Bug 26413: ImportKey - validate usages as first step and return SyntaxError on failure
--- a/spec/Overview-WebCryptoAPI.xml Thu Sep 25 09:16:10 2014 -0700
+++ b/spec/Overview-WebCryptoAPI.xml Thu Sep 25 10:28:04 2014 -0700
@@ -4090,6 +4090,14 @@
<ol>
<li>
<p>
+ If <var>usages</var> contains an entry which is not
+ <code>"verify"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
Let <var>spki</var> be the result of running the
<a href="#concept-parse-a-spki">parse a subjectPublicKeyInfo</a>
algorithm over <var>keyData</var>.
@@ -4230,6 +4238,14 @@
<ol>
<li>
<p>
+ If <var>usages</var> contains an entry which is not
+ <code>"sign"</code>
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
Let <var>privateKeyInfo</var> be the result of running the
<a href="#concept-parse-a-privateKeyInfo">parse a privateKeyInfo</a>
algorithm over <var>keyData</var>.
@@ -4376,6 +4392,18 @@
</li>
<li>
<p>
+ If the <code>"d"</code> field of <var>jwk</var> is present and
+ <var>usages</var> contains an entry which is not
+ <code>"sign"</code>, or, if the <code>"d"</code> field of <var>jwk</var>
+ is not present and
+ <var>usages</var> contains an entry which is not
+ <code>"verify"</code>
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
If the <code>"kty"</code> field of <var>jwk</var> is not a
case-sensitive string match to <code>"RSA"</code>,
then <a href="#concept-return-an-error">return an error</a> named
@@ -5262,6 +5290,14 @@
<ol>
<li>
<p>
+ If <var>usages</var> contains an entry which is not
+ <code>"verify"</code>
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
Let <var>spki</var> be the result of running the
<a href="#concept-parse-a-spki">parse a subjectPublicKeyInfo</a>
algorithm over <var>keyData</var>.
@@ -5465,6 +5501,14 @@
<ol>
<li>
<p>
+ If <var>usages</var> contains an entry which is not
+ <code>"sign"</code>
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
Let <var>privateKeyInfo</var> be the result of running the
<a href="#concept-parse-a-privateKeyInfo">parse a privateKeyInfo</a>
algorithm over <var>keyData</var>.
@@ -5674,6 +5718,18 @@
</li>
<li>
<p>
+ If the <code>"d"</code> field of <var>jwk</var> is present and
+ <var>usages</var> contains an entry which is not
+ <code>"sign"</code>, or, if the <code>"d"</code> field of <var>jwk</var>
+ is not present and
+ <var>usages</var> contains an entry which is not
+ <code>"verify"</code>
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
If the <code>"kty"</code> field of <var>jwk</var> is not a
case-sensitive string match to <code>"RSA"</code>,
then <a href="#concept-return-an-error">return an error</a> named
@@ -6773,6 +6829,15 @@
<ol>
<li>
<p>
+ If <var>usages</var> contains an entry which is not
+ <code>"encrypt"</code> or
+ <code>"wrapKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
Let <var>spki</var> be the result of running the
<a href="#concept-parse-a-spki">parse a subjectPublicKeyInfo</a>
algorithm over <var>keyData</var>.
@@ -6975,6 +7040,14 @@
<ol>
<li>
<p>
+ If <var>usages</var> contains an entry which is not
+ <code>"decrypt"</code> or <code>"unwrapKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
Let <var>privateKeyInfo</var> be the result of running the
<a href="#concept-parse-a-privateKeyInfo">parse a privateKeyInfo</a>
algorithm over <var>keyData</var>.
@@ -7188,6 +7261,24 @@
</li>
<li>
<p>
+ If the <code>"d"</code> field of <var>jwk</var> is present and
+ <var>usages</var> contains an entry which is not
+ <code>"decrypt"</code> or <code>"unwrapKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <code>"d"</code> field of <var>jwk</var> is not present and
+ <var>usages</var> contains an entry which is not
+ <code>"encrypt"</code> or <code>"wrapKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
If the <code>"kty"</code> field of <var>jwk</var> is not a
case-sensitive string match to <code>"RSA"</code>,
then <a href="#concept-return-an-error">return an error</a> named
@@ -8428,6 +8519,14 @@
<ol>
<li>
<p>
+ If <var>usages</var> contains a value which is not
+ <code>"verify"</code>
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
Let <var>spki</var> be the result of running the
<a href="#concept-parse-a-spki">parse a subjectPublicKeyInfo</a>
algorithm over <var>keyData</var>
@@ -8570,6 +8669,14 @@
<ol>
<li>
<p>
+ If <var>usages</var> contains a value which is not
+ <code>"sign"</code>
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
Let <var>privateKeyInfo</var> be the result of running the
<a href="#concept-parse-a-privateKeyInfo">parse a privateKeyInfo</a>
algorithm over <var>keyData</var>.
@@ -8758,6 +8865,18 @@
</li>
<li>
<p>
+ If the <code>"d"</code> field is present and <var>usages</var> contains
+ a value which is not
+ <code>"sign"</code>, or,
+ if the <code>"d"</code> field is not present and <var>usages</var> contains
+ a value which is not
+ <code>"verify"</code>
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
If the <code>"kty"</code> field of <var>jwk</var> is not
<code>"EC"</code>,
then <a href="#concept-return-an-error">return an error</a> named
@@ -9767,6 +9886,13 @@
<ol>
<li>
<p>
+ If <var>usages</var> is not empty
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
Let <var>spki</var> be the result of running the
<a href="#concept-parse-a-spki">parse a subjectPublicKeyInfo</a>
algorithm over <var>keyData</var>
@@ -9910,6 +10036,14 @@
<ol>
<li>
<p>
+ If <var>usages</var> contains an entry which is not
+ <code>"deriveKey"</code> or <code>"deriveBits"</code>
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
Let <var>privateKeyInfo</var> be the result of running the
<a href="#concept-parse-a-privateKeyInfo">parse a privateKeyInfo</a>
algorithm over <var>keyData</var>.
@@ -10098,6 +10232,23 @@
</li>
<li>
<p>
+ If the <code>"d"</code> field is present and if <var>usages</var>
+ contains an entry which is not
+ <code>"deriveKey"</code> or <code>"deriveBits"</code>
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <code>"d"</code> field is present and if <var>usages</var> is not
+ empty
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
If the <code>"kty"</code> field of <var>jwk</var> is
to <code>"EC"</code>,
then <a href="#concept-return-an-error">return an error</a> named
@@ -10254,7 +10405,7 @@
<p>
If <var>usages</var> is not the empty list,
then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ <a href="#dfn-DataError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -11045,7 +11196,7 @@
one of <code>"encrypt"</code>, <code>"decrypt"</code>,
<code>"wrapKey"</code> or <code>"unwrapKey"</code>,
then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -11589,7 +11740,7 @@
one of <code>"encrypt"</code>, <code>"decrypt"</code>,
<code>"wrapKey"</code> or <code>"unwrapKey"</code>,
then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -12092,7 +12243,7 @@
If <var>usages</var> contains an entry which is not
<code>"sign"</code> or <code>"verify"</code>,
then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -12725,7 +12876,7 @@
one of <code>"encrypt"</code>, <code>"decrypt"</code>,
<code>"wrapKey"</code> or <code>"unwrapKey"</code>,
then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -13230,7 +13381,7 @@
one of <code>"encrypt"</code>, <code>"decrypt"</code>,
<code>"wrapKey"</code> or <code>"unwrapKey"</code>,
then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -13716,7 +13867,7 @@
one of <code>"wrapKey"</code> or <code>"unwrapKey"</code>,
then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -14273,7 +14424,7 @@
If <var>usages</var> contains an entry which is not
<code>"sign"</code> or <code>"verify"</code>,
then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -15171,6 +15322,13 @@
<ol>
<li>
<p>
+ If <var>usages</var> is not empty
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
If <var>extractable</var> is false,
then <a href="#concept-return-an-error">return an error</a> named
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -15247,6 +15405,13 @@
<ol>
<li>
<p>
+ If <var>usages</var> is not empty
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
Let <var>spki</var> be the result of running the <a
href="#concept-parse-a-spki">parse a subjectPublicKeyInfo</a> algorithm
over <var>keyData</var>.
@@ -15968,7 +16133,7 @@
<code>"deriveKey"</code> or <code>"deriveBits"</code>,
then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -16263,7 +16428,7 @@
<code>"deriveKey"</code> or <code>"deriveBits"</code>,
then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -16537,7 +16702,7 @@
<p>
If <var>usages</var> contains any element that is not
<code>"deriveKey"</code>, then <a href="#concept-return-an-error">return an
- error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
+ error</a> named <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
--- a/spec/Overview.html Thu Sep 25 09:16:10 2014 -0700
+++ b/spec/Overview.html Thu Sep 25 10:28:04 2014 -0700
@@ -4017,6 +4017,14 @@
<ol>
<li>
<p>
+ If <var>usages</var> contains an entry which is not
+ <code>"verify"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
Let <var>spki</var> be the result of running the
<a href="#concept-parse-a-spki">parse a subjectPublicKeyInfo</a>
algorithm over <var>keyData</var>.
@@ -4150,6 +4158,14 @@
<ol>
<li>
<p>
+ If <var>usages</var> contains an entry which is not
+ <code>"sign"</code>
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
Let <var>privateKeyInfo</var> be the result of running the
<a href="#concept-parse-a-privateKeyInfo">parse a privateKeyInfo</a>
algorithm over <var>keyData</var>.
@@ -4289,6 +4305,18 @@
</li>
<li>
<p>
+ If the <code>"d"</code> field of <var>jwk</var> is present and
+ <var>usages</var> contains an entry which is not
+ <code>"sign"</code>, or, if the <code>"d"</code> field of <var>jwk</var>
+ is not present and
+ <var>usages</var> contains an entry which is not
+ <code>"verify"</code>
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
If the <code>"kty"</code> field of <var>jwk</var> is not a
case-sensitive string match to <code>"RSA"</code>,
then <a href="#concept-return-an-error">return an error</a> named
@@ -5145,6 +5173,14 @@
<ol>
<li>
<p>
+ If <var>usages</var> contains an entry which is not
+ <code>"verify"</code>
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
Let <var>spki</var> be the result of running the
<a href="#concept-parse-a-spki">parse a subjectPublicKeyInfo</a>
algorithm over <var>keyData</var>.
@@ -5337,6 +5373,14 @@
<ol>
<li>
<p>
+ If <var>usages</var> contains an entry which is not
+ <code>"sign"</code>
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
Let <var>privateKeyInfo</var> be the result of running the
<a href="#concept-parse-a-privateKeyInfo">parse a privateKeyInfo</a>
algorithm over <var>keyData</var>.
@@ -5533,6 +5577,18 @@
</li>
<li>
<p>
+ If the <code>"d"</code> field of <var>jwk</var> is present and
+ <var>usages</var> contains an entry which is not
+ <code>"sign"</code>, or, if the <code>"d"</code> field of <var>jwk</var>
+ is not present and
+ <var>usages</var> contains an entry which is not
+ <code>"verify"</code>
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
If the <code>"kty"</code> field of <var>jwk</var> is not a
case-sensitive string match to <code>"RSA"</code>,
then <a href="#concept-return-an-error">return an error</a> named
@@ -6575,6 +6631,15 @@
<ol>
<li>
<p>
+ If <var>usages</var> contains an entry which is not
+ <code>"encrypt"</code> or
+ <code>"wrapKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
Let <var>spki</var> be the result of running the
<a href="#concept-parse-a-spki">parse a subjectPublicKeyInfo</a>
algorithm over <var>keyData</var>.
@@ -6766,6 +6831,14 @@
<ol>
<li>
<p>
+ If <var>usages</var> contains an entry which is not
+ <code>"decrypt"</code> or <code>"unwrapKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
Let <var>privateKeyInfo</var> be the result of running the
<a href="#concept-parse-a-privateKeyInfo">parse a privateKeyInfo</a>
algorithm over <var>keyData</var>.
@@ -6963,6 +7036,24 @@
</li>
<li>
<p>
+ If the <code>"d"</code> field of <var>jwk</var> is present and
+ <var>usages</var> contains an entry which is not
+ <code>"decrypt"</code> or <code>"unwrapKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <code>"d"</code> field of <var>jwk</var> is not present and
+ <var>usages</var> contains an entry which is not
+ <code>"encrypt"</code> or <code>"wrapKey"</code>,
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
If the <code>"kty"</code> field of <var>jwk</var> is not a
case-sensitive string match to <code>"RSA"</code>,
then <a href="#concept-return-an-error">return an error</a> named
@@ -8143,6 +8234,14 @@
<ol>
<li>
<p>
+ If <var>usages</var> contains a value which is not
+ <code>"verify"</code>
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
Let <var>spki</var> be the result of running the
<a href="#concept-parse-a-spki">parse a subjectPublicKeyInfo</a>
algorithm over <var>keyData</var>
@@ -8278,6 +8377,14 @@
<ol>
<li>
<p>
+ If <var>usages</var> contains a value which is not
+ <code>"sign"</code>
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
Let <var>privateKeyInfo</var> be the result of running the
<a href="#concept-parse-a-privateKeyInfo">parse a privateKeyInfo</a>
algorithm over <var>keyData</var>.
@@ -8458,6 +8565,18 @@
</li>
<li>
<p>
+ If the <code>"d"</code> field is present and <var>usages</var> contains
+ a value which is not
+ <code>"sign"</code>, or,
+ if the <code>"d"</code> field is not present and <var>usages</var> contains
+ a value which is not
+ <code>"verify"</code>
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
If the <code>"kty"</code> field of <var>jwk</var> is not
<code>"EC"</code>,
then <a href="#concept-return-an-error">return an error</a> named
@@ -9419,6 +9538,13 @@
<ol>
<li>
<p>
+ If <var>usages</var> is not empty
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
Let <var>spki</var> be the result of running the
<a href="#concept-parse-a-spki">parse a subjectPublicKeyInfo</a>
algorithm over <var>keyData</var>
@@ -9557,6 +9683,14 @@
<ol>
<li>
<p>
+ If <var>usages</var> contains an entry which is not
+ <code>"deriveKey"</code> or <code>"deriveBits"</code>
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
Let <var>privateKeyInfo</var> be the result of running the
<a href="#concept-parse-a-privateKeyInfo">parse a privateKeyInfo</a>
algorithm over <var>keyData</var>.
@@ -9740,6 +9874,23 @@
</li>
<li>
<p>
+ If the <code>"d"</code> field is present and if <var>usages</var>
+ contains an entry which is not
+ <code>"deriveKey"</code> or <code>"deriveBits"</code>
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <code>"d"</code> field is present and if <var>usages</var> is not
+ empty
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
If the <code>"kty"</code> field of <var>jwk</var> is
to <code>"EC"</code>,
then <a href="#concept-return-an-error">return an error</a> named
@@ -9883,7 +10034,7 @@
<p>
If <var>usages</var> is not the empty list,
then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ <a href="#dfn-DataError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -10637,7 +10788,7 @@
one of <code>"encrypt"</code>, <code>"decrypt"</code>,
<code>"wrapKey"</code> or <code>"unwrapKey"</code>,
then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -11162,7 +11313,7 @@
one of <code>"encrypt"</code>, <code>"decrypt"</code>,
<code>"wrapKey"</code> or <code>"unwrapKey"</code>,
then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -11660,7 +11811,7 @@
If <var>usages</var> contains an entry which is not
<code>"sign"</code> or <code>"verify"</code>,
then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -12276,7 +12427,7 @@
one of <code>"encrypt"</code>, <code>"decrypt"</code>,
<code>"wrapKey"</code> or <code>"unwrapKey"</code>,
then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -12761,7 +12912,7 @@
one of <code>"encrypt"</code>, <code>"decrypt"</code>,
<code>"wrapKey"</code> or <code>"unwrapKey"</code>,
then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -13236,7 +13387,7 @@
one of <code>"wrapKey"</code> or <code>"unwrapKey"</code>,
then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -13782,7 +13933,7 @@
If <var>usages</var> contains an entry which is not
<code>"sign"</code> or <code>"verify"</code>,
then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -14657,6 +14808,13 @@
<ol>
<li>
<p>
+ If <var>usages</var> is not empty
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
If <var>extractable</var> is false,
then <a href="#concept-return-an-error">return an error</a> named
<a href="#dfn-DataError"><code>DataError</code></a>.
@@ -14728,6 +14886,13 @@
<ol>
<li>
<p>
+ If <var>usages</var> is not empty
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
Let <var>spki</var> be the result of running the <a href="#concept-parse-a-spki">parse a subjectPublicKeyInfo</a> algorithm
over <var>keyData</var>.
</p>
@@ -15411,7 +15576,7 @@
<code>"deriveKey"</code> or <code>"deriveBits"</code>,
then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -15703,7 +15868,7 @@
<code>"deriveKey"</code> or <code>"deriveBits"</code>,
then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
+ <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>
@@ -15969,7 +16134,7 @@
<p>
If <var>usages</var> contains any element that is not
<code>"deriveKey"</code>, then <a href="#concept-return-an-error">return an
- error</a> named <a href="#dfn-DataError"><code>DataError</code></a>.
+ error</a> named <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
</p>
</li>
<li>