Bug 24410 - operation descriptions for AES GCM
authorMark Watson <watsonm@netflix.com>
Tue, 18 Feb 2014 11:20:27 -0800
changeset 113 1ed0fb7da636
parent 112 f7a0c1209ddf
child 114 66bec4453de5
Bug 24410 - operation descriptions for AES GCM
spec/Overview-WebCryptoAPI.xml
spec/Overview.html
--- a/spec/Overview-WebCryptoAPI.xml	Fri Feb 14 15:09:08 2014 -0800
+++ b/spec/Overview-WebCryptoAPI.xml	Tue Feb 18 11:20:27 2014 -0800
@@ -5602,24 +5602,500 @@
             <h4>AesGcmParams dictionary</h4>
             <x:codeblock language="idl">
 dictionary <dfn id="dfn-AesGcmParams">AesGcmParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-  <span class="comment">// The initialization vector to use. May be up to 2^56 bytes long.</span>
-  CryptoOperationData iv;
+  <span class="comment">// The initialization vector to use. May be up to 2^64-1 bytes long.</span>
+  CryptoOperationData <dfn id="dfn-AesGcmParams-iv">iv</dfn>;
   <span class="comment">// The additional authentication data to include.</span>
-  CryptoOperationData? additionalData;
+  CryptoOperationData? <dfn id="dfn-AesGcmParams-additionalData">additionalData</dfn>;
   <span class="comment">// The desired length of the authentication tag. May be 0 - 128.</span>
-  [EnforceRange] octet? tagLength;
+  [EnforceRange] octet? <dfn id="dfn-AesGcmParams-tagLength">tagLength</dfn>;
 };
             </x:codeblock>
           </div>
           <div id="aes-gcm-operations" class="section">
             <h4>Operations</h4>
-            <ul>
-              <li>Encrypt</li>
-              <li>Decrypt</li>
-              <li>Generate Key</li>
-              <li>Import Key</li>
-              <li>Export Key</li>
-           </ul>
+            <dl>
+              <dt>Encrypt</dt>
+              <dd>
+                <ol>
+                  <li>
+                    <p>
+                      If any of the members of <a href="#aes-gcm-params">AesGcmParams</a> are not
+                      present in <var>normalizedAlgorithm</var>, terminate
+                      this algorithm with an error.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If <var>plaintext</var> has a length greater than 2^39 - 256
+                      bytes, terminate this algorithm with an error.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If the <a href="#dfn-AesGcmParams-iv">iv</a> property of
+                      <var>normalizedAlgorithm</var> has a length greater than 2^64 - 1
+                      bytes, terminate this algorithm with an error.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If the <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property of
+                      <var>normalizedAlgorithm</var> has a length greater than 2^64 - 1
+                      bytes, terminate this algorithm with an error.
+                    </p>
+                  </li>
+                  <li>
+                    <dl class="switch">
+                      <dt>If the <a href="#dfn-AesGcmParams-tagLength">tagLength</a> property of
+                      <var>normalizedAlgorithm</var> is null:</dt>
+                      <dd>Let <var>tagLength</var> be 128.</dd>
+                      <dt>If the <a href="#dfn-AesGcmParams-tagLength">tagLength</a> property of
+                      <var>normalizedAlgorithm</var> is one of 32, 64, 96, 104, 112, 120 or 128:</dt>
+                      <dd>Let <var>tagLength</var> be equal to the
+                      <a href="#dfn-AesGcmParams-tagLength">tagLength</a> property of
+                       <var>normalizedAlgorithm</var></dd>
+                      <dt>Otherwise:</dt>
+                      <dd>Terminate this algorithm with an error.</dd>
+                    </dl>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>C</var> and <var>T</var> be the outputs that result from performing
+                      the Authenticated Encryption Function described in Section 7.1 of
+                      NIST SP 800-38D [<a href="#SP800-38D">SP800-38D</a>] using AES as the block
+                      cipher, the contents of the <a href="#dfn-AesGcmParams-iv">iv</a> property of
+                      <var>normalizedAlgorithm</var> as the <var>IV</var> input parameter, the
+                      <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property of
+                      <var>normalizedAlgorithm</var> as the <var>A</var> input parameter,
+                      <var>tagLength</var> as the <var>t</var> pre-requisite and
+                      <var>plaintext</var> as the input plaintext.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Return a new ArrayBuffer containing <var>C</var> | <var>T</var>
+                      where '|' denotes concatenation.
+                    </p>
+                  </li>
+                </ol>
+              </dd>
+              <dt>Decrypt</dt>
+              <dd>
+                <ol>
+                  <li>
+                    <p>
+                      If any of the members of <a href="#aes-gcm-params">AesGcmParams</a> are not
+                      present in <var>normalizedAlgorithm</var>, terminate
+                      this algorithm with an error.
+                    </p>
+                  </li>
+                  <li>
+                    <dl class="switch">
+                      <dt>If the <a href="#dfn-AesGcmParams-tagLangth">tagLength</a> property of
+                      <var>normalizedAlgorithm</var> is null:</dt>
+                      <dd>Let <var>tagLength</var> be 128.</dd>
+                      <dt>If the <a href="#dfn-AesGcmParams-tagLangth">tagLength</a> property of
+                      <var>normalizedAlgorithm</var> is one of 32, 64, 96, 104, 112, 120 or 128:</dt>
+                      <dd>Let <var>tagLength</var> be equal to the
+                      <a href="#dfn-AesGcmParams-tagLangth">tagLength</a> property of
+                       <var>normalizedAlgorithm</var></dd>
+                      <dt>Otherwise:</dt>
+                      <dd>Terminate this algorithm with an error.</dd>
+                    </dl>
+                  </li>
+                  <li>
+                    <p>
+                      If <var>plaintext</var> has a length less than <var>tagLength</var> bits,
+                      terminate this algorithm with an error.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If the <a href="#dfn-AesGcmParams-iv">iv</a> property of
+                      <var>normalizedAlgorithm</var> has a length greater than 2^64 - 1
+                      bytes, terminate this algorithm with an error.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If the <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property of
+                      <var>normalizedAlgorithm</var> has a length greater than 2^64 - 1
+                      bytes, terminate this algorithm with an error.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>tag</var> be the last <var>tagLength</var> bits of
+                      <var>ciphertext</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>actualCiphertext</var> be the result of removing the last <var>tagLength</var> bits
+                      from <var>ciphertext</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Perform the Authenticated Decryption Function described in Section 7.2 of
+                      NIST SP 800-38D [<a href="#SP800-38D">SP800-38D</a>] using AES as the block
+                      cipher, the contents of the <a href="#dfn-AesGcmParams-iv">iv</a> property of
+                      <var>normalizedAlgorithm</var> as the <var>IV</var> input parameter, the
+                      <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property of
+                      <var>normalizedAlgorithm</var> as the <var>A</var> input parameter,
+                      <var>tagLength</var> as the <var>t</var> pre-requisite,
+                      <var>actualCiphertext</var> as the input ciphertext, <var>C</var> and
+                      <var>tag</var> as the authentation tag, <var>T</var>.
+                      <dl class="switch">
+                        <dt>If the result of the algorithm is the indication of inauthenticity,
+                        "<var>FAIL</var>":</dt>
+                        <dd>Terminate this algorithm with an error.</dd>
+                        <dt>Otherwise:</dt>
+                        <dd>Let <var>plaintext</var> be the output <var>P</var> of the Authenticated
+                        Decryption Function.</dd>
+                      </dl>
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Return a new ArrayBuffer containing <var>plaintext</var>.
+                    </p>
+                  </li>
+                </ol>
+              </dd>
+              <dt>Generate Key</dt>
+              <dd>
+                <ol>
+                  <li>
+                    <p>
+                      If any of the members of <a href="#aes-keygen-params">AesKeyGenParams</a> are
+                      not present in <var>normalizedAlgorithm</var>, terminate
+                      this algorithm with an error.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If the <a href="#dfn-AesKeyGenParams-length">length</a> property of
+                      <var>normalizedAlgorithm</var> is not equal to one of
+                      128, 192 or 256, terminate this algorithm with an error.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If <var>usages</var> contains any entry which is not a case-sensitive string
+                      match for one of <code>"encrypt"</code>, <code>"decrypt"</code>,
+                      <code>"wrapKey"</code> or <code>"unwrapKey"</code>, terminate this algorithm
+                      with an error.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Generate an AES key of length
+                      equal to the <a href="#dfn-AesKeyGenParams-length">length</a> property of
+                      <var>normalizedAlgorithm</var>.
+                      <dl class="switch">
+                        <dt>If the key generation step fails:</dt>
+                        <dd>Terminate this algorithm with an error</dd>
+                        <dt>Otherwise:</dt>
+                        <dd>
+                          <ol>
+                            <li>
+                              <p>
+                                Let <var>key</var> be a new
+                                <a href="#dfn-key">Key</a> object representing the
+                                generated AES key.
+                              </p>
+                            </li>
+                            <li>
+                              <p>
+                                Let <var>algorithm</var> be a new
+                                <a href="#dfn-AesKeyAlgorithm">AesKeyAlgorithm</a>.
+                              </p>
+                            </li>
+                            <li>
+                              <p>
+                                Set the <a href="#dfn-KeyAlgorith-name">name</a> property of
+                                <var>algorithm</var> to <code>"AES-GCM"</code>.
+                              </p>
+                            </li>
+                            <li>
+                              <p>
+                                Set the <a href="#dfn-AesKeyAlgorithm-length">length</a> property of
+                                <var>algorithm</var> to equal the
+                                <a href="#dfn-AesKeyGenParams-length">length</a> property of
+                                <var>normalizedAlgorithm</var>.
+                              </p>
+                            </li>
+                            <li>
+                              <p>
+                                Set the <a href="#dfn-Key-algorithm">algorithm</a> property of
+                                <var>key</var> to <var>algorithm</var>.
+                              </p>
+                            </li>
+                            <li>
+                              <p>
+                                Set the <a href="#dfn-Key-extractable">extractable</a> property
+                                of <var>key</var> to be <var>extractable</var>.
+                              </p>
+                            </li>
+                            <li>
+                              <p>
+                                Set the <a href="#dfn-Key-keyUsages">keyUsages</a> property of
+                                <var>key</var> to be <var>usages</var>.
+                              </p>
+                            </li>
+                            <li>
+                              <p>
+                                Return <var>key</var>.
+                              </p>
+                            </li>
+                          </ol>
+                        </dd>
+                      </dl>
+                    </p>
+                  </li>
+                </ol>
+              </dd>
+              <dt>Import Key</dt>
+              <dd>
+                <ol>
+                  <li>
+                    <p>
+                      If <var>usages</var> contains an entry which is not a case-sensitive string
+                      match for one of <code>"encrypt"</code>, <code>"decrypt"</code>,
+                      <code>"wrapKey"</code> or <code>"unwrapKey"</code>, terminate this algorithm
+                      with an error.
+                    </p>
+                  </li>
+                  <li>
+                    <dl class="switch">
+                      <dt>If <var>format</var> is <code>"raw"</code>:</dt>
+                      <dd>
+                        <ol>
+                          <li>
+                            <p>
+                              Let <var>data</var> be the octet string contained in <var>keyData</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              If the length in bits of <var>data</var> is not 128, 192 or 256
+                              then terminate this algorithm with an error.
+                            </p>
+                          </li>
+                        </ol>
+                      </dd>
+                      <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
+                      <dd>
+                        <li>
+                          <p>
+                            Let <var>jwk</var> be the result of running the
+                            <a href="#concept-parse-a-jwk">parse a jwk</a>
+                            algorithm over <var>keyData</var>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            If the <code>"kty"</code> field of <var>jwk</var> is not a
+                            case-sensitive string match to <code>"oct"</code>, terminate
+                            this algorithm with an error.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            If <var>jwk</var> does not describe a valid JSON Web Key according to
+                            Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>, terminate this
+                            algorithm with an error.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Let <var>data</var> be the octet string obtained by decoding the
+                            <code>"k"</code> field of <var>jwk</var>.
+                          </p>
+                        </li>
+                        <li>
+                          <dl class="switch">
+                            <dt>If <var>data</var> has length 128 bits:</dt>
+                            <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
+                            not a case-sensitive string match to <code>"AES128GCM"</code>, terminate
+                            this algorithm with an error.</dd>
+                            <dt>If <var>data</var> has length 192 bits:</dt>
+                            <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
+                            not a case-sensitive string match to <code>"AES192GCM"</code>, terminate
+                            this algorithm with an error.</dd>
+                            <dt>If <var>data</var> has length 256 bits:</dt>
+                            <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
+                            not a case-sensitive string match to <code>"AES256GCM"</code>, terminate
+                            this algorithm with an error.</dd>
+                            <dt>Otherwise:</dt>
+                            <dd>Terminate this algorithm with an error.</dd>
+                          </dl>
+                        </li>
+                        <li>
+                          <p>
+                            If the <code>"use"</code> field of <var>jwk</var> is present, and is
+                            not a case-sensitive string match to <code>"enc"</code>, terminate
+                            this algorithm with an error.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            If the <code>"key_ops"</code> field of <var>jwk</var> is present, and
+                            does not contain all of the specified <var>usages</var> values,
+                            terminate this algorithm with an error.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            If the <code>"ext"</code> field of <var>jwk</var> is present and
+                            has the value false and <var>extractable</var> is true,
+                            terminate this algorithm with an error.
+                          </p>
+                        </li>
+                      </dd>
+                      <dt>Otherwise:</dt>
+                      <dd>Terminate this algorithm with an error.</dd>
+                    </dl>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>key</var> be a new <code><a href="#dfn-key">Key</a></code>
+                      object representing an AES key with value <var>data</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>algorithm</var> be a new
+                      <a href="#dfn-AesKeyAlgorithm">AesKeyAlgorithm</a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-KeyAlgorith-name">name</a> property of
+                      <var>algorithm</var> to <code>"AES-GCM"</code>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-AesKeyAlgorith-length">length</a> property of
+                      <var>algorithm</var> to the length, in bits, of <var>data</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-Key-algorithm">algorithm</a> property of <var>key</var>
+                      to <var>algorithm</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-Key-extractable">extractable</a> property of
+                      <var>key</var> to <var>extractable</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-Key-keyUsages">keyUsages</a> property of <var>key</var>
+                      to <var>usages</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Return <var>key</var>.
+                    </p>
+                  </li>
+                </ol>
+              </dd>
+              <dt>Export Key</dt>
+              <dd>
+                <ol>
+                  <li>
+                    <dl class="switch">
+                      <dt>If <var>format</var> is <code>"raw"</code>:</dt>
+                      <dd>
+                        Let <var>data</var> be the raw octets of the key represented by
+                        <var>key</var>.
+                      </dd>
+                      <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
+                      <dd>
+                        <ol>
+                          <li>
+                            <p>
+                              Let <var>jwk</var> be a new internal object.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Set the <code>kty</code> property of <var>jwk</var> to the
+                              string <code>"oct"</code>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Set the <code>k</code> property of <var>jwk</var> to be a string
+                              containng the raw octets
+                              of the key represented by <var>key</var>, encoded according to
+                              Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>.
+                            </p>
+                          </li>
+                          <li>
+                            <dl class="switch">
+                              <dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
+                              <var>key</var> is 128:</dt>
+                              <dd>Set the <code>alg</code> property of <var>jwk</var> to
+                              the string <code>"AES128GCM"</code>.</dd>
+                              <dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
+                              <var>key</var> is 192:</dt>
+                              <dd>Set the <code>alg</code> property of <var>jwk</var> to
+                              the string <code>"AES192GCM"</code>.</dd>
+                              <dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
+                              <var>key</var> is 256:</dt>
+                              <dd>Set the <code>alg</code> property of <var>jwk</var> to
+                              the string <code>"AES256GCM"</code>.</dd>
+                            </dl>
+                          </li>
+                          <li>
+                            <p>
+                              Set the <code>key_ops</code> property of <var>jwk</var> to equal the
+                              <a href="#dfn-Key-keyUsages">keyUsages</a> property of <var>key</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Set the <code>ext</code> property of <var>jwk</var> to equal the 
+                              <a href="#dfn-Key-extractable">extractable</a> property of
+                              <var>key</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>stringifiedJwk</var> be the result of encoding <var>jwk</var>
+                              into a string according to the grammer specified in Section 15.12 of
+                              <a href="#ECMA-262">ECMA262</a>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>data</var> be the UTF-8|UTF-16 encoding of
+                              <var>stringifiedJwk</var>.
+                            </p>
+                            <div class="ednote">
+                            TODO: Decide whether this should be UTF-8 or UTF-16
+                            </div>
+                          </li>
+                        </ol>
+                      </dd>
+                    </dl>
+                  </li>
+                  <li>
+                    <p>
+                      Return a new ArrayBuffer containing <var>data</var>.
+                    </p>
+                  </li>
+                </ol>
+              </dd>
+            </dl>
           </div>
         </div>
 
--- a/spec/Overview.html	Fri Feb 14 15:09:08 2014 -0800
+++ b/spec/Overview.html	Tue Feb 18 11:20:27 2014 -0800
@@ -28,7 +28,7 @@
   <link rel="stylesheet" href="//www.w3.org/StyleSheets/TR/W3C-ED" type="text/css" /></head>
 
   <body>
-    <div class="head"><div><a href="http://www.w3.org/"><img src="//www.w3.org/Icons/w3c_home" width="72" height="48" alt="W3C" /></a></div><h1>Web Cryptography API</h1><h2>W3C Editor’s Draft <em>14 February 2014</em></h2><dl><dt>Latest Editor’s Draft:</dt><dd><a href="http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html">http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html</a></dd><dt>Latest Published Version:</dt><dd><a href="http://www.w3.org/TR/WebCryptoAPI/">http://www.w3.org/TR/WebCryptoAPI/</a></dd><dt>Previous Version(s):</dt><dd><a href="https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html">https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html</a></dd><dt>Editors:</dt><dd><a href="http://www.google.com/">Ryan Sleevi</a>, Google, Inc. &lt;[email protected]&gt;</dd><dd><a href="http://www.netflix.com/">Mark Watson</a>, Netflix &lt;[email protected]&gt;</dd><dt>Participate:</dt><dd><p>Send feedback to <a href="mailto:[email protected]?subject=%5BWebCryptoAPI%5D">[email protected]</a> (<a href="http://lists.w3.org/Archives/Public/public-webcrypto/">archives</a>), or <a href="https://www.w3.org/Bugs/Public/enter_bug.cgi?product=Web%20Cryptography&amp;component=Web%20Cryptography%20API%20Document">file a bug</a> 
+    <div class="head"><div><a href="http://www.w3.org/"><img src="//www.w3.org/Icons/w3c_home" width="72" height="48" alt="W3C" /></a></div><h1>Web Cryptography API</h1><h2>W3C Editor’s Draft <em>18 February 2014</em></h2><dl><dt>Latest Editor’s Draft:</dt><dd><a href="http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html">http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html</a></dd><dt>Latest Published Version:</dt><dd><a href="http://www.w3.org/TR/WebCryptoAPI/">http://www.w3.org/TR/WebCryptoAPI/</a></dd><dt>Previous Version(s):</dt><dd><a href="https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html">https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html</a></dd><dt>Editors:</dt><dd><a href="http://www.google.com/">Ryan Sleevi</a>, Google, Inc. &lt;[email protected]&gt;</dd><dd><a href="http://www.netflix.com/">Mark Watson</a>, Netflix &lt;[email protected]&gt;</dd><dt>Participate:</dt><dd><p>Send feedback to <a href="mailto:[email protected]?subject=%5BWebCryptoAPI%5D">[email protected]</a> (<a href="http://lists.w3.org/Archives/Public/public-webcrypto/">archives</a>), or <a href="https://www.w3.org/Bugs/Public/enter_bug.cgi?product=Web%20Cryptography&amp;component=Web%20Cryptography%20API%20Document">file a bug</a> 
     (see <a href="https://www.w3.org/Bugs/Public/buglist.cgi?product=Web%20Cryptography&amp;component=Web%20Cryptography%20API%20Document&amp;resolution=---">existing bugs</a>).</p></dd></dl><p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> &copy; view <a href="http://www.w3.org/"><abbr title="World Wide Web Consortium">W3C</abbr></a><sup>&reg;</sup> (<a href="http://www.csail.mit.edu/"><abbr title="Massachusetts Institute of Technology">MIT</abbr></a>, <a href="http://www.ercim.org/"><abbr title="European Research Consortium for Informatics and Mathematics">ERCIM</abbr></a>, <a href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. W3C <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply.</p></div><hr />
 
     <div class="section">
@@ -44,7 +44,7 @@
         communications.
       </p>
   
-      <div class="ednote"><div class="ednoteHeader">Editorial note</div><p>There are 33 further editorial notes in the document.</p></div>
+      <div class="ednote"><div class="ednoteHeader">Editorial note</div><p>There are 32 further editorial notes in the document.</p></div>
     </div>
 
     <div class="section">
@@ -56,7 +56,7 @@
         report can be found in the <a href="http://www.w3.org/TR/">W3C technical
           reports index</a> at http://www.w3.org/TR/.
       </em></p><p>
-        This document is the 14 February 2014 <b>Editor’s Draft</b> of the
+        This document is the 18 February 2014 <b>Editor’s Draft</b> of the
         <cite>Web Cryptography API</cite> specification.
       
       Please send comments about this document to
@@ -5575,24 +5575,500 @@
             <h4>18.13.3. AesGcmParams dictionary</h4>
             <div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
 dictionary <dfn id="dfn-AesGcmParams">AesGcmParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-  <span class="comment">// The initialization vector to use. May be up to 2^56 bytes long.</span>
-  CryptoOperationData iv;
+  <span class="comment">// The initialization vector to use. May be up to 2^64-1 bytes long.</span>
+  CryptoOperationData <dfn id="dfn-AesGcmParams-iv">iv</dfn>;
   <span class="comment">// The additional authentication data to include.</span>
-  CryptoOperationData? additionalData;
+  CryptoOperationData? <dfn id="dfn-AesGcmParams-additionalData">additionalData</dfn>;
   <span class="comment">// The desired length of the authentication tag. May be 0 - 128.</span>
-  [EnforceRange] octet? tagLength;
+  [EnforceRange] octet? <dfn id="dfn-AesGcmParams-tagLength">tagLength</dfn>;
 };
             </code></pre></div></div>
           </div>
           <div id="aes-gcm-operations" class="section">
             <h4>18.13.4. Operations</h4>
-            <ul>
-              <li>Encrypt</li>
-              <li>Decrypt</li>
-              <li>Generate Key</li>
-              <li>Import Key</li>
-              <li>Export Key</li>
-           </ul>
+            <dl>
+              <dt>Encrypt</dt>
+              <dd>
+                <ol>
+                  <li>
+                    <p>
+                      If any of the members of <a href="#aes-gcm-params">AesGcmParams</a> are not
+                      present in <var>normalizedAlgorithm</var>, terminate
+                      this algorithm with an error.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If <var>plaintext</var> has a length greater than 2^39 - 256
+                      bytes, terminate this algorithm with an error.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If the <a href="#dfn-AesGcmParams-iv">iv</a> property of
+                      <var>normalizedAlgorithm</var> has a length greater than 2^64 - 1
+                      bytes, terminate this algorithm with an error.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If the <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property of
+                      <var>normalizedAlgorithm</var> has a length greater than 2^64 - 1
+                      bytes, terminate this algorithm with an error.
+                    </p>
+                  </li>
+                  <li>
+                    <dl class="switch">
+                      <dt>If the <a href="#dfn-AesGcmParams-tagLength">tagLength</a> property of
+                      <var>normalizedAlgorithm</var> is null:</dt>
+                      <dd>Let <var>tagLength</var> be 128.</dd>
+                      <dt>If the <a href="#dfn-AesGcmParams-tagLength">tagLength</a> property of
+                      <var>normalizedAlgorithm</var> is one of 32, 64, 96, 104, 112, 120 or 128:</dt>
+                      <dd>Let <var>tagLength</var> be equal to the
+                      <a href="#dfn-AesGcmParams-tagLength">tagLength</a> property of
+                       <var>normalizedAlgorithm</var></dd>
+                      <dt>Otherwise:</dt>
+                      <dd>Terminate this algorithm with an error.</dd>
+                    </dl>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>C</var> and <var>T</var> be the outputs that result from performing
+                      the Authenticated Encryption Function described in Section 7.1 of
+                      NIST SP 800-38D [<a href="#SP800-38D">SP800-38D</a>] using AES as the block
+                      cipher, the contents of the <a href="#dfn-AesGcmParams-iv">iv</a> property of
+                      <var>normalizedAlgorithm</var> as the <var>IV</var> input parameter, the
+                      <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property of
+                      <var>normalizedAlgorithm</var> as the <var>A</var> input parameter,
+                      <var>tagLength</var> as the <var>t</var> pre-requisite and
+                      <var>plaintext</var> as the input plaintext.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Return a new ArrayBuffer containing <var>C</var> | <var>T</var>
+                      where '|' denotes concatenation.
+                    </p>
+                  </li>
+                </ol>
+              </dd>
+              <dt>Decrypt</dt>
+              <dd>
+                <ol>
+                  <li>
+                    <p>
+                      If any of the members of <a href="#aes-gcm-params">AesGcmParams</a> are not
+                      present in <var>normalizedAlgorithm</var>, terminate
+                      this algorithm with an error.
+                    </p>
+                  </li>
+                  <li>
+                    <dl class="switch">
+                      <dt>If the <a href="#dfn-AesGcmParams-tagLangth">tagLength</a> property of
+                      <var>normalizedAlgorithm</var> is null:</dt>
+                      <dd>Let <var>tagLength</var> be 128.</dd>
+                      <dt>If the <a href="#dfn-AesGcmParams-tagLangth">tagLength</a> property of
+                      <var>normalizedAlgorithm</var> is one of 32, 64, 96, 104, 112, 120 or 128:</dt>
+                      <dd>Let <var>tagLength</var> be equal to the
+                      <a href="#dfn-AesGcmParams-tagLangth">tagLength</a> property of
+                       <var>normalizedAlgorithm</var></dd>
+                      <dt>Otherwise:</dt>
+                      <dd>Terminate this algorithm with an error.</dd>
+                    </dl>
+                  </li>
+                  <li>
+                    <p>
+                      If <var>plaintext</var> has a length less than <var>tagLength</var> bits,
+                      terminate this algorithm with an error.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If the <a href="#dfn-AesGcmParams-iv">iv</a> property of
+                      <var>normalizedAlgorithm</var> has a length greater than 2^64 - 1
+                      bytes, terminate this algorithm with an error.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If the <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property of
+                      <var>normalizedAlgorithm</var> has a length greater than 2^64 - 1
+                      bytes, terminate this algorithm with an error.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>tag</var> be the last <var>tagLength</var> bits of
+                      <var>ciphertext</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>actualCiphertext</var> be the result of removing the last <var>tagLength</var> bits
+                      from <var>ciphertext</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Perform the Authenticated Decryption Function described in Section 7.2 of
+                      NIST SP 800-38D [<a href="#SP800-38D">SP800-38D</a>] using AES as the block
+                      cipher, the contents of the <a href="#dfn-AesGcmParams-iv">iv</a> property of
+                      <var>normalizedAlgorithm</var> as the <var>IV</var> input parameter, the
+                      <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property of
+                      <var>normalizedAlgorithm</var> as the <var>A</var> input parameter,
+                      <var>tagLength</var> as the <var>t</var> pre-requisite,
+                      <var>actualCiphertext</var> as the input ciphertext, <var>C</var> and
+                      <var>tag</var> as the authentation tag, <var>T</var>.
+                      <dl class="switch">
+                        <dt>If the result of the algorithm is the indication of inauthenticity,
+                        "<var>FAIL</var>":</dt>
+                        <dd>Terminate this algorithm with an error.</dd>
+                        <dt>Otherwise:</dt>
+                        <dd>Let <var>plaintext</var> be the output <var>P</var> of the Authenticated
+                        Decryption Function.</dd>
+                      </dl>
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Return a new ArrayBuffer containing <var>plaintext</var>.
+                    </p>
+                  </li>
+                </ol>
+              </dd>
+              <dt>Generate Key</dt>
+              <dd>
+                <ol>
+                  <li>
+                    <p>
+                      If any of the members of <a href="#aes-keygen-params">AesKeyGenParams</a> are
+                      not present in <var>normalizedAlgorithm</var>, terminate
+                      this algorithm with an error.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If the <a href="#dfn-AesKeyGenParams-length">length</a> property of
+                      <var>normalizedAlgorithm</var> is not equal to one of
+                      128, 192 or 256, terminate this algorithm with an error.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      If <var>usages</var> contains any entry which is not a case-sensitive string
+                      match for one of <code>"encrypt"</code>, <code>"decrypt"</code>,
+                      <code>"wrapKey"</code> or <code>"unwrapKey"</code>, terminate this algorithm
+                      with an error.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Generate an AES key of length
+                      equal to the <a href="#dfn-AesKeyGenParams-length">length</a> property of
+                      <var>normalizedAlgorithm</var>.
+                      <dl class="switch">
+                        <dt>If the key generation step fails:</dt>
+                        <dd>Terminate this algorithm with an error</dd>
+                        <dt>Otherwise:</dt>
+                        <dd>
+                          <ol>
+                            <li>
+                              <p>
+                                Let <var>key</var> be a new
+                                <a href="#dfn-key">Key</a> object representing the
+                                generated AES key.
+                              </p>
+                            </li>
+                            <li>
+                              <p>
+                                Let <var>algorithm</var> be a new
+                                <a href="#dfn-AesKeyAlgorithm">AesKeyAlgorithm</a>.
+                              </p>
+                            </li>
+                            <li>
+                              <p>
+                                Set the <a href="#dfn-KeyAlgorith-name">name</a> property of
+                                <var>algorithm</var> to <code>"AES-GCM"</code>.
+                              </p>
+                            </li>
+                            <li>
+                              <p>
+                                Set the <a href="#dfn-AesKeyAlgorithm-length">length</a> property of
+                                <var>algorithm</var> to equal the
+                                <a href="#dfn-AesKeyGenParams-length">length</a> property of
+                                <var>normalizedAlgorithm</var>.
+                              </p>
+                            </li>
+                            <li>
+                              <p>
+                                Set the <a href="#dfn-Key-algorithm">algorithm</a> property of
+                                <var>key</var> to <var>algorithm</var>.
+                              </p>
+                            </li>
+                            <li>
+                              <p>
+                                Set the <a href="#dfn-Key-extractable">extractable</a> property
+                                of <var>key</var> to be <var>extractable</var>.
+                              </p>
+                            </li>
+                            <li>
+                              <p>
+                                Set the <a href="#dfn-Key-keyUsages">keyUsages</a> property of
+                                <var>key</var> to be <var>usages</var>.
+                              </p>
+                            </li>
+                            <li>
+                              <p>
+                                Return <var>key</var>.
+                              </p>
+                            </li>
+                          </ol>
+                        </dd>
+                      </dl>
+                    </p>
+                  </li>
+                </ol>
+              </dd>
+              <dt>Import Key</dt>
+              <dd>
+                <ol>
+                  <li>
+                    <p>
+                      If <var>usages</var> contains an entry which is not a case-sensitive string
+                      match for one of <code>"encrypt"</code>, <code>"decrypt"</code>,
+                      <code>"wrapKey"</code> or <code>"unwrapKey"</code>, terminate this algorithm
+                      with an error.
+                    </p>
+                  </li>
+                  <li>
+                    <dl class="switch">
+                      <dt>If <var>format</var> is <code>"raw"</code>:</dt>
+                      <dd>
+                        <ol>
+                          <li>
+                            <p>
+                              Let <var>data</var> be the octet string contained in <var>keyData</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              If the length in bits of <var>data</var> is not 128, 192 or 256
+                              then terminate this algorithm with an error.
+                            </p>
+                          </li>
+                        </ol>
+                      </dd>
+                      <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
+                      <dd>
+                        <li>
+                          <p>
+                            Let <var>jwk</var> be the result of running the
+                            <a href="#concept-parse-a-jwk">parse a jwk</a>
+                            algorithm over <var>keyData</var>.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            If the <code>"kty"</code> field of <var>jwk</var> is not a
+                            case-sensitive string match to <code>"oct"</code>, terminate
+                            this algorithm with an error.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            If <var>jwk</var> does not describe a valid JSON Web Key according to
+                            Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>, terminate this
+                            algorithm with an error.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            Let <var>data</var> be the octet string obtained by decoding the
+                            <code>"k"</code> field of <var>jwk</var>.
+                          </p>
+                        </li>
+                        <li>
+                          <dl class="switch">
+                            <dt>If <var>data</var> has length 128 bits:</dt>
+                            <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
+                            not a case-sensitive string match to <code>"AES128GCM"</code>, terminate
+                            this algorithm with an error.</dd>
+                            <dt>If <var>data</var> has length 192 bits:</dt>
+                            <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
+                            not a case-sensitive string match to <code>"AES192GCM"</code>, terminate
+                            this algorithm with an error.</dd>
+                            <dt>If <var>data</var> has length 256 bits:</dt>
+                            <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
+                            not a case-sensitive string match to <code>"AES256GCM"</code>, terminate
+                            this algorithm with an error.</dd>
+                            <dt>Otherwise:</dt>
+                            <dd>Terminate this algorithm with an error.</dd>
+                          </dl>
+                        </li>
+                        <li>
+                          <p>
+                            If the <code>"use"</code> field of <var>jwk</var> is present, and is
+                            not a case-sensitive string match to <code>"enc"</code>, terminate
+                            this algorithm with an error.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            If the <code>"key_ops"</code> field of <var>jwk</var> is present, and
+                            does not contain all of the specified <var>usages</var> values,
+                            terminate this algorithm with an error.
+                          </p>
+                        </li>
+                        <li>
+                          <p>
+                            If the <code>"ext"</code> field of <var>jwk</var> is present and
+                            has the value false and <var>extractable</var> is true,
+                            terminate this algorithm with an error.
+                          </p>
+                        </li>
+                      </dd>
+                      <dt>Otherwise:</dt>
+                      <dd>Terminate this algorithm with an error.</dd>
+                    </dl>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>key</var> be a new <code><a href="#dfn-key">Key</a></code>
+                      object representing an AES key with value <var>data</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Let <var>algorithm</var> be a new
+                      <a href="#dfn-AesKeyAlgorithm">AesKeyAlgorithm</a>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-KeyAlgorith-name">name</a> property of
+                      <var>algorithm</var> to <code>"AES-GCM"</code>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-AesKeyAlgorith-length">length</a> property of
+                      <var>algorithm</var> to the length, in bits, of <var>data</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-Key-algorithm">algorithm</a> property of <var>key</var>
+                      to <var>algorithm</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-Key-extractable">extractable</a> property of
+                      <var>key</var> to <var>extractable</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Set the <a href="#dfn-Key-keyUsages">keyUsages</a> property of <var>key</var>
+                      to <var>usages</var>.
+                    </p>
+                  </li>
+                  <li>
+                    <p>
+                      Return <var>key</var>.
+                    </p>
+                  </li>
+                </ol>
+              </dd>
+              <dt>Export Key</dt>
+              <dd>
+                <ol>
+                  <li>
+                    <dl class="switch">
+                      <dt>If <var>format</var> is <code>"raw"</code>:</dt>
+                      <dd>
+                        Let <var>data</var> be the raw octets of the key represented by
+                        <var>key</var>.
+                      </dd>
+                      <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
+                      <dd>
+                        <ol>
+                          <li>
+                            <p>
+                              Let <var>jwk</var> be a new internal object.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Set the <code>kty</code> property of <var>jwk</var> to the
+                              string <code>"oct"</code>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Set the <code>k</code> property of <var>jwk</var> to be a string
+                              containng the raw octets
+                              of the key represented by <var>key</var>, encoded according to
+                              Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>.
+                            </p>
+                          </li>
+                          <li>
+                            <dl class="switch">
+                              <dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
+                              <var>key</var> is 128:</dt>
+                              <dd>Set the <code>alg</code> property of <var>jwk</var> to
+                              the string <code>"AES128GCM"</code>.</dd>
+                              <dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
+                              <var>key</var> is 192:</dt>
+                              <dd>Set the <code>alg</code> property of <var>jwk</var> to
+                              the string <code>"AES192GCM"</code>.</dd>
+                              <dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
+                              <var>key</var> is 256:</dt>
+                              <dd>Set the <code>alg</code> property of <var>jwk</var> to
+                              the string <code>"AES256GCM"</code>.</dd>
+                            </dl>
+                          </li>
+                          <li>
+                            <p>
+                              Set the <code>key_ops</code> property of <var>jwk</var> to equal the
+                              <a href="#dfn-Key-keyUsages">keyUsages</a> property of <var>key</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Set the <code>ext</code> property of <var>jwk</var> to equal the 
+                              <a href="#dfn-Key-extractable">extractable</a> property of
+                              <var>key</var>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>stringifiedJwk</var> be the result of encoding <var>jwk</var>
+                              into a string according to the grammer specified in Section 15.12 of
+                              <a href="#ECMA-262">ECMA262</a>.
+                            </p>
+                          </li>
+                          <li>
+                            <p>
+                              Let <var>data</var> be the UTF-8|UTF-16 encoding of
+                              <var>stringifiedJwk</var>.
+                            </p>
+                            <div class="ednote"><div class="ednoteHeader">Editorial note</div>
+                            TODO: Decide whether this should be UTF-8 or UTF-16
+                            </div>
+                          </li>
+                        </ol>
+                      </dd>
+                    </dl>
+                  </li>
+                  <li>
+                    <p>
+                      Return a new ArrayBuffer containing <var>data</var>.
+                    </p>
+                  </li>
+                </ol>
+              </dd>
+            </dl>
           </div>
         </div>
 
@@ -5603,7 +6079,7 @@
             <p class="norm">This section is non-normative.</p>
             <p>
               The <code>"AES-CFB"</code> algorithm identifier is used to perform
-              encryption and decryption using AES in Cipher Feedback mode,
+              encryption and decryption using AES in Cipher Feedback mode, specifically CFB-8,
               as described in Section 6.3 of NIST SP 800-38A
               [<a href="#SP800-38A">SP800-38A</a>].
             </p>
@@ -5667,7 +6143,6 @@
 dictionary <dfn id="dfn-AesCfbParams">AesCfbParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
   <span class="comment">// The initialization vector. <span class="RFC2119">MUST</span> be 16 bytes.</span>
   CryptoOperationData <dfn id="dfn-AesCfbParams-iv">iv</dfn>;
-  [EnforceRange] unsigned short <dfn id="dfn-AesCfbParams-s">s</dfn>;
 };
             </code></pre></div></div>
           </div>
@@ -5693,23 +6168,12 @@
                   </li>
                   <li>
                     <p>
-                      If the value of the <a href="#dfn-AesCfbParams-s">s</a> property of
-                      <var>normalizedAlgorithm</var> is zero or is greater than 128, terminate this
-                      algorithm with an error.
-                    </p>
-                    <div class="ednote"><div class="ednoteHeader">Editorial note</div>
-                      TODO: Determine if there should be further constraints on the values of s.
-                    </div>
-                  </li>
-                  <li>
-                    <p>
                       Let <var>ciphertext</var> be the result of performing the CFB Encryption
                       operation described in Section 6.3 of
                       NIST SP 800-38A [<a href="#SP800-38A">SP800-38A</a>] using AES as the block
                       cipher, the contents of the <a href="#dfn-AesCfbParams-iv">iv</a> property of
                       <var>normalizedAlgorithm</var> as the <var>IV</var> input parameter, the
-                      <a href="#dfn-AesCfbParams-s">s</a> property of <var>normalizedAlgorithm</var>
-                      as the input parameter <var>s</var> and
+                      value 8 as the input parameter <var>s</var> and
                       <var>plaintext</var> as the input plaintext.
                     </p>
                   </li>
@@ -5739,23 +6203,12 @@
                   </li>
                   <li>
                     <p>
-                      If the value of the <a href="#dfn-AesCfbParams-s">s</a> property of
-                      <var>normalizedAlgorithm</var> is zero or is greater than 128, terminate this
-                      algorithm with an error.
-                    </p>
-                    <div class="ednote"><div class="ednoteHeader">Editorial note</div>
-                      TODO: Determine if there should be further constraints on the values of s.
-                    </div>
-                  </li>
-                  <li>
-                    <p>
                       Let <var>plaintext</var> be the result of performing the CFB Decryption
                       operation described in Section 6.3 of
                       NIST SP 800-38A [<a href="#SP800-38A">SP800-38A</a>] using AES as the block
                       cipher, the contents of the <a href="#dfn-AesCfbParams-iv">iv</a> property of
                       <var>normalizedAlgorithm</var> as the <var>IV</var> input parameter, the
-                      <a href="#dfn-AesCfbParams-s">s</a> property of <var>normalizedAlgorithm</var>
-                      as the input parameter <var>s</var> and
+                      the value 8 as the input parameter <var>s</var> and
                       <var>ciphertext</var> as the input ciphertext.
                     </p>
                   </li>