--- a/spec/Overview-WebCryptoAPI.xml Wed Feb 26 13:28:26 2014 -0800
+++ b/spec/Overview-WebCryptoAPI.xml Wed Feb 26 13:43:45 2014 -0800
@@ -6774,6 +6774,12 @@
<h3>AES-GCM</h3>
<div id="aes-gcm-description" class="section">
<h4>Description</h4>
+ <p class="norm">This section is non-normative.</p>
+ <p>
+ The <code>"AES-GCM"</code> algorithm identifier is used to perform
+ authenticated encryption and decryption using AES in Galois/Counter Mode mode,
+ as described in NIST SP 800-38D [<a href="#SP800-38D">SP800-38D</a>].
+ </p>
</div>
<div id="aes-gcm-registration" class="section">
<h4>Registration</h4>
@@ -6839,7 +6845,8 @@
<ol>
<li>
<p>
- If any of the members of <a href="#aes-gcm-params">AesGcmParams</a> are not
+ If the <a href="#dfn-AesGcmParams-iv">iv</a> property of
+ <a href="#aes-gcm-params">AesGcmParams</a> is not
present in <var>normalizedAlgorithm</var>, terminate
this algorithm with an error.
</p>
@@ -6859,15 +6866,15 @@
</li>
<li>
<p>
- If the <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property of
- <var>normalizedAlgorithm</var> has a length greater than 2^64 - 1
- bytes, terminate this algorithm with an error.
+ If the <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property
+ of <var>normalizedAlgorithm</var> is present, is not null and has a length
+ greater than 2^64 - 1 bytes, terminate this algorithm with an error.
</p>
</li>
<li>
<dl class="switch">
<dt>If the <a href="#dfn-AesGcmParams-tagLength">tagLength</a> property of
- <var>normalizedAlgorithm</var> is null:</dt>
+ <var>normalizedAlgorithm</var> is not present or is null:</dt>
<dd>Let <var>tagLength</var> be 128.</dd>
<dt>If the <a href="#dfn-AesGcmParams-tagLength">tagLength</a> property of
<var>normalizedAlgorithm</var> is one of 32, 64, 96, 104, 112, 120 or 128:</dt>
@@ -6880,13 +6887,20 @@
</li>
<li>
<p>
+ Let <var>additionalData</var> be the contents of the
+ <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property
+ of <var>normalizedAlgorithm</var> if present and not null and the empty
+ octet string otherwise.
+ </p>
+ </li>
+ <li>
+ <p>
Let <var>C</var> and <var>T</var> be the outputs that result from performing
the Authenticated Encryption Function described in Section 7.1 of
NIST SP 800-38D [<a href="#SP800-38D">SP800-38D</a>] using AES as the block
cipher, the contents of the <a href="#dfn-AesGcmParams-iv">iv</a> property of
- <var>normalizedAlgorithm</var> as the <var>IV</var> input parameter, the
- <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property of
- <var>normalizedAlgorithm</var> as the <var>A</var> input parameter,
+ <var>normalizedAlgorithm</var> as the <var>IV</var> input parameter,
+ <var>additionalData</var> as the <var>A</var> input parameter,
<var>tagLength</var> as the <var>t</var> pre-requisite and
<var>plaintext</var> as the input plaintext.
</p>
@@ -6904,7 +6918,8 @@
<ol>
<li>
<p>
- If any of the members of <a href="#aes-gcm-params">AesGcmParams</a> are not
+ If the <a href="#dfn-AesGcmParams-iv">iv</a> property of
+ <a href="#aes-gcm-params">AesGcmParams</a> is not
present in <var>normalizedAlgorithm</var>, terminate
this algorithm with an error.
</p>
@@ -6912,7 +6927,7 @@
<li>
<dl class="switch">
<dt>If the <a href="#dfn-AesGcmParams-tagLangth">tagLength</a> property of
- <var>normalizedAlgorithm</var> is null:</dt>
+ <var>normalizedAlgorithm</var> is not present or null:</dt>
<dd>Let <var>tagLength</var> be 128.</dd>
<dt>If the <a href="#dfn-AesGcmParams-tagLangth">tagLength</a> property of
<var>normalizedAlgorithm</var> is one of 32, 64, 96, 104, 112, 120 or 128:</dt>
@@ -6938,8 +6953,9 @@
</li>
<li>
<p>
- If the <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property of
- <var>normalizedAlgorithm</var> has a length greater than 2^64 - 1
+ If the <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property
+ of <var>normalizedAlgorithm</var> is present, is not null and has a length
+ greater than 2^64 - 1
bytes, terminate this algorithm with an error.
</p>
</li>
@@ -6957,12 +6973,19 @@
</li>
<li>
<p>
+ Let <var>additionalData</var> be the contents of the
+ <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property
+ of <var>normalizedAlgorithm</var> if present and not null and the empty
+ octet string otherwise.
+ </p>
+ </li>
+ <li>
+ <p>
Perform the Authenticated Decryption Function described in Section 7.2 of
NIST SP 800-38D [<a href="#SP800-38D">SP800-38D</a>] using AES as the block
cipher, the contents of the <a href="#dfn-AesGcmParams-iv">iv</a> property of
- <var>normalizedAlgorithm</var> as the <var>IV</var> input parameter, the
- <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property of
- <var>normalizedAlgorithm</var> as the <var>A</var> input parameter,
+ <var>normalizedAlgorithm</var> as the <var>IV</var> input parameter,
+ <var>additionalData</var> as the <var>A</var> input parameter,
<var>tagLength</var> as the <var>t</var> pre-requisite,
<var>actualCiphertext</var> as the input ciphertext, <var>C</var> and
<var>tag</var> as the authentation tag, <var>T</var>.
@@ -10504,6 +10527,12 @@
NIST Special Publication 800-38B: Recommendation for Block Cipher Modes of Operation:
The CMAC Mode for Authentication</a></cite>, May 2005, NIST.
</dd>
+ <dt id="SP800-38D">NIST SP 800-38D</dt>
+ <dd>
+ <cite><a href="http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf">
+ NIST Special Publication 800-38D: Recommendation for Block Cipher Modes of Operation:
+ Galois/Counter Mode (GCM) and GMAC</a></cite>, November 2007, NIST.
+ </dd>
<dt id="SP800-56A">NIST SP 800-56A</dt>
<dd>
<cite><a href="http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf">
--- a/spec/Overview.html Wed Feb 26 13:28:26 2014 -0800
+++ b/spec/Overview.html Wed Feb 26 13:43:45 2014 -0800
@@ -5635,15 +5635,15 @@
<dl class="switch">
<dt>If <var>data</var> has length 128 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"AES128CTR"</code>, terminate
+ not a case-sensitive string match to <code>"A128CTR"</code>, terminate
this algorithm with an error.</dd>
<dt>If <var>data</var> has length 192 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"AES192CTR"</code>, terminate
+ not a case-sensitive string match to <code>"A192CTR"</code>, terminate
this algorithm with an error.</dd>
<dt>If <var>data</var> has length 256 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"AES256CTR"</code>, terminate
+ not a case-sensitive string match to <code>"A256CTR"</code>, terminate
this algorithm with an error.</dd>
<dt>Otherwise:</dt>
<dd>Terminate this algorithm with an error.</dd>
@@ -5763,15 +5763,15 @@
<dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
<var>key</var> is 128:</dt>
<dd>Set the <code>alg</code> property of <var>jwk</var> to
- the string <code>"AES128CTR"</code>.</dd>
+ the string <code>"A128CTR"</code>.</dd>
<dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
<var>key</var> is 192:</dt>
<dd>Set the <code>alg</code> property of <var>jwk</var> to
- the string <code>"AES192CTR"</code>.</dd>
+ the string <code>"A192CTR"</code>.</dd>
<dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
<var>key</var> is 256:</dt>
<dd>Set the <code>alg</code> property of <var>jwk</var> to
- the string <code>"AES256CTR"</code>.</dd>
+ the string <code>"A256CTR"</code>.</dd>
</dl>
</li>
<li>
@@ -6142,15 +6142,15 @@
<dl class="switch">
<dt>If <var>data</var> has length 128 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"AES128CBC"</code>, terminate
+ not a case-sensitive string match to <code>"A128CBC"</code>, terminate
this algorithm with an error.</dd>
<dt>If <var>data</var> has length 192 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"AES192CBC"</code>, terminate
+ not a case-sensitive string match to <code>"A192CBC"</code>, terminate
this algorithm with an error.</dd>
<dt>If <var>data</var> has length 256 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"AES256CBC"</code>, terminate
+ not a case-sensitive string match to <code>"A256CBC"</code>, terminate
this algorithm with an error.</dd>
<dt>Otherwise:</dt>
<dd>Terminate this algorithm with an error.</dd>
@@ -6270,15 +6270,15 @@
<dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
<var>key</var> is 128:</dt>
<dd>Set the <code>alg</code> property of <var>jwk</var> to
- the string <code>"AES128CBC"</code>.</dd>
+ the string <code>"A128CBC"</code>.</dd>
<dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
<var>key</var> is 192:</dt>
<dd>Set the <code>alg</code> property of <var>jwk</var> to
- the string <code>"AES192CBC"</code>.</dd>
+ the string <code>"A192CBC"</code>.</dd>
<dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
<var>key</var> is 256:</dt>
<dd>Set the <code>alg</code> property of <var>jwk</var> to
- the string <code>"AES256CBC"</code>.</dd>
+ the string <code>"A256CBC"</code>.</dd>
</dl>
</li>
<li>
@@ -6582,15 +6582,15 @@
<dl class="switch">
<dt>If <var>data</var> has length 128 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"AES128CMAC"</code>, terminate
+ not a case-sensitive string match to <code>"A128CMAC"</code>, terminate
this algorithm with an error.</dd>
<dt>If <var>data</var> has length 192 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"AES192CMAC"</code>, terminate
+ not a case-sensitive string match to <code>"A192CMAC"</code>, terminate
this algorithm with an error.</dd>
<dt>If <var>data</var> has length 256 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"AES256CMAC"</code>, terminate
+ not a case-sensitive string match to <code>"A256CMAC"</code>, terminate
this algorithm with an error.</dd>
<dt>Otherwise:</dt>
<dd>Terminate this algorithm with an error.</dd>
@@ -6710,15 +6710,15 @@
<dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
<var>key</var> is 128:</dt>
<dd>Set the <code>alg</code> property of <var>jwk</var> to
- the string <code>"AES128CMAC"</code>.</dd>
+ the string <code>"A128CMAC"</code>.</dd>
<dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
<var>key</var> is 192:</dt>
<dd>Set the <code>alg</code> property of <var>jwk</var> to
- the string <code>"AES192CMAC"</code>.</dd>
+ the string <code>"A192CMAC"</code>.</dd>
<dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
<var>key</var> is 256:</dt>
<dd>Set the <code>alg</code> property of <var>jwk</var> to
- the string <code>"AES256CMAC"</code>.</dd>
+ the string <code>"A256CMAC"</code>.</dd>
</dl>
</li>
<li>
@@ -6766,6 +6766,12 @@
<h3>18.13. AES-GCM</h3>
<div id="aes-gcm-description" class="section">
<h4>18.13.1. Description</h4>
+ <p class="norm">This section is non-normative.</p>
+ <p>
+ The <code>"AES-GCM"</code> algorithm identifier is used to perform
+ authenticated encryption and decryption using AES in Galois/Counter Mode mode,
+ as described in NIST SP 800-38D [<a href="#SP800-38D">SP800-38D</a>].
+ </p>
</div>
<div id="aes-gcm-registration" class="section">
<h4>18.13.2. Registration</h4>
@@ -6831,7 +6837,8 @@
<ol>
<li>
<p>
- If any of the members of <a href="#aes-gcm-params">AesGcmParams</a> are not
+ If the <a href="#dfn-AesGcmParams-iv">iv</a> property of
+ <a href="#aes-gcm-params">AesGcmParams</a> is not
present in <var>normalizedAlgorithm</var>, terminate
this algorithm with an error.
</p>
@@ -6851,15 +6858,15 @@
</li>
<li>
<p>
- If the <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property of
- <var>normalizedAlgorithm</var> has a length greater than 2^64 - 1
- bytes, terminate this algorithm with an error.
+ If the <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property
+ of <var>normalizedAlgorithm</var> is present, is not null and has a length
+ greater than 2^64 - 1 bytes, terminate this algorithm with an error.
</p>
</li>
<li>
<dl class="switch">
<dt>If the <a href="#dfn-AesGcmParams-tagLength">tagLength</a> property of
- <var>normalizedAlgorithm</var> is null:</dt>
+ <var>normalizedAlgorithm</var> is not present or is null:</dt>
<dd>Let <var>tagLength</var> be 128.</dd>
<dt>If the <a href="#dfn-AesGcmParams-tagLength">tagLength</a> property of
<var>normalizedAlgorithm</var> is one of 32, 64, 96, 104, 112, 120 or 128:</dt>
@@ -6872,13 +6879,20 @@
</li>
<li>
<p>
+ Let <var>additionalData</var> be the contents of the
+ <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property
+ of <var>normalizedAlgorithm</var> if present and not null and the empty
+ octet string otherwise.
+ </p>
+ </li>
+ <li>
+ <p>
Let <var>C</var> and <var>T</var> be the outputs that result from performing
the Authenticated Encryption Function described in Section 7.1 of
NIST SP 800-38D [<a href="#SP800-38D">SP800-38D</a>] using AES as the block
cipher, the contents of the <a href="#dfn-AesGcmParams-iv">iv</a> property of
- <var>normalizedAlgorithm</var> as the <var>IV</var> input parameter, the
- <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property of
- <var>normalizedAlgorithm</var> as the <var>A</var> input parameter,
+ <var>normalizedAlgorithm</var> as the <var>IV</var> input parameter,
+ <var>additionalData</var> as the <var>A</var> input parameter,
<var>tagLength</var> as the <var>t</var> pre-requisite and
<var>plaintext</var> as the input plaintext.
</p>
@@ -6896,7 +6910,8 @@
<ol>
<li>
<p>
- If any of the members of <a href="#aes-gcm-params">AesGcmParams</a> are not
+ If the <a href="#dfn-AesGcmParams-iv">iv</a> property of
+ <a href="#aes-gcm-params">AesGcmParams</a> is not
present in <var>normalizedAlgorithm</var>, terminate
this algorithm with an error.
</p>
@@ -6904,7 +6919,7 @@
<li>
<dl class="switch">
<dt>If the <a href="#dfn-AesGcmParams-tagLangth">tagLength</a> property of
- <var>normalizedAlgorithm</var> is null:</dt>
+ <var>normalizedAlgorithm</var> is not present or null:</dt>
<dd>Let <var>tagLength</var> be 128.</dd>
<dt>If the <a href="#dfn-AesGcmParams-tagLangth">tagLength</a> property of
<var>normalizedAlgorithm</var> is one of 32, 64, 96, 104, 112, 120 or 128:</dt>
@@ -6930,8 +6945,9 @@
</li>
<li>
<p>
- If the <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property of
- <var>normalizedAlgorithm</var> has a length greater than 2^64 - 1
+ If the <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property
+ of <var>normalizedAlgorithm</var> is present, is not null and has a length
+ greater than 2^64 - 1
bytes, terminate this algorithm with an error.
</p>
</li>
@@ -6949,12 +6965,19 @@
</li>
<li>
<p>
+ Let <var>additionalData</var> be the contents of the
+ <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property
+ of <var>normalizedAlgorithm</var> if present and not null and the empty
+ octet string otherwise.
+ </p>
+ </li>
+ <li>
+ <p>
Perform the Authenticated Decryption Function described in Section 7.2 of
NIST SP 800-38D [<a href="#SP800-38D">SP800-38D</a>] using AES as the block
cipher, the contents of the <a href="#dfn-AesGcmParams-iv">iv</a> property of
- <var>normalizedAlgorithm</var> as the <var>IV</var> input parameter, the
- <a href="#dfn-AesGcmParams-additionalData">additionalData</a> property of
- <var>normalizedAlgorithm</var> as the <var>A</var> input parameter,
+ <var>normalizedAlgorithm</var> as the <var>IV</var> input parameter,
+ <var>additionalData</var> as the <var>A</var> input parameter,
<var>tagLength</var> as the <var>t</var> pre-requisite,
<var>actualCiphertext</var> as the input ciphertext, <var>C</var> and
<var>tag</var> as the authentation tag, <var>T</var>.
@@ -7130,15 +7153,15 @@
<dl class="switch">
<dt>If <var>data</var> has length 128 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"AES128GCM"</code>, terminate
+ not a case-sensitive string match to <code>"A128GCM"</code>, terminate
this algorithm with an error.</dd>
<dt>If <var>data</var> has length 192 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"AES192GCM"</code>, terminate
+ not a case-sensitive string match to <code>"A192GCM"</code>, terminate
this algorithm with an error.</dd>
<dt>If <var>data</var> has length 256 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"AES256GCM"</code>, terminate
+ not a case-sensitive string match to <code>"A256GCM"</code>, terminate
this algorithm with an error.</dd>
<dt>Otherwise:</dt>
<dd>Terminate this algorithm with an error.</dd>
@@ -7258,15 +7281,15 @@
<dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
<var>key</var> is 128:</dt>
<dd>Set the <code>alg</code> property of <var>jwk</var> to
- the string <code>"AES128GCM"</code>.</dd>
+ the string <code>"A128GCM"</code>.</dd>
<dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
<var>key</var> is 192:</dt>
<dd>Set the <code>alg</code> property of <var>jwk</var> to
- the string <code>"AES192GCM"</code>.</dd>
+ the string <code>"A192GCM"</code>.</dd>
<dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
<var>key</var> is 256:</dt>
<dd>Set the <code>alg</code> property of <var>jwk</var> to
- the string <code>"AES256GCM"</code>.</dd>
+ the string <code>"A256GCM"</code>.</dd>
</dl>
</li>
<li>
@@ -7602,15 +7625,15 @@
<dl class="switch">
<dt>If <var>data</var> has length 128 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"AES128CFB8"</code>, terminate
+ not a case-sensitive string match to <code>"A128CFB8"</code>, terminate
this algorithm with an error.</dd>
<dt>If <var>data</var> has length 192 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"AES192CFB8"</code>, terminate
+ not a case-sensitive string match to <code>"A192CFB8"</code>, terminate
this algorithm with an error.</dd>
<dt>If <var>data</var> has length 256 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"AES256CFB8"</code>, terminate
+ not a case-sensitive string match to <code>"A256CFB8"</code>, terminate
this algorithm with an error.</dd>
<dt>Otherwise:</dt>
<dd>Terminate this algorithm with an error.</dd>
@@ -7730,15 +7753,15 @@
<dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
<var>key</var> is 128:</dt>
<dd>Set the <code>alg</code> property of <var>jwk</var> to
- the string <code>"AES128CFB8"</code>.</dd>
+ the string <code>"A128CFB8"</code>.</dd>
<dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
<var>key</var> is 192:</dt>
<dd>Set the <code>alg</code> property of <var>jwk</var> to
- the string <code>"AES192CFB8"</code>.</dd>
+ the string <code>"A192CFB8"</code>.</dd>
<dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
<var>key</var> is 256:</dt>
<dd>Set the <code>alg</code> property of <var>jwk</var> to
- the string <code>"AES256CFB8"</code>.</dd>
+ the string <code>"A256CFB8"</code>.</dd>
</dl>
</li>
<li>
@@ -8046,15 +8069,15 @@
<dl class="switch">
<dt>If <var>data</var> has length 128 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"AES128KW"</code>, terminate
+ not a case-sensitive string match to <code>"A128KW"</code>, terminate
this algorithm with an error.</dd>
<dt>If <var>data</var> has length 192 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"AES192KW"</code>, terminate
+ not a case-sensitive string match to <code>"A192KW"</code>, terminate
this algorithm with an error.</dd>
<dt>If <var>data</var> has length 256 bits:</dt>
<dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not a case-sensitive string match to <code>"AES256KW"</code>, terminate
+ not a case-sensitive string match to <code>"A256KW"</code>, terminate
this algorithm with an error.</dd>
<dt>Otherwise:</dt>
<dd>Terminate this algorithm with an error.</dd>
@@ -8174,15 +8197,15 @@
<dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
<var>key</var> is 128:</dt>
<dd>Set the <code>alg</code> property of <var>jwk</var> to
- the string <code>"AES128KW"</code>.</dd>
+ the string <code>"A128KW"</code>.</dd>
<dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
<var>key</var> is 192:</dt>
<dd>Set the <code>alg</code> property of <var>jwk</var> to
- the string <code>"AES192KW"</code>.</dd>
+ the string <code>"A192KW"</code>.</dd>
<dt>If the <a href="#dfn-AesKeyParams-length">length</a> property of
<var>key</var> is 256:</dt>
<dd>Set the <code>alg</code> property of <var>jwk</var> to
- the string <code>"AES256KW"</code>.</dd>
+ the string <code>"A256KW"</code>.</dd>
</dl>
</li>
<li>
@@ -10493,6 +10516,12 @@
NIST Special Publication 800-38B: Recommendation for Block Cipher Modes of Operation:
The CMAC Mode for Authentication</a></cite>, May 2005, NIST.
</dd>
+ <dt id="SP800-38D">NIST SP 800-38D</dt>
+ <dd>
+ <cite><a href="http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf">
+ NIST Special Publication 800-38D: Recommendation for Block Cipher Modes of Operation:
+ Galois/Counter Mode (GCM) and GMAC</a></cite>, November 2007, NIST.
+ </dd>
<dt id="SP800-56A">NIST SP 800-56A</dt>
<dd>
<cite><a href="http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf">