>
- </ol>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div>
- Determine whether to reject the algorithm with a DOMError or a
- <code>null</code> result.
- </div>
+ If the following steps or referenced procedures say to
+ <a href="#concept-return-an-error">return an error</a>,
+ execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
+ the returned error as the <code>value</code> argument and then
+ <a href="#terminate-the-algorithm">terminate the algorithm.</a>
+ </p>
</li>
<li>
<p>
@@ -1673,14 +1651,16 @@
If the <a href="#dfn-Algorith-name">name</a> member of
<var>normalizedAlgorithm</var> does not identify a
<a href="#algorithms">registered algorithm</a> that supports the sign
- operation, terminate this algorithm with an error.
+ operation, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-Key-usages">usages</a> property of <var>key</var> does not
contain an entry that is a case-sensitive string match for <code>"sign"</code>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -1729,25 +1709,12 @@
</li>
<li>
<p>
- If an error occurs, run these substeps and then terminate the algorithm:
- </p>
- <ol>
- <li>
- <p>
- Let <var>result</var> be <code>null</code>.
- </p>
- </li>
- <li>
- <p>
- Execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
- <var>result</var> as the <code>value</code> argument.
- </p>
- </li>
- </ol>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div>
- Determine whether to reject the algorithm with a DOMError or a
- <code>null</code> result.
- </div>
+ If the following steps or referenced procedures say to
+ <a href="#concept-return-an-error">return an error</a>,
+ execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
+ the returned error as the <code>value</code> argument and then
+ <a href="#terminate-the-algorithm">terminate the algorithm.</a>
+ </p>
</li>
<li>
<p>
@@ -1767,14 +1734,16 @@
If the <a href="#dfn-Algorith-name">name</a> member of
<var>normalizedAlgorithm</var> does not identify a
<a href="#algorithms">registered algorithm</a> that supports the verify
- operation, terminate this algorithm with an error.
+ operation, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-Key-usages">usages</a> property of <var>key</var> does not
contain an entry that is a case-sensitive string match for <code>"verify"</code>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -1823,25 +1792,12 @@
</li>
<li>
<p>
- If an error occurs, run these substeps and then terminate the algorithm:
- </p>
- <ol>
- <li>
- <p>
- Let <var>result</var> be <code>null</code>.
- </p>
- </li>
- <li>
- <p>
- Execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
- <var>result</var> as the <code>value</code> argument.
- </p>
- </li>
- </ol>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div>
- Determine whether to reject the algorithm with a DOMError or a
- <code>null</code> result.
- </div>
+ If the following steps or referenced procedures say to
+ <a href="#concept-return-an-error">return an error</a>,
+ execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
+ the returned error as the <code>value</code> argument and then
+ <a href="#terminate-the-algorithm">terminate the algorithm.</a>
+ </p>
</li>
<li>
<p>
@@ -1861,7 +1817,8 @@
If the <a href="#dfn-Algorith-name">name</a> member of
<var>normalizedAlgorithm</var> does not identify a
<a href="#algorithms">registered algorithm</a> that supports the digest
- operation, terminate this algorithm with an error.
+ operation, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
@@ -1911,25 +1868,12 @@
</li>
<li>
<p>
- If an error occurs, run these substeps and then terminate the algorithm:
- </p>
- <ol>
- <li>
- <p>
- Let <var>result</var> be <code>null</code>.
- </p>
- </li>
- <li>
- <p>
- Execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
- <var>result</var> as the <code>value</code> argument.
- </p>
- </li>
- </ol>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div>
- Determine whether to reject the algorithm with a DOMError or a
- <code>null</code> result.
- </div>
+ If the following steps or referenced procedures say to
+ <a href="#concept-return-an-error">return an error</a>,
+ execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
+ the returned error as the <code>value</code> argument and then
+ <a href="#terminate-the-algorithm">terminate the algorithm.</a>
+ </p>
</li>
<li>
<p>
@@ -1949,14 +1893,16 @@
If the <a href="#dfn-Algorith-name">name</a> member of
<var>normalizedAlgorithm</var> does not identify a
<a href="#algorithms">registered algorithm</a> that supports the generate
- key operation, terminate this algorithm with an error.
+ key operation, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> includes a value that is not a case-sensitive string match
for a <a href="#dfn-RecognizedKeyUsage">recognized key usage value</a>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -2006,25 +1952,12 @@
</li>
<li>
<p>
- If an error occurs, run these substeps and then terminate the algorithm:
- </p>
- <ol>
- <li>
- <p>
- Let <var>result</var> be <code>null</code>.
- </p>
- </li>
- <li>
- <p>
- Execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
- <var>result</var> as the <code>value</code> argument.
- </p>
- </li>
- </ol>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div>
- Determine whether to reject the algorithm with a DOMError or a
- <code>null</code> result.
- </div>
+ If the following steps or referenced procedures say to
+ <a href="#concept-return-an-error">return an error</a>,
+ execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
+ the returned error as the <code>value</code> argument and then
+ <a href="#terminate-the-algorithm">terminate the algorithm.</a>
+ </p>
</li>
<li>
<p>
@@ -2044,7 +1977,8 @@
If the <a href="#dfn-Algorith-name">name</a> member of
<var>normalizedAlgorithm</var> does not identify a
<a href="#algorithms">registered algorithm</a> that supports the derive bits
- operation, terminate this algorithm with an error.
+ operation, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
@@ -2059,23 +1993,25 @@
If the <a href="#dfn-Algorith-name">name</a> member of
<var>normalizedDerivedKeyAlgorithm</var> does not identify a
<a href="#algorithms">registered algorithm</a> that supports the get key length
- and import key operations, terminate this algorithm
- with an error.
+ and import key operations, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-Key-usages">usages</a> property of <var>baseKey</var> does not
contain an entry that is a case-sensitive string match for <code>"deriveKey"</code>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> includes a value that is not a case-sensitive string
match for a
- <a href="#dfn-RecognizedKeyUsage">recognized key usage value</a>, terminate
- this algorithm with an error.
+ <a href="#dfn-RecognizedKeyUsage">recognized key usage value</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -2140,25 +2076,12 @@
</li>
<li>
<p>
- If an error occurs, run these substeps and then terminate the algorithm:
- </p>
- <ol>
- <li>
- <p>
- Let <var>result</var> be <code>null</code>.
- </p>
- </li>
- <li>
- <p>
- Execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
- <var>result</var> as the <code>value</code> argument.
- </p>
- </li>
- </ol>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div>
- Determine whether to reject the algorithm with a DOMError or a
- <code>null</code> result.
- </div>
+ If the following steps or referenced procedures say to
+ <a href="#concept-return-an-error">return an error</a>,
+ execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
+ the returned error as the <code>value</code> argument and then
+ <a href="#terminate-the-algorithm">terminate the algorithm.</a>
+ </p>
</li>
<li>
<p>
@@ -2178,14 +2101,16 @@
If the <a href="#dfn-Algorith-name">name</a> member of
<var>normalizedAlgorithm</var> does not identify a
<a href="#algorithms">registered algorithm</a> that supports the derive bits
- operation, terminate this algorithm with an error.
+ operation, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-Key-usages">usages</a> property of <var>baseKey</var> does not
contain an entry that is a case-sensitive string match for <code>"deriveBits"</code>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -2236,27 +2161,13 @@
</li>
<li>
<p>
- If an error occurs, run these substeps and then terminate the algorithm:
- </p>
- <ol>
- <li>
- <p>
- Let <var>result</var> be <code>null</code>.
- </p>
- </li>
- <li>
- <p>
- Execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
- <var>result</var> as the <code>value</code> argument.
- </p>
- </li>
- </ol>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div>
- Determine whether to reject the algorithm with a DOMError or a
- <code>null</code> result.
- </div>
- </li>
-
+ If the following steps or referenced procedures say to
+ <a href="#concept-return-an-error">return an error</a>,
+ execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
+ the returned error as the <code>value</code> argument and then
+ <a href="#terminate-the-algorithm">terminate the algorithm.</a>
+ </p>
+ </li>
<li>
<p>
Perform type mapping as specified in [<a href="#WebIDL">WEBIDL</a>] for
@@ -2276,14 +2187,16 @@
If the <a href="#dfn-Algorith-name">name</a> member of
<var>normalizedAlgorithm</var> does not identify a
<a href="#algorithms">registered algorithm</a> that supports the import key
- operation, terminate this algorithm with an error.
+ operation, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
<p>
If <var>format</var> is not a case-sensitive string match for
a <a href="#dfn-RecognizedKeyFormats">recognized key
- format value</a>, terminate this algorithm with an error.
+ format value</a>, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -2291,7 +2204,8 @@
If <var>usages</var> includes a value that is not a case-sensitive string match
for a
<a href="#dfn-RecognizedKeyUsage">recognized key usage value</a>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -2340,25 +2254,12 @@
</li>
<li>
<p>
- If an error occurs, run these substeps and then terminate the algorithm:
- </p>
- <ol>
- <li>
- <p>
- Let <var>result</var> be <code>null</code>.
- </p>
- </li>
- <li>
- <p>
- Execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
- <var>result</var> as the <code>value</code> argument.
- </p>
- </li>
- </ol>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div>
- Determine whether to reject the algorithm with a DOMError or a
- <code>null</code> result.
- </div>
+ If the following steps or referenced procedures say to
+ <a href="#concept-return-an-error">return an error</a>,
+ execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
+ the returned error as the <code>value</code> argument and then
+ <a href="#terminate-the-algorithm">terminate the algorithm.</a>
+ </p>
</li>
<li>
<p>
@@ -2370,13 +2271,24 @@
<p>
If <var>format</var> is not a case-sensitive string match for a
<a href="#dfn-RecognizedKeyFormats">recognized key
- format value</a>, terminate this algorithm with an error.
+ format value</a>, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <a href="#dfn-Algorith-name">name</a> member of
+ <var>normalizedAlgorithm</var> does not identify a
+ <a href="#algorithms">registered algorithm</a> that supports the export key
+ operation, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-Key-extractable">extractable</a> property of <var>key</var>
- is false, terminate this algorithm with an error.
+ is false, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -2423,25 +2335,12 @@
</li>
<li>
<p>
- If an error occurs, run these substeps and then terminate the algorithm:
- </p>
- <ol>
- <li>
- <p>
- Let <var>result</var> be <code>null</code>.
- </p>
- </li>
- <li>
- <p>
- Execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
- <var>result</var> as the <code>value</code> argument.
- </p>
- </li>
- </ol>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div>
- Determine whether to reject the algorithm with a DOMError or a
- <code>null</code> result.
- </div>
+ If the following steps or referenced procedures say to
+ <a href="#concept-return-an-error">return an error</a>,
+ execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
+ the returned error as the <code>value</code> argument and then
+ <a href="#terminate-the-algorithm">terminate the algorithm.</a>
+ </p>
</li>
<li>
<p>
@@ -2461,27 +2360,39 @@
If the <a href="#dfn-Algorith-name">name</a> member of
<var>normalizedAlgorithm</var> does not identify a
<a href="#algorithms">registered algorithm</a> that supports the encrypt or wrap
- key operation, terminate this algorithm with an error.
+ key operation, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
<p>
If <var>format</var> is not a case-sensitive string match for algorithm a
<a href="#dfn-RecognizedKeyFormats">recognized key
- format value</a>, terminate this algorithm with an error.
+ format value</a>, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-Key-usages">usages</a> property of <var>wrappingKey</var>
does not contain an entry that is a case-sensitive string match for
- <code>"wrapKey"</code>, terminate this algorithm with an error.
+ <code>"wrapKey"</code>, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the algorithm identified by the <a href="#dfn-Key-algorithm">algorithm</a>
+ attibute of <var>key</var> does not support the export key operation,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-Key-extractable">extractable</a> property of <var>key</var>
- is false, terminate this algorithm with an error.
+ is false, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -2492,11 +2403,6 @@
</p>
</li>
<li>
- <p>
- If the export key operation failed, terminate this algorithm with an error.
- </p>
- </li>
- <li>
<dl class="switch">
<dt>If <var>normalizedAlgorithm</var> supports the wrap key operation:</dt>
<dd>
@@ -2517,16 +2423,14 @@
</p>
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
</dl>
</li>
<li>
<p>
- If the wrap key or encrypt operation failed, terminate this algorithm with an error.
- </p>
- </li>
- <li>
- <p>
Execute <var>resolver</var>'s <code>resolve(value)</code> algorithm, with
<var>result</var> as the <code>value</code> argument.
</p>
@@ -2567,25 +2471,12 @@
</li>
<li>
<p>
- If an error occurs, run these substeps and then terminate the algorithm:
- </p>
- <ol>
- <li>
- <p>
- Let <var>result</var> be <code>null</code>.
- </p>
- </li>
- <li>
- <p>
- Execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
- <var>result</var> as the <code>value</code> argument.
- </p>
- </li>
- </ol>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div>
- Determine whether to reject the algorithm with a DOMError or a
- <code>null</code> result.
- </div>
+ If the following steps or referenced procedures say to
+ <a href="#concept-return-an-error">return an error</a>,
+ execute <var>resolver</var>'s <code>reject(value)</code> algorithm, with
+ the returned error as the <code>value</code> argument and then
+ <a href="#terminate-the-algorithm">terminate the algorithm.</a>
+ </p>
</li>
<li>
<p>
@@ -2607,7 +2498,8 @@
<var>normalizedAlgorithm</var> does not identify a
<a href="#algorithms">registered algorithm</a> that supports the unwrap key or
decrypt
- operation, terminate this algorithm with an error.
+ operation, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
@@ -2622,28 +2514,32 @@
If the <a href="#dfn-Algorith-name">name</a> member of
<var>normalizedKeyAlgorithm</var> does not identify a
<a href="#algorithms">registered algorithm</a> that supports the importKey
- operation, terminate this algorithm with an error.
+ operation, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-Key-usages">usages</a> property of <var>unwrappingKey</var>
does not contain an entry that is a case-sensitive string match for
- <code>"unwrapKey"</code>, terminate this algorithm with an error.
+ <code>"unwrapKey"</code>, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
<p>
If <var>format</var> is not a case-sensitive string match for a
<a href="#dfn-RecognizedKeyFormats">recognized key
- format value</a>, terminate this algorithm with an error.
+ format value</a>, then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> includes a value that is not a case-sensitive string match
- for a <a href="#dfn-RecognizedKeyUsage">recognized key usage value</a>, terminate
- this algorithm with an error.
+ for a <a href="#dfn-RecognizedKeyUsage">recognized key usage value</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -2668,17 +2564,14 @@
<var>ciphertext</var>.
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
</dl>
</li>
<li>
<p>
- If the unwrap key or decrypt operation failed, terminate this algorithm with an
- error.
- </p>
- </li>
- <li>
- <p>
Let <var>result</var> be the result of performing the import key operation
specified by <var>normalizedKeyAlgorithm</var> using
<var>unwrappedKeyAlgorithm</var> as <var>algorithm</var>, <var>format</var>,
@@ -2689,11 +2582,6 @@
</li>
<li>
<p>
- If the import key algorithm failed, terminate this algorithm with an error.
- </p>
- </li>
- <li>
- <p>
Execute <var>resolver</var>'s <code>resolve(value)</code> algorithm, with
<var>result</var> as the <code>value</code> argument.
</p>
@@ -2701,8 +2589,73 @@
</ol>
</div>
</div>
+ <div id="SubtleCrypto-Exceptions" class="section">
+ <h3>14.4. Exceptions</h3>
+ <p>
+ The methods of the <a href="#dfn-SubtleCrypto">SubtleCrypto</a> interface return errors
+ by calling the reject handler of the returned promise with a
+ <a href="#dfn-DOMException">DOMException</a>. The following DOMException types from
+ [<a href="#DOM4">DOM4</a>] are used with messages as shown in the following table:
+ <table>
+ <tbody>
+ <tr>
+ <th>Type</th>
+ <th>Message (optional)</th>
+ </tr>
+ <tr>
+ <td><dfn id="dfn-NotSupportedError"><code>NotSupportedError</code></dfn></td>
+ <td>The algorithm is not supported</td>
+ </tr>
+ <tr>
+ <td><dfn id="dfn-SyntaxError"><code>SyntaxError</code></dfn></td>
+ <td>A required parameter was missing our out-of-range</td>
+ </tr>
+ <tr>
+ <td><dfn id="dfn-InvalidStateError"><code>InvalidStateError</code></dfn></td>
+ <td>The requested operation is not value for the current state of the provided key.</td>
+ </tr>
+ <tr>
+ <td><dfn id="dfn-InvalidAccessError"><code>InvalidAccessError</code></dfn></td>
+ <td>The requested operation is not valid for the provided key</td>
+ </tr>
+ </tbody>
+ </table>
+ </p>
+ <p>
+ The following new DOMException types are defined by this specification:
+ <table>
+ <tbody>
+ <tr>
+ <th>Type</th>
+ <th>Message (optional)</th>
+ </tr>
+ <tr>
+ <td><dfn id="dfn-UnknownError"><code>UnknownError</code></dfn></td>
+ <td>The operation failed for an unknown transient reason (e.g. out of memory)</td>
+ </tr>
+ <tr>
+ <td><dfn id="dfn-DataError"><code>DataError</code></dfn></td>
+ <td>Data provided to an operation does not meet requirements</td>
+ </tr>
+ <tr>
+ <td><dfn id="dfn-OperationError"><code>OperationError</code></dfn></td>
+ <td>The operation failed for an operation-specific reason</td>
+ </tr>
+ </tbody>
+ </table>
+ </p>
+ <p>
+ When this specification says to
+ <dfn id="concept-return-an-error">return an error</dfn> named <var>error</var>,
+ where <var>error</var>
+ is one of the above error names, the user agent must return a
+ <a href="#dfn-DOMException">DOMException</a> with name <var>error</var> and message as
+ defined in the above two tables.
+ </p>
+ </div>
</div>
+
<div id="WorkerCrypto-interface" class="section">
<h2>15. WorkerCrypto interface</h2>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
@@ -3319,8 +3272,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var>
- is not a case-sensitive string match for <code>"public"</code>, terminate this
- algorithm with an error.
+ is not a case-sensitive string match for <code>"public"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -3332,15 +3286,16 @@
</li>
<li>
<p>
- If performing the operation results in an error, terminate this algorithm with
- an error.
- </p>
- </li>
- <li>
- <p>
- Let <var>ciphertext</var> be a new ArrayBuffer
- containing the value <var>C</var> that results from performing the
- operation.
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>ciphertext</var> be a new ArrayBuffer
+ containing the value <var>C</var> that results from performing the
+ operation.
</p>
</li>
</ol>
@@ -3351,8 +3306,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var>
- is not a case-sensitive string match for <code>"private"</code>, terminate this
- algorithm with an error.
+ is not a case-sensitive string match for <code>"private"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>
</p>
</li>
<li>
@@ -3364,8 +3320,9 @@
</li>
<li>
<p>
- If performing the operation results in an error, terminate this algorithm with
- an error.
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -3390,16 +3347,18 @@
<li>
<p>
If any of the members of <a href="#dfn-RsaKeyGenParams">RsaKeyGenParams</a> are
- not present in <var>normalizedAlgorithm</var>, terminate this algorithm with
- an error.
+ not present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> contains an entry which is not a case-sensitive string
match for <code>"encrypt"</code>, <code>"decrypt"</code>,
- <code>"wrapKey"</code> or <code>"unwrapKey"</code>, terminate this algorithm
- with an error.
+ <code>"wrapKey"</code> or <code>"unwrapKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -3413,7 +3372,9 @@
</li>
<li>
<p>
- If generation of the key pair fails, terminate this algorithm with an error.
+ If generation of the key pair fails,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -3555,8 +3516,9 @@
</li>
<li>
<p>
- If an error occurred while parsing, terminate this algorithm with
- the error.
+ If an error occurred while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -3564,8 +3526,9 @@
If the <code>algorithm</code> object identifier field of the
<code>algorithm</code> AlgorithmIdentifier field of <var>spki</var>
is not equivalent to the <code>rsaEncryption</code> OID defined in
- Section 2.3.1 of <a href="#RFC3279">RFC 3279</a>, terminate this
- algorithm with an error.
+ Section 2.3.1 of <a href="#RFC3279">RFC 3279</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -3580,8 +3543,9 @@
</li>
<li>
<p>
- If an error occurred while parsing, terminate this algorithm with
- an error.
+ If an error occurred while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -3610,8 +3574,9 @@
</li>
<li>
<p>
- If an error occurred while parsing, terminate this algorithm with
- an error.
+ If an error occurred while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -3620,8 +3585,9 @@
<code>privateKeyAlgorithm</code> PrivateKeyAlgorithmIdentifier field
of <var>privateKeyInfo</var> is not equivalent to the
<code>rsaEncryption</code> OID defined in Section 2.3.1 of
- <a href="#RFC3279">RFC 3279</a>, terminate this algorithm with an
- error.
+ <a href="#RFC3279">RFC 3279</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -3636,8 +3602,9 @@
</li>
<li>
<p>
- If an error occurred while parsing, terminate this algorithm with
- an error.
+ If an error occurred while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -3667,15 +3634,17 @@
<li>
<p>
If the <code>"kty"</code> field of <var>jwk</var> is not a
- case-sensitive string match to <code>"RSA"</code>, terminate
- this algorithm with an error.
+ case-sensitive string match to <code>"RSA"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"use"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"enc"</code>, terminate
- this algorithm with an error.
+ not a case-sensitive string match to <code>"enc"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -3684,14 +3653,16 @@
is invalid according to the requirements of
<a href="#jwk">JSON Web Key</a> or
does not contain all of the specified <var>usages</var> values,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"RSA1_5"</code>, terminate
- this algorithm with an error.
+ not a case-sensitive string match to <code>"RSA1_5"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -3703,7 +3674,9 @@
<p>
If <var>jwk</var> does not meet the requirements of
Section 6.3.2 of <a href="#jwa">JSON Web
- Algorithms</a>, terminate this algorithm with an error.
+ Algorithms</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -3729,7 +3702,9 @@
<p>
If <var>jwk</var> does not meet the requirements of
Section 6.3.1 of <a href="#jwa">JSON Web
- Algorithms</a>, terminate this algorithm with an error.
+ Algorithms</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -3753,7 +3728,10 @@
</ol>
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
</dl>
</li>
<li>
@@ -3809,7 +3787,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var> is
- not <code>"public"</code>, terminate the algorithm with an error.
+ not <code>"public"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -3856,7 +3836,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var> is
- not <code>"private"</code>, terminate the algorithm with an error.
+ not <code>"private"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -3988,7 +3970,9 @@
</dd>
<dt>Otherwise</dt>
<dd>
- <p>Terminate this algorithm with an error.</p>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.</p>
</dd>
</dl>
</li>
@@ -4104,8 +4088,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var>
- is not a case-sensitive string match for <code>"private"</code>, terminate this
- algorithm with an error.
+ is not a case-sensitive string match for <code>"private"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -4121,8 +4106,9 @@
</li>
<li>
<p>
- If performing the operation results in an error, terminate this algorithm
- with an error.
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -4140,8 +4126,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var>
- is not a case-sensitive string match for <code>"public"</code>, terminate this
- algorithm with an error.
+ is not a case-sensitive string match for <code>"public"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -4158,8 +4145,9 @@
</li>
<li>
<p>
- If performing the operation results in an error, terminate this algorithm
- with an error.
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -4185,14 +4173,17 @@
<p>
If any of the members of
<a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a> are not present
- in <var>normalizedAlgorithm</var>, terminate this algorithm with an error.
+ in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> contains an entry which is not a case-sensitive string
- match for <code>"sign"</code> or <code>"verify"</code>, terminate this
- algorithm with an error.
+ match for <code>"sign"</code> or <code>"verify"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -4202,141 +4193,139 @@
<var>normalizedAlgorithm</var> and RSA public exponent equal to the
<a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a> property of
<var>normalizedAlgorithm</var>.
- <dl class="switch">
- <dt>If generation of the key pair fails:</dt>
- <dd>Terminate this algorithm with an error.</dd>
- <dt>Otherwise:</dt>
- <dd>
- <ol>
- <li>
- <p>
- Let <var>algorithm</var> be a new
- <a href="#dfn-RsaHashedKeyAlgorithm">RsaHashedKeyAlgorithm</a>
- object.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-KeyAlgorithm-name">name</a> property of
- <var>algorithm</var> to <code>"RSASSA-PKCS1-v1_5"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the
- <a href="#dfn-RsaKeyAlgorithm-modulusLength">modulusLength</a>
- property of <var>algorithm</var> to equal the
- <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a>
- property of <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the
- <a href="#dfn-RsaKeyAlgorithm-publicExponent">publicExponent</a>
- property of <var>algorithm</var> to equal the
- <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a>
- property of <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> property
- of <var>algorithm</var> to equal the
- <a href="#dfn-RsaHashedKeyGenParams">hash</a> property of
- <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Let <var>publicKey</var> be a new <a href="#dfn-Key">Key</a> object
- representing the public key of the generated key pair.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-type">type</a> property of <var>publicKey</var>
- to <code>"public"</code>
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-algorithm">algorithm</a> property of
- <var>publicKey</var> to be <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-extractable">extractable</a> property of
- <var>publicKey</var> to true.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-usages">usages</a> property of
- <var>publicKey</var> to be the
- <a href="concept-usage-intersection">usage intersection</a> of
- <var>usages</var> and <code>[ "verify" ]</code>.
- </p>
- </li>
- <li>
- <p>
- Let <var>privateKey</var> be a new <a href="#dfn-Key">Key</a> object
- representing the private key of the generated key pair.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-Type">type</a> property of <var>privateKey</var>
- to <code>"private"</code>
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-algorithm">algorithm</a> property of
- <var>privateKey</var> to be <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-extractable">extractable</a> property of
- <var>privateKey</var> to <var>extractable</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Key-usages">usages</a> property of
- <var>privateKey</var> to be the
- <a href="concept-usage-intersection">usage intersection</a> of
- <var>usages</var> and <code>[ "sign" ]</code>.
- </p>
- </li>
- <li>
- <p>
- Let <var>result</var> be a new <a href="#dfn-KeyPair">KeyPair</a>
- object.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#def-KeyPair-publicKey">publicKey</a> property
- of <var>result</var> to be <var>publicKey</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#def-KeyPair-privateKey">privateKey</a> property
- of <var>result</var> to be <var>privateKey</var>.
- </p>
- </li>
- <li>
- <p>
- Return <var>result</var>.
- </p>
- </li>
- </ol>
- </dd>
- </dl>
+ </p>
+ </li>
+ <li>
+ <p>
+ If generation of the key pair fails,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>algorithm</var> be a new
+ <a href="#dfn-RsaHashedKeyAlgorithm">RsaHashedKeyAlgorithm</a>
+ object.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-KeyAlgorithm-name">name</a> property of
+ <var>algorithm</var> to <code>"RSASSA-PKCS1-v1_5"</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the
+ <a href="#dfn-RsaKeyAlgorithm-modulusLength">modulusLength</a>
+ property of <var>algorithm</var> to equal the
+ <a href="#dfn-RsaKeyGenParams-modulusLength">modulusLength</a>
+ property of <var>normalizedAlgorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the
+ <a href="#dfn-RsaKeyAlgorithm-publicExponent">publicExponent</a>
+ property of <var>algorithm</var> to equal the
+ <a href="#dfn-RsaKeyGenParams-publicExponent">publicExponent</a>
+ property of <var>normalizedAlgorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> property
+ of <var>algorithm</var> to equal the
+ <a href="#dfn-RsaHashedKeyGenParams">hash</a> property of
+ <var>normalizedAlgorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>publicKey</var> be a new <a href="#dfn-Key">Key</a> object
+ representing the public key of the generated key pair.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-type">type</a> property of <var>publicKey</var>
+ to <code>"public"</code>
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-algorithm">algorithm</a> property of
+ <var>publicKey</var> to be <var>algorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-extractable">extractable</a> property of
+ <var>publicKey</var> to true.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-usages">usages</a> property of
+ <var>publicKey</var> to be the
+ <a href="concept-usage-intersection">usage intersection</a> of
+ <var>usages</var> and <code>[ "verify" ]</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>privateKey</var> be a new <a href="#dfn-Key">Key</a> object
+ representing the private key of the generated key pair.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-Type">type</a> property of <var>privateKey</var>
+ to <code>"private"</code>
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-algorithm">algorithm</a> property of
+ <var>privateKey</var> to be <var>algorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-extractable">extractable</a> property of
+ <var>privateKey</var> to <var>extractable</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-usages">usages</a> property of
+ <var>privateKey</var> to be the
+ <a href="concept-usage-intersection">usage intersection</a> of
+ <var>usages</var> and <code>[ "sign" ]</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>result</var> be a new <a href="#dfn-KeyPair">KeyPair</a>
+ object.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#def-KeyPair-publicKey">publicKey</a> property
+ of <var>result</var> to be <var>publicKey</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#def-KeyPair-privateKey">privateKey</a> property
+ of <var>result</var> to be <var>privateKey</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return <var>result</var>.
</p>
</li>
</ol>
@@ -4425,8 +4414,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var>
- is not a case-sensitive string match for <code>"private"</code>, terminate this
- algorithm with an error.
+ is not a case-sensitive string match for <code>"private"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -4439,8 +4429,9 @@
<li>
<p>
If any of the members of <a href="#dfn-RsaPssParams">RsaPssParams</a> are not
- present in <var>normalizedAlgorithm</var>, terminate this algorithm with an
- error.
+ present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -4460,8 +4451,9 @@
</li>
<li>
<p>
- If performing the operation results in an error, terminate this algorithm with
- an error.
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -4479,8 +4471,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var>
- is not a case-sensitive string match for <code>"public"</code>, terminate this
- algorithm with an error.
+ is not a case-sensitive string match for <code>"public"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -4493,8 +4486,9 @@
<li>
<p>
If any of the members of <a href="#dfn-RsaPssParams">RsaPssParams</a> are not
- present in <var>normalizedAlgorithm</var>, terminate this algorithm with an
- error.
+ present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -4514,8 +4508,9 @@
</li>
<li>
<p>
- If performing the operation results in an error, terminate this algorithm with
- an error.
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -4542,14 +4537,17 @@
<p>
If any of the members of
<a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a> are not present
- in <var>normalizedAlgorithm</var>, terminate this algorithm with an error.
+ in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> contains an entry which is not a case-sensitive string
- match for <code>"sign"</code> or <code>"verify"</code>, terminate this
- algorithm with an error.
+ match for <code>"sign"</code> or <code>"verify"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -4563,8 +4561,9 @@
</li>
<li>
<p>
- If performing the operation results in an error, terminate this algorithm with
- an error.
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -4782,8 +4781,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var>
- is not a case-sensitive string match for <code>"public"</code>, terminate this
- algorithm with an error.
+ is not a case-sensitive string match for <code>"public"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -4797,7 +4797,8 @@
<p>
If any of the members of <a href="#dfn-RsaOaepParams">RsaOaepParams</a> are
not present in <var>normalizedAlgorithm</var>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -4816,8 +4817,9 @@
</li>
<li>
<p>
- If performing the operation results in an error, terminate this algorithm with
- an error.
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -4835,8 +4837,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var>
- is not a case-sensitive string match for <code>"private"</code>, terminate this
- algorithm with an error.
+ is not a case-sensitive string match for <code>"private"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -4850,7 +4853,8 @@
<p>
If any of the members of <a href="#dfn-RsaOaepParams">RsaOaepParams</a> are
not present in <var>normalizedAlgorithm</var>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -4870,8 +4874,9 @@
</li>
<li>
<p>
- If performing the operation results in an error, terminate this algorithm with
- an error.
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -4897,15 +4902,18 @@
<p>
If any of the members of
<a href="#dfn-RsaHashedKeyGenParams">RsaHashedKeyGenParams</a> are not present
- in <var>normalizedAlgorithm</var>, terminate this algorithm with an error.
+ in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> contains an entry which is not a case-sensitive string
match for <code>"encrypt"</code>, <code>"decrypt</code>,
- <code>wrapKey</code> or <code>unwrapKey</code>, terminate this
- algorithm with an error.
+ <code>wrapKey</code> or <code>unwrapKey</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -4919,8 +4927,9 @@
</li>
<li>
<p>
- If performing the operation results in an error, terminate this algorithm with
- an error.
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -5183,7 +5192,8 @@
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var>
is not a case-sensitive string match for <code>"private"</code>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -5196,22 +5206,24 @@
<li>
<p>
If any of the properties of <a href="#dfn-EcdsaParams">EcdsaParams</a> are
- not present in <var>normalizedAlgorithm</var>, terminate this algorithm with
- an error.
+ not present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
Let <var>hashAlgorithm</var> be the <a href="#dfn-EcdsaParams-hash">hash</a>
- property of
- <var>normalizedAlgorithm</var>.
+ property of <var>normalizedAlgorithm</var>.
</p>
</li>
<li>
<p>
If <var>hashAlgorithm</var> does not describe a
<a href="#algorithms">registered algorithm</a> that supports the digest
- operation, terminate this algorithm with an error.
+ operation,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
@@ -5276,7 +5288,8 @@
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var>
is not a case-sensitive string match for <code>"public"</code>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -5289,8 +5302,9 @@
<li>
<p>
If any of the properties of <a href="#dfn-EcdsaParams">EcdsaParams</a> are
- not present in <var>normalizedAlgorithm</var>, terminate this algorithm with
- an error.
+ not present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -5304,7 +5318,9 @@
<p>
If <var>hashAlgorithm</var> does not describe a
<a href="#algorithms">registered algorithm</a> that supports the digest
- operation, terminate this algorithm with an error.
+ operation,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
</p>
</li>
<li>
@@ -5360,14 +5376,16 @@
<p>
If any of the members of <a href="#dfn-EcKeyGenParams">EcKeyGenParams</a> are
not present in <var>normalizedAlgorithm</var>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> contains a value which is not a case-sensitive string match
for one of <code>"sign"</code> or <code>"verify"</code>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -5380,8 +5398,9 @@
</li>
<li>
<p>
- If performing the key generation operation results in an error, terminate this
- algorithm with an error.
+ If performing the key generation operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -5513,8 +5532,9 @@
</li>
<li>
<p>
- If an error occurred while parsing, terminate this algorithm with
- an error.
+ If an error occurred while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -5523,14 +5543,16 @@
<code>algorithm</code> AlgorithmIdentifier field of <var>spki</var> is
not equal to the <code>id-ecPublicKey</code>
object identifier defined in <a href="#RFC5480">RFC 5480</a>,
- terminate the algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>parameters</code> field of the <code>algorithm</code>
AlgorithmIdentifier field of <var>spki</var> is absent,
- terminate the algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -5543,7 +5565,9 @@
<p>
If <var>params</var> is not an instance of the
<code>namedCurve</code> ASN.1 type defined in <a href="#RFC5480">RFC
- 5480</a>, terminate this algorithm with an error.
+ 5480</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -5604,7 +5628,12 @@
</p>
</dd>
<dt>Otherwise:</dt>
- <dd><p>Terminate the algorithm with an error</p></dd>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </dd>
</dl>
</li>
<li>
@@ -5627,8 +5656,9 @@
</li>
<li>
<p>
- If an error occurs while parsing, terminate this algorithm with an
- error.
+ If an error occurs while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -5636,15 +5666,18 @@
If the <code>algorithm</code> object identifier field of the
<code>privateKeyAlgorithm</code> PrivateKeyAlgorithm field of
<var>privateKeyInfo</var> is not equal to the
- <code>id-ecPublicKey</code> object identifier defined in <a href="#RFC5480">RFC 5480</a>, terminate this algorithm with an error.
+ <code>id-ecPublicKey</code> object identifier defined in <a href="#RFC5480">RFC 5480</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>parameters</code> field of the
<code>privateKeyAlgorithm</code> PrivateKeyAlgorithmIdentifier field
- of <var>privateKeyInfo</var> is not present, terminate this algorithm
- with an error.
+ of <var>privateKeyInfo</var> is not present,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -5658,7 +5691,9 @@
<p>
If the <var>params</var> is not an instance of the
<code>namedCurve</code> ASN.1 type defined in <a href="#RFC5480">RFC
- 5480</a>, terminate this algorithm with an error.
+ 5480</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -5671,8 +5706,9 @@
</li>
<li>
<p>
- If an error occurred while parsing, terminate this algorithm with
- an error.
+ If an error occurred while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -5682,7 +5718,9 @@
type defined in <a href="#RFC5480">RFC 5480</a>, or does not contain
the same object identifier as the <code>parameters</code> field of the
<code>privateKeyAlgorithm</code> PrivateKeyAlgorithmIdentifier field
- of <var>privateKeyInfo</var>, terminate this algorithm with an error.
+ of <var>privateKeyInfo</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -5743,7 +5781,8 @@
</p>
</dd>
<dt>Otherwise:</dt>
- <dd><p>Terminate the algorithm with an error</p></dd>
+ <dd><p><a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</p></dd>
</dl>
</li>
<li>
@@ -5766,22 +5805,25 @@
</li>
<li>
<p>
- If an error occurred while parsing, terminate this algorithm with
- an error.
+ If an error occurred while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"kty"</code> field of <var>jwk</var> is not a
- case-sensitive string match to <code>"EC"</code>, terminate this
- algorithm with an error.
+ case-sensitive string match to <code>"EC"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"use"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"sig"</code>, terminate
- this algorithm with an error.
+ not a case-sensitive string match to <code>"sig"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -5789,14 +5831,17 @@
If the <code>"key_ops"</code> field of <var>jwk</var> is present, and
is invalid according to the requirements of <a href="#JWK">JSON Web
Key</a>, or it does not contain all of the specified <var>usages</var>
- values, terminate this algorithm with an error.
+ values,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"ext"</code> field of <var>jwk</var> is present and
has the value false and <var>extractable</var> is true,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -5807,8 +5852,9 @@
<li>
<p>
If <var>jwk</var> does not meet the requirements of Section
- 6.2.2 of <a href="#JWA">JSON Web Algorithms</a>, terminate
- this algorithm with an error.
+ 6.2.2 of <a href="#JWA">JSON Web Algorithms</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -5832,8 +5878,9 @@
<li>
<p>
If <var>jwk</var> does not meet the requirements of Section
- 6.2.1 of <a href="#JWA">JSON Web Algorithms</a>, terminate
- this algorithm with an error.
+ 6.2.1 of <a href="#JWA">JSON Web Algorithms</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -5897,7 +5944,12 @@
</p>
</dd>
<dt>Otherwise:</dt>
- <dd><p>Terminate the algorithm with an error</p></dd>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </dd>
</dl>
</li>
<li>
@@ -5909,7 +5961,12 @@
</ol>
</dd>
<dt>Otherwise:</dt>
- <dd><p>Terminate the algorithm with an error.</p></dd>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </p>
+ </dd>
</dl>
</li>
<li>
@@ -5936,7 +5993,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var> is
- not <code>"public"</code>, terminate this algorithm with an error.
+ not <code>"public"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -6000,10 +6059,6 @@
5480</a>
</p>
</dd>
- <dt>Otherwise:</dt>
- <dd>
- <p>Terminate this algorithm with an error</p>
- </dd>
</dl>
</li>
</ul>
@@ -6027,8 +6082,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var>
- is not <code>"private"</code>, terminate this algorithm with an
- error.
+ is not <code>"private"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -6097,10 +6153,6 @@
5480</a>
</p>
</dd>
- <dt>Otherwise:</dt>
- <dd>
- <p>Terminate this algorithm with an error</p>
- </dd>
</dl>
</li>
</ul>
@@ -6178,8 +6230,6 @@
Set the <code>crv</code> property of <var>jwk</var> to
<code>"P-521"</code>
</dd>
- <dt>Otherwise</dt>
- <dd><p>Terminate this algorithm with an error</p></dd>
</dl>
</li>
<li>
@@ -6237,8 +6287,13 @@
</p>
</li>
</ol>
+ </dd>
<dt>Otherwise:</dt>
- <dd><p>Terminate this algorithm with an error</p></dd>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </p>
</dd>
</dl>
</li>
@@ -6341,28 +6396,31 @@
<p>
If any of the members of <a href="#dfn-EcKeyGenParams">EcKeyGenParams</a> are
not present in <var>normalizedAlgorithm</var>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> contains a value which is not a case-sensitive string match
for one of <code>"deriveKey"</code> or <code>"deriveBits"</code>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
<p>
Generate an Elliptic Curve key pair, as defined in [<a href="#X9.63">X9.63</a>]
with domain parameters for the curve identified by
- the <a href="#dfn-ExKeyGenParams-namedCurve">namedCurve</a> property of
+ the <a href="#dfn-EcKeyGenParams-namedCurve">namedCurve</a> property of
<var>normalizedAlgorithm</var>.
</p>
</li>
<li>
<p>
- If performing the operation results in an error, terminate this algorithm
- with an error.
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -6479,8 +6537,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var>
- is not a case-sensitive string match for <code>"private"</code>, terminate this
- algorithm with an error.
+ is not a case-sensitive string match for <code>"private"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -6493,8 +6552,9 @@
<li>
<p>
If any of the members of <a href="#dfn-EcdhKeyDeriveParams">EcdhKeyDeriveParams</a> are not present in
- <var>normalizedAlgorithm</var>, terminate this
- algorithm with an error.
+ <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -6509,14 +6569,18 @@
If the <a href="#dfn-KeyAlgorithm-name">name</a> property of the
<a href="#dfn-Key-algorithm">algorithm</a> property of <var>publicKey</var> is
not a case-sensitive string match for
- <code>"ECDH"</code>, terminate this algorithm with an error.
+ <code>"ECDH"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>publicKey</var>
is not a case-sensitive string match for
- <code>"public"</code>, terminate this algorithm with an error.
+ <code>"public"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -6526,7 +6590,8 @@
is not equal to the <a href="#dfn-EcKeyAlgorithm-namedCurve">namedCurve</a>
property of
the <a href="#dfn-Key-algorithm">algorithm</a> property of <var>key</var>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -6538,8 +6603,9 @@
</li>
<li>
<p>
- If performing the operation results in an error, terminate this algorithm
- with an error.
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -6561,7 +6627,10 @@
If the length of <var>secret</var> in bits is less than
<var>length</var>:
</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </dd>
<dt>Otherwise:</dt>
<dd>Return the first <var>length</var> bits of <var>secret</var>.</dd>
</dl>
@@ -6592,8 +6661,9 @@
</li>
<li>
<p>
- If an error occurred while parsing, terminate this algorithm with
- an error.
+ If an error occurred while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -6602,14 +6672,16 @@
<code>algorithm</code> AlgorithmIdentifier field of <var>spki</var> is
not equal to the <code>id-ecPublicKey</code> or <code>id-ecDH</code>
object identifiers defined in <a href="#RFC5480">RFC 5480</a>,
- terminate the algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>parameters</code> field of the <code>algorithm</code>
AlgorithmIdentifier field of <var>spki</var> is absent,
- terminate the algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -6622,7 +6694,9 @@
<p>
If <var>params</var> is not an instance of the
<code>namedCurve</code> ASN.1 type defined in <a href="#RFC5480">RFC
- 5480</a>, terminate this algorithm with an error.
+ 5480</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -6683,7 +6757,12 @@
</p>
</dd>
<dt>Otherwise:</dt>
- <dd><p>Terminate the algorithm with an error</p></dd>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </dd>
</dl>
</li>
<li>
@@ -6706,8 +6785,9 @@
</li>
<li>
<p>
- If an error occurs while parsing, terminate this algorithm with an
- error.
+ If an error occurs while parsing,
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -6716,16 +6796,18 @@
<code>privateKeyAlgorithm</code> PrivateKeyAlgorithm field of
<var>privateKeyInfo</var> is not equal to the
<code>id-ecPublicKey</code> or <code>id-ecDH</code> object identifiers
- defined in <a href="#RFC5480">RFC 5480</a>, terminate this algorithm
- with an error.
+ defined in <a href="#RFC5480">RFC 5480</a>,
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>parameters</code> field of the
<code>privateKeyAlgorithm</code> PrivateKeyAlgorithmIdentifier field
- of <var>privateKeyInfo</var> is not present, terminate this algorithm
- with an error.
+ of <var>privateKeyInfo</var> is not present,
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -6739,7 +6821,9 @@
<p>
If the <var>params</var> is not an instance of the
<code>namedCurve</code> ASN.1 type defined in <a href="#RFC5480">RFC
- 5480</a>, terminate this algorithm with an error.
+ 5480</a>,
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -6754,8 +6838,9 @@
</li>
<li>
<p>
- If an error occurred while parsing, terminate this algorithm with
- an error.
+ If an error occurred while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -6765,7 +6850,9 @@
type defined in <a href="#RFC5480">RFC 5480</a>, or does not contain
the same object identifier as the <code>parameters</code> field of the
<code>privateKeyAlgorithm</code> PrivateKeyAlgorithmIdentifier field
- of <var>privateKeyInfo</var>, terminate this algorithm with an error.
+ of <var>privateKeyInfo</var>,
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -6779,7 +6866,7 @@
<li>
<p>
Set the <a href="#dfn-Key-type">type</a> attribute of <var>key</var>
- to <code>"private"</code>
+ to <code>"private"</code>.
</p>
</li>
<li>
@@ -6826,7 +6913,12 @@
</p>
</dd>
<dt>Otherwise:</dt>
- <dd><p>Terminate the algorithm with an error</p></dd>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </dd>
</dl>
</li>
<li>
@@ -6849,21 +6941,24 @@
</li>
<li>
<p>
- If an error occurred while parsing, terminate this algorithm with
- an error.
+ If an error occurred while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"kty"</code> field of <var>jwk</var> is not a
- case-sensitive string match to <code>"EC"</code>, terminate this
- algorithm with an error.
+ case-sensitive string match to <code>"EC"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"use"</code> field of <var>jwk</var> is present,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -6871,14 +6966,16 @@
If the <code>"key_ops"</code> field of <var>jwk</var> is present, and
is invalid according to the requirements of <a href="#JWK">JSON Web
Key</a>, or it does not contain all of the specified <var>usages</var>
- values, terminate this algorithm with an error.
+ values, then <a href="#concept-return-an-error">return an error</a>
+ named <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"ext"</code> field of <var>jwk</var> is present and
has the value false and <var>extractable</var> is true,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -6889,8 +6986,9 @@
<li>
<p>
If <var>jwk</var> does not meet the requirements of Section
- 6.2.2 of <a href="#JWA">JSON Web Algorithms</a>, terminate
- this algorithm with an error.
+ 6.2.2 of <a href="#JWA">JSON Web Algorithms</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -6914,8 +7012,9 @@
<li>
<p>
If <var>jwk</var> does not meet the requirements of Section
- 6.2.1 of <a href="#JWA">JSON Web Algorithms</a>, terminate
- this algorithm with an error.
+ 6.2.1 of <a href="#JWA">JSON Web Algorithms</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -6979,7 +7078,12 @@
</p>
</dd>
<dt>Otherwise:</dt>
- <dd><p>Terminate the algorithm with an error</p></dd>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </dd>
</dl>
</li>
<li>
@@ -6996,8 +7100,9 @@
<li>
<p>
If any of the members of <a href="#dfn-EcKeyImportParams">EcKeyImportParams</a> are not present in
- <var>normalizedAlgorithm</var> then terminate this algorithm with an
- error.
+ <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -7005,19 +7110,22 @@
If the <a href="#dfn-EcKeyImportParams-namedCurve">namedCurve</a>
property of <var>normalizedAlgorithm</var> is not a case-sensitive
string match for a <a href="#dfn-NamedCurve">named curve</a>,
- terminate this algorithm with an error.
- </p>
- </li>
- <li>
- <p>
- If <var>usages</var> is not the empty list, terminate this algorithm
- with an error.
- </p>
- </li>
- <li>
- <p>
- If <var>extractable</var> is false, terminate this algorithm with an
- error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>usages</var> is not the empty list,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>extractable</var> is false,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -7078,7 +7186,12 @@
</ol>
</dd>
<dt>Otherwise:</dt>
- <dd><p>Terminate the algorithm with an error.</p></dd>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </p>
+ </dd>
</dl>
</li>
<li>
@@ -7105,7 +7218,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var> is
- not <code>"public"</code>, terminate this algorithm with an error.
+ not <code>"public"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -7169,10 +7284,6 @@
5480</a>
</p>
</dd>
- <dt>Otherwise:</dt>
- <dd>
- <p>Terminate this algorithm with an error</p>
- </dd>
</dl>
</li>
</ul>
@@ -7196,8 +7307,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> attribute of <var>key</var>
- is not <code>"private"</code>, terminate this algorithm with an
- error.
+ is not <code>"private"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -7266,10 +7378,6 @@
5480</a>
</p>
</dd>
- <dt>Otherwise:</dt>
- <dd>
- <p>Terminate this algorithm with an error</p>
- </dd>
</dl>
</li>
</ul>
@@ -7347,8 +7455,6 @@
Set the <code>crv</code> property of <var>jwk</var> to
<code>"P-521"</code>
</dd>
- <dt>Otherwise</dt>
- <dd><p>Terminate this algorithm with an error</p></dd>
</dl>
</li>
<li>
@@ -7415,8 +7521,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var> is
- not a case-sensitive string match for <code>"public"</code>, terminate
- this algorithm with an error.
+ not a case-sensitive string match for <code>"public"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -7428,7 +7535,12 @@
</ol>
</dd>
<dt>Otherwise:</dt>
- <dd><p>Terminate this algorithm with an error</p></dd>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </p>
+ </dd>
</dl>
</li>
<li>
@@ -7570,22 +7682,27 @@
<li>
<p>
If any of the members of <a href="#aes-ctr-params">AesCtrParams</a> are not
- present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesCtrParams-counter">counter</a> property of
<var>normalizedAlgorithm</var> does not have length 16
- bytes, terminate this algorithm with an error.
+ bytes,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesCtrParams-length">length</a> property of
<var>normalizedAlgorithm</var> is zero or is greater
- than 128, terminate this algorithm with an error.
+ than 128,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -7623,22 +7740,27 @@
<li>
<p>
If any of the members of <a href="#aes-ctr-params">AesCtrParams</a> are not
- present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesCtrParams-counter">counter</a> property of
<var>normalizedAlgorithm</var> does not have length 16
- bytes, terminate this algorithm with an error.
+ bytes,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesCtrParams-length">length</a> property of
<var>normalizedAlgorithm</var> is zero or is greater
- than 128, terminate this algorithm with an error.
+ than 128,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -7676,23 +7798,27 @@
<li>
<p>
If any of the members of <a href="#aes-keygen-params">AesKeyGenParams</a> are
- not present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ not present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesKeyGenParams-length">length</a> property of
<var>normalizedAlgorithm</var> is not equal to one of
- 128, 192 or 256, terminate this algorithm with an error.
+ 128, 192 or 256,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> contains any entry which is not a case-sensitive string
match for one of <code>"encrypt"</code>, <code>"decrypt"</code>,
- <code>"wrapKey"</code> or <code>"unwrapKey"</code>, terminate this algorithm
- with an error.
+ <code>"wrapKey"</code> or <code>"unwrapKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -7704,7 +7830,9 @@
</li>
<li>
<p>
- If the key generation step fails, terminate this algorithm with an error.
+ If the key generation step fails,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -7766,8 +7894,9 @@
<p>
If <var>usages</var> contains an entry which is not a case-sensitive string
match for one of <code>"encrypt"</code>, <code>"decrypt"</code>,
- <code>"wrapKey"</code> or <code>"unwrapKey"</code>, terminate this algorithm
- with an error.
+ <code>"wrapKey"</code> or <code>"unwrapKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -7783,7 +7912,8 @@
<li>
<p>
If the length in bits of <var>data</var> is not 128, 192 or 256
- then terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
</ol>
@@ -7800,15 +7930,17 @@
<li>
<p>
If the <code>"kty"</code> field of <var>jwk</var> is not a
- case-sensitive string match to <code>"oct"</code>, terminate
- this algorithm with an error.
+ case-sensitive string match to <code>"oct"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If <var>jwk</var> does not meet the requirements of
- Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>, terminate this
- algorithm with an error.
+ Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -7821,25 +7953,31 @@
<dl class="switch">
<dt>If <var>data</var> has length 128 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A128CTR"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A128CTR"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>If <var>data</var> has length 192 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A192CTR"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A192CTR"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>If <var>data</var> has length 256 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A256CTR"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A256CTR"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
</dl>
</li>
<li>
<p>
If the <code>"use"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"enc"</code>, terminate
- this algorithm with an error.
+ not a case-sensitive string match to <code>"enc"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -7848,19 +7986,24 @@
is invalid according to the requirements of
<a href="#jwk">JSON Web Key</a> or
does not contain all of the specified <var>usages</var> values,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"ext"</code> field of <var>jwk</var> is present and
has the value false and <var>extractable</var> is true,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
</dl>
</li>
<li>
@@ -8017,15 +8160,17 @@
<p>
If any of the members of
<a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a> are not present in
- <var>normalizedDerivedKeyAlgorithm</var>, terminate this algorithm with an
- error.
+ <var>normalizedDerivedKeyAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
- <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256, terminate
- this algorithm with an error.
+ <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8131,15 +8276,18 @@
<li>
<p>
If any of the members of <a href="#aes-cbc-params">AesCbcParams</a> are not
- present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesCbcParams-iv">iv</a> property of
<var>normalizedAlgorithm</var> does not have length 16
- bytes, terminate this algorithm with an error.
+ bytes,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8180,15 +8328,18 @@
<li>
<p>
If any of the members of <a href="#aes-cbc-params">AesCbcParams</a> are not
- present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesCbcParams-iv">iv</a> property of
<var>normalizedAlgorithm</var> does not have length 16
- bytes, terminate this algorithm with an error.
+ bytes,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8210,7 +8361,8 @@
<p>
If <var>p</var> is zero or greater than 16, or if any of the last <var>p</var>
octets of <var>padded-plaintext</var> have a value which is not <var>p</var>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8239,23 +8391,27 @@
<li>
<p>
If any of the members of <a href="#aes-keygen-params">AesKeyGenParams</a> are
- not present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ not present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesKeyGenParams-length">length</a> property of
<var>normalizedAlgorithm</var> is not equal to one of
- 128, 192 or 256, terminate this algorithm with an error.
+ 128, 192 or 256,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> contains any entry which is not a case-sensitive string
match for one of <code>"encrypt"</code>, <code>"decrypt"</code>,
- <code>"wrapKey"</code> or <code>"unwrapKey"</code>, terminate this algorithm
- with an error.
+ <code>"wrapKey"</code> or <code>"unwrapKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8267,7 +8423,9 @@
</li>
<li>
<p>
- If the key generation step fails, terminate this algorithm with an error.
+ If the key generation step fails,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -8329,8 +8487,9 @@
<p>
If <var>usages</var> contains an entry which is not a case-sensitive string
match for one of <code>"encrypt"</code>, <code>"decrypt"</code>,
- <code>"wrapKey"</code> or <code>"unwrapKey"</code>, terminate this algorithm
- with an error.
+ <code>"wrapKey"</code> or <code>"unwrapKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8346,7 +8505,8 @@
<li>
<p>
If the length in bits of <var>data</var> is not 128, 192 or 256
- then terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
</ol>
@@ -8363,15 +8523,17 @@
<li>
<p>
If the <code>"kty"</code> field of <var>jwk</var> is not a
- case-sensitive string match to <code>"oct"</code>, terminate
- this algorithm with an error.
+ case-sensitive string match to <code>"oct"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If <var>jwk</var> does not meet the requirements of
- Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>, terminate this
- algorithm with an error.
+ Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8384,25 +8546,32 @@
<dl class="switch">
<dt>If <var>data</var> has length 128 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A128CBC"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A128CBC"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>If <var>data</var> has length 192 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A192CBC"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A192CBC"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>If <var>data</var> has length 256 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A256CBC"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A256CBC"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </dd>
</dl>
</li>
<li>
<p>
If the <code>"use"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"enc"</code>, terminate
- this algorithm with an error.
+ not a case-sensitive string match to <code>"enc"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8411,19 +8580,24 @@
is invalid according to the requirements of
<a href="#jwk">JSON Web Key</a> or
does not contain all of the specified <var>usages</var> values,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"ext"</code> field of <var>jwk</var> is present and
has the value false and <var>extractable</var> is true,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
+ </dd>
</dl>
</li>
<li>
@@ -8580,15 +8754,17 @@
<p>
If any of the members of
<a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a> are not present in
- <var>normalizedDerivedKeyAlgorithm</var>, terminate this algorithm with an
- error.
+ <var>normalizedDerivedKeyAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
- <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256, terminate
- this algorithm with an error.
+ <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8685,8 +8861,9 @@
</li>
<li>
<p>
- If <var>length</var> is zero or greater than 128, terminate this algorithm
- with an error.
+ If <var>length</var> is zero or greater than 128,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8723,8 +8900,9 @@
</li>
<li>
<p>
- If <var>length</var> is zero or greater than 128, terminate this algorithm
- with an error.
+ If <var>length</var> is zero or greater than 128,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8757,22 +8935,26 @@
<li>
<p>
If any of the members of <a href="#aes-keygen-params">AesKeyGenParams</a> are
- not present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ not present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesKeyGenParams-length">length</a> property of
<var>normalizedAlgorithm</var> is not equal to one of
- 128, 192 or 256, terminate this algorithm with an error.
+ 128, 192 or 256,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> contains any entry which is not a case-sensitive string
- match for <code>"sign"</code> or <code>"verify"</code>, terminate this
- algorithm with an error.
+ match for <code>"sign"</code> or <code>"verify"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8784,7 +8966,9 @@
</li>
<li>
<p>
- If the key generation step fails, terminate this algorithm with an error.
+ If the key generation step fails,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -8845,8 +9029,9 @@
<li>
<p>
If <var>usages</var> contains an entry which is not a case-sensitive string
- match for <code>"sign"</code> or <code>"verify"</code>, terminate this
- algorithm with an error.
+ match for <code>"sign"</code> or <code>"verify"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8862,7 +9047,8 @@
<li>
<p>
If the length in bits of <var>data</var> is not 128, 192 or 256
- then terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
</ol>
@@ -8879,15 +9065,17 @@
<li>
<p>
If the <code>"kty"</code> field of <var>jwk</var> is not a
- case-sensitive string match to <code>"oct"</code>, terminate
- this algorithm with an error.
+ case-sensitive string match to <code>"oct"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If <var>jwk</var> does not meet the requirements of
- Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>, terminate this
- algorithm with an error.
+ Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8900,25 +9088,32 @@
<dl class="switch">
<dt>If <var>data</var> has length 128 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A128CMAC"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A128CMAC"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>If <var>data</var> has length 192 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A192CMAC"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A192CMAC"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>If <var>data</var> has length 256 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A256CMAC"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A256CMAC"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </dd>
</dl>
</li>
<li>
<p>
If the <code>"use"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"enc"</code>, terminate
- this algorithm with an error.
+ not a case-sensitive string match to <code>"enc"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -8927,19 +9122,24 @@
is invalid according to the requirements of
<a href="#jwk">JSON Web Key</a> or
does not contain all of the specified <var>usages</var> values,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"ext"</code> field of <var>jwk</var> is present and
has the value false and <var>extractable</var> is true,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
</dl>
</li>
<li>
@@ -9091,15 +9291,17 @@
<p>
If any of the members of
<a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a> are not present in
- <var>normalizedDerivedKeyAlgorithm</var>, terminate this algorithm with an
- error.
+ <var>normalizedDerivedKeyAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
- <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256, terminate
- this algorithm with an error.
+ <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -9202,28 +9404,35 @@
<p>
If the <a href="#dfn-AesGcmParams-iv">iv</a> property of
<a href="#aes-gcm-params">AesGcmParams</a> is not
- present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If <var>plaintext</var> has a length greater than 2^39 - 256
- bytes, terminate this algorithm with an error.
+ bytes,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesGcmParams-iv">iv</a> property of
<var>normalizedAlgorithm</var> has a length greater than 2^64 - 1
- bytes, terminate this algorithm with an error.
+ bytes,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property
of <var>normalizedAlgorithm</var> is present, is not null and has a length
- greater than 2^64 - 1 bytes, terminate this algorithm with an error.
+ greater than 2^64 - 1 bytes,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -9237,7 +9446,10 @@
<a href="#dfn-AesGcmParams-tagLength">tagLength</a> property of
<var>normalizedAlgorithm</var></dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </dd>
</dl>
</li>
<li>
@@ -9282,8 +9494,9 @@
<p>
If the <a href="#dfn-AesGcmParams-iv">iv</a> property of
<a href="#aes-gcm-params">AesGcmParams</a> is not
- present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -9297,20 +9510,26 @@
<a href="#dfn-AesGcmParams-tagLangth">tagLength</a> property of
<var>normalizedAlgorithm</var></dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </dd>
</dl>
</li>
<li>
<p>
If <var>plaintext</var> has a length less than <var>tagLength</var> bits,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesGcmParams-iv">iv</a> property of
<var>normalizedAlgorithm</var> has a length greater than 2^64 - 1
- bytes, terminate this algorithm with an error.
+ bytes,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -9318,7 +9537,9 @@
If the <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property
of <var>normalizedAlgorithm</var> is present, is not null and has a length
greater than 2^64 - 1
- bytes, terminate this algorithm with an error.
+ bytes,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -9354,7 +9575,10 @@
<dl class="switch">
<dt>If the result of the algorithm is the indication of inauthenticity,
"<var>FAIL</var>":</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>
+ </dd>
<dt>Otherwise:</dt>
<dd>Let <var>plaintext</var> be the output <var>P</var> of the Authenticated
Decryption Function.</dd>
@@ -9381,23 +9605,27 @@
<li>
<p>
If any of the members of <a href="#aes-keygen-params">AesKeyGenParams</a> are
- not present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ not present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesKeyGenParams-length">length</a> property of
<var>normalizedAlgorithm</var> is not equal to one of
- 128, 192 or 256, terminate this algorithm with an error.
+ 128, 192 or 256,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> contains any entry which is not a case-sensitive string
match for one of <code>"encrypt"</code>, <code>"decrypt"</code>,
- <code>"wrapKey"</code> or <code>"unwrapKey"</code>, terminate this algorithm
- with an error.
+ <code>"wrapKey"</code> or <code>"unwrapKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -9409,7 +9637,9 @@
</li>
<li>
<p>
- If the key generation step fails, terminate this algorithm with an error.
+ If the key generation step fails,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -9471,8 +9701,9 @@
<p>
If <var>usages</var> contains an entry which is not a case-sensitive string
match for one of <code>"encrypt"</code>, <code>"decrypt"</code>,
- <code>"wrapKey"</code> or <code>"unwrapKey"</code>, terminate this algorithm
- with an error.
+ <code>"wrapKey"</code> or <code>"unwrapKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -9488,7 +9719,8 @@
<li>
<p>
If the length in bits of <var>data</var> is not 128, 192 or 256
- then terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
</ol>
@@ -9505,15 +9737,17 @@
<li>
<p>
If the <code>"kty"</code> field of <var>jwk</var> is not a
- case-sensitive string match to <code>"oct"</code>, terminate
- this algorithm with an error.
+ case-sensitive string match to <code>"oct"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If <var>jwk</var> does not meet the requirements of
- Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>, terminate this
- algorithm with an error.
+ Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -9526,25 +9760,32 @@
<dl class="switch">
<dt>If <var>data</var> has length 128 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A128GCM"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A128GCM"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>If <var>data</var> has length 192 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A192GCM"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A192GCM"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>If <var>data</var> has length 256 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A256GCM"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A256GCM"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </dd>
</dl>
</li>
<li>
<p>
If the <code>"use"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"enc"</code>, terminate
- this algorithm with an error.
+ not a case-sensitive string match to <code>"enc"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -9553,19 +9794,24 @@
is invalid according to the requirements of
<a href="#jwk">JSON Web Key</a> or
does not contain all of the specified <var>usages</var> values,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"ext"</code> field of <var>jwk</var> is present and
has the value false and <var>extractable</var> is true,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
</dl>
</li>
<li>
@@ -9694,6 +9940,11 @@
</li>
</ol>
</dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </dd>
</dl>
</li>
<li>
@@ -9717,15 +9968,17 @@
<p>
If any of the members of
<a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a> are not present in
- <var>normalizedDerivedKeyAlgorithm</var>, terminate this algorithm with an
- error.
+ <var>normalizedDerivedKeyAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
- <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256, terminate
- this algorithm with an error.
+ <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -9825,15 +10078,18 @@
<li>
<p>
If any of the members of <a href="#aes-cfb-params">AesCfbParams</a> are not
- present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesCfbParams-iv">iv</a> property of
<var>normalizedAlgorithm</var> does not have length 16
- bytes, terminate this algorithm with an error.
+ bytes,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -9867,15 +10123,18 @@
<li>
<p>
If any of the members of <a href="#aes-cfb-params">AesCfbParams</a> are not
- present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesCfbParams-iv">iv</a> property of
<var>normalizedAlgorithm</var> does not have length 16
- bytes, terminate this algorithm with an error.
+ bytes,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -9909,23 +10168,27 @@
<li>
<p>
If any of the members of <a href="#aes-keygen-params">AesKeyGenParams</a> are
- not present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ not present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesKeyGenParams-length">length</a> property of
<var>normalizedAlgorithm</var> is not equal to one of
- 128, 192 or 256, terminate this algorithm with an error.
+ 128, 192 or 256,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> contains any entry which is not a case-sensitive string
match for one of <code>"encrypt"</code>, <code>"decrypt"</code>,
- <code>"wrapKey"</code> or <code>"unwrapKey"</code>, terminate this algorithm
- with an error.
+ <code>"wrapKey"</code> or <code>"unwrapKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -9937,7 +10200,9 @@
</li>
<li>
<p>
- If the key generation step fails, terminate this algorithm with an error.
+ If the key generation step fails,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -9999,8 +10264,9 @@
<p>
If <var>usages</var> contains an entry which is not a case-sensitive string
match for one of <code>"encrypt"</code>, <code>"decrypt"</code>,
- <code>"wrapKey"</code> or <code>"unwrapKey"</code>, terminate this algorithm
- with an error.
+ <code>"wrapKey"</code> or <code>"unwrapKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -10016,7 +10282,9 @@
<li>
<p>
If the length in bits of <var>data</var> is not 128, 192 or 256
- then terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
</ol>
@@ -10033,15 +10301,17 @@
<li>
<p>
If the <code>"kty"</code> field of <var>jwk</var> is not a
- case-sensitive string match to <code>"oct"</code>, terminate
- this algorithm with an error.
+ case-sensitive string match to <code>"oct"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If <var>jwk</var> does not meet the requirements of
- Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>, terminate this
- algorithm with an error.
+ Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -10054,25 +10324,31 @@
<dl class="switch">
<dt>If <var>data</var> has length 128 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A128CFB8"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A128CFB8"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>If <var>data</var> has length 192 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A192CFB8"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A192CFB8"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>If <var>data</var> has length 256 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A256CFB8"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A256CFB8"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
</dl>
</li>
<li>
<p>
If the <code>"use"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"enc"</code>, terminate
- this algorithm with an error.
+ not a case-sensitive string match to <code>"enc"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -10081,19 +10357,24 @@
is invalid according to the requirements of
<a href="#jwk">JSON Web Key</a> or
does not contain all of the specified <var>usages</var> values,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"ext"</code> field of <var>jwk</var> is present and
has the value false and <var>extractable</var> is true,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
</dl>
</li>
<li>
@@ -10250,15 +10531,17 @@
<p>
If any of the members of
<a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a> are not present in
- <var>normalizedDerivedKeyAlgorithm</var>, terminate this algorithm with an
- error.
+ <var>normalizedDerivedKeyAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
- <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256, terminate
- this algorithm with an error.
+ <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -10340,8 +10623,9 @@
<ol>
<li>
<p>
- If <var>plaintext</var> is not a multiple of 64 bits in length, terminate
- this algorithm with an error.
+ If <var>plaintext</var> is not a multiple of 64 bits in length,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -10372,8 +10656,9 @@
</li>
<li>
<p>
- If the Key Unwrap operation returns an error, terminate this algorithm with an
- error.
+ If the Key Unwrap operation returns an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -10396,27 +10681,33 @@
<li>
<p>
If any of the members of <a href="#aes-keygen-params">AesKeyGenParams</a> are
- not present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ not present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesKeyGenParams-length">length</a> property of
<var>normalizedAlgorithm</var> is not equal to one of
- 128, 192 or 256, terminate this algorithm with an error.
+ 128, 192 or 256,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> contains any entry which is not a case-sensitive string
- match for one of <code>"wrapKey"</code> or <code>"unwrapKey"</code>, terminate
- this algorithm with an error.
- </p>
- </li>
- <li>
- <p>
- If the key generation step fails, terminate this algorithm with an error.
+ match for one of <code>"wrapKey"</code> or <code>"unwrapKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the key generation step fails,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -10478,7 +10769,9 @@
<p>
If <var>usages</var> contains an entry which is not a case-sensitive string
match for one of <code>"wrapKey"</code> or <code>"unwrapKey"</code>,
- terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -10494,7 +10787,9 @@
<li>
<p>
If the length in bits of <var>data</var> is not 128, 192 or 256
- then terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
</ol>
@@ -10511,15 +10806,17 @@
<li>
<p>
If the <code>"kty"</code> field of <var>jwk</var> is not a
- case-sensitive string match to <code>"oct"</code>, terminate
- this algorithm with an error.
+ case-sensitive string match to <code>"oct"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If <var>jwk</var> does not meet the requirements of
- Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>, terminate this
- algorithm with an error.
+ Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -10532,25 +10829,32 @@
<dl class="switch">
<dt>If <var>data</var> has length 128 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A128KW"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A128KW"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>If <var>data</var> has length 192 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A192KW"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A192KW"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>If <var>data</var> has length 256 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"A256KW"</code>, terminate
- this algorithm with an error.</dd>
+ not a case-sensitive string match to <code>"A256KW"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </dd>
</dl>
</li>
<li>
<p>
If the <code>"use"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"enc"</code>, terminate
- this algorithm with an error.
+ not a case-sensitive string match to <code>"enc"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -10559,19 +10863,23 @@
is invalid according to the requirements of
<a href="#jwk">JSON Web Key</a> or
does not contain all of the specified <var>usages</var> values,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"ext"</code> field of <var>jwk</var> is present and
has the value false and <var>extractable</var> is true,
- terminate this algorithm with an error.
- </p>
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>. </p>
</li>
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
</dl>
</li>
<li>
@@ -10723,15 +11031,17 @@
<p>
If any of the members of
<a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a> are not present in
- <var>normalizedDerivedKeyAlgorithm</var>, terminate this algorithm with an
- error.
+ <var>normalizedDerivedKeyAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
- <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256, terminate
- this algorithm with an error.
+ <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -10905,8 +11215,9 @@
<li>
<p>
If the <a href="#dfn-HmacKeyGenParams-hash">hash</a> property is
- not present in <var>normalizedAlgorithm</var>, terminate
- this algorithm with an error.
+ not present in <var>normalizedAlgorithm</var>, then
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -10930,14 +11241,18 @@
property of <var>normalizedAlgorithm</var>.
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </dd>
</dl>
</li>
<li>
<p>
If <var>usages</var> contains any entry which is not a case-sensitive string
- match for <code>"sign"</code> or <code>"verify"</code>, terminate this
- algorithm with an error.
+ match for <code>"sign"</code> or <code>"verify"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -10947,7 +11262,9 @@
</li>
<li>
<p>
- If the key generation step fails, terminate this algorithm with an error.
+ If the key generation step fails,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -11020,8 +11337,9 @@
<li>
<p>
If <var>usages</var> contains an entry which is not a case-sensitive string
- match for <code>"sign"</code> or <code>"verify"</code>, terminate this
- algorithm with an error.
+ match for <code>"sign"</code> or <code>"verify"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -11042,7 +11360,9 @@
<li>
<p>
If the length in bits of <var>data</var> is zero
- then terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -11059,7 +11379,10 @@
property of <var>normalizedAlgorithm</var>.
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </dd>
</dl>
</li>
</ol>
@@ -11076,15 +11399,17 @@
<li>
<p>
If the <code>"kty"</code> field of <var>jwk</var> is not a
- case-sensitive string match to <code>"oct"</code>, terminate
- this algorithm with an error.
+ case-sensitive string match to <code>"oct"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If <var>jwk</var> does not meet the requirements of
- Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>, terminate this
- algorithm with an error.
+ Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -11120,7 +11445,8 @@
<dd>
If the <code>"alg"</code> field of <var>jwk</var> is present
and is not a case-sensitive string match to <code>"HS1"</code>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</dd>
<dt>
If the <a href="#dfn-KeyAlgorithm-name">name</a> property of
@@ -11130,7 +11456,9 @@
<dd>
If the <code>"alg"</code> field of <var>jwk</var> is present
and is not a case-sensitive string match to <code>"HS224"</code>,
- terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</dd>
<dt>
If the <a href="#dfn-KeyAlgorithm-name">name</a> property of
@@ -11140,7 +11468,9 @@
<dd>
If the <code>"alg"</code> field of <var>jwk</var> is present
and is not a case-sensitive string match to <code>"HS256"</code>,
- terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</dd>
<dt>
If the <a href="#dfn-KeyAlgorithm-name">name</a> property of
@@ -11150,7 +11480,9 @@
<dd>
If the <code>"alg"</code> field of <var>jwk</var> is present
and is not a case-sensitive string match to <code>"HS384"</code>,
- terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</dd>
<dt>
If the <a href="#dfn-KeyAlgorithm-name">name</a> property of
@@ -11160,10 +11492,15 @@
<dd>
If the <code>"alg"</code> field of <var>jwk</var> is present
and is not a case-sensitive string match to <code>"HS512"</code>,
- terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </dd>
</dl>
</li>
</ol>
@@ -11174,7 +11511,9 @@
<li>
<p>
If the <code>alg</code> field of <var>jwk</var> is not present,
- terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -11220,7 +11559,10 @@
<var>hash</var> to <code>"SHA-512"</code>.
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorthm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </dd>
</dl>
</li>
</ol>
@@ -11230,8 +11572,9 @@
<li>
<p>
If the <code>"use"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"sign"</code>, terminate
- this algorithm with an error.
+ not a case-sensitive string match to <code>"sign"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -11240,19 +11583,26 @@
is invalid according to the requirements of
<a href="#jwk">JSON Web Key</a> or
does not contain all of the specified <var>usages</var> values,
- terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>"ext"</code> field of <var>jwk</var> is present and
has the value false and <var>extractable</var> is true,
- terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
</dl>
</li>
<li>
@@ -11425,8 +11775,9 @@
<li>
<p>
If the <a href="#dfn-HmacImportParams-hash">hash</a> property is
- not present in <var>normalizedDerivedKeyAlgorithm</var>, terminate
- this algorithm with an error.
+ not present in <var>normalizedDerivedKeyAlgorithm</var>, then
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -11450,7 +11801,10 @@
property of <var>normalizedDerivedKeyAlgorithm</var>.
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </dd>
</dl>
</li>
<li>
@@ -11571,14 +11925,17 @@
<p>
If any of the members of <a href="#dfn-DhKeyGenParams">DhKeyGenParams</a> are
not present in <var>normalizedAlgorithm</var>,
- terminate this algorithm with an error.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If <var>usages</var> contains a value which is not a case-sensitive string match
for one of <code>"deriveKey"</code> or <code>"deriveBits"</code>,
- terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -11593,8 +11950,9 @@
</li>
<li>
<p>
- If performing the operation results in an error, terminate this algorithm
- with an error.
+ If performing the operation results in an error,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -11717,8 +12075,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var>
- is not a case-sensitive string match for <code>"private"</code>, terminate this
- algorithm with an error.
+ is not a case-sensitive string match for <code>"private"</code>, then
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -11731,8 +12090,9 @@
<li>
<p>
If any of the members of <a href="#dfn-DhKeyDeriveParams">DhKeyDeriveParams</a> are not present in
- <var>normalizedAlgorithm</var>, terminate this
- algorithm with an error.
+ <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -11747,14 +12107,18 @@
If the <a href="#dfn-KeyAlgorithm-name">name</a> property of the
<a href="#dfn-Key-algorithm">algorithm</a> property of <var>publicKey</var> is
not a case-sensitive string match for
- <code>"DH"</code>, terminate this algorithm with an error.
+ <code>"DH"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>publicKey</var>
is not a case-sensitive string match for
- <code>"public"</code>, terminate this algorithm with an error.
+ <code>"public"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -11763,7 +12127,9 @@
<a href="#dfn-Key-algorithm">algorithm</a> property of <var>publicKey</var>
is not equal to the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> property of the
<a href="#dfn-Key-algorithm">algorithm</a> property of <var>key</var>,
- terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -11773,7 +12139,9 @@
is not equal to the <a href="#dfn-DhKeyAlgorithm-generator">generator</a>
property of the
<a href="#dfn-Key-algorithm">algorithm</a> property of <var>key</var>,
- terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -11786,7 +12154,10 @@
<var>normalizedAlgorithm</var> as the other's public value <var>PV'</var>.
<dl class="switch">
<dt>If performing the operation results in an error:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
+ </dd>
<dt>Otherwise:</dt>
<dd>
Let <var>secret</var> be the output of the DH Phase II, <var>SK</var>.
@@ -11801,7 +12172,10 @@
If the length of <var>secret</var> in bits is less than
<var>length</var>:
</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </dd>
<dt>Otherwise:</dt>
<dd>Return the first <var>length</var> bits of <var>secret</var>.</dd>
</dl>
@@ -11832,13 +12206,16 @@
<li>
<p>
If any of the members of <a href="#dfn-DhImportKeyParams">DhImportKeyParams</a> are not present in
- <var>normalizedAlgorithm</var>, terminate this algorithm with an error.
+ <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
- If <var>extractable</var> is false, terminate this algorithm with an
- error.
+ If <var>extractable</var> is false,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -11925,7 +12302,9 @@
</li>
<li>
<p>
- If an error occured while parsing, terminate this algorithm with an error.
+ If an error occured while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -11933,14 +12312,17 @@
If the <code>algorithm</code> object identifier field of the
<code>algorithm</code> AlgorithmIdentifier field of <var>spki</var> is not
equivalent to the <code>dhKeyAgreement</code> OID defined in Section 9
- of [<a href="#PKCS3">PKCS #3</a>], terminate this algorithm with an error.
+ of [<a href="#PKCS3">PKCS #3</a>],
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>parameters</code> field of the <code>algorithm</code>
- AlgorithmIdentifier field of <var>spki</var> is absent, terminate
- the algorithm with an error.
+ AlgorithmIdentifier field of <var>spki</var> is absent,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -11953,7 +12335,9 @@
<p>
If <var>params</var> is not an instance of the <code>DHParameter</code>
ASN.1 type defined in Section 9 of <a href="#PKCS3">PKCS #3</a>,
- terminate the algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -12033,7 +12417,9 @@
<p>
If <var>usages</var> contains a value which is not a case-sensitive string
match for one of <code>"deriveKey"</code> or <code>"deriveBits"</code>,
- terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -12045,7 +12431,9 @@
</li>
<li>
<p>
- If an error occurred while parsing, terminate this algorithm with an error.
+ If an error occurred while parsing,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -12054,15 +12442,18 @@
<code>algorithm</code> AlgorithmIdentifier field of
<var>privateKeyInfo</var> is not
equivalent to the <code>dhKeyAgreement</code> OID defined in Section 9
- of [<a href="#PKCS3">PKCS #3</a>], terminate this algorithm with an error.
+ of [<a href="#PKCS3">PKCS #3</a>],
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>parameters</code> field of the
<code>privateKeyAlgorithm</code> PrivateKeyAlgorithmIdentifier field of
- <var>privateKeyInfo</var> is absent, terminate the algorithm with an
- error.
+ <var>privateKeyInfo</var> is absent,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -12076,7 +12467,9 @@
<p>
If <var>params</var> is not an instance of the <code>DHParameter</code>
ASN.1 type defined in Section 9 of <a href="#PKCS3">PKCS #3</a>,
- terminate the algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -12147,7 +12540,10 @@
</ol>
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
</dl>
</dd>
<dt>Export Key</dt>
@@ -12188,7 +12584,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var> is
- not <code>"public"</code>, terminate this algorithm with an error.
+ not <code>"public"</code>, then
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -12256,8 +12654,9 @@
<li>
<p>
If the <a href="#dfn-Key-type">type</a> property of <var>key</var> is
- not <code>"private"</code>, terminate this algorithm with an
- error.
+ not <code>"private"</code>, then
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
</p>
</li>
<li>
@@ -12318,7 +12717,10 @@
</ol>
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
</dl>
</li>
<li>
@@ -12543,8 +12945,9 @@
<a href="#dfn-ConcatParams-algorithmId">algorithmId</a>,
<a href="#dfn-ConcatParams-partyUInfo">partyUInfo</a> or
<a href="#dfn-ConcatParams-partyVInfo">partyVInfo</a> properties are not
- present in <var>normalizedAlgorithm</var>, terminate this algorithm with an
- error.
+ present in <var>normalizedAlgorithm</var>, then
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -12571,7 +12974,9 @@
</li>
<li>
<p>
- If the operation fails, terminate this algorithm with an error.
+ If the operation fails,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -12593,7 +12998,9 @@
<p>
If <var>usages</var> contains a value that is not a case-sensitive string
match for <code>"deriveKey"</code> or <code>"deriveBits"</code>,
- terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -12648,7 +13055,10 @@
</ol>
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
</dl>
</dd>
<dt>Get length</dt>
@@ -12742,7 +13152,9 @@
<ol>
<li>
<p>
- If <var>length</var> is null, terminate this algorithm with an error.
+ If <var>length</var> is null,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -12755,16 +13167,18 @@
<li>
<p>
If any of the members of <a href="#dfn-HkdfCtrParams">HkdfCtrParams</a> are
- not present in <var>normalizedAlgorithm</var>, terminate this algorithm
- with an error.
+ not present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-HkdfCtrParams-hash">hash</a> property of
<var>normalizedAlgorithm</var> does not describe a <a href="#algorithms">
- recognised algorithm</a> that supports the digest operation, terminate
- this algorithm with an error.
+ recognised algorithm</a> that supports the digest operation, then
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
</p>
</li>
<li>
@@ -12840,8 +13254,9 @@
</li>
<li>
<p>
- If the key derivation operation terminates with an error, terminate this
- algorithm with an error.
+ If the key derivation operation fails,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -12863,7 +13278,9 @@
<p>
If <var>usages</var> contains a value that is not a case-sensitive string
match for <code>"deriveKey"</code> or <code>"deriveBits"</code>,
- terminate this algorithm with an error.
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -12918,7 +13335,10 @@
</ol>
</dd>
<dt>Otherwise:</dt>
- <dd>Terminate this algorithm with an error.</dd>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
</dl>
</dd>
<dt>Get length</dt>
@@ -13019,22 +13439,25 @@
<li>
<p>
If any of the members of <a href="#dfn-Pbkdf2Params">Pbkdf2Params</a> are
- not present in <var>normalizedAlgorithm</var>, terminate this algorithm with
- an error.
- </p>
- </li>
- <li>
- <p>
- If <var>length</var> is null or is not a multiple of 8, terminate this
- algorithm with an error.
+ not present in <var>normalizedAlgorithm</var>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>length</var> is null or is not a multiple of 8,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <a href="#dfn-Pbkdf2Params-hash">hash</a> property of
<var>normalizedAlgorithm</var> does not describe a <a href="#algorithms">
- recognised algorithm</a> that supports the digest operation, terminate
- this algorithm with an error.
+ recognised algorithm</a> that supports the digest operation, then
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
</p>
</li>
<li>
@@ -13060,8 +13483,9 @@
</li>
<li>
<p>
- If the key derivation operation encounters an error, terminate this algorithm
- with an error.
+ If the key derivation operation fails,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-OperationError"><code>OperationError</code></a>.
</p>
</li>
<li>
@@ -13077,12 +13501,16 @@
<li>
<p>
If <var>usages</var> contains any element that is not a case-sensitive string
- match for <code>"deriveKey"</code>, terminate this algorithm with an error.
- </p>
- </li>
- <li>
- <p>
- If <var>extractable</var> is true, terminate this algorithm with an error.
+ match for <code>"deriveKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>extractable</var> is true,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -13146,13 +13574,17 @@
<li>
<p>
If <var>format</var> is not a case-sensitive string match for
- <code>"raw"</code>, terminate this algorithm with an error.
+ <code>"raw"</code>,
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
</p>
</li>
<li>
<p>
If <var>usages</var> contains any element that is not a case-sensitive string
- match for <code>"deriveKey"</code>, terminate this algorithm with an error.
+ match for <code>"deriveKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -13258,7 +13690,8 @@
<li>
<p>
If <var>mappedAlgorithm</var> contains any non-ASCII characters,
- throw a <code>SyntaxError</code> and return from this algorithm.
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -13276,7 +13709,8 @@
</li>
<li>
<p>
- Otherwise, terminate this algorithm with an error.
+ Otherwise, <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
</ol>