--- a/spec/Overview-WebCryptoAPI.xml Mon Sep 22 15:00:14 2014 -0700
+++ b/spec/Overview-WebCryptoAPI.xml Mon Sep 22 15:17:13 2014 -0700
@@ -14571,7 +14571,7 @@
specifications</a>, passing <var>key</var> and obtaining <var>result</var>.
<dl class="switch">
<dt>
- If <var>format</var> is not <code>"jwk"</code> and
+ If <var>format</var> is not <code>"jwkf"</code> and
<var>result</var> is an <a href="#dfn-ArrayBuffer">ArrayBuffer</a>
object
</dt>
@@ -15777,7 +15777,14 @@
<p>
The <code>"CONCAT"</code> algorithm identifier is used to perform key derivation
using the key derivation algorithm defined in Section 5.8.1 of NIST SP 800-56A
- [<a href="#SP800-56A">SP800-56A</a>].
+ [<a href="#SP800-56A">SP800-56A</a>] using the SHA hash functions defined
+ in this specification.
+ </p>
+ <p>
+ <a href="#dfn-applicable-specification">Other specifications</a>
+ may specify the use of additional hash algorithms with Concat KDF. Such specifications
+ must define
+ <dfn id="dfn-concat-extended-import-steps">key import steps</dfn>.
</p>
</div>
<div id="concatkdf-registration" class="section">
@@ -15879,77 +15886,112 @@
</dd>
<dt>Import key</dt>
<dd>
- <dl class="switch">
- <dt>
- If <var>format</var> is <code>"raw"</code>:
- </dt>
- <dd>
- <ol>
- <li>
- <p>
- If <var>usages</var> contains a value that is not
- <code>"deriveKey"</code> or <code>"deriveBits"</code>,
-
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
- representing the key data provided in <var>keyData</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
- <var>key</var> to <code>"secret"</code>.
- </p>
- </li>
- <li>
- <p>
- Let <var>algorithm</var> be a new
- <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a> object.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
- <var>algorithm</var> to <code>"CONCAT"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
- slot of <var>key</var> to <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]]
- internal slot of <var>key</var> to <var>extractable</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot
- of <var>key</var> to the <a href="#concept-normalized-usages">normalized
- value</a> of <var>usages</var>.
- </p>
- </li>
- <li>
- <p>
- Return <var>key</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Otherwise:</dt>
- <dd>
- <a href="#concept-return-an-error">Return an error</a> named
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
- </dd>
- </dl>
+ <ol>
+ <li>
+ <p>Let <var>keyData</var> be the key data to be imported.</p>
+ </li>
+ <li>
+ <p>
+ Perform any <a href="#dfn-rsa-pss-extended-import-steps">key import steps</a>
+ defined by <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>keyData</var> and obtaining <var>result</var>.
+ <dl class="switch">
+ <dt>
+ If <var>result</var> is a <a href="#dfn-CryptoKey">CryptoKey</a>
+ object
+ </dt>
+ <dd>
+ <p>
+ Return <var>result</var>.
+ </p>
+ </dd>
+ <dt>
+ If <var>result</var> is an error with a name that is not
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
+ </dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> with the same name
+ as <var>result</var>.
+ </p>
+ </dd>
+ </dl>
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>
+ If <var>format</var> is <code>"raw"</code>:
+ </dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If <var>usages</var> contains a value that is not
+ <code>"deriveKey"</code> or <code>"deriveBits"</code>,
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
+ representing the key data provided in <var>keyData</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
+ <var>key</var> to <code>"secret"</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>algorithm</var> be a new
+ <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a> object.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
+ <var>algorithm</var> to <code>"CONCAT"</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
+ slot of <var>key</var> to <var>algorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]]
+ internal slot of <var>key</var> to <var>extractable</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot
+ of <var>key</var> to the <a href="#concept-normalized-usages">normalized
+ value</a> of <var>usages</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return <var>key</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
+ </dl>
+ </li>
+ </ol>
</dd>
<dt>Get length</dt>
<dd>
@@ -15972,10 +16014,17 @@
<p>
The <code>"HKDF-CTR"</code> algorithm identifier is used to
perform key derivation using the extraction-then-expansion approach described in
- NIST SP 800-56C[<a href="#SP800-56C">SP800-56C</a>], using HMAC in counter mode,
+ NIST SP 800-56C[<a href="#SP800-56C">SP800-56C</a>], using HMAC in counter mode, and
+ using the SHA hash functions defined in this specification
as described in Section 5.1 of NIST SP 800-108
[<a href="#SP800-108">SP800-108</a>].
</p>
+ <p>
+ <a href="#dfn-applicable-specification">Other specifications</a>
+ may specify the use of additional hash algorithms with RSASSA-PSS. Such specifications
+ must define
+ <dfn id="dfn-hkdf-ctr-extended-import-steps">key import steps</dfn>.
+ </p>
</div>
<div id="hkdf-ctr-registration" class="section">
<h4>Registration</h4>
@@ -16145,77 +16194,112 @@
</dd>
<dt>Import key</dt>
<dd>
- <dl class="switch">
- <dt>
- If <var>format</var> is <code>"raw"</code>:
- </dt>
- <dd>
- <ol>
- <li>
- <p>
- If <var>usages</var> contains a value that is not
- <code>"deriveKey"</code> or <code>"deriveBits"</code>,
-
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
- representing the key data provided in <var>keyData</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
- <var>key</var> to <code>"secret"</code>.
- </p>
- </li>
- <li>
- <p>
- Let <var>algorithm</var> be a new
- <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a> object.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
- <var>algorithm</var> to <code>"HKDF-CTR"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
- slot of <var>key</var> to <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]]
- internal slot of <var>key</var> to <var>extractable</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot
- of <var>key</var> to the <a href="#concept-normalized-usages">normalized
- value</a> of <var>usages</var>.
- </p>
- </li>
- <li>
- <p>
- Return <var>key</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Otherwise:</dt>
- <dd>
- <a href="#concept-return-an-error">Return an error</a> named
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
- </dd>
- </dl>
+ <ol>
+ <li>
+ <p>Let <var>keyData</var> be the key data to be imported.</p>
+ </li>
+ <li>
+ <p>
+ Perform any <a href="#dfn-hkdf-ctr-extended-import-steps">key import steps</a>
+ defined by <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>keyData</var> and obtaining <var>result</var>.
+ <dl class="switch">
+ <dt>
+ If <var>result</var> is a <a href="#dfn-CryptoKey">CryptoKey</a>
+ object
+ </dt>
+ <dd>
+ <p>
+ Return <var>result</var>.
+ </p>
+ </dd>
+ <dt>
+ If <var>result</var> is an error with a name that is not
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
+ </dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> with the same name
+ as <var>result</var>.
+ </p>
+ </dd>
+ </dl>
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>
+ If <var>format</var> is <code>"raw"</code>:
+ </dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If <var>usages</var> contains a value that is not
+ <code>"deriveKey"</code> or <code>"deriveBits"</code>,
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
+ representing the key data provided in <var>keyData</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
+ <var>key</var> to <code>"secret"</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>algorithm</var> be a new
+ <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a> object.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
+ <var>algorithm</var> to <code>"HKDF-CTR"</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
+ slot of <var>key</var> to <var>algorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]]
+ internal slot of <var>key</var> to <var>extractable</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot
+ of <var>key</var> to the <a href="#concept-normalized-usages">normalized
+ value</a> of <var>usages</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return <var>key</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
+ </dl>
+ </li>
+ </ol>
</dd>
<dt>Get length</dt>
<dd>
--- a/spec/Overview.html Mon Sep 22 15:00:14 2014 -0700
+++ b/spec/Overview.html Mon Sep 22 15:17:13 2014 -0700
@@ -14074,7 +14074,7 @@
specifications</a>, passing <var>key</var> and obtaining <var>result</var>.
<dl class="switch">
<dt>
- If <var>format</var> is not <code>"jwk"</code> and
+ If <var>format</var> is not <code>"jwkf"</code> and
<var>result</var> is an <a href="#dfn-ArrayBuffer">ArrayBuffer</a>
object
</dt>
@@ -15215,7 +15215,14 @@
<p>
The <code>"CONCAT"</code> algorithm identifier is used to perform key derivation
using the key derivation algorithm defined in Section 5.8.1 of NIST SP 800-56A
- [<a href="#SP800-56A">SP800-56A</a>].
+ [<a href="#SP800-56A">SP800-56A</a>] using the SHA hash functions defined
+ in this specification.
+ </p>
+ <p>
+ <a href="#dfn-applicable-specification">Other specifications</a>
+ may specify the use of additional hash algorithms with Concat KDF. Such specifications
+ must define
+ <dfn id="dfn-concat-extended-import-steps">key import steps</dfn>.
</p>
</div>
<div id="concatkdf-registration" class="section">
@@ -15317,77 +15324,112 @@
</dd>
<dt>Import key</dt>
<dd>
- <dl class="switch">
- <dt>
- If <var>format</var> is <code>"raw"</code>:
- </dt>
- <dd>
- <ol>
- <li>
- <p>
- If <var>usages</var> contains a value that is not
- <code>"deriveKey"</code> or <code>"deriveBits"</code>,
-
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
- representing the key data provided in <var>keyData</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
- <var>key</var> to <code>"secret"</code>.
- </p>
- </li>
- <li>
- <p>
- Let <var>algorithm</var> be a new
- <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a> object.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
- <var>algorithm</var> to <code>"CONCAT"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
- slot of <var>key</var> to <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]]
- internal slot of <var>key</var> to <var>extractable</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot
- of <var>key</var> to the <a href="#concept-normalized-usages">normalized
- value</a> of <var>usages</var>.
- </p>
- </li>
- <li>
- <p>
- Return <var>key</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Otherwise:</dt>
- <dd>
- <a href="#concept-return-an-error">Return an error</a> named
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
- </dd>
- </dl>
+ <ol>
+ <li>
+ <p>Let <var>keyData</var> be the key data to be imported.</p>
+ </li>
+ <li>
+ <p>
+ Perform any <a href="#dfn-rsa-pss-extended-import-steps">key import steps</a>
+ defined by <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>keyData</var> and obtaining <var>result</var>.
+ <dl class="switch">
+ <dt>
+ If <var>result</var> is a <a href="#dfn-CryptoKey">CryptoKey</a>
+ object
+ </dt>
+ <dd>
+ <p>
+ Return <var>result</var>.
+ </p>
+ </dd>
+ <dt>
+ If <var>result</var> is an error with a name that is not
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
+ </dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> with the same name
+ as <var>result</var>.
+ </p>
+ </dd>
+ </dl>
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>
+ If <var>format</var> is <code>"raw"</code>:
+ </dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If <var>usages</var> contains a value that is not
+ <code>"deriveKey"</code> or <code>"deriveBits"</code>,
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
+ representing the key data provided in <var>keyData</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
+ <var>key</var> to <code>"secret"</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>algorithm</var> be a new
+ <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a> object.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
+ <var>algorithm</var> to <code>"CONCAT"</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
+ slot of <var>key</var> to <var>algorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]]
+ internal slot of <var>key</var> to <var>extractable</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot
+ of <var>key</var> to the <a href="#concept-normalized-usages">normalized
+ value</a> of <var>usages</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return <var>key</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
+ </dl>
+ </li>
+ </ol>
</dd>
<dt>Get length</dt>
<dd>
@@ -15410,10 +15452,17 @@
<p>
The <code>"HKDF-CTR"</code> algorithm identifier is used to
perform key derivation using the extraction-then-expansion approach described in
- NIST SP 800-56C[<a href="#SP800-56C">SP800-56C</a>], using HMAC in counter mode,
+ NIST SP 800-56C[<a href="#SP800-56C">SP800-56C</a>], using HMAC in counter mode, and
+ using the SHA hash functions defined in this specification
as described in Section 5.1 of NIST SP 800-108
[<a href="#SP800-108">SP800-108</a>].
</p>
+ <p>
+ <a href="#dfn-applicable-specification">Other specifications</a>
+ may specify the use of additional hash algorithms with RSASSA-PSS. Such specifications
+ must define
+ <dfn id="dfn-hkdf-ctr-extended-import-steps">key import steps</dfn>.
+ </p>
</div>
<div id="hkdf-ctr-registration" class="section">
<h4>37.2. Registration</h4>
@@ -15580,77 +15629,112 @@
</dd>
<dt>Import key</dt>
<dd>
- <dl class="switch">
- <dt>
- If <var>format</var> is <code>"raw"</code>:
- </dt>
- <dd>
- <ol>
- <li>
- <p>
- If <var>usages</var> contains a value that is not
- <code>"deriveKey"</code> or <code>"deriveBits"</code>,
-
- then <a href="#concept-return-an-error">return an error</a> named
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
- representing the key data provided in <var>keyData</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
- <var>key</var> to <code>"secret"</code>.
- </p>
- </li>
- <li>
- <p>
- Let <var>algorithm</var> be a new
- <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a> object.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
- <var>algorithm</var> to <code>"HKDF-CTR"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
- slot of <var>key</var> to <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]]
- internal slot of <var>key</var> to <var>extractable</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot
- of <var>key</var> to the <a href="#concept-normalized-usages">normalized
- value</a> of <var>usages</var>.
- </p>
- </li>
- <li>
- <p>
- Return <var>key</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Otherwise:</dt>
- <dd>
- <a href="#concept-return-an-error">Return an error</a> named
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
- </dd>
- </dl>
+ <ol>
+ <li>
+ <p>Let <var>keyData</var> be the key data to be imported.</p>
+ </li>
+ <li>
+ <p>
+ Perform any <a href="#dfn-hkdf-ctr-extended-import-steps">key import steps</a>
+ defined by <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>keyData</var> and obtaining <var>result</var>.
+ <dl class="switch">
+ <dt>
+ If <var>result</var> is a <a href="#dfn-CryptoKey">CryptoKey</a>
+ object
+ </dt>
+ <dd>
+ <p>
+ Return <var>result</var>.
+ </p>
+ </dd>
+ <dt>
+ If <var>result</var> is an error with a name that is not
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
+ </dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> with the same name
+ as <var>result</var>.
+ </p>
+ </dd>
+ </dl>
+ </p>
+ </li>
+ <li>
+ <dl class="switch">
+ <dt>
+ If <var>format</var> is <code>"raw"</code>:
+ </dt>
+ <dd>
+ <ol>
+ <li>
+ <p>
+ If <var>usages</var> contains a value that is not
+ <code>"deriveKey"</code> or <code>"deriveBits"</code>,
+
+ then <a href="#concept-return-an-error">return an error</a> named
+ <a href="#dfn-DataError"><code>DataError</code></a>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
+ representing the key data provided in <var>keyData</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
+ <var>key</var> to <code>"secret"</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Let <var>algorithm</var> be a new
+ <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a> object.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
+ <var>algorithm</var> to <code>"HKDF-CTR"</code>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
+ slot of <var>key</var> to <var>algorithm</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]]
+ internal slot of <var>key</var> to <var>extractable</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot
+ of <var>key</var> to the <a href="#concept-normalized-usages">normalized
+ value</a> of <var>usages</var>.
+ </p>
+ </li>
+ <li>
+ <p>
+ Return <var>key</var>.
+ </p>
+ </li>
+ </ol>
+ </dd>
+ <dt>Otherwise:</dt>
+ <dd>
+ <a href="#concept-return-an-error">Return an error</a> named
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
+ </dd>
+ </dl>
+ </li>
+ </ol>
</dd>
<dt>Get length</dt>
<dd>