Bug 24410 - operation procedures for RSA-PSS
authorMark Watson <watsonm@netflix.com>
Fri, 07 Feb 2014 13:06:01 -0800
changeset 98 502b2f0ec14d
parent 97 f1dca326d8a2
child 99 eb3de72d891e
Bug 24410 - operation procedures for RSA-PSS
spec/Overview-WebCryptoAPI.xml
spec/Overview.html
--- a/spec/Overview-WebCryptoAPI.xml	Thu Feb 06 18:36:17 2014 -0800
+++ b/spec/Overview-WebCryptoAPI.xml	Fri Feb 07 13:06:01 2014 -0800
@@ -3132,7 +3132,7 @@
               The <code>"RSA-PSS"</code> algorithm identifier is used to perform signing
               and verification using the RSASSA-PSS algorithm specified in
               [<cite><a href="#RFC3447">RFC3447</a></cite>], using the mask generation
-              formula MGF-1.
+              formula MGF1.
             </p>
           </div>
           <div id="rsa-pss-registration" class="section">
@@ -3191,13 +3191,144 @@
           </div>
           <div id="rsa-pss-operations" class="section">
             <h4>Operations</h4>
-            <ul>
-              <li>Sign</li>
-              <li>Verify</li>
-              <li>Generate Key</li>
-              <li>Import Key</li>
-              <li>Export Key</li>
-            </ul>
+            <dt>Sign</dt>
+            <dd>
+              <ol>
+                <li>
+                  <p>
+                      If <var>key</var> does not have key type <code>private</code>, terminate this algorithm with an error.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                      If any of the members of <a href="#dfn-RsaPssParams">RsaPssParams</a> are not present in <var>normalizedAlgorithm</var>, or have incorrect types, terminate this algorithm with an error.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                      Perform the signature generation operation defined in Section 8.1 of [<cite><a href="#RFC3447">RFC3447</a></cite>] with the key represented by <var>key</var> as the signer's private key, K, and the contents of <var>message</var> as the message to be signed, M, and using the hash function specified in <var>normalizedAlgorithm</var><code>.hash</code> as the Hash option, MGF1 (defined in Section B.2.1 of [<cite><a href="#RFC3447">RFC3447</a></cite>]) as the MGF option and <var>normalizedAlgorithm</var><code>.saltLength</code> as the salt length option for the EMM-PSS-ENCODE operation.
+                    <ol>
+                      <li>
+                        <p>
+                          If performing the operation results in an error, terminate this algorithm with an error.
+                        </p>
+                      </li>
+                      <li>
+                        <p>
+                          Otherwise, let <var>signature</var> be a new <code>ArrayBuffer</code> containing the signature, S, that results from performing the operation.
+                        </p>
+                      </li>
+                    </ol>
+                  </p>
+                </li>
+              </ol>
+            </dd>
+
+            <dt>Verify</dt>
+            <dd>
+              <ol>
+                <li>
+                  <p>
+                      If <var>key</var> does not have key type <code>public</code>, terminate this algorithm with an error.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                      If any of the members of <a href="#dfn-RsaPssParams">RsaPssParams</a> are not present in <var>normalizedAlgorithm</var>, or have incorrect types, terminate this algorithm with an error.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                      Perform the signature verification operation defined in Section 8.1 of [<cite><a href="#RFC3447">RFC3447</a></cite>] with the key represented by <var>key</var> as the signer's RSA public key and the contents of <var>message</var> as M and the contents of <var>signature</var> as S and using the hash function specified in <var>normalizedAlgorithm</var><code>.hash</code> as the Hash option, MGF1 (defined in Section B.2.1 of [<cite><a href="#RFC3447">RFC3447</a></cite>]) as the MGF option and <var>normalizedAlgorithm</var><code>.saltLength</code> as the salt length option for the EMSA-PSS-VERIFY operation.
+                    <ol>
+                      <li>
+                        <p>
+                          If performing the operation results in an error, terminate this algorithm with an error.
+                        </p>
+                      </li>
+                      <li>
+                        <p>
+                          Otherwise, let <var>result</var> be a boolean with value true if the result of the operation was "valid signature" and a boolean with value false otherwise.
+                        </p>
+                      </li>
+                    </ol>
+                  </p>
+                </li>
+              </ol>
+            </dd>
+            <dt>Generate Key</dt>
+            <dd>
+              <ol>
+                <li>
+                  <p>
+                  If any of the members of <a href="#dfn-RsaKeyGenParams">RsaKeyGenParams</a> are not present in <var>normalizedAlgorithm</var>, or have incorrect types, terminate this algorithm with an error.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                  Generate an RSA key pair, as defined in [<cite><a href="#RFC3447">RFC3447</a></cite>], with RSA modulus length <var>normalizedAlgorithm</var><code>.modulusLength</code> and RSA public exponent <var>normalizedAlgorithm</var><code>.publicExponent</code>.
+                    <ul>
+                      <li>
+                        <p>
+                        If generation of the key pair fails, terminate this algorithm with an error.
+                        </p>
+                      </li>
+                      <li>
+                        <p>
+                          Otherwise,
+                          <ol>
+                            <li>
+                              <p>
+                                Let <var>result</var> be a new <a href="#dfn-KeyPair"><code>KeyPair</code></a> object
+                              </p>
+                            </li>
+                            <li>
+                              <p>
+                                Let <var>result</var><code>.publicKey</code> be a new <a href="#dfn-Key"><code>Key</code></a> object representing the public key of the generated key pair.
+                              </p>
+                            </li>
+                            <li>
+                              <p>
+                                Let <var>result</var><code>.publicKey.extractable</code> be <code>true</code>
+                              </p>
+                            </li>
+                            <li>
+                              <p>
+                                Let <var>result</var><code>.publicKey.keyUsages</code> be the intersection of <var>usages</var> and <code>[ "verify" ]</code>.
+                              </p>
+                            </li>
+                            <li>
+                              <p>
+                                Let <var>result</var><code>.privateKey</code> be a new <a href="#dfn-Key"><code>Key</code></a> object representing the private key of the generated key pair.
+                              </p>
+                            </li>
+                                                    <li>
+                              <p>
+                                Let <var>result</var><code>.privateKey.extractable</code> be <var>extractable</var>.
+                              </p>
+                            </li>
+                            <li>
+                              <p>
+                                Let <var>result</var><code>.privateKey.keyUsages</code> be the intersection of <var>usages</var> and <code>[ "sign" ]</code>.
+                              </p>
+                            </li>
+                            <li>
+                              <p>
+                                Return <var>result</var>.
+                              </p>
+                            </li>
+                          </ol>
+                        </p>
+                      </li>
+                    </ul>
+                  </p>
+                </li>
+              </ol>
+            </dd>
+            <dt>Import Key</dt>
+            <dd></dd>
+            <dt>Export Key</dt>
+            <dd></dd>
           </div>
         </div>
 
--- a/spec/Overview.html	Thu Feb 06 18:36:17 2014 -0800
+++ b/spec/Overview.html	Fri Feb 07 13:06:01 2014 -0800
@@ -28,7 +28,7 @@
   <link rel="stylesheet" href="//www.w3.org/StyleSheets/TR/W3C-ED" type="text/css" /></head>
 
   <body>
-    <div class="head"><div><a href="http://www.w3.org/"><img src="//www.w3.org/Icons/w3c_home" width="72" height="48" alt="W3C" /></a></div><h1>Web Cryptography API</h1><h2>W3C Editor’s Draft <em>6 February 2014</em></h2><dl><dt>Latest Editor’s Draft:</dt><dd><a href="http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html">http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html</a></dd><dt>Latest Published Version:</dt><dd><a href="http://www.w3.org/TR/WebCryptoAPI/">http://www.w3.org/TR/WebCryptoAPI/</a></dd><dt>Previous Version(s):</dt><dd><a href="https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html">https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html</a></dd><dt>Editors:</dt><dd><a href="http://www.google.com/">Ryan Sleevi</a>, Google, Inc. &lt;sleevi@google.com&gt;</dd><dd><a href="http://www.netflix.com/">Mark Watson</a>, Netflix &lt;watsonm@netflix.com&gt;</dd><dt>Participate:</dt><dd><p>Send feedback to <a href="mailto:public-webcrypto@w3.org?subject=%5BWebCryptoAPI%5D">public-webcrypto@w3.org</a> (<a href="http://lists.w3.org/Archives/Public/public-webcrypto/">archives</a>), or <a href="https://www.w3.org/Bugs/Public/enter_bug.cgi?product=Web%20Cryptography&amp;component=Web%20Cryptography%20API%20Document">file a bug</a> 
+    <div class="head"><div><a href="http://www.w3.org/"><img src="//www.w3.org/Icons/w3c_home" width="72" height="48" alt="W3C" /></a></div><h1>Web Cryptography API</h1><h2>W3C Editor’s Draft <em>7 February 2014</em></h2><dl><dt>Latest Editor’s Draft:</dt><dd><a href="http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html">http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html</a></dd><dt>Latest Published Version:</dt><dd><a href="http://www.w3.org/TR/WebCryptoAPI/">http://www.w3.org/TR/WebCryptoAPI/</a></dd><dt>Previous Version(s):</dt><dd><a href="https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html">https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html</a></dd><dt>Editors:</dt><dd><a href="http://www.google.com/">Ryan Sleevi</a>, Google, Inc. &lt;sleevi@google.com&gt;</dd><dd><a href="http://www.netflix.com/">Mark Watson</a>, Netflix &lt;watsonm@netflix.com&gt;</dd><dt>Participate:</dt><dd><p>Send feedback to <a href="mailto:public-webcrypto@w3.org?subject=%5BWebCryptoAPI%5D">public-webcrypto@w3.org</a> (<a href="http://lists.w3.org/Archives/Public/public-webcrypto/">archives</a>), or <a href="https://www.w3.org/Bugs/Public/enter_bug.cgi?product=Web%20Cryptography&amp;component=Web%20Cryptography%20API%20Document">file a bug</a> 
     (see <a href="https://www.w3.org/Bugs/Public/buglist.cgi?product=Web%20Cryptography&amp;component=Web%20Cryptography%20API%20Document&amp;resolution=---">existing bugs</a>).</p></dd></dl><p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> &copy; view <a href="http://www.w3.org/"><abbr title="World Wide Web Consortium">W3C</abbr></a><sup>&reg;</sup> (<a href="http://www.csail.mit.edu/"><abbr title="Massachusetts Institute of Technology">MIT</abbr></a>, <a href="http://www.ercim.org/"><abbr title="European Research Consortium for Informatics and Mathematics">ERCIM</abbr></a>, <a href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. W3C <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply.</p></div><hr />
 
     <div class="section">
@@ -56,7 +56,7 @@
         report can be found in the <a href="http://www.w3.org/TR/">W3C technical
           reports index</a> at http://www.w3.org/TR/.
       </em></p><p>
-        This document is the 6 February 2014 <b>Editor’s Draft</b> of the
+        This document is the 7 February 2014 <b>Editor’s Draft</b> of the
         <cite>Web Cryptography API</cite> specification.
       
       Please send comments about this document to
@@ -3141,7 +3141,7 @@
               The <code>"RSA-PSS"</code> algorithm identifier is used to perform signing
               and verification using the RSASSA-PSS algorithm specified in
               [<cite><a href="#RFC3447">RFC3447</a></cite>], using the mask generation
-              formula MGF-1.
+              formula MGF1.
             </p>
           </div>
           <div id="rsa-pss-registration" class="section">
@@ -3200,13 +3200,144 @@
           </div>
           <div id="rsa-pss-operations" class="section">
             <h4>17.6.4. Operations</h4>
-            <ul>
-              <li>Sign</li>
-              <li>Verify</li>
-              <li>Generate Key</li>
-              <li>Import Key</li>
-              <li>Export Key</li>
-            </ul>
+            <dt>Sign</dt>
+            <dd>
+              <ol>
+                <li>
+                  <p>
+                      If <var>key</var> does not have key type <code>private</code>, terminate this algorithm with an error.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                      If any of the members of <a href="#dfn-RsaPssParams">RsaPssParams</a> are not present in <var>normalizedAlgorithm</var>, or have incorrect types, terminate this algorithm with an error.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                      Perform the signature generation operation defined in Section 8.1 of [<cite><a href="#RFC3447">RFC3447</a></cite>] with the key represented by <var>key</var> as the signer's private key, K, and the contents of <var>message</var> as the message to be signed, M, and using the hash function specified in <var>normalizedAlgorithm</var><code>.hash</code> as the Hash option, MGF1 (defined in Section B.2.1 of [<cite><a href="#RFC3447">RFC3447</a></cite>]) as the MGF option and <var>normalizedAlgorithm</var><code>.saltLength</code> as the salt length option for the EMM-PSS-ENCODE operation.
+                    <ol>
+                      <li>
+                        <p>
+                          If performing the operation results in an error, terminate this algorithm with an error.
+                        </p>
+                      </li>
+                      <li>
+                        <p>
+                          Otherwise, let <var>signature</var> be a new <code>ArrayBuffer</code> containing the signature, S, that results from performing the operation.
+                        </p>
+                      </li>
+                    </ol>
+                  </p>
+                </li>
+              </ol>
+            </dd>
+
+            <dt>Verify</dt>
+            <dd>
+              <ol>
+                <li>
+                  <p>
+                      If <var>key</var> does not have key type <code>public</code>, terminate this algorithm with an error.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                      If any of the members of <a href="#dfn-RsaPssParams">RsaPssParams</a> are not present in <var>normalizedAlgorithm</var>, or have incorrect types, terminate this algorithm with an error.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                      Perform the signature verification operation defined in Section 8.1 of [<cite><a href="#RFC3447">RFC3447</a></cite>] with the key represented by <var>key</var> as the signer's RSA public key and the contents of <var>message</var> as M and the contents of <var>signature</var> as S and using the hash function specified in <var>normalizedAlgorithm</var><code>.hash</code> as the Hash option, MGF1 (defined in Section B.2.1 of [<cite><a href="#RFC3447">RFC3447</a></cite>]) as the MGF option and <var>normalizedAlgorithm</var><code>.saltLength</code> as the salt length option for the EMSA-PSS-VERIFY operation.
+                    <ol>
+                      <li>
+                        <p>
+                          If performing the operation results in an error, terminate this algorithm with an error.
+                        </p>
+                      </li>
+                      <li>
+                        <p>
+                          Otherwise, let <var>result</var> be a boolean with value true if the result of the operation was "valid signature" and a boolean with value false otherwise.
+                        </p>
+                      </li>
+                    </ol>
+                  </p>
+                </li>
+              </ol>
+            </dd>
+            <dt>Generate Key</dt>
+            <dd>
+              <ol>
+                <li>
+                  <p>
+                  If any of the members of <a href="#dfn-RsaKeyGenParams">RsaKeyGenParams</a> are not present in <var>normalizedAlgorithm</var>, or have incorrect types, terminate this algorithm with an error.
+                  </p>
+                </li>
+                <li>
+                  <p>
+                  Generate an RSA key pair, as defined in [<cite><a href="#RFC3447">RFC3447</a></cite>], with RSA modulus length <var>normalizedAlgorithm</var><code>.modulusLength</code> and RSA public exponent <var>normalizedAlgorithm</var><code>.publicExponent</code>.
+                    <ul>
+                      <li>
+                        <p>
+                        If generation of the key pair fails, terminate this algorithm with an error.
+                        </p>
+                      </li>
+                      <li>
+                        <p>
+                          Otherwise,
+                          <ol>
+                            <li>
+                              <p>
+                                Let <var>result</var> be a new <a href="#dfn-KeyPair"><code>KeyPair</code></a> object
+                              </p>
+                            </li>
+                            <li>
+                              <p>
+                                Let <var>result</var><code>.publicKey</code> be a new <a href="#dfn-Key"><code>Key</code></a> object representing the public key of the generated key pair.
+                              </p>
+                            </li>
+                            <li>
+                              <p>
+                                Let <var>result</var><code>.publicKey.extractable</code> be <code>true</code>
+                              </p>
+                            </li>
+                            <li>
+                              <p>
+                                Let <var>result</var><code>.publicKey.keyUsages</code> be the intersection of <var>usages</var> and <code>[ "verify" ]</code>.
+                              </p>
+                            </li>
+                            <li>
+                              <p>
+                                Let <var>result</var><code>.privateKey</code> be a new <a href="#dfn-Key"><code>Key</code></a> object representing the private key of the generated key pair.
+                              </p>
+                            </li>
+                                                    <li>
+                              <p>
+                                Let <var>result</var><code>.privateKey.extractable</code> be <var>extractable</var>.
+                              </p>
+                            </li>
+                            <li>
+                              <p>
+                                Let <var>result</var><code>.privateKey.keyUsages</code> be the intersection of <var>usages</var> and <code>[ "sign" ]</code>.
+                              </p>
+                            </li>
+                            <li>
+                              <p>
+                                Return <var>result</var>.
+                              </p>
+                            </li>
+                          </ol>
+                        </p>
+                      </li>
+                    </ul>
+                  </p>
+                </li>
+              </ol>
+            </dd>
+            <dt>Import Key</dt>
+            <dd></dd>
+            <dt>Export Key</dt>
+            <dd></dd>
           </div>
         </div>