--- a/spec/Overview-WebCryptoAPI.xml Fri Feb 14 15:09:08 2014 -0800
+++ b/spec/Overview-WebCryptoAPI.xml Tue Feb 18 11:20:27 2014 -0800
@@ -5602,24 +5602,500 @@
<h4>AesGcmParams dictionary</h4>
<x:codeblock language="idl">
dictionary <dfn id="dfn-AesGcmParams">AesGcmParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
- <span class="comment">// The initialization vector to use. May be up to 2^56 bytes long.</span>
- CryptoOperationData iv;
+ <span class="comment">// The initialization vector to use. May be up to 2^64-1 bytes long.</span>
+ CryptoOperationData <dfn id="dfn-AesGcmParams-iv">iv</dfn>;
<span class="comment">// The additional authentication data to include.</span>
- CryptoOperationData? additionalData;
+ CryptoOperationData? <dfn id="dfn-AesGcmParams-additionalData">additionalData</dfn>;
<span class="comment">// The desired length of the authentication tag. May be 0 - 128.</span>
- [EnforceRange] octet? tagLength;
+ [EnforceRange] octet? <dfn id="dfn-AesGcmParams-tagLength">tagLength</dfn>;
};
</x:codeblock>
</div>
<div id="aes-gcm-operations" class="section">
<h4>Operations</h4>
- <ul>
- <li>Encrypt</li>
- <li>Decrypt</li>
- <li>Generate Key</li>
- <li>Import Key</li>
- <li>Export Key</li>
- </ul>
+ <dl>
+ <dt>Encrypt</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If any of the members of <a href="#aes-gcm-params">AesGcmParams</a> are not
+ present in <var>normalizedAlgorithm</var>, terminate
+ this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>plaintext</var> has a length greater than 2^39 - 256
+ bytes, terminate this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <a href="#dfn-AesGcmParams-iv">iv</a> property of
+ <var>normalizedAlgorithm</var> has a length greater than 2^64 - 1
+ bytes, terminate this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property of
+ <var>normalizedAlgorithm</var> has a length greater than 2^64 - 1
+ bytes, terminate this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>If the <a href="#dfn-AesGcmParams-tagLength">tagLength</a> property of
+ <var>normalizedAlgorithm</var> is null:</dt>
+ <dd>Let <var>tagLength</var> be 128.</dd>
+ <dt>If the <a href="#dfn-AesGcmParams-tagLength">tagLength</a> property of
+ <var>normalizedAlgorithm</var> is one of 32, 64, 96, 104, 112, 120 or 128:</dt>
+ <dd>Let <var>tagLength</var> be equal to the
+ <a href="#dfn-AesGcmParams-tagLength">tagLength</a> property of
+ <var>normalizedAlgorithm</var></dd>
+ <dt>Otherwise:</dt>
+ <dd>Terminate this algorithm with an error.</dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ Let <var>C</var> and <var>T</var> be the outputs that result from performing
+ the Authenticated Encryption Function described in Section 7.1 of
+ NIST SP 800-38D [<a href="#SP800-38D">SP800-38D</a>] using AES as the block
+ cipher, the contents of the <a href="#dfn-AesGcmParams-iv">iv</a> property of
+ <var>normalizedAlgorithm</var> as the <var>IV</var> input parameter, the
+ <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property of
+ <var>normalizedAlgorithm</var> as the <var>A</var> input parameter,
+ <var>tagLength</var> as the <var>t</var> pre-requisite and
+ <var>plaintext</var> as the input plaintext.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return a new ArrayBuffer containing <var>C</var> | <var>T</var>
+ where '|' denotes concatenation.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ <dt>Decrypt</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If any of the members of <a href="#aes-gcm-params">AesGcmParams</a> are not
+ present in <var>normalizedAlgorithm</var>, terminate
+ this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>If the <a href="#dfn-AesGcmParams-tagLangth">tagLength</a> property of
+ <var>normalizedAlgorithm</var> is null:</dt>
+ <dd>Let <var>tagLength</var> be 128.</dd>
+ <dt>If the <a href="#dfn-AesGcmParams-tagLangth">tagLength</a> property of
+ <var>normalizedAlgorithm</var> is one of 32, 64, 96, 104, 112, 120 or 128:</dt>
+ <dd>Let <var>tagLength</var> be equal to the
+ <a href="#dfn-AesGcmParams-tagLangth">tagLength</a> property of
+ <var>normalizedAlgorithm</var></dd>
+ <dt>Otherwise:</dt>
+ <dd>Terminate this algorithm with an error.</dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ If <var>plaintext</var> has a length less than <var>tagLength</var> bits,
+ terminate this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <a href="#dfn-AesGcmParams-iv">iv</a> property of
+ <var>normalizedAlgorithm</var> has a length greater than 2^64 - 1
+ bytes, terminate this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property of
+ <var>normalizedAlgorithm</var> has a length greater than 2^64 - 1
+ bytes, terminate this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>tag</var> be the last <var>tagLength</var> bits of
+ <var>ciphertext</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>actualCiphertext</var> be the result of removing the last <var>tagLength</var> bits
+ from <var>ciphertext</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Perform the Authenticated Decryption Function described in Section 7.2 of
+ NIST SP 800-38D [<a href="#SP800-38D">SP800-38D</a>] using AES as the block
+ cipher, the contents of the <a href="#dfn-AesGcmParams-iv">iv</a> property of
+ <var>normalizedAlgorithm</var> as the <var>IV</var> input parameter, the
+ <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property of
+ <var>normalizedAlgorithm</var> as the <var>A</var> input parameter,
+ <var>tagLength</var> as the <var>t</var> pre-requisite,
+ <var>actualCiphertext</var> as the input ciphertext, <var>C</var> and
+ <var>tag</var> as the authentation tag, <var>T</var>.
+ <dl class="switch">
+ <dt>If the result of the algorithm is the indication of inauthenticity,
+ "<var>FAIL</var>":</dt>
+ <dd>Terminate this algorithm with an error.</dd>
+ <dt>Otherwise:</dt>
+ <dd>Let <var>plaintext</var> be the output <var>P</var> of the Authenticated
+ Decryption Function.</dd>
+ </dl>
+ </p>
+ </li>
+ <li>
+ <p>
+ Return a new ArrayBuffer containing <var>plaintext</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ <dt>Generate Key</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If any of the members of <a href="#aes-keygen-params">AesKeyGenParams</a> are
+ not present in <var>normalizedAlgorithm</var>, terminate
+ this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <a href="#dfn-AesKeyGenParams-length">length</a> property of
+ <var>normalizedAlgorithm</var> is not equal to one of
+ 128, 192 or 256, terminate this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>usages</var> contains any entry which is not a case-sensitive string
+ match for one of <code>"encrypt"</code>, <code>"decrypt"</code>,
+ <code>"wrapKey"</code> or <code>"unwrapKey"</code>, terminate this algorithm
+ with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ Generate an AES key of length
+ equal to the <a href="#dfn-AesKeyGenParams-length">length</a> property of
+ <var>normalizedAlgorithm</var>.
+ <dl class="switch">
+ <dt>If the key generation step fails:</dt>
+ <dd>Terminate this algorithm with an error</dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>key</var> be a new
+ <a href="#dfn-key">Key</a> object representing the
+ generated AES key.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>algorithm</var> be a new
+ <a href="#dfn-AesKeyAlgorithm">AesKeyAlgorithm</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-KeyAlgorith-name">name</a> property of
+ <var>algorithm</var> to <code>"AES-GCM"</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-AesKeyAlgorithm-length">length</a> property of
+ <var>algorithm</var> to equal the
+ <a href="#dfn-AesKeyGenParams-length">length</a> property of
+ <var>normalizedAlgorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-algorithm">algorithm</a> property of
+ <var>key</var> to <var>algorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-extractable">extractable</a> property
+ of <var>key</var> to be <var>extractable</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-keyUsages">keyUsages</a> property of
+ <var>key</var> to be <var>usages</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return <var>key</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ </dl>
+ </p>
+ </li>
+ </ol>
+ </dd>
+ <dt>Import Key</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If <var>usages</var> contains an entry which is not a case-sensitive string
+ match for one of <code>"encrypt"</code>, <code>"decrypt"</code>,
+ <code>"wrapKey"</code> or <code>"unwrapKey"</code>, terminate this algorithm
+ with an error.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>If <var>format</var> is <code>"raw"</code>:</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>data</var> be the octet string contained in <var>keyData</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the length in bits of <var>data</var> is not 128, 192 or 256
+ then terminate this algorithm with an error.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
+ <dd>
+ <li>
+ <p>
+ Let <var>jwk</var> be the result of running the
+ <a href="#concept-parse-a-jwk">parse a jwk</a>
+ algorithm over <var>keyData</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <code>"kty"</code> field of <var>jwk</var> is not a
+ case-sensitive string match to <code>"oct"</code>, terminate
+ this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>jwk</var> does not describe a valid JSON Web Key according to
+ Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>, terminate this
+ algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>data</var> be the octet string obtained by decoding the
+ <code>"k"</code> field of <var>jwk</var>.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>If <var>data</var> has length 128 bits:</dt>
+ <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
+ not a case-sensitive string match to <code>"AES128GCM"</code>, terminate
+ this algorithm with an error.</dd>
+ <dt>If <var>data</var> has length 192 bits:</dt>
+ <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
+ not a case-sensitive string match to <code>"AES192GCM"</code>, terminate
+ this algorithm with an error.</dd>
+ <dt>If <var>data</var> has length 256 bits:</dt>
+ <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
+ not a case-sensitive string match to <code>"AES256GCM"</code>, terminate
+ this algorithm with an error.</dd>
+ <dt>Otherwise:</dt>
+ <dd>Terminate this algorithm with an error.</dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ If the <code>"use"</code> field of <var>jwk</var> is present, and is
+ not a case-sensitive string match to <code>"enc"</code>, terminate
+ this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <code>"key_ops"</code> field of <var>jwk</var> is present, and
+ does not contain all of the specified <var>usages</var> values,
+ terminate this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <code>"ext"</code> field of <var>jwk</var> is present and
+ has the value false and <var>extractable</var> is true,
+ terminate this algorithm with an error.
+ </p>
+ </li>
+ </dd>
+ <dt>Otherwise:</dt>
+ <dd>Terminate this algorithm with an error.</dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ Let <var>key</var> be a new <code><a href="#dfn-key">Key</a></code>
+ object representing an AES key with value <var>data</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>algorithm</var> be a new
+ <a href="#dfn-AesKeyAlgorithm">AesKeyAlgorithm</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-KeyAlgorith-name">name</a> property of
+ <var>algorithm</var> to <code>"AES-GCM"</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-AesKeyAlgorith-length">length</a> property of
+ <var>algorithm</var> to the length, in bits, of <var>data</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-algorithm">algorithm</a> property of <var>key</var>
+ to <var>algorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-extractable">extractable</a> property of
+ <var>key</var> to <var>extractable</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-keyUsages">keyUsages</a> property of <var>key</var>
+ to <var>usages</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return <var>key</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ <dt>Export Key</dt>
+ <dd>
+ <ol>
+ <li>
+ <dl class="switch">
+ <dt>If <var>format</var> is <code>"raw"</code>:</dt>
+ <dd>
+ Let <var>data</var> be the raw octets of the key represented by
+ <var>key</var>.
+ </dd>
+ <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>jwk</var> be a new internal object.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <code>kty</code> property of <var>jwk</var> to the
+ string <code>"oct"</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <code>k</code> property of <var>jwk</var> to be a string
+ containng the raw octets
+ of the key represented by <var>key</var>, encoded according to
+ Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
+ <var>key</var> is 128:</dt>
+ <dd>Set the <code>alg</code> property of <var>jwk</var> to
+ the string <code>"AES128GCM"</code>.</dd>
+ <dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
+ <var>key</var> is 192:</dt>
+ <dd>Set the <code>alg</code> property of <var>jwk</var> to
+ the string <code>"AES192GCM"</code>.</dd>
+ <dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
+ <var>key</var> is 256:</dt>
+ <dd>Set the <code>alg</code> property of <var>jwk</var> to
+ the string <code>"AES256GCM"</code>.</dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ Set the <code>key_ops</code> property of <var>jwk</var> to equal the
+ <a href="#dfn-Key-keyUsages">keyUsages</a> property of <var>key</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <code>ext</code> property of <var>jwk</var> to equal the
+ <a href="#dfn-Key-extractable">extractable</a> property of
+ <var>key</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>stringifiedJwk</var> be the result of encoding <var>jwk</var>
+ into a string according to the grammer specified in Section 15.12 of
+ <a href="#ECMA-262">ECMA262</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>data</var> be the UTF-8|UTF-16 encoding of
+ <var>stringifiedJwk</var>.
+ </p>
+ <div class="ednote">
+ TODO: Decide whether this should be UTF-8 or UTF-16
+ </div>
+ </li>
+ </ol>
+ </dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ Return a new ArrayBuffer containing <var>data</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ </dl>
</div>
</div>
--- a/spec/Overview.html Fri Feb 14 15:09:08 2014 -0800
+++ b/spec/Overview.html Tue Feb 18 11:20:27 2014 -0800
@@ -28,7 +28,7 @@
<link rel="stylesheet" href="//www.w3.org/StyleSheets/TR/W3C-ED" type="text/css" /></head>
<body>
- <div class="head"><div><a href="http://www.w3.org/"><img src="//www.w3.org/Icons/w3c_home" width="72" height="48" alt="W3C" /></a></div><h1>Web Cryptography API</h1><h2>W3C Editor’s Draft <em>14 February 2014</em></h2><dl><dt>Latest Editor’s Draft:</dt><dd><a href="http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html">http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html</a></dd><dt>Latest Published Version:</dt><dd><a href="http://www.w3.org/TR/WebCryptoAPI/">http://www.w3.org/TR/WebCryptoAPI/</a></dd><dt>Previous Version(s):</dt><dd><a href="https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html">https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html</a></dd><dt>Editors:</dt><dd><a href="http://www.google.com/">Ryan Sleevi</a>, Google, Inc. <sleevi@google.com></dd><dd><a href="http://www.netflix.com/">Mark Watson</a>, Netflix <watsonm@netflix.com></dd><dt>Participate:</dt><dd><p>Send feedback to <a href="mailto:public-webcrypto@w3.org?subject=%5BWebCryptoAPI%5D">public-webcrypto@w3.org</a> (<a href="http://lists.w3.org/Archives/Public/public-webcrypto/">archives</a>), or <a href="https://www.w3.org/Bugs/Public/enter_bug.cgi?product=Web%20Cryptography&component=Web%20Cryptography%20API%20Document">file a bug</a>
+ <div class="head"><div><a href="http://www.w3.org/"><img src="//www.w3.org/Icons/w3c_home" width="72" height="48" alt="W3C" /></a></div><h1>Web Cryptography API</h1><h2>W3C Editor’s Draft <em>18 February 2014</em></h2><dl><dt>Latest Editor’s Draft:</dt><dd><a href="http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html">http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html</a></dd><dt>Latest Published Version:</dt><dd><a href="http://www.w3.org/TR/WebCryptoAPI/">http://www.w3.org/TR/WebCryptoAPI/</a></dd><dt>Previous Version(s):</dt><dd><a href="https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html">https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html</a></dd><dt>Editors:</dt><dd><a href="http://www.google.com/">Ryan Sleevi</a>, Google, Inc. <sleevi@google.com></dd><dd><a href="http://www.netflix.com/">Mark Watson</a>, Netflix <watsonm@netflix.com></dd><dt>Participate:</dt><dd><p>Send feedback to <a href="mailto:public-webcrypto@w3.org?subject=%5BWebCryptoAPI%5D">public-webcrypto@w3.org</a> (<a href="http://lists.w3.org/Archives/Public/public-webcrypto/">archives</a>), or <a href="https://www.w3.org/Bugs/Public/enter_bug.cgi?product=Web%20Cryptography&component=Web%20Cryptography%20API%20Document">file a bug</a>
(see <a href="https://www.w3.org/Bugs/Public/buglist.cgi?product=Web%20Cryptography&component=Web%20Cryptography%20API%20Document&resolution=---">existing bugs</a>).</p></dd></dl><p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> © view <a href="http://www.w3.org/"><abbr title="World Wide Web Consortium">W3C</abbr></a><sup>®</sup> (<a href="http://www.csail.mit.edu/"><abbr title="Massachusetts Institute of Technology">MIT</abbr></a>, <a href="http://www.ercim.org/"><abbr title="European Research Consortium for Informatics and Mathematics">ERCIM</abbr></a>, <a href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. W3C <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply.</p></div><hr />
<div class="section">
@@ -44,7 +44,7 @@
communications.
</p>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div><p>There are 33 further editorial notes in the document.</p></div>
+ <div class="ednote"><div class="ednoteHeader">Editorial note</div><p>There are 32 further editorial notes in the document.</p></div>
</div>
<div class="section">
@@ -56,7 +56,7 @@
report can be found in the <a href="http://www.w3.org/TR/">W3C technical
reports index</a> at http://www.w3.org/TR/.
</em></p><p>
- This document is the 14 February 2014 <b>Editor’s Draft</b> of the
+ This document is the 18 February 2014 <b>Editor’s Draft</b> of the
<cite>Web Cryptography API</cite> specification.
Please send comments about this document to
@@ -5575,24 +5575,500 @@
<h4>18.13.3. AesGcmParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-AesGcmParams">AesGcmParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
- <span class="comment">// The initialization vector to use. May be up to 2^56 bytes long.</span>
- CryptoOperationData iv;
+ <span class="comment">// The initialization vector to use. May be up to 2^64-1 bytes long.</span>
+ CryptoOperationData <dfn id="dfn-AesGcmParams-iv">iv</dfn>;
<span class="comment">// The additional authentication data to include.</span>
- CryptoOperationData? additionalData;
+ CryptoOperationData? <dfn id="dfn-AesGcmParams-additionalData">additionalData</dfn>;
<span class="comment">// The desired length of the authentication tag. May be 0 - 128.</span>
- [EnforceRange] octet? tagLength;
+ [EnforceRange] octet? <dfn id="dfn-AesGcmParams-tagLength">tagLength</dfn>;
};
</code></pre></div></div>
</div>
<div id="aes-gcm-operations" class="section">
<h4>18.13.4. Operations</h4>
- <ul>
- <li>Encrypt</li>
- <li>Decrypt</li>
- <li>Generate Key</li>
- <li>Import Key</li>
- <li>Export Key</li>
- </ul>
+ <dl>
+ <dt>Encrypt</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If any of the members of <a href="#aes-gcm-params">AesGcmParams</a> are not
+ present in <var>normalizedAlgorithm</var>, terminate
+ this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>plaintext</var> has a length greater than 2^39 - 256
+ bytes, terminate this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <a href="#dfn-AesGcmParams-iv">iv</a> property of
+ <var>normalizedAlgorithm</var> has a length greater than 2^64 - 1
+ bytes, terminate this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property of
+ <var>normalizedAlgorithm</var> has a length greater than 2^64 - 1
+ bytes, terminate this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>If the <a href="#dfn-AesGcmParams-tagLength">tagLength</a> property of
+ <var>normalizedAlgorithm</var> is null:</dt>
+ <dd>Let <var>tagLength</var> be 128.</dd>
+ <dt>If the <a href="#dfn-AesGcmParams-tagLength">tagLength</a> property of
+ <var>normalizedAlgorithm</var> is one of 32, 64, 96, 104, 112, 120 or 128:</dt>
+ <dd>Let <var>tagLength</var> be equal to the
+ <a href="#dfn-AesGcmParams-tagLength">tagLength</a> property of
+ <var>normalizedAlgorithm</var></dd>
+ <dt>Otherwise:</dt>
+ <dd>Terminate this algorithm with an error.</dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ Let <var>C</var> and <var>T</var> be the outputs that result from performing
+ the Authenticated Encryption Function described in Section 7.1 of
+ NIST SP 800-38D [<a href="#SP800-38D">SP800-38D</a>] using AES as the block
+ cipher, the contents of the <a href="#dfn-AesGcmParams-iv">iv</a> property of
+ <var>normalizedAlgorithm</var> as the <var>IV</var> input parameter, the
+ <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property of
+ <var>normalizedAlgorithm</var> as the <var>A</var> input parameter,
+ <var>tagLength</var> as the <var>t</var> pre-requisite and
+ <var>plaintext</var> as the input plaintext.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return a new ArrayBuffer containing <var>C</var> | <var>T</var>
+ where '|' denotes concatenation.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ <dt>Decrypt</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If any of the members of <a href="#aes-gcm-params">AesGcmParams</a> are not
+ present in <var>normalizedAlgorithm</var>, terminate
+ this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>If the <a href="#dfn-AesGcmParams-tagLangth">tagLength</a> property of
+ <var>normalizedAlgorithm</var> is null:</dt>
+ <dd>Let <var>tagLength</var> be 128.</dd>
+ <dt>If the <a href="#dfn-AesGcmParams-tagLangth">tagLength</a> property of
+ <var>normalizedAlgorithm</var> is one of 32, 64, 96, 104, 112, 120 or 128:</dt>
+ <dd>Let <var>tagLength</var> be equal to the
+ <a href="#dfn-AesGcmParams-tagLangth">tagLength</a> property of
+ <var>normalizedAlgorithm</var></dd>
+ <dt>Otherwise:</dt>
+ <dd>Terminate this algorithm with an error.</dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ If <var>plaintext</var> has a length less than <var>tagLength</var> bits,
+ terminate this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <a href="#dfn-AesGcmParams-iv">iv</a> property of
+ <var>normalizedAlgorithm</var> has a length greater than 2^64 - 1
+ bytes, terminate this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property of
+ <var>normalizedAlgorithm</var> has a length greater than 2^64 - 1
+ bytes, terminate this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>tag</var> be the last <var>tagLength</var> bits of
+ <var>ciphertext</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>actualCiphertext</var> be the result of removing the last <var>tagLength</var> bits
+ from <var>ciphertext</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Perform the Authenticated Decryption Function described in Section 7.2 of
+ NIST SP 800-38D [<a href="#SP800-38D">SP800-38D</a>] using AES as the block
+ cipher, the contents of the <a href="#dfn-AesGcmParams-iv">iv</a> property of
+ <var>normalizedAlgorithm</var> as the <var>IV</var> input parameter, the
+ <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property of
+ <var>normalizedAlgorithm</var> as the <var>A</var> input parameter,
+ <var>tagLength</var> as the <var>t</var> pre-requisite,
+ <var>actualCiphertext</var> as the input ciphertext, <var>C</var> and
+ <var>tag</var> as the authentation tag, <var>T</var>.
+ <dl class="switch">
+ <dt>If the result of the algorithm is the indication of inauthenticity,
+ "<var>FAIL</var>":</dt>
+ <dd>Terminate this algorithm with an error.</dd>
+ <dt>Otherwise:</dt>
+ <dd>Let <var>plaintext</var> be the output <var>P</var> of the Authenticated
+ Decryption Function.</dd>
+ </dl>
+ </p>
+ </li>
+ <li>
+ <p>
+ Return a new ArrayBuffer containing <var>plaintext</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ <dt>Generate Key</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If any of the members of <a href="#aes-keygen-params">AesKeyGenParams</a> are
+ not present in <var>normalizedAlgorithm</var>, terminate
+ this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <a href="#dfn-AesKeyGenParams-length">length</a> property of
+ <var>normalizedAlgorithm</var> is not equal to one of
+ 128, 192 or 256, terminate this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>usages</var> contains any entry which is not a case-sensitive string
+ match for one of <code>"encrypt"</code>, <code>"decrypt"</code>,
+ <code>"wrapKey"</code> or <code>"unwrapKey"</code>, terminate this algorithm
+ with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ Generate an AES key of length
+ equal to the <a href="#dfn-AesKeyGenParams-length">length</a> property of
+ <var>normalizedAlgorithm</var>.
+ <dl class="switch">
+ <dt>If the key generation step fails:</dt>
+ <dd>Terminate this algorithm with an error</dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>key</var> be a new
+ <a href="#dfn-key">Key</a> object representing the
+ generated AES key.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>algorithm</var> be a new
+ <a href="#dfn-AesKeyAlgorithm">AesKeyAlgorithm</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-KeyAlgorith-name">name</a> property of
+ <var>algorithm</var> to <code>"AES-GCM"</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-AesKeyAlgorithm-length">length</a> property of
+ <var>algorithm</var> to equal the
+ <a href="#dfn-AesKeyGenParams-length">length</a> property of
+ <var>normalizedAlgorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-algorithm">algorithm</a> property of
+ <var>key</var> to <var>algorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-extractable">extractable</a> property
+ of <var>key</var> to be <var>extractable</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-keyUsages">keyUsages</a> property of
+ <var>key</var> to be <var>usages</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return <var>key</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ </dl>
+ </p>
+ </li>
+ </ol>
+ </dd>
+ <dt>Import Key</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If <var>usages</var> contains an entry which is not a case-sensitive string
+ match for one of <code>"encrypt"</code>, <code>"decrypt"</code>,
+ <code>"wrapKey"</code> or <code>"unwrapKey"</code>, terminate this algorithm
+ with an error.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>If <var>format</var> is <code>"raw"</code>:</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>data</var> be the octet string contained in <var>keyData</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the length in bits of <var>data</var> is not 128, 192 or 256
+ then terminate this algorithm with an error.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
+ <dd>
+ <li>
+ <p>
+ Let <var>jwk</var> be the result of running the
+ <a href="#concept-parse-a-jwk">parse a jwk</a>
+ algorithm over <var>keyData</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <code>"kty"</code> field of <var>jwk</var> is not a
+ case-sensitive string match to <code>"oct"</code>, terminate
+ this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If <var>jwk</var> does not describe a valid JSON Web Key according to
+ Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>, terminate this
+ algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>data</var> be the octet string obtained by decoding the
+ <code>"k"</code> field of <var>jwk</var>.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>If <var>data</var> has length 128 bits:</dt>
+ <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
+ not a case-sensitive string match to <code>"AES128GCM"</code>, terminate
+ this algorithm with an error.</dd>
+ <dt>If <var>data</var> has length 192 bits:</dt>
+ <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
+ not a case-sensitive string match to <code>"AES192GCM"</code>, terminate
+ this algorithm with an error.</dd>
+ <dt>If <var>data</var> has length 256 bits:</dt>
+ <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
+ not a case-sensitive string match to <code>"AES256GCM"</code>, terminate
+ this algorithm with an error.</dd>
+ <dt>Otherwise:</dt>
+ <dd>Terminate this algorithm with an error.</dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ If the <code>"use"</code> field of <var>jwk</var> is present, and is
+ not a case-sensitive string match to <code>"enc"</code>, terminate
+ this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <code>"key_ops"</code> field of <var>jwk</var> is present, and
+ does not contain all of the specified <var>usages</var> values,
+ terminate this algorithm with an error.
+ </p>
+ </li>
+ <li>
+ <p>
+ If the <code>"ext"</code> field of <var>jwk</var> is present and
+ has the value false and <var>extractable</var> is true,
+ terminate this algorithm with an error.
+ </p>
+ </li>
+ </dd>
+ <dt>Otherwise:</dt>
+ <dd>Terminate this algorithm with an error.</dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ Let <var>key</var> be a new <code><a href="#dfn-key">Key</a></code>
+ object representing an AES key with value <var>data</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>algorithm</var> be a new
+ <a href="#dfn-AesKeyAlgorithm">AesKeyAlgorithm</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-KeyAlgorith-name">name</a> property of
+ <var>algorithm</var> to <code>"AES-GCM"</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-AesKeyAlgorith-length">length</a> property of
+ <var>algorithm</var> to the length, in bits, of <var>data</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-algorithm">algorithm</a> property of <var>key</var>
+ to <var>algorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-extractable">extractable</a> property of
+ <var>key</var> to <var>extractable</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-Key-keyUsages">keyUsages</a> property of <var>key</var>
+ to <var>usages</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return <var>key</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ <dt>Export Key</dt>
+ <dd>
+ <ol>
+ <li>
+ <dl class="switch">
+ <dt>If <var>format</var> is <code>"raw"</code>:</dt>
+ <dd>
+ Let <var>data</var> be the raw octets of the key represented by
+ <var>key</var>.
+ </dd>
+ <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Let <var>jwk</var> be a new internal object.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <code>kty</code> property of <var>jwk</var> to the
+ string <code>"oct"</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <code>k</code> property of <var>jwk</var> to be a string
+ containng the raw octets
+ of the key represented by <var>key</var>, encoded according to
+ Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>.
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
+ <var>key</var> is 128:</dt>
+ <dd>Set the <code>alg</code> property of <var>jwk</var> to
+ the string <code>"AES128GCM"</code>.</dd>
+ <dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
+ <var>key</var> is 192:</dt>
+ <dd>Set the <code>alg</code> property of <var>jwk</var> to
+ the string <code>"AES192GCM"</code>.</dd>
+ <dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
+ <var>key</var> is 256:</dt>
+ <dd>Set the <code>alg</code> property of <var>jwk</var> to
+ the string <code>"AES256GCM"</code>.</dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ Set the <code>key_ops</code> property of <var>jwk</var> to equal the
+ <a href="#dfn-Key-keyUsages">keyUsages</a> property of <var>key</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <code>ext</code> property of <var>jwk</var> to equal the
+ <a href="#dfn-Key-extractable">extractable</a> property of
+ <var>key</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>stringifiedJwk</var> be the result of encoding <var>jwk</var>
+ into a string according to the grammer specified in Section 15.12 of
+ <a href="#ECMA-262">ECMA262</a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>data</var> be the UTF-8|UTF-16 encoding of
+ <var>stringifiedJwk</var>.
+ </p>
+ <div class="ednote"><div class="ednoteHeader">Editorial note</div>
+ TODO: Decide whether this should be UTF-8 or UTF-16
+ </div>
+ </li>
+ </ol>
+ </dd>
+ </dl>
+ </li>
+ <li>
+ <p>
+ Return a new ArrayBuffer containing <var>data</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ </dl>
</div>
</div>
@@ -5603,7 +6079,7 @@
<p class="norm">This section is non-normative.</p>
<p>
The <code>"AES-CFB"</code> algorithm identifier is used to perform
- encryption and decryption using AES in Cipher Feedback mode,
+ encryption and decryption using AES in Cipher Feedback mode, specifically CFB-8,
as described in Section 6.3 of NIST SP 800-38A
[<a href="#SP800-38A">SP800-38A</a>].
</p>
@@ -5667,7 +6143,6 @@
dictionary <dfn id="dfn-AesCfbParams">AesCfbParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
<span class="comment">// The initialization vector. <span class="RFC2119">MUST</span> be 16 bytes.</span>
CryptoOperationData <dfn id="dfn-AesCfbParams-iv">iv</dfn>;
- [EnforceRange] unsigned short <dfn id="dfn-AesCfbParams-s">s</dfn>;
};
</code></pre></div></div>
</div>
@@ -5693,23 +6168,12 @@
</li>
<li>
<p>
- If the value of the <a href="#dfn-AesCfbParams-s">s</a> property of
- <var>normalizedAlgorithm</var> is zero or is greater than 128, terminate this
- algorithm with an error.
- </p>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div>
- TODO: Determine if there should be further constraints on the values of s.
- </div>
- </li>
- <li>
- <p>
Let <var>ciphertext</var> be the result of performing the CFB Encryption
operation described in Section 6.3 of
NIST SP 800-38A [<a href="#SP800-38A">SP800-38A</a>] using AES as the block
cipher, the contents of the <a href="#dfn-AesCfbParams-iv">iv</a> property of
<var>normalizedAlgorithm</var> as the <var>IV</var> input parameter, the
- <a href="#dfn-AesCfbParams-s">s</a> property of <var>normalizedAlgorithm</var>
- as the input parameter <var>s</var> and
+ value 8 as the input parameter <var>s</var> and
<var>plaintext</var> as the input plaintext.
</p>
</li>
@@ -5739,23 +6203,12 @@
</li>
<li>
<p>
- If the value of the <a href="#dfn-AesCfbParams-s">s</a> property of
- <var>normalizedAlgorithm</var> is zero or is greater than 128, terminate this
- algorithm with an error.
- </p>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div>
- TODO: Determine if there should be further constraints on the values of s.
- </div>
- </li>
- <li>
- <p>
Let <var>plaintext</var> be the result of performing the CFB Decryption
operation described in Section 6.3 of
NIST SP 800-38A [<a href="#SP800-38A">SP800-38A</a>] using AES as the block
cipher, the contents of the <a href="#dfn-AesCfbParams-iv">iv</a> property of
<var>normalizedAlgorithm</var> as the <var>IV</var> input parameter, the
- <a href="#dfn-AesCfbParams-s">s</a> property of <var>normalizedAlgorithm</var>
- as the input parameter <var>s</var> and
+ the value 8 as the input parameter <var>s</var> and
<var>ciphertext</var> as the input ciphertext.
</p>
</li>