Update the ECDSA sign/verify algorithms to match the cryptographic processing model.
authorRyan Sleevi <sleevi@google.com>
Wed, 12 Jun 2013 19:17:24 -0700
changeset 48 6f99a5a25a1d
parent 47 0e4d8673531e
child 49 a535c724d33e
Update the ECDSA sign/verify algorithms to match the cryptographic processing model.
spec/Overview-WebCryptoAPI.xml
spec/Overview.html
--- a/spec/Overview-WebCryptoAPI.xml	Mon Jun 03 13:07:04 2013 -0700
+++ b/spec/Overview-WebCryptoAPI.xml	Wed Jun 12 19:17:24 2013 -0700
@@ -2727,12 +2727,6 @@
 
           <div id="ecdsa-operations" class="section">
             <h4>Operations</h4>
-            <div class="ednote">
-              <p>
-                Note: The following processing algorithms have not been updated to match the processing algorithm
-                described in the <a href="#CryptoOperation-processing-model">CryptoOperation processing model</a>.
-              </p>
-            </div>
             <dl>
               <dt>Sign</dt>
               <dd>
@@ -2740,57 +2734,85 @@
                 shall behave as follows:
                 <ol>
                   <li>
-                    Upon invoking <code>init</code>:
-                    <ol>
-                      <li>
-                        If <code><a href="#dfn-CryptoOperation-key">key</a></code> does not describe an
-                        ECDSA private key, raise an error and <a href="#terminate-the-algorithm">terminate the algorithm</a>.
-                      </li>                  
-                      <li>
-                        Let <var>M</var> be an empty sequence of bytes.
-                      </li>
-                    </ol>
+                    <p>
+                      If the context object's associated <code><a href="#dfn-CryptoOperation-key">Key</a></code>
+                      does not refer to an ECDSA private key, terminate the algorithm with an error.
+                    </p>
                   </li>
                   <li>
-                    Upon invoking <code><a href="#dfn-CryptoOperation-method-process">process</a></code>:
-                    <ol>
-                      <li>
-                        Let <var>buffer</var> be the <code>ArrayBufferView</code> to be processed. 
-                      </li>
-                      <li>
-                        Convert <var>buffer</var> to a sequence of <code>byteLength</code> bytes from
-                        the underlying <code>ArrayBuffer</code>, starting at the <code>byteOffset</code>
-                        of the <code>ArrayBufferView</code>, and append those bytes to <var>M</var>.
-                      </li>
-                      <li>
-                        No output is returned.
-                      </li>
-                    </ol>
-                  </li>
-                  <li>
-                    Upon invoking <code><a href="#dfn-CryptoOperation-method-finish">finish</a></code>:
-                    <ol>
-                      <li>
-                        Perform the ECDSA signing process, as specified in <a href="#X9.62">X9.62</a>,
-                        Section 7.3, with <var>M</var> as the message, with EC domain parameters and
-                        private key <var>d</var> obtained from the <code><a href="#dfn-CryptoOperation-key">Key</a></code>,
-                        and with the hash function obtained from the EcdsaParams dictionary.
-                      </li>
-                      <li>
-                        If the operation resulted in an error, raise an error and terminate this
-                        algorithm.
-                      </li>
-                      <li>
-                        Let <var>r</var> and <var>s</var> be a pair of integers resulting from performing the
-                        ECDSA signing process.
-                      </li>
-                      <li>
-                        Let <var>output</var> be an <code>ArrayBuffer</code> holding
-                        the concatenation of <var>r</var> and <var>s</var>, each as a ceil(ceil(log2(n))/8)
-                        byte sequence, where n (a prime number) is the order of the base point generator.
-                      </li>
-                    </ol>
-                  </li>
+                    <p>
+                      Upon the first attempt to process data, let <var>hash</var> be an initialized to an
+                      instance of the underlying hash algorithm indicated by the <code>"hash"</code>
+                      identifier of the context object's associated
+                      <code><a href="#dfn-CryptoOperation-Algorithm">algorithm</a></code>.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Let <var>bytes</var> be the sequence of bytes to be processed.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Perform the hash algorithm of <var>hash</var>, using <var>bytes</var> as input.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     If the context object's internal state is not <code>"complete"</code>, return an
+                     empty <code>ArrayBuffer</code>.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Let <var>M</var> be the result of finalizing the hash algorithm of <var>hash</var>.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Let <var>d</var> be the ECDSA private key associated with the context object's
+                     associated <code><a href="#dfn-CryptoOperation-key">Key</a></code>.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Let <var>params</var> be the EC domain parameters associated with the context
+                     object's associated <code><a href="#dfn-CryptoOperation-key">Key</a></code>.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Perform the ECDSA signing process, as specified in <a href="#X9.62">X9.62</a>,
+                     Section 7.3, with <var>M</var> as the message, using <var>params</var> as the
+                     EC domain parameters, and with <var>d</var> as the private key.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Let <var>r</var> and <var>s</var> be the pair of integers resulting from
+                     performing the ECDSA signing process.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Let <var>result</var> be a new <code>ArrayBuffer</code>.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Convert <var>r</var> to a bitstring and append the sequence of bytes to <var>result</var>.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Convert <var>s</var> to a bitstring and append the sequence of bytes to <var>result</var>.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Return <var>result</var>.
+                   </p>
+                 </li>
                 </ol>
               </dd>
               <dt>Verify</dt>
@@ -2799,53 +2821,70 @@
                 shall behave as follows:
                 <ol>
                   <li>
-                    Upon invoking <code>init</code>:
-                    <ol>
-                      <li>
-                        If <code><a href="#dfn-CryptoOperation-key">key</a></code> does not describe an
-                        ECDSA public key, raise an error and <a href="#terminate-the-algorithm">terminate the algorithm</a>.
-                      </li>                  
-                      <li>
-                        Let <var>M'</var> be an empty sequence of bytes.
-                      </li>
-                    </ol>
+                    <p>
+                      If the context object's associated <code><a href="#dfn-CryptoOperation-key">Key</a></code>
+                      does not refer to an ECDSA public key, terminate the algorithm with an error.
+                    </p>
                   </li>
                   <li>
-                    Upon invoking <code><a href="#dfn-CryptoOperation-method-process">process</a></code>:
-                    <ol>
-                      <li>
-                        Let <var>buffer</var> be the <code>ArrayBufferView</code> to be processed. 
-                      </li>
-                      <li>
-                        Convert <var>buffer</var> to a sequence of <code>byteLength</code> bytes from
-                        the underlying <code>ArrayBuffer</code>, starting at the <code>byteOffset</code>
-                        of the <code>ArrayBufferView</code>, and append those bytes to <var>M'</var>.
-                      </li>
-                      <li>
-                        No output is returned.
-                      </li>
-                    </ol>
-                  </li>
-                  <li>
-                    Upon invoking <code><a href="#dfn-CryptoOperation-method-finish">finish</a></code>:
-                    <ol>
-                      <li>
-                        Perform the ECDSA verifying process, as specified in <a href="#X9.62">X9.62</a>,
-                        Section 7.4, with <var>M'</var> as the received message, with the EC domain
-                        parameters and public key <var>Q</var> obtained from the
-                        <code><a href="#dfn-CryptoOperation-key">Key</a></code>, and with the hash
-                        function obtained from the EcdsaParams dictionary.
-                      </li>
-                      <li>
-                        If the operation resulted in an error, raise an error and terminate this
-                        algorithm.
-                      </li>
-                      <li>
-                        Let <var>output</var> be a <code>boolean</code> that indicates whether the
-                        purported signature is valid (<code>true</code>) or not (<code>false</code>).
-                      </li>
-                    </ol>
-                  </li>
+                    <p>
+                      Upon the first attempt to process data, let <var>hash</var> be an initialized to an
+                      instance of the underlying hash algorithm indicated by the <code>"hash"</code>
+                      identifier of the context object's associated
+                      <code><a href="#dfn-CryptoOperation-Algorithm">algorithm</a></code>.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Let <var>bytes</var> be the sequence of bytes to be processed.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Perform the hash algorithm of <var>hash</var>, using <var>bytes</var> as input.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     If the context object's internal state is not <code>"complete"</code>, terminate the algorithm.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Let <var>M</var> be the result of finalizing the hash algorithm of <var>hash</var>.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Let <var>Q</var> be the ECDSA public key associated with the context object's
+                     associated <code><a href="#dfn-CryptoOperation-key">Key</a></code>.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Let <var>params</var> be the EC domain parameters associated with the context
+                     object's associated <code><a href="#dfn-CryptoOperation-key">Key</a></code>.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Perform the ECDSA verifying process, as specified in <a href="#X9.62">X9.62</a>,
+                     Section 7.4, with <var>M</var> as the received message, using <var>params</var> as the
+                     EC domain parameters, and with <var>Q</var> as the public key.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Let <var>result</var> be a boolean indicating whether or not the purported
+                     signature is valid, with <code>true</code> indicating the signature is valid
+                     and <code>false</code> indicating it is invalid.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Return <var>result</var>.
+                   </p>
+                 </li>
                 </ol>
               </dd>
               <dt>Generate Key</dt>
--- a/spec/Overview.html	Mon Jun 03 13:07:04 2013 -0700
+++ b/spec/Overview.html	Wed Jun 12 19:17:24 2013 -0700
@@ -33,7 +33,7 @@
   <link rel="stylesheet" href="//www.w3.org/StyleSheets/TR/W3C-ED" type="text/css" /></head>
 
   <body>
-    <div class="head"><div><a href="http://www.w3.org/"><img src="//www.w3.org/Icons/w3c_home" width="72" height="48" alt="W3C" /></a></div><h1>Web Cryptography API</h1><h2>W3C Editor’s Draft <em>3 June 2013</em></h2><dl><dt>Latest Editor’s Draft:</dt><dd><a href="http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html">http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html</a></dd><dt>Latest Published Version:</dt><dd><a href="http://www.w3.org/TR/WebCryptoAPI/">http://www.w3.org/TR/WebCryptoAPI/</a></dd><dt>Previous Version(s):</dt><dd><a href="https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html">https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html</a></dd><dt>Editors:</dt><dd><a href="http://ddahl.com/">David Dahl</a>, Mozilla Corporation &lt;[email protected]&gt;</dd><dd><a href="http://www.google.com/">Ryan Sleevi</a>, Google, Inc. &lt;[email protected]&gt;</dd><dt>Participate:</dt><dd><p>Send feedback to <a href="mailto:[email protected]?subject=%5BWebCryptoAPI%5D">[email protected]</a> (<a href="http://lists.w3.org/Archives/Public/public-webcrypto/">archives</a>), or <a href="https://www.w3.org/Bugs/Public/enter_bug.cgi?product=Web%20Cryptography&amp;component=Web%20Cryptography%20API%20Document">file a bug</a> 
+    <div class="head"><div><a href="http://www.w3.org/"><img src="//www.w3.org/Icons/w3c_home" width="72" height="48" alt="W3C" /></a></div><h1>Web Cryptography API</h1><h2>W3C Editor’s Draft <em>12 June 2013</em></h2><dl><dt>Latest Editor’s Draft:</dt><dd><a href="http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html">http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html</a></dd><dt>Latest Published Version:</dt><dd><a href="http://www.w3.org/TR/WebCryptoAPI/">http://www.w3.org/TR/WebCryptoAPI/</a></dd><dt>Previous Version(s):</dt><dd><a href="https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html">https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html</a></dd><dt>Editors:</dt><dd><a href="http://ddahl.com/">David Dahl</a>, Mozilla Corporation &lt;[email protected]&gt;</dd><dd><a href="http://www.google.com/">Ryan Sleevi</a>, Google, Inc. &lt;[email protected]&gt;</dd><dt>Participate:</dt><dd><p>Send feedback to <a href="mailto:[email protected]?subject=%5BWebCryptoAPI%5D">[email protected]</a> (<a href="http://lists.w3.org/Archives/Public/public-webcrypto/">archives</a>), or <a href="https://www.w3.org/Bugs/Public/enter_bug.cgi?product=Web%20Cryptography&amp;component=Web%20Cryptography%20API%20Document">file a bug</a> 
     (see <a href="https://www.w3.org/Bugs/Public/buglist.cgi?product=Web%20Cryptography&amp;component=Web%20Cryptography%20API%20Document&amp;resolution=---">existing bugs</a>).</p></dd></dl><p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> &copy; view <a href="http://www.w3.org/"><abbr title="World Wide Web Consortium">W3C</abbr></a><sup>&reg;</sup> (<a href="http://www.csail.mit.edu/"><abbr title="Massachusetts Institute of Technology">MIT</abbr></a>, <a href="http://www.ercim.org/"><abbr title="European Research Consortium for Informatics and Mathematics">ERCIM</abbr></a>, <a href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. W3C <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply.</p></div><hr />
 
     <div class="section">
@@ -49,7 +49,7 @@
 communications.
       </p>
   
-      <div class="ednote"><div class="ednoteHeader">Editorial note</div><p>There are 21 further editorial notes in the document.</p></div>
+      <div class="ednote"><div class="ednoteHeader">Editorial note</div><p>There are 20 further editorial notes in the document.</p></div>
     </div>
 
     <div class="section">
@@ -61,7 +61,7 @@
         report can be found in the <a href="http://www.w3.org/TR/">W3C technical
           reports index</a> at http://www.w3.org/TR/.
       </em></p><p>
-        This document is the 3 June 2013 <b>Editor’s Draft</b> of the
+        This document is the 12 June 2013 <b>Editor’s Draft</b> of the
         <cite>Web Cryptography API</cite> specification.
       
       Please send comments about this document to
@@ -2736,12 +2736,6 @@
 
           <div id="ecdsa-operations" class="section">
             <h4>18.7.5. Operations</h4>
-            <div class="ednote"><div class="ednoteHeader">Editorial note</div>
-              <p>
-                Note: The following processing algorithms have not been updated to match the processing algorithm
-                described in the <a href="#CryptoOperation-processing-model">CryptoOperation processing model</a>.
-              </p>
-            </div>
             <dl>
               <dt>Sign</dt>
               <dd>
@@ -2749,57 +2743,85 @@
                 shall behave as follows:
                 <ol>
                   <li>
-                    Upon invoking <code>init</code>:
-                    <ol>
-                      <li>
-                        If <code><a href="#dfn-CryptoOperation-key">key</a></code> does not describe an
-                        ECDSA private key, raise an error and <a href="#terminate-the-algorithm">terminate the algorithm</a>.
-                      </li>                  
-                      <li>
-                        Let <var>M</var> be an empty sequence of bytes.
-                      </li>
-                    </ol>
+                    <p>
+                      If the context object's associated <code><a href="#dfn-CryptoOperation-key">Key</a></code>
+                      does not refer to an ECDSA private key, terminate the algorithm with an error.
+                    </p>
                   </li>
                   <li>
-                    Upon invoking <code><a href="#dfn-CryptoOperation-method-process">process</a></code>:
-                    <ol>
-                      <li>
-                        Let <var>buffer</var> be the <code>ArrayBufferView</code> to be processed. 
-                      </li>
-                      <li>
-                        Convert <var>buffer</var> to a sequence of <code>byteLength</code> bytes from
-                        the underlying <code>ArrayBuffer</code>, starting at the <code>byteOffset</code>
-                        of the <code>ArrayBufferView</code>, and append those bytes to <var>M</var>.
-                      </li>
-                      <li>
-                        No output is returned.
-                      </li>
-                    </ol>
-                  </li>
-                  <li>
-                    Upon invoking <code><a href="#dfn-CryptoOperation-method-finish">finish</a></code>:
-                    <ol>
-                      <li>
-                        Perform the ECDSA signing process, as specified in <a href="#X9.62">X9.62</a>,
-                        Section 7.3, with <var>M</var> as the message, with EC domain parameters and
-                        private key <var>d</var> obtained from the <code><a href="#dfn-CryptoOperation-key">Key</a></code>,
-                        and with the hash function obtained from the EcdsaParams dictionary.
-                      </li>
-                      <li>
-                        If the operation resulted in an error, raise an error and terminate this
-                        algorithm.
-                      </li>
-                      <li>
-                        Let <var>r</var> and <var>s</var> be a pair of integers resulting from performing the
-                        ECDSA signing process.
-                      </li>
-                      <li>
-                        Let <var>output</var> be an <code>ArrayBuffer</code> holding
-                        the concatenation of <var>r</var> and <var>s</var>, each as a ceil(ceil(log2(n))/8)
-                        byte sequence, where n (a prime number) is the order of the base point generator.
-                      </li>
-                    </ol>
-                  </li>
+                    <p>
+                      Upon the first attempt to process data, let <var>hash</var> be an initialized to an
+                      instance of the underlying hash algorithm indicated by the <code>"hash"</code>
+                      identifier of the context object's associated
+                      <code><a href="#dfn-CryptoOperation-Algorithm">algorithm</a></code>.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Let <var>bytes</var> be the sequence of bytes to be processed.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Perform the hash algorithm of <var>hash</var>, using <var>bytes</var> as input.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     If the context object's internal state is not <code>"complete"</code>, return an
+                     empty <code>ArrayBuffer</code>.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Let <var>M</var> be the result of finalizing the hash algorithm of <var>hash</var>.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Let <var>d</var> be the ECDSA private key associated with the context object's
+                     associated <code><a href="#dfn-CryptoOperation-key">Key</a></code>.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Let <var>params</var> be the EC domain parameters associated with the context
+                     object's associated <code><a href="#dfn-CryptoOperation-key">Key</a></code>.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Perform the ECDSA signing process, as specified in <a href="#X9.62">X9.62</a>,
+                     Section 7.3, with <var>M</var> as the message, using <var>params</var> as the
+                     EC domain parameters, and with <var>d</var> as the private key.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Let <var>r</var> and <var>s</var> be the pair of integers resulting from
+                     performing the ECDSA signing process.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Let <var>result</var> be a new <code>ArrayBuffer</code>.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Convert <var>r</var> to a bitstring and append the sequence of bytes to <var>result</var>.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Convert <var>s</var> to a bitstring and append the sequence of bytes to <var>result</var>.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Return <var>result</var>.
+                   </p>
+                 </li>
                 </ol>
               </dd>
               <dt>Verify</dt>
@@ -2808,53 +2830,70 @@
                 shall behave as follows:
                 <ol>
                   <li>
-                    Upon invoking <code>init</code>:
-                    <ol>
-                      <li>
-                        If <code><a href="#dfn-CryptoOperation-key">key</a></code> does not describe an
-                        ECDSA public key, raise an error and <a href="#terminate-the-algorithm">terminate the algorithm</a>.
-                      </li>                  
-                      <li>
-                        Let <var>M'</var> be an empty sequence of bytes.
-                      </li>
-                    </ol>
+                    <p>
+                      If the context object's associated <code><a href="#dfn-CryptoOperation-key">Key</a></code>
+                      does not refer to an ECDSA public key, terminate the algorithm with an error.
+                    </p>
                   </li>
                   <li>
-                    Upon invoking <code><a href="#dfn-CryptoOperation-method-process">process</a></code>:
-                    <ol>
-                      <li>
-                        Let <var>buffer</var> be the <code>ArrayBufferView</code> to be processed. 
-                      </li>
-                      <li>
-                        Convert <var>buffer</var> to a sequence of <code>byteLength</code> bytes from
-                        the underlying <code>ArrayBuffer</code>, starting at the <code>byteOffset</code>
-                        of the <code>ArrayBufferView</code>, and append those bytes to <var>M'</var>.
-                      </li>
-                      <li>
-                        No output is returned.
-                      </li>
-                    </ol>
-                  </li>
-                  <li>
-                    Upon invoking <code><a href="#dfn-CryptoOperation-method-finish">finish</a></code>:
-                    <ol>
-                      <li>
-                        Perform the ECDSA verifying process, as specified in <a href="#X9.62">X9.62</a>,
-                        Section 7.4, with <var>M'</var> as the received message, with the EC domain
-                        parameters and public key <var>Q</var> obtained from the
-                        <code><a href="#dfn-CryptoOperation-key">Key</a></code>, and with the hash
-                        function obtained from the EcdsaParams dictionary.
-                      </li>
-                      <li>
-                        If the operation resulted in an error, raise an error and terminate this
-                        algorithm.
-                      </li>
-                      <li>
-                        Let <var>output</var> be a <code>boolean</code> that indicates whether the
-                        purported signature is valid (<code>true</code>) or not (<code>false</code>).
-                      </li>
-                    </ol>
-                  </li>
+                    <p>
+                      Upon the first attempt to process data, let <var>hash</var> be an initialized to an
+                      instance of the underlying hash algorithm indicated by the <code>"hash"</code>
+                      identifier of the context object's associated
+                      <code><a href="#dfn-CryptoOperation-Algorithm">algorithm</a></code>.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Let <var>bytes</var> be the sequence of bytes to be processed.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Perform the hash algorithm of <var>hash</var>, using <var>bytes</var> as input.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     If the context object's internal state is not <code>"complete"</code>, terminate the algorithm.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Let <var>M</var> be the result of finalizing the hash algorithm of <var>hash</var>.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Let <var>Q</var> be the ECDSA public key associated with the context object's
+                     associated <code><a href="#dfn-CryptoOperation-key">Key</a></code>.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Let <var>params</var> be the EC domain parameters associated with the context
+                     object's associated <code><a href="#dfn-CryptoOperation-key">Key</a></code>.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Perform the ECDSA verifying process, as specified in <a href="#X9.62">X9.62</a>,
+                     Section 7.4, with <var>M</var> as the received message, using <var>params</var> as the
+                     EC domain parameters, and with <var>Q</var> as the public key.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Let <var>result</var> be a boolean indicating whether or not the purported
+                     signature is valid, with <code>true</code> indicating the signature is valid
+                     and <code>false</code> indicating it is invalid.
+                   </p>
+                 </li>
+                 <li>
+                   <p>
+                     Return <var>result</var>.
+                   </p>
+                 </li>
                 </ol>
               </dd>
               <dt>Generate Key</dt>