Bug 25816 - DH pkcs8 import should return DataError, not OperationError, if SPKI parsing fails.
--- a/spec/Overview-WebCryptoAPI.xml Mon Jun 16 00:00:00 2014 -0700
+++ b/spec/Overview-WebCryptoAPI.xml Mon Jun 16 00:00:00 2014 -0700
@@ -14730,9 +14730,8 @@
<p>
If <var>usages</var> contains a value which is not
one of <code>"deriveKey"</code> or <code>"deriveBits"</code>,
-
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -14902,31 +14901,27 @@
</li>
<li>
<p>
- If the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of the
- <a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>publicKey</var> is
- not <code>"DH"</code>,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the <a href="#dfn-Key-type">type</a> attribute of <var>publicKey</var>
- is not
- <code>"public"</code>,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of the
- <a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>publicKey</var>
- is not equal to the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of the
- <a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>key</var>,
-
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ If the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of the <a
+ href="#dfn-Key-algorithm">algorithm</a> attribute of <var>publicKey</var> is
+ not <code>"DH"</code>, then <a href="#concept-return-an-error">return an
+ error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <a href="#dfn-Key-type">type</a> attribute of <var>publicKey</var> is
+ not <code>"public"</code>, then <a href="#concept-return-an-error">return an
+ error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of the <a
+ href="#dfn-Key-algorithm">algorithm</a> attribute of <var>publicKey</var> is
+ not equal to the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of
+ the <a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>key</var>,
+ then <a href="#concept-return-an-error">return an error</a> named <a
+ href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -14934,20 +14929,17 @@
If the <a href="#dfn-DhKeyAlgorithm-generator">generator</a> attribute of the
<a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>publicKey</var>
is not equal to the <a href="#dfn-DhKeyAlgorithm-generator">generator</a>
- attribute of the
- <a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>key</var>,
-
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Perform the Diffie-Hellman Phase II algorithm as specified in
- Section 8 of [<a href="#PKCS3">PKCS #3</a>]
- with <var>key</var> as the DH private value <var>x</var> and the
- Diffie-Hellman public value represented by the
- <a href="#dfn-DhKeyDeriveParams-public">public</a> member of
+ attribute of the <a href="#dfn-Key-algorithm">algorithm</a> attribute of
+ <var>key</var>, then <a href="#concept-return-an-error">return an error</a>
+ named <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Perform the Diffie-Hellman Phase II algorithm as specified in Section 8 of [<a
+ href="#PKCS3">PKCS #3</a>] with <var>key</var> as the DH private value
+ <var>x</var> and the Diffie-Hellman public value represented by the <a
+ href="#dfn-DhKeyDeriveParams-public">public</a> member of
<var>normalizedAlgorithm</var> as the other's public value <var>PV'</var>.
</p>
<dl class="switch">
@@ -15104,27 +15096,27 @@
</li>
<li>
<p>
- If an error occurred while parsing,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ If an error occurred while parsing, then <a
+ href="#concept-return-an-error">return an error</a> named <a
+ href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>algorithm</code> object identifier field of the
<code>algorithm</code> AlgorithmIdentifier field of <var>spki</var> is not
- equivalent to the <code>dhKeyAgreement</code> OID defined in Section 9
- of [<a href="#PKCS3">PKCS #3</a>],
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ equivalent to the <code>dhKeyAgreement</code> OID defined in Section 9 of
+ [<a href="#PKCS3">PKCS #3</a>], then <a
+ href="#concept-return-an-error">return an error</a> named <a
+ href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>parameters</code> field of the <code>algorithm</code>
- AlgorithmIdentifier field of <var>spki</var> is absent,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ AlgorithmIdentifier field of <var>spki</var> is absent, then <a
+ href="#concept-return-an-error">return an error</a> named <a
+ href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -15136,10 +15128,9 @@
<li>
<p>
If <var>params</var> is not an instance of the <code>DHParameter</code>
- ASN.1 type defined in Section 9 of <a href="#PKCS3">PKCS #3</a>,
-
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ ASN.1 type defined in Section 9 of <a href="#PKCS3">PKCS #3</a>, then <a
+ href="#concept-return-an-error">return an error</a> named <a
+ href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -15218,11 +15209,10 @@
<ol>
<li>
<p>
- If <var>usages</var> contains a value which is not
- one of <code>"deriveKey"</code> or <code>"deriveBits"</code>,
-
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ If <var>usages</var> contains a value which is not one of
+ <code>"deriveKey"</code> or <code>"deriveBits"</code>, then <a
+ href="#concept-return-an-error">return an error</a> named <a
+ href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -15234,29 +15224,28 @@
</li>
<li>
<p>
- If an error occurred while parsing,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-OperationError"><code>OperationError</code></a>.
+ If an error occurred while parsing, then <a
+ href="#concept-return-an-error">return an error</a> named <a
+ href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>algorithm</code> object identifier field of the
<code>algorithm</code> AlgorithmIdentifier field of
- <var>privateKeyInfo</var> is not
- equivalent to the <code>dhKeyAgreement</code> OID defined in Section 9
- of [<a href="#PKCS3">PKCS #3</a>],
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ <var>privateKeyInfo</var> is not equivalent to the
+ <code>dhKeyAgreement</code> OID defined in Section 9 of [<a
+ href="#PKCS3">PKCS #3</a>], then <a href="#concept-return-an-error">return
+ an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>parameters</code> field of the
<code>privateKeyAlgorithm</code> PrivateKeyAlgorithmIdentifier field of
- <var>privateKeyInfo</var> is absent,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ <var>privateKeyInfo</var> is absent, then <a
+ href="#concept-return-an-error">return an error</a> named <a
+ href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -15269,10 +15258,9 @@
<li>
<p>
If <var>params</var> is not an instance of the <code>DHParameter</code>
- ASN.1 type defined in Section 9 of <a href="#PKCS3">PKCS #3</a>,
-
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ ASN.1 type defined in Section 9 of <a href="#PKCS3">PKCS #3</a>, then <a
+ href="#concept-return-an-error">return an error</a> named <a
+ href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
--- a/spec/Overview.html Mon Jun 16 00:00:00 2014 -0700
+++ b/spec/Overview.html Mon Jun 16 00:00:00 2014 -0700
@@ -14506,9 +14506,8 @@
<p>
If <var>usages</var> contains a value which is not
one of <code>"deriveKey"</code> or <code>"deriveBits"</code>,
-
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -14677,31 +14676,24 @@
</li>
<li>
<p>
- If the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of the
- <a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>publicKey</var> is
- not <code>"DH"</code>,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the <a href="#dfn-Key-type">type</a> attribute of <var>publicKey</var>
- is not
- <code>"public"</code>,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of the
- <a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>publicKey</var>
- is not equal to the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of the
- <a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>key</var>,
-
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ If the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of the <a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>publicKey</var> is
+ not <code>"DH"</code>, then <a href="#concept-return-an-error">return an
+ error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <a href="#dfn-Key-type">type</a> attribute of <var>publicKey</var> is
+ not <code>"public"</code>, then <a href="#concept-return-an-error">return an
+ error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of the <a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>publicKey</var> is
+ not equal to the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of
+ the <a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>key</var>,
+ then <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -14709,20 +14701,15 @@
If the <a href="#dfn-DhKeyAlgorithm-generator">generator</a> attribute of the
<a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>publicKey</var>
is not equal to the <a href="#dfn-DhKeyAlgorithm-generator">generator</a>
- attribute of the
- <a href="#dfn-Key-algorithm">algorithm</a> attribute of <var>key</var>,
-
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Perform the Diffie-Hellman Phase II algorithm as specified in
- Section 8 of [<a href="#PKCS3">PKCS #3</a>]
- with <var>key</var> as the DH private value <var>x</var> and the
- Diffie-Hellman public value represented by the
- <a href="#dfn-DhKeyDeriveParams-public">public</a> member of
+ attribute of the <a href="#dfn-Key-algorithm">algorithm</a> attribute of
+ <var>key</var>, then <a href="#concept-return-an-error">return an error</a>
+ named <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Perform the Diffie-Hellman Phase II algorithm as specified in Section 8 of [<a href="#PKCS3">PKCS #3</a>] with <var>key</var> as the DH private value
+ <var>x</var> and the Diffie-Hellman public value represented by the <a href="#dfn-DhKeyDeriveParams-public">public</a> member of
<var>normalizedAlgorithm</var> as the other's public value <var>PV'</var>.
</p>
<dl class="switch">
@@ -14872,27 +14859,21 @@
</li>
<li>
<p>
- If an error occurred while parsing,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ If an error occurred while parsing, then <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>algorithm</code> object identifier field of the
<code>algorithm</code> AlgorithmIdentifier field of <var>spki</var> is not
- equivalent to the <code>dhKeyAgreement</code> OID defined in Section 9
- of [<a href="#PKCS3">PKCS #3</a>],
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ equivalent to the <code>dhKeyAgreement</code> OID defined in Section 9 of
+ [<a href="#PKCS3">PKCS #3</a>], then <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>parameters</code> field of the <code>algorithm</code>
- AlgorithmIdentifier field of <var>spki</var> is absent,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ AlgorithmIdentifier field of <var>spki</var> is absent, then <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -14904,10 +14885,7 @@
<li>
<p>
If <var>params</var> is not an instance of the <code>DHParameter</code>
- ASN.1 type defined in Section 9 of <a href="#PKCS3">PKCS #3</a>,
-
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ ASN.1 type defined in Section 9 of <a href="#PKCS3">PKCS #3</a>, then <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -14985,11 +14963,8 @@
<ol>
<li>
<p>
- If <var>usages</var> contains a value which is not
- one of <code>"deriveKey"</code> or <code>"deriveBits"</code>,
-
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ If <var>usages</var> contains a value which is not one of
+ <code>"deriveKey"</code> or <code>"deriveBits"</code>, then <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -15001,29 +14976,23 @@
</li>
<li>
<p>
- If an error occurred while parsing,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-OperationError"><code>OperationError</code></a>.
+ If an error occurred while parsing, then <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>algorithm</code> object identifier field of the
<code>algorithm</code> AlgorithmIdentifier field of
- <var>privateKeyInfo</var> is not
- equivalent to the <code>dhKeyAgreement</code> OID defined in Section 9
- of [<a href="#PKCS3">PKCS #3</a>],
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ <var>privateKeyInfo</var> is not equivalent to the
+ <code>dhKeyAgreement</code> OID defined in Section 9 of [<a href="#PKCS3">PKCS #3</a>], then <a href="#concept-return-an-error">return
+ an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
<p>
If the <code>parameters</code> field of the
<code>privateKeyAlgorithm</code> PrivateKeyAlgorithmIdentifier field of
- <var>privateKeyInfo</var> is absent,
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ <var>privateKeyInfo</var> is absent, then <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>
@@ -15036,10 +15005,7 @@
<li>
<p>
If <var>params</var> is not an instance of the <code>DHParameter</code>
- ASN.1 type defined in Section 9 of <a href="#PKCS3">PKCS #3</a>,
-
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ ASN.1 type defined in Section 9 of <a href="#PKCS3">PKCS #3</a>, then <a href="#concept-return-an-error">return an error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
</p>
</li>
<li>