--- a/spec/Overview-WebCryptoAPI.xml Wed Oct 15 14:10:36 2014 -0700
+++ b/spec/Overview-WebCryptoAPI.xml Wed Oct 15 14:27:35 2014 -0700
@@ -7064,34 +7064,6 @@
<p>Let <var>keyData</var> be the key data to be imported.</p>
</li>
<li>
- <p>
- Perform any <a href="#dfn-rsa-oaep-extended-import-steps">key import steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
- specifications</a>, passing <var>keyData</var> and obtaining <var>result</var>.
- <dl class="switch">
- <dt>
- If <var>result</var> is a <a href="#dfn-CryptoKey">CryptoKey</a>
- object
- </dt>
- <dd>
- <p>
- Return <var>result</var>.
- </p>
- </dd>
- <dt>
- If <var>result</var> is an error with a name that is not
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
- </dt>
- <dd>
- <p>
- <a href="#concept-return-an-error">Return an error</a> with the same name
- as <var>result</var>.
- </p>
- </dd>
- </dl>
- </p>
- </li>
- <li>
<dl class="switch">
<dt>If <var>format</var> is <code>"spki"</code>:</dt>
<dd>
@@ -7214,10 +7186,26 @@
</dd>
<dt>Otherwise:</dt>
<dd>
- <p>
- <a href="#concept-return-an-error">Return an error</a> named
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
- </p>
+ <ol>
+ <li>
+ <p>
+ Perform any <a href="#dfn-rsa-oeap-extended-import-steps">key
+ import steps</a> defined by
+ <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>format</var>, <var>spki</var>
+ and obtaining <var>hash</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If an error occured or there are no
+ <a href="#dfn-applicable-specifications">applicable
+ specifications</a>,
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ </ol>
</dd>
</dl>
</li>
@@ -7254,22 +7242,32 @@
</dl>
</li>
<li>
- <p>
- If <var>hash</var> is defined, and is not equal to the <a
- href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
- href="#dfn-RsaHashedImportParams-hash">hash</a> member of
- <var>normalizedAlgorithm</var>, <a
- href="#concept-return-an-error">return an error</a> named <a
- href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Set <var>hash</var> to the <a
- href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
- href="#dfn-RsaHashedImportParams-hash">hash</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
+ <dl>
+ <dt>
+ If <var>hash</var> is not undefined:
+ </dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>normalizedHash</var> be the result of
+ <a href="#dfn-normalize-an-algorithm">normalize an algorithm</a>
+ with <code>alg</code> set to <var>hash</var> and <code>op</code> set
+ to <code>digest</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>normalizedHash</var> is not equal to the
+ <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+ <var>normalizedAlgorithm</var>, <a
+ href="#concept-return-an-error">return an error</a> named <a
+ href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ </dl>
</li>
<li>
<p>
@@ -7429,10 +7427,26 @@
</dd>
<dt>Otherwise:</dt>
<dd>
- <p>
- <a href="#concept-return-an-error">Return an error</a> named
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
- </p>
+ <ol>
+ <li>
+ <p>
+ Perform any <a href="#dfn-rsa-oeap-extended-import-steps">key
+ import steps</a> defined by
+ <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>format</var>, <var>spki</var>
+ and obtaining <var>hash</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If an error occured or there are no
+ <a href="#dfn-applicable-specifications">applicable
+ specifications</a>,
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ </ol>
</dd>
</dl>
</li>
@@ -7469,22 +7483,32 @@
</dl>
</li>
<li>
- <p>
- If <var>hash</var> is defined, and is not equal to the <a
- href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
- href="#dfn-RsaHashedImportParams-hash">hash</a> member of
- <var>normalizedAlgorithm</var>, <a
- href="#concept-return-an-error">return an error</a> named <a
- href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Set <var>hash</var> to the <a
- href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
- href="#dfn-RsaHashedImportParams-hash">hash</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
+ <dl>
+ <dt>
+ If <var>hash</var> is not undefined:
+ </dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>normalizedHash</var> be the result of
+ <a href="#dfn-normalize-an-algorithm">normalize an algorithm</a>
+ with <code>alg</code> set to <var>hash</var> and <code>op</code> set
+ to <code>digest</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>normalizedHash</var> is not equal to the
+ <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+ <var>normalizedAlgorithm</var>, <a
+ href="#concept-return-an-error">return an error</a> named <a
+ href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ </dl>
</li>
<li>
<p>
@@ -7573,11 +7597,6 @@
</p>
</li>
<li>
- <p>
- Let <var>hash</var> be a string whose initial value is undefined.
- </p>
- </li>
- <li>
<dl class="switch">
<dt>If the <code>alg</code> field of <var>jwk</var> is not present:</dt>
<dd>Let <var>hash</var> be undefined.</dd>
@@ -7603,22 +7622,56 @@
<dd>Let <var>hash</var> be the string <code>"SHA-512"</code>.</dd>
<dt>Otherwise:</dt>
<dd>
- <p>
- <a href="#concept-return-an-error">Return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
+ <ol>
+ <li>
+ <p>
+ Perform any <a href="#dfn-rsa-oaep-extended-import-steps">key
+ import steps</a> defined by
+ <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>format</var>, <var>jwk</var>
+ and obtaining <var>hash</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If an error occured or there are no
+ <a href="#dfn-applicable-specifications">applicable
+ specifications</a>,
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ </ol>
</dd>
</dl>
</li>
<li>
- <p>
- If <var>hash</var> is defined, and is not equal to the <a
- href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a
- href="#dfn-RsaHashedImportParams-hash">hash</a> member of
- <var>normalizedAlgorithm</var>, <a
- href="#concept-return-an-error">return an error</a> named <a
- href="#dfn-DataError"><code>DataError</code></a>.
- </p>
+ <dl>
+ <dt>
+ If <var>hash</var> is not undefined:
+ </dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>normalizedHash</var> be the result of
+ <a href="#dfn-normalize-an-algorithm">normalize an algorithm</a>
+ with <code>alg</code> set to <var>hash</var> and <code>op</code> set
+ to <code>digest</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>normalizedHash</var> is not equal to the
+ <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+ <var>normalizedAlgorithm</var>, <a
+ href="#concept-return-an-error">return an error</a> named <a
+ href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ </dl>
</li>
<li>
<dl class="switch">
@@ -7718,8 +7771,8 @@
<li>
<p>
Set the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of
- <var>algorithm</var> to a new <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a>
- whose <a href="#dfn-KeyAlgorithm-name">name</a> attribute is <var>hash</var>.
+ <var>algorithm</var> to the <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+ <var>normalizedAlgorithm</var>.
</p>
</li>
<li>
@@ -7751,45 +7804,6 @@
</p>
</li>
<li>
- <p>
- Perform any <a href="#dfn-rsa-oaep-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
- specifications</a>, passing <var>key</var> and obtaining <var>result</var>.
- <dl class="switch">
- <dt>
- If <var>format</var> is <code>"spki"</code> or <code>"pkcs8"</code> and
- <var>result</var> is an <a href="#dfn-ArrayBuffer">ArrayBuffer</a>
- object
- </dt>
- <dd>
- <p>
- Return <var>result</var>.
- </p>
- </dd>
- <dt>
- If <var>format</var> is <code>"jwk"</code> and
- <var>result</var> is not an error
- </dt>
- <dd>
- <p>
- Return <var>result</var>.
- </p>
- </dd>
- <dt>
- If <var>result</var> is an error with a name that is not
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
- </dt>
- <dd>
- <p>
- <a href="#concept-return-an-error">Return an error</a> with the same name
- as <var>result</var>.
- </p>
- </dd>
- </dl>
- </p>
- </li>
-
- <li>
<dl class="switch">
<dt>If <var>format</var> is <code>"spki"</code></dt>
<dd>
@@ -7847,7 +7861,8 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha1</code> defined in <a
href="#RFC3447">RFC 3447</a>.
</p>
@@ -7862,7 +7877,8 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha256</code> defined in <a
href="#RFC3447">RFC 3447</a>.
</p>
@@ -7877,7 +7893,8 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha384</code> defined in <a
href="#RFC3447">RFC 3447</a>.
</p>
@@ -7892,11 +7909,42 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha512</code> defined in <a
href="#RFC3447">RFC 3447</a>.
</p>
</dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Perform any <a href="#dfn-rsa-pss-extended-export-steps">key export steps</a>
+ defined by <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>format</var> and the
+ <a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+ the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
+ internal slot of <var>key</var>
+ and obtaining <var>hashOid</var> and <var>hashParams</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to <var>hashOid</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <var>params</var> field of <var>hashAlgorithm</var>
+ to
+ <var>hashParams</var> if <var>hashParams</var> is not
+ undefined and omit the <var>params</var> field otherwise.
+ </p>
+ </li>
+ </ol>
+ </dd>
</dl>
</li>
<li>
@@ -8007,7 +8055,8 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha1</code> defined in <a
href="#RFC3447">RFC 3447</a>.
</p>
@@ -8022,7 +8071,8 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha256</code> defined in <a
href="#RFC3447">RFC 3447</a>.
</p>
@@ -8037,7 +8087,8 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha384</code> defined in <a
href="#RFC3447">RFC 3447</a>.
</p>
@@ -8052,11 +8103,42 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha512</code> defined in <a
href="#RFC3447">RFC 3447</a>.
</p>
</dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Perform any <a href="#dfn-rsa-oaep-extended-export-steps">key export steps</a>
+ defined by <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>format</var> and the
+ <a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+ the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
+ internal slot of <var>key</var>
+ and obtaining <var>hashOid</var> and <var>hashParams</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to <var>hashOid</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <var>params</var> field of <var>hashAlgorithm</var>
+ to
+ <var>hashParams</var> if <var>hashParams</var> is not
+ undefined and omit the <var>params</var> field otherwise.
+ </p>
+ </li>
+ </ol>
+ </dd>
</dl>
</li>
<li>
@@ -8178,6 +8260,27 @@
<code>"RSA-OAEP-512"</code>.
</p>
</dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Perform any <a href="#dfn-rsa-oaep-extended-export-steps">key export steps</a>
+ defined by <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>format</var> and the
+ <a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+ the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
+ internal slot of <var>key</var>
+ and obtaining <var>alg</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <code>alg</code> attribute of <var>jwk</var> to <var>alg</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
</dl>
</li>
<li>
--- a/spec/Overview.html Wed Oct 15 14:10:36 2014 -0700
+++ b/spec/Overview.html Wed Oct 15 14:27:35 2014 -0700
@@ -6876,34 +6876,6 @@
<p>Let <var>keyData</var> be the key data to be imported.</p>
</li>
<li>
- <p>
- Perform any <a href="#dfn-rsa-oaep-extended-import-steps">key import steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
- specifications</a>, passing <var>keyData</var> and obtaining <var>result</var>.
- <dl class="switch">
- <dt>
- If <var>result</var> is a <a href="#dfn-CryptoKey">CryptoKey</a>
- object
- </dt>
- <dd>
- <p>
- Return <var>result</var>.
- </p>
- </dd>
- <dt>
- If <var>result</var> is an error with a name that is not
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
- </dt>
- <dd>
- <p>
- <a href="#concept-return-an-error">Return an error</a> with the same name
- as <var>result</var>.
- </p>
- </dd>
- </dl>
- </p>
- </li>
- <li>
<dl class="switch">
<dt>If <var>format</var> is <code>"spki"</code>:</dt>
<dd>
@@ -7026,10 +6998,26 @@
</dd>
<dt>Otherwise:</dt>
<dd>
- <p>
- <a href="#concept-return-an-error">Return an error</a> named
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
- </p>
+ <ol>
+ <li>
+ <p>
+ Perform any <a href="#dfn-rsa-oeap-extended-import-steps">key
+ import steps</a> defined by
+ <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>format</var>, <var>spki</var>
+ and obtaining <var>hash</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If an error occured or there are no
+ <a href="#dfn-applicable-specifications">applicable
+ specifications</a>,
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ </ol>
</dd>
</dl>
</li>
@@ -7062,16 +7050,30 @@
</dl>
</li>
<li>
- <p>
- If <var>hash</var> is defined, and is not equal to the <a href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
- <var>normalizedAlgorithm</var>, <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Set <var>hash</var> to the <a href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
+ <dl>
+ <dt>
+ If <var>hash</var> is not undefined:
+ </dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>normalizedHash</var> be the result of
+ <a href="#dfn-normalize-an-algorithm">normalize an algorithm</a>
+ with <code>alg</code> set to <var>hash</var> and <code>op</code> set
+ to <code>digest</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>normalizedHash</var> is not equal to the
+ <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+ <var>normalizedAlgorithm</var>, <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ </dl>
</li>
<li>
<p>
@@ -7225,10 +7227,26 @@
</dd>
<dt>Otherwise:</dt>
<dd>
- <p>
- <a href="#concept-return-an-error">Return an error</a> named
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
- </p>
+ <ol>
+ <li>
+ <p>
+ Perform any <a href="#dfn-rsa-oeap-extended-import-steps">key
+ import steps</a> defined by
+ <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>format</var>, <var>spki</var>
+ and obtaining <var>hash</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If an error occured or there are no
+ <a href="#dfn-applicable-specifications">applicable
+ specifications</a>,
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ </ol>
</dd>
</dl>
</li>
@@ -7261,16 +7279,30 @@
</dl>
</li>
<li>
- <p>
- If <var>hash</var> is defined, and is not equal to the <a href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
- <var>normalizedAlgorithm</var>, <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Set <var>hash</var> to the <a href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
+ <dl>
+ <dt>
+ If <var>hash</var> is not undefined:
+ </dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>normalizedHash</var> be the result of
+ <a href="#dfn-normalize-an-algorithm">normalize an algorithm</a>
+ with <code>alg</code> set to <var>hash</var> and <code>op</code> set
+ to <code>digest</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>normalizedHash</var> is not equal to the
+ <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+ <var>normalizedAlgorithm</var>, <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ </dl>
</li>
<li>
<p>
@@ -7358,11 +7390,6 @@
</p>
</li>
<li>
- <p>
- Let <var>hash</var> be a string whose initial value is undefined.
- </p>
- </li>
- <li>
<dl class="switch">
<dt>If the <code>alg</code> field of <var>jwk</var> is not present:</dt>
<dd>Let <var>hash</var> be undefined.</dd>
@@ -7388,18 +7415,54 @@
<dd>Let <var>hash</var> be the string <code>"SHA-512"</code>.</dd>
<dt>Otherwise:</dt>
<dd>
- <p>
- <a href="#concept-return-an-error">Return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
+ <ol>
+ <li>
+ <p>
+ Perform any <a href="#dfn-rsa-oaep-extended-import-steps">key
+ import steps</a> defined by
+ <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>format</var>, <var>jwk</var>
+ and obtaining <var>hash</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If an error occured or there are no
+ <a href="#dfn-applicable-specifications">applicable
+ specifications</a>,
+ <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ </ol>
</dd>
</dl>
</li>
<li>
- <p>
- If <var>hash</var> is defined, and is not equal to the <a href="#dfn-AlgorithmIdentifier-name">name</a> member of the <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
- <var>normalizedAlgorithm</var>, <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
+ <dl>
+ <dt>
+ If <var>hash</var> is not undefined:
+ </dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>normalizedHash</var> be the result of
+ <a href="#dfn-normalize-an-algorithm">normalize an algorithm</a>
+ with <code>alg</code> set to <var>hash</var> and <code>op</code> set
+ to <code>digest</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>normalizedHash</var> is not equal to the
+ <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+ <var>normalizedAlgorithm</var>, <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ </dl>
</li>
<li>
<dl class="switch">
@@ -7493,8 +7556,8 @@
<li>
<p>
Set the <a href="#dfn-RsaHashedKeyAlgorithm-hash">hash</a> attribute of
- <var>algorithm</var> to a new <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a>
- whose <a href="#dfn-KeyAlgorithm-name">name</a> attribute is <var>hash</var>.
+ <var>algorithm</var> to the <a href="#dfn-RsaHashedImportParams-hash">hash</a> member of
+ <var>normalizedAlgorithm</var>.
</p>
</li>
<li>
@@ -7525,45 +7588,6 @@
</p>
</li>
<li>
- <p>
- Perform any <a href="#dfn-rsa-oaep-extended-export-steps">key export steps</a>
- defined by <a href="#dfn-applicable-specifications">other applicable
- specifications</a>, passing <var>key</var> and obtaining <var>result</var>.
- <dl class="switch">
- <dt>
- If <var>format</var> is <code>"spki"</code> or <code>"pkcs8"</code> and
- <var>result</var> is an <a href="#dfn-ArrayBuffer">ArrayBuffer</a>
- object
- </dt>
- <dd>
- <p>
- Return <var>result</var>.
- </p>
- </dd>
- <dt>
- If <var>format</var> is <code>"jwk"</code> and
- <var>result</var> is not an error
- </dt>
- <dd>
- <p>
- Return <var>result</var>.
- </p>
- </dd>
- <dt>
- If <var>result</var> is an error with a name that is not
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
- </dt>
- <dd>
- <p>
- <a href="#concept-return-an-error">Return an error</a> with the same name
- as <var>result</var>.
- </p>
- </dd>
- </dl>
- </p>
- </li>
-
- <li>
<dl class="switch">
<dt>If <var>format</var> is <code>"spki"</code></dt>
<dd>
@@ -7617,7 +7641,8 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha1</code> defined in <a href="#RFC3447">RFC 3447</a>.
</p>
</dd>
@@ -7629,7 +7654,8 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha256</code> defined in <a href="#RFC3447">RFC 3447</a>.
</p>
</dd>
@@ -7641,7 +7667,8 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha384</code> defined in <a href="#RFC3447">RFC 3447</a>.
</p>
</dd>
@@ -7653,10 +7680,41 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha512</code> defined in <a href="#RFC3447">RFC 3447</a>.
</p>
</dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Perform any <a href="#dfn-rsa-pss-extended-export-steps">key export steps</a>
+ defined by <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>format</var> and the
+ <a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+ the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
+ internal slot of <var>key</var>
+ and obtaining <var>hashOid</var> and <var>hashParams</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to <var>hashOid</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <var>params</var> field of <var>hashAlgorithm</var>
+ to
+ <var>hashParams</var> if <var>hashParams</var> is not
+ undefined and omit the <var>params</var> field otherwise.
+ </p>
+ </li>
+ </ol>
+ </dd>
</dl>
</li>
<li>
@@ -7761,7 +7819,8 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha1</code> defined in <a href="#RFC3447">RFC 3447</a>.
</p>
</dd>
@@ -7773,7 +7832,8 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha256</code> defined in <a href="#RFC3447">RFC 3447</a>.
</p>
</dd>
@@ -7785,7 +7845,8 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha384</code> defined in <a href="#RFC3447">RFC 3447</a>.
</p>
</dd>
@@ -7797,10 +7858,41 @@
</dt>
<dd>
<p>
- Set the <var>algorithm</var> object identifier to the
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to the
OID <code>id-sha512</code> defined in <a href="#RFC3447">RFC 3447</a>.
</p>
</dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Perform any <a href="#dfn-rsa-oaep-extended-export-steps">key export steps</a>
+ defined by <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>format</var> and the
+ <a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+ the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
+ internal slot of <var>key</var>
+ and obtaining <var>hashOid</var> and <var>hashParams</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <var>algorithm</var> object identifier
+ of <var>hashAlgorithm</var> to <var>hashOid</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <var>params</var> field of <var>hashAlgorithm</var>
+ to
+ <var>hashParams</var> if <var>hashParams</var> is not
+ undefined and omit the <var>params</var> field otherwise.
+ </p>
+ </li>
+ </ol>
+ </dd>
</dl>
</li>
<li>
@@ -7912,6 +8004,28 @@
<code>"RSA-OAEP-512"</code>.
</p>
</dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Perform any <a href="#dfn-rsa-oaep-extended-export-steps">key export steps</a>
+ defined by <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>format</var> and the
+ <a href="#dfn-RsaHashedKeyAlgorithm">hash</a> attribute of
+ the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
+ internal slot of <var>key</var>
+ and obtaining <var>alg</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <code>alg</code> attribute of <var>jwk</var> to <var>alg</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+
</dl>
</li>
<li>