--- a/spec/Overview-WebCryptoAPI.xml Mon Sep 22 13:12:43 2014 -0700
+++ b/spec/Overview-WebCryptoAPI.xml Mon Sep 22 14:12:54 2014 -0700
@@ -9200,6 +9200,16 @@
This describes using Elliptic Curve Diffie-Hellman (ECDH) for key generation and key
agreement, as specified by <a href="#X9.63">X9.63</a>.
</p>
+ <p>
+ <a href="#dfn-applicable-specification">Other specifications</a>
+ may specify the use of additional elliptic curves with ECDH.
+ To specify an additional elliptic curve a specification must define
+ <dfn id="dfn-ecdh-extended-namedcurve-values">the curve name</dfn>,
+ <dfn id="dfn-ecdh-extended-generation-steps">ECDH generation steps</dfn>,
+ <dfn id="dfn-ecdh-extended-derivation-steps">ECDH derivation steps</dfn>,
+ <dfn id="dfn-ecdh-extended-import-steps">ECDH key import steps</dfn> and
+ <dfn id="dfn-ecdh-extended-verification-steps">ECDH key export steps</dfn>.
+ </p>
</div>
<div id="ecdh-registration" class="section">
<h4>Registration</h4>
@@ -9273,12 +9283,41 @@
</p>
</li>
<li>
- <p>
- Generate an Elliptic Curve key pair, as defined in [<a
- href="#X9.63">X9.63</a>] with domain parameters for the curve identified by
- the <a href="#dfn-EcKeyGenParams-namedCurve">namedCurve</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
+ <dl class="switch">
+ <dt>
+ If the <a href="#dfn-EcKeyGenParams-namedCurve">namedCurve</a> member of
+ <var>normalizedAlgorithm</var> is <code>"P-256"</code>, <code>"P-384"</code>
+ or <code>"P-521"</code>:
+ </dt>
+ <dd>
+ <p>
+ Generate an Elliptic Curve key pair, as defined in [<a
+ href="#X9.63">X9.63</a>] with domain parameters for the curve identified by
+ the <a href="#dfn-EcKeyGenParams-namedCurve">namedCurve</a> member of
+ <var>normalizedAlgorithm</var>.
+ </p>
+ </dd>
+ <dt>
+ If the <a href="#dfn-EcKeyGenParams-namedCurve">namedCurve</a> member of
+ <var>normalizedAlgorithm</var> is a value specified in an
+ <a href="#dfn-applicable-specification">applicable specification</a> that
+ specifies the use of that value with ECDH:
+ </dt>
+ <dd>
+ <p>
+ Perform the <a href="#dfn-ecdh-extended-generation-steps">ECDH key
+ generation steps</a> specified in that specification, passing in
+ <var>normalizedAlgorithm</var> and resulting in an elliptic curve key pair.
+ </p>
+ </dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-OperationError"><code>NotSupportedError</code></a>
+ </p>
+ </dd>
+ </dl>
</li>
<li>
<p>
@@ -9443,12 +9482,57 @@
</p>
</li>
<li>
- <p>
- Perform the ECDH primitive specified in <a href="#X9.63">X9.63</a> Section
- 5.4.1 with <var>key</var> as the EC private key <var>d</var> and the EC public
- key represented by the [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]]
- internal slot of <var>publicKey</var> as the EC public key <var>Q</var>.
- </p>
+ <dl class="switch">
+ <dt>
+ If the <a
+ href="#dfn-EcKeyAlgorithm-namedCurve">namedCurve</a> property of the [[<a
+ href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
+ <var>key</var> is <code>"P-256"</code>, <code>"P-384"</code>
+ or <code>"P-521"</code>:
+ </dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Perform the ECDH primitive specified in <a href="#X9.63">X9.63</a> Section
+ 5.4.1 with <var>key</var> as the EC private key <var>d</var> and the EC public
+ key represented by the [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]]
+ internal slot of <var>publicKey</var> as the EC public key <var>Q</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>secret</var> be the result of applying the field element to
+ octet string conversion defined in Section ? of <a href="#X9.63">X9.63</a>
+ to the output of the ECDH primitive.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ <dt>
+ If the <a
+ href="#dfn-EcKeyAlgorithm-namedCurve">namedCurve</a> property of the [[<a
+ href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
+ <var>key</var> is a value specified in an
+ <a href="#dfn-applicable-specification">applicable specification</a> that
+ specifies the use of that value with ECDH:
+ </dt>
+ <dd>
+ <p>
+ Perform the <a href="#dfn-ecdh-extended-derivation-steps">ECDH key
+ derivation steps</a> specified in that specification, passing in
+ <var>key</var> and <var>publicKey</var> and resulting in <var>secret</var>.
+ </p>
+ </dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-OperationError"><code>NotSupportedError</code></a>
+ </p>
+ </dd>
+ </dl>
+
</li>
<li>
<p>
@@ -9458,13 +9542,6 @@
</p>
</li>
<li>
- <p>
- Let <var>secret</var> be the result of applying the field element to
- octet string conversion defined in Section ? of <a href="#X9.63">X9.63</a>
- to the output of the ECDH primitive.
- </p>
- </li>
- <li>
<dl class="switch">
<dt>If <var>length</var> is null:</dt>
<dd>Return <var>secret</var></dd>
@@ -9495,6 +9572,34 @@
<p>Let <var>keyData</var> be the key data to be imported.</p>
</li>
<li>
+ <p>
+ Perform any <a href="#dfn-ecdh-extended-import-steps">key import steps</a>
+ defined by <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>keyData</var> and obtaining <var>result</var>.
+ <dl class="switch">
+ <dt>
+ If <var>result</var> is a <a href="#dfn-CryptoKey">CryptoKey</a>
+ object
+ </dt>
+ <dd>
+ <p>
+ Return <var>result</var>.
+ </p>
+ </dd>
+ <dt>
+ If <var>result</var> is an error with a name that is not
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
+ </dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> with the same name
+ as <var>result</var>.
+ </p>
+ </dd>
+ </dl>
+ </p>
+ </li>
+ <li>
<dl class="switch">
<dt>If <var>format</var> is <code>"spki"</code>:</dt>
<dd>
@@ -10093,6 +10198,44 @@
</p>
</li>
<li>
+ <p>
+ Perform any <a href="#dfn-ecdh-extended-export-steps">key export steps</a>
+ defined by <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>key</var> and obtaining <var>result</var>.
+ <dl class="switch">
+ <dt>
+ If <var>format</var> is <code>"spki"</code> or <code>"pkcs8"</code> and
+ <var>result</var> is an <a href="#dfn-ArrayBuffer">ArrayBuffer</a>
+ object
+ </dt>
+ <dd>
+ <p>
+ Return <var>result</var>.
+ </p>
+ </dd>
+ <dt>
+ If <var>format</var> is <code>"jwk"</code> and
+ <var>result</var> is not an error
+ </dt>
+ <dd>
+ <p>
+ Return <var>result</var>.
+ </p>
+ </dd>
+ <dt>
+ If <var>result</var> is an error with a name that is not
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
+ </dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> with the same name
+ as <var>result</var>.
+ </p>
+ </dd>
+ </dl>
+ </p>
+ </li>
+ <li>
<dl class="switch">
<dt>If <var>format</var> is <code>"spki"</code>:</dt>
<dd>
--- a/spec/Overview.html Mon Sep 22 13:12:43 2014 -0700
+++ b/spec/Overview.html Mon Sep 22 14:12:54 2014 -0700
@@ -7565,7 +7565,7 @@
</dl>
<p>
<a href="#dfn-applicable-specification">Other specifications</a> may define
- <a href="#dfn-ecdsa-extended-namedCurve-values">additional values</a>.
+ <a href="#dfn-ecdsa-extended-namedcurve-values">additional values</a>.
</p>
</div>
<div id="EcKeyAlgorithm-dictionary" class="section">
@@ -8866,6 +8866,16 @@
This describes using Elliptic Curve Diffie-Hellman (ECDH) for key generation and key
agreement, as specified by <a href="#X9.63">X9.63</a>.
</p>
+ <p>
+ <a href="#dfn-applicable-specification">Other specifications</a>
+ may specify the use of additional elliptic curves with ECDH.
+ To specify an additional elliptic curve a specification must define
+ <dfn id="dfn-ecdh-extended-namedcurve-values">the curve name</dfn>,
+ <dfn id="dfn-ecdh-extended-generation-steps">ECDH generation steps</dfn>,
+ <dfn id="dfn-ecdh-extended-derivation-steps">ECDH derivation steps</dfn>,
+ <dfn id="dfn-ecdh-extended-import-steps">ECDH key import steps</dfn> and
+ <dfn id="dfn-ecdh-extended-verification-steps">ECDH key export steps</dfn>.
+ </p>
</div>
<div id="ecdh-registration" class="section">
<h4>26.2. Registration</h4>
@@ -8939,11 +8949,40 @@
</p>
</li>
<li>
- <p>
- Generate an Elliptic Curve key pair, as defined in [<a href="#X9.63">X9.63</a>] with domain parameters for the curve identified by
- the <a href="#dfn-EcKeyGenParams-namedCurve">namedCurve</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
+ <dl class="switch">
+ <dt>
+ If the <a href="#dfn-EcKeyGenParams-namedCurve">namedCurve</a> member of
+ <var>normalizedAlgorithm</var> is <code>"P-256"</code>, <code>"P-384"</code>
+ or <code>"P-521"</code>:
+ </dt>
+ <dd>
+ <p>
+ Generate an Elliptic Curve key pair, as defined in [<a href="#X9.63">X9.63</a>] with domain parameters for the curve identified by
+ the <a href="#dfn-EcKeyGenParams-namedCurve">namedCurve</a> member of
+ <var>normalizedAlgorithm</var>.
+ </p>
+ </dd>
+ <dt>
+ If the <a href="#dfn-EcKeyGenParams-namedCurve">namedCurve</a> member of
+ <var>normalizedAlgorithm</var> is a value specified in an
+ <a href="#dfn-applicable-specification">applicable specification</a> that
+ specifies the use of that value with ECDH:
+ </dt>
+ <dd>
+ <p>
+ Perform the <a href="#dfn-ecdh-extended-generation-steps">ECDH key
+ generation steps</a> specified in that specification, passing in
+ <var>normalizedAlgorithm</var> and resulting in an elliptic curve key pair.
+ </p>
+ </dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-OperationError"><code>NotSupportedError</code></a>
+ </p>
+ </dd>
+ </dl>
</li>
<li>
<p>
@@ -9099,12 +9138,53 @@
</p>
</li>
<li>
- <p>
- Perform the ECDH primitive specified in <a href="#X9.63">X9.63</a> Section
- 5.4.1 with <var>key</var> as the EC private key <var>d</var> and the EC public
- key represented by the [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]]
- internal slot of <var>publicKey</var> as the EC public key <var>Q</var>.
- </p>
+ <dl class="switch">
+ <dt>
+ If the <a href="#dfn-EcKeyAlgorithm-namedCurve">namedCurve</a> property of the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
+ <var>key</var> is <code>"P-256"</code>, <code>"P-384"</code>
+ or <code>"P-521"</code>:
+ </dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ Perform the ECDH primitive specified in <a href="#X9.63">X9.63</a> Section
+ 5.4.1 with <var>key</var> as the EC private key <var>d</var> and the EC public
+ key represented by the [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]]
+ internal slot of <var>publicKey</var> as the EC public key <var>Q</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>secret</var> be the result of applying the field element to
+ octet string conversion defined in Section ? of <a href="#X9.63">X9.63</a>
+ to the output of the ECDH primitive.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ <dt>
+ If the <a href="#dfn-EcKeyAlgorithm-namedCurve">namedCurve</a> property of the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
+ <var>key</var> is a value specified in an
+ <a href="#dfn-applicable-specification">applicable specification</a> that
+ specifies the use of that value with ECDH:
+ </dt>
+ <dd>
+ <p>
+ Perform the <a href="#dfn-ecdh-extended-derivation-steps">ECDH key
+ derivation steps</a> specified in that specification, passing in
+ <var>key</var> and <var>publicKey</var> and resulting in <var>secret</var>.
+ </p>
+ </dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-OperationError"><code>NotSupportedError</code></a>
+ </p>
+ </dd>
+ </dl>
+
</li>
<li>
<p>
@@ -9114,13 +9194,6 @@
</p>
</li>
<li>
- <p>
- Let <var>secret</var> be the result of applying the field element to
- octet string conversion defined in Section ? of <a href="#X9.63">X9.63</a>
- to the output of the ECDH primitive.
- </p>
- </li>
- <li>
<dl class="switch">
<dt>If <var>length</var> is null:</dt>
<dd>Return <var>secret</var></dd>
@@ -9151,6 +9224,34 @@
<p>Let <var>keyData</var> be the key data to be imported.</p>
</li>
<li>
+ <p>
+ Perform any <a href="#dfn-ecdh-extended-import-steps">key import steps</a>
+ defined by <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>keyData</var> and obtaining <var>result</var>.
+ <dl class="switch">
+ <dt>
+ If <var>result</var> is a <a href="#dfn-CryptoKey">CryptoKey</a>
+ object
+ </dt>
+ <dd>
+ <p>
+ Return <var>result</var>.
+ </p>
+ </dd>
+ <dt>
+ If <var>result</var> is an error with a name that is not
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
+ </dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> with the same name
+ as <var>result</var>.
+ </p>
+ </dd>
+ </dl>
+ </p>
+ </li>
+ <li>
<dl class="switch">
<dt>If <var>format</var> is <code>"spki"</code>:</dt>
<dd>
@@ -9723,6 +9824,44 @@
</p>
</li>
<li>
+ <p>
+ Perform any <a href="#dfn-ecdh-extended-export-steps">key export steps</a>
+ defined by <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>key</var> and obtaining <var>result</var>.
+ <dl class="switch">
+ <dt>
+ If <var>format</var> is <code>"spki"</code> or <code>"pkcs8"</code> and
+ <var>result</var> is an <a href="#dfn-ArrayBuffer">ArrayBuffer</a>
+ object
+ </dt>
+ <dd>
+ <p>
+ Return <var>result</var>.
+ </p>
+ </dd>
+ <dt>
+ If <var>format</var> is <code>"jwk"</code> and
+ <var>result</var> is not an error
+ </dt>
+ <dd>
+ <p>
+ Return <var>result</var>.
+ </p>
+ </dd>
+ <dt>
+ If <var>result</var> is an error with a name that is not
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
+ </dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> with the same name
+ as <var>result</var>.
+ </p>
+ </dd>
+ </dl>
+ </p>
+ </li>
+ <li>
<dl class="switch">
<dt>If <var>format</var> is <code>"spki"</code>:</dt>
<dd>