--- a/spec/Overview-WebCryptoAPI.xml Mon Sep 22 11:30:16 2014 -0700
+++ b/spec/Overview-WebCryptoAPI.xml Mon Sep 22 11:38:58 2014 -0700
@@ -4746,9 +4746,17 @@
<p>
The <code>"RSA-PSS"</code> algorithm identifier is used to perform signing
and verification using the RSASSA-PSS algorithm specified in
- [<cite><a href="#RFC3447">RFC3447</a></cite>], using the mask generation
+ [<cite><a href="#RFC3447">RFC3447</a></cite>], using the SHA hash functions defined
+ in this specification and the mask generation
formula MGF1.
</p>
+ <p>
+ <a href="#dfn-applicable-specification">Other specifications</a>
+ may specify the use of additional hash algorithms with RSASSA-PSS. Such specifications
+ must define
+ <dfn id="dfn-rsa-pss-extended-import-steps">key import steps</dfn> and
+ <dfn id="dfn-rsa-pss-extended-export-steps">key export steps</dfn>.
+ </p>
</div>
<div id="rsa-pss-registration" class="section">
<h4>Registration</h4>
@@ -5058,6 +5066,34 @@
<p>Let <var>keyData</var> be the key data to be imported.</p>
</li>
<li>
+ <p>
+ Perform any <a href="#dfn-rsa-pss-extended-import-steps">key import steps</a>
+ defined by <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>keyData</var> and obtaining <var>result</var>.
+ <dl class="switch">
+ <dt>
+ If <var>result</var> is a <a href="#dfn-CryptoKey">CryptoKey</a>
+ object
+ </dt>
+ <dd>
+ <p>
+ Return <var>result</var>.
+ </p>
+ </dd>
+ <dt>
+ If <var>result</var> is an error with a name that is not
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
+ </dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> with the same name
+ as <var>result</var>.
+ </p>
+ </dd>
+ </dl>
+ </p>
+ </li>
+ <li>
<dl class="switch">
<dt>If <var>format</var> is <code>"spki"</code>:</dt>
<dd>
@@ -5694,6 +5730,44 @@
</p>
</li>
<li>
+ <p>
+ Perform any <a href="#dfn-rsa-pss-extended-export-steps">key export steps</a>
+ defined by <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>key</var> and obtaining <var>result</var>.
+ <dl class="switch">
+ <dt>
+ If <var>format</var> is <code>"spki"</code> or <code>"pkcs8"</code> and
+ <var>result</var> is an <a href="#dfn-ArrayBuffer">ArrayBuffer</a>
+ object
+ </dt>
+ <dd>
+ <p>
+ Return <var>result</var>.
+ </p>
+ </dd>
+ <dt>
+ If <var>format</var> is <code>"jwk"</code> and
+ <var>result</var> is not an error
+ </dt>
+ <dd>
+ <p>
+ Return <var>result</var>.
+ </p>
+ </dd>
+ <dt>
+ If <var>result</var> is an error with a name that is not
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
+ </dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> with the same name
+ as <var>result</var>.
+ </p>
+ </dd>
+ </dl>
+ </p>
+ </li>
+ <li>
<dl class="switch">
<dt>If <var>format</var> is <code>"spki"</code></dt>
<dd>
--- a/spec/Overview.html Mon Sep 22 11:30:16 2014 -0700
+++ b/spec/Overview.html Mon Sep 22 11:38:58 2014 -0700
@@ -4649,9 +4649,17 @@
<p>
The <code>"RSA-PSS"</code> algorithm identifier is used to perform signing
and verification using the RSASSA-PSS algorithm specified in
- [<cite><a href="#RFC3447">RFC3447</a></cite>], using the mask generation
+ [<cite><a href="#RFC3447">RFC3447</a></cite>], using the SHA hash functions defined
+ in this specification and the mask generation
formula MGF1.
</p>
+ <p>
+ <a href="#dfn-applicable-specification">Other specifications</a>
+ may specify the use of additional hash algorithms with RSASSA-PSS. Such specifications
+ must define
+ <dfn id="dfn-rsa-pss-extended-import-steps">key import steps</dfn> and
+ <dfn id="dfn-rsa-pss-extended-export-steps">key export steps</dfn>.
+ </p>
</div>
<div id="rsa-pss-registration" class="section">
<h4>23.2. Registration</h4>
@@ -4948,6 +4956,34 @@
<p>Let <var>keyData</var> be the key data to be imported.</p>
</li>
<li>
+ <p>
+ Perform any <a href="#dfn-rsa-pss-extended-import-steps">key import steps</a>
+ defined by <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>keyData</var> and obtaining <var>result</var>.
+ <dl class="switch">
+ <dt>
+ If <var>result</var> is a <a href="#dfn-CryptoKey">CryptoKey</a>
+ object
+ </dt>
+ <dd>
+ <p>
+ Return <var>result</var>.
+ </p>
+ </dd>
+ <dt>
+ If <var>result</var> is an error with a name that is not
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
+ </dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> with the same name
+ as <var>result</var>.
+ </p>
+ </dd>
+ </dl>
+ </p>
+ </li>
+ <li>
<dl class="switch">
<dt>If <var>format</var> is <code>"spki"</code>:</dt>
<dd>
@@ -5555,6 +5591,44 @@
</p>
</li>
<li>
+ <p>
+ Perform any <a href="#dfn-rsa-pss-extended-export-steps">key export steps</a>
+ defined by <a href="#dfn-applicable-specifications">other applicable
+ specifications</a>, passing <var>key</var> and obtaining <var>result</var>.
+ <dl class="switch">
+ <dt>
+ If <var>format</var> is <code>"spki"</code> or <code>"pkcs8"</code> and
+ <var>result</var> is an <a href="#dfn-ArrayBuffer">ArrayBuffer</a>
+ object
+ </dt>
+ <dd>
+ <p>
+ Return <var>result</var>.
+ </p>
+ </dd>
+ <dt>
+ If <var>format</var> is <code>"jwk"</code> and
+ <var>result</var> is not an error
+ </dt>
+ <dd>
+ <p>
+ Return <var>result</var>.
+ </p>
+ </dd>
+ <dt>
+ If <var>result</var> is an error with a name that is not
+ <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
+ </dt>
+ <dd>
+ <p>
+ <a href="#concept-return-an-error">Return an error</a> with the same name
+ as <var>result</var>.
+ </p>
+ </dd>
+ </dl>
+ </p>
+ </li>
+ <li>
<dl class="switch">
<dt>If <var>format</var> is <code>"spki"</code></dt>
<dd>