--- a/spec/Overview-WebCryptoAPI.xml Sun Jan 27 20:59:29 2013 -0800
+++ b/spec/Overview-WebCryptoAPI.xml Sun Jan 27 20:59:50 2013 -0800
@@ -3475,6 +3475,75 @@
</ul>
</div>
</div>
+ <div id="hkdf-ctr" class="section">
+ <h3>HKDF-CTR</h3>
+ <div id="hkdf-ctr-description" class="section">
+ <h4>Description</h4>
+ <p class="norm">This section is non-normative.</p>
+ <p>
+ The <code>"HKDF-CTR"</code> algorithm identifier is used to
+ perform key derivation using the algorithm described in
+ RFC 5869 [<a href="#RFC5869">RFC5869</a>] and NIST SP 800-56C
+ [<a href="#SP800-56C">SP800-56C</a>], using HMAC in counter mode,
+ as described in Section 5.1 of NIST SP 800-108
+ [<a href="#SP800-108">SP800-108</a>].
+ </p>
+ </div>
+ <div id="hkdf-ctr-registration" class="section">
+ <h4>Registration</h4>
+ <p>
+ The <a href="#recognized-algorithm-name">recognized algorithm name</a>
+ for this algorithm is <code>"HKDF-CTR"</code>.
+ </p>
+ <table>
+ <thead>
+ <tr>
+ <th><a href="#supported-operations">Operation</a></th>
+ <th><a href="#algorithm-specific-params">Parameters</a></th>
+ <th><a href="#algorithm-result">Result</a></th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td>deriveKey</td>
+ <td><a href="#dfn-HkdfCtrParams">HkdfCtrParams</a></td>
+ <td><a href="#dfn-Key">Key</a>?</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ <div id="hkdf-ctr-params" class="section">
+ <h4>HkdfCtrParams dictionary</h4>
+ <x:codeblock language="idl">
+dictionary <dfn id="dfn-HkdfCtrParams">HkdfCtrParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
+ <span class="comment">// The algorithm to use with HMAC (eg: <a href="#sha-256">SHA-256</a></span>
+ AlgorithmIdentifier hashAlg;
+ <span class="comment">// A bit string that corresponds to the label that identifies the purpose for the derived keying material.</span>
+ ArrayBufferView label;
+ <span class="comment">// A bit string that corresponds to the context of the key derivation, as described in Section 5 of NIST SP 800-108 [<a href="#SP800-108">SP800-108</a>]</span>
+ ArrayBufferView context;
+};
+ </x:codeblock>
+ <div class="ednote">
+ <p>
+ The definition of HKDF allows the caller to supply an optional pseudorandom salt
+ value, which is used as the key during the extract phase. If this value is not
+ supplied, an all zero string is used instead. However, support for an explicit
+ salt value is not widely implemented in existing APIs, nor is it required by
+ existing usages of HKDF. Should this be an optional parameter, and if so, what
+ should the behaviour be of a user agent that does not support explicit salt
+ values (is it conforming or non-conforming?)
+ </p>
+ </div>
+ </div>
+ <div id="hkdf2-ctr-operations" class="section">
+ <h4>Operations</h4>
+ <ul>
+ <li>Derive Key</li>
+ </ul>
+ </div>
+ </div>
+
<div id="pbkdf2" class="section">
<h3>PBKDF2</h3>
<div id="pbkdf2-description" class="section">
@@ -3835,11 +3904,28 @@
<cite><a href="http://tools.ietf.org/html/rfc5705">Keying Material Exporters for
Transport Layer Security (TLS)</a></cite>, E. Rescorla. IETF.
</dd>
+ <dt id="RFC5869">RFC 5869</dt>
+ <dd>
+ <cite><a href="https://tools.ietf.org/html/rfc5869">HMAC-based Extract-and-Expand
+ Key Derivation Function (HKDF)</a></cite>, H. Krawczyk, P. Eronen. IETF.
+ </dd>
<dt id="SP800-56A">NIST SP 800-56A</dt>
<dd>
<cite><a href="http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf">
- NIST SP 800-56A: Recommendation for Pair-Wise Key Establishment Schemes Using Discrete
- Logarithm Cryptography (Revised)</a></cite>, March 2007, NIST.
+ NIST Special Publication 800-56A: Recommendation for Pair-Wise Key Establishment
+ Schemes Using Discrete Logarithm Cryptography (Revised)</a></cite>, March 2007, NIST.
+ </dd>
+ <dt id="SP800-56C">NIST SP 800-56C</dt>
+ <dd>
+ <cite><a href="http://csrc.nist.gov/publications/nistpubs/800-56C/SP-800-56C.pdf">
+ NIST Special Publication 800-56C: Recommendation for Key Derivation through
+ Extraction-then-Expansion</a></cite>, November 2011, NIST.
+ </dd>
+ <dt id="SP800-108">NIST SP 800-108</dt>
+ <dd>
+ <cite><a href="http://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf">
+ NIST Special Publication 800-108: Recommendation for Key Derivation Using
+ Pseudorandom Functions (Revised)</a></cite>, October 2009, NIST.
</dd>
<dt id="StreamsAPI">StreamsAPI</dt>
<dd>
--- a/spec/Overview.html Sun Jan 27 20:59:29 2013 -0800
+++ b/spec/Overview.html Sun Jan 27 20:59:50 2013 -0800
@@ -49,7 +49,7 @@
communications.
</p>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div><p>There are 23 further editorial notes in the document.</p></div>
+ <div class="ednote"><div class="ednoteHeader">Editorial note</div><p>There are 24 further editorial notes in the document.</p></div>
</div>
<div class="section">
@@ -141,7 +141,7 @@
<div id="toc">
<h2>Table of Contents</h2>
- <div class="toc"><ul><li><a href="#introduction">1. Introduction</a></li><li><a href="#use-cases">2. Use Cases</a><ul><li><a href="#multifactor-authentication">2.1. Multi-factor Authentication</a></li><li><a href="#protected-document">2.2. Protected Document Exchange</a></li><li><a href="#cloud-storage">2.3. Cloud Storage</a></li><li><a href="#document-signing">2.4. Document Signing</a></li><li><a href="#data-integrity-protection">2.5. Data Integrity Protection</a></li><li><a href="#secure-messaging">2.6. Secure Messaging</a></li><li><a href="#jose">2.7. Javascript Object Signing and Encryption (JOSE)</a></li></ul></li><li><a href="#conformance">3. Conformance</a></li><li><a href="#scope">4. Scope</a><ul><li><a href="#scope-abstraction">4.1. Level of abstraction</a></li><li><a href="#scope-algorithms">4.2. Cryptographic algorithms</a></li><li><a href="#scope-operations">4.3. Operations</a></li><li><a href="#scope-out-of-scope">4.4. Out of scope</a></li></ul></li><li><a href="#security">5. Security considerations</a><ul><li><a href="#security-implementers">5.1. Security considerations for implementers</a></li><li><a href="#security-developers">5.2. Security considerations for developers</a></li></ul></li><li><a href="#privacy">6. Privacy considerations</a></li><li><a href="#dependencies">7. Dependencies</a></li><li><a href="#terminology">8. Terminology</a></li><li><a href="#RandomSource-interface">9. RandomSource interface</a><ul><li><a href="#RandomSource-description">9.1. Description</a></li><li><a href="#RandomSource-interface-methods">9.2. Methods and Parameters</a><ul><li><a href="#RandomSource-method-getRandomValues">9.2.1. The getRandomValues method</a></li></ul></li></ul></li><li><a href="#algorithm-dictionary">10. Algorithm dictionary</a><ul><li><a href="#algorithm-dictionary-members">10.1. Algorithm Dictionary Members</a></li></ul></li><li><a href="#key-interface">11. Key interface</a><ul><li><a href="#key-interface-description">11.1. Description</a></li><li><a href="#key-interface-members">11.2. Key interface members</a></li><li><a href="#key-interface-clone">11.3. Structured clone algorithm</a></li></ul></li><li><a href="#cryptooperation-interface">12. CryptoOperation interface</a><ul><li><a href="#CryptoOperation-processing-model">12.1. Processing Model</a></li><li><a href="#cryptooperation-events">12.2. Event Handler Attributes</a></li><li><a href="#CryptoOperation-attributes">12.3. Attributes</a></li><li><a href="#CryptoOperation-methods">12.4. Methods</a><ul><li><a href="#CryptoOperation-method-process">12.4.1. process(ArrayBufferView data)</a></li><li><a href="#CryptoOperation-method-finish">12.4.2. The finish() method</a></li><li><a href="#CryptoOperation-method-abort">12.4.3. The abort() method</a></li></ul></li></ul></li><li><a href="#KeyOperation-interface">13. KeyOperation interface</a></li><li><a href="#crypto-interface">14. Crypto interface</a></li><li><a href="#subtlecrypto-interface">15. SubtleCrypto interface</a><ul><li><a href="#subtlecrypto-interface-description">15.1. Description</a></li><li><a href="#subtlecrypto-interface-methods">15.2. Methods and Parameters</a><ul><li><a href="#SubtleCrypto-method-encrypt">15.2.1. The encrypt method</a></li><li><a href="#SubtleCrypto-method-decrypt">15.2.2. The decrypt method</a></li><li><a href="#SubtleCrypto-method-sign">15.2.3. The sign method</a></li><li><a href="#SubtleCrypto-method-verify">15.2.4. The verify method</a></li><li><a href="#SubtleCrypto-method-digest">15.2.5. The digest method</a></li><li><a href="#SubtleCrypto-method-generateKey">15.2.6. The generateKey method</a></li><li><a href="#SubtleCrypto-method-deriveKey">15.2.7. The deriveKey method</a></li><li><a href="#SubtleCrypto-method-importKey">15.2.8. The importKey method</a></li><li><a href="#SubtleCrypto-method-exportKey">15.2.9. The exportKey method</a></li></ul></li></ul></li><li><a href="#WorkerCrypto-interface">16. WorkerCrypto interface</a><ul><li><a href="#WorkerCrypto-description">16.1. Description</a></li></ul></li><li><a href="#big-integer">17. BigInteger</a></li><li><a href="#keypair">18. KeyPair</a></li><li><a href="#key-discovery">19. Key Discovery</a></li><li><a href="#algorithms">20. Algorithms</a><ul><li><a href="#recommended-algorithms">20.1. Recommended algorithms</a></li><li><a href="#defining-an-algorithm">20.2. Defining an algorithm</a><ul><li><a href="#recognized-algorithm-name">20.2.1. Recognized algorithm name</a></li><li><a href="#supported-operations">20.2.2. Supported operations</a></li><li><a href="#algorithm-specific-params">20.2.3. Algorithm-specific parameters</a></li><li><a href="#algorithm-result">20.2.4. Algorithm results</a></li><li><a href="#algorithm-alias">20.2.5. Algorithm aliases</a></li></ul></li><li><a href="#rsaes-pkcs1">20.3. RSAES-PKCS1-v1_5</a><ul><li><a href="#rsaes-pkcs1-description">20.3.1. Description</a></li><li><a href="#rsaes-pkcs1-registration">20.3.2. Registration</a></li><li><a href="#RsaKeyGenParams-dictionary">20.3.3. RsaKeyGenParams dictionary</a></li><li><a href="#rsaes-pkcs1-operations">20.3.4. Operations</a></li></ul></li><li><a href="#rsassa-pkcs1">20.4. RSASSA-PKCS1-v1_5</a><ul><li><a href="#rsassa-pkcs1-description">20.4.1. Description</a></li><li><a href="#rsassa-pkcs1-registration">20.4.2. Registration</a></li><li><a href="#RsaSsaParams-dictionary">20.4.3. RsaSsaParams dictionary</a></li><li><a href="#rsassa-pkcs1-operations">20.4.4. Operations</a></li></ul></li><li><a href="#rsa-pss">20.5. RSA-PSS</a><ul><li><a href="#rsa-pss-description">20.5.1. Description</a></li><li><a href="#rsa-pss-registration">20.5.2. Registration</a></li><li><a href="#rsa-pss-params">20.5.3. RsaPssParams dictionary</a></li><li><a href="#rsa-pss-operations">20.5.4. Operations</a></li></ul></li><li><a href="#rsa-oaep">20.6. RSA-OAEP</a><ul><li><a href="#rsa-oaep-description">20.6.1. Description</a></li><li><a href="#rsa-oaep-registration">20.6.2. Registration</a></li><li><a href="#rsa-oaep-params">20.6.3. RsaOaepParams dictionary</a></li><li><a href="#rsa-oaep-operations">20.6.4. Operations</a></li></ul></li><li><a href="#ecdsa">20.7. ECDSA</a><ul><li><a href="#ecdsa-description">20.7.1. Description</a></li><li><a href="#ecdsa-registration">20.7.2. Registration</a></li><li><a href="#EcdsaParams-dictionary">20.7.3. EcdsaParams dictionary</a></li><li><a href="#EcKeyGenParams-dictionary">20.7.4. EcKeyGenParams dictionary</a></li><li><a href="#ecdsa-operations">20.7.5. Operations</a></li></ul></li><li><a href="#ecdh">20.8. ECDH</a><ul><li><a href="#ecdh-description">20.8.1. Description</a></li><li><a href="#ecdh-registration">20.8.2. Registration</a></li><li><a href="#dh-EcdhKeyDeriveParams">20.8.3. EcdhKeyDeriveParams dictionary</a></li><li><a href="#ecdh-operations">20.8.4. Operations</a></li></ul></li><li><a href="#aes-ctr">20.9. AES-CTR</a><ul><li><a href="#aes-ctr-description">20.9.1. Description</a></li><li><a href="#aes-ctr-registration">20.9.2. Registration</a></li><li><a href="#aes-ctr-params">20.9.3. AesCtrParams dictionary</a></li><li><a href="#aes-keygen-params">20.9.4. AesKeyGenParams dictionary</a></li><li><a href="#aes-ctr-operations">20.9.5. Operations</a></li></ul></li><li><a href="#aes-cbc">20.10. AES-CBC</a><ul><li><a href="#aes-cbc-description">20.10.1. Description</a></li><li><a href="#aes-cbc-registration">20.10.2. Registration</a></li><li><a href="#aes-cbc-params">20.10.3. AesCbcParams dictionary</a></li><li><a href="#aes-cbc-operations">20.10.4. Operations</a></li></ul></li><li><a href="#aes-gcm">20.11. AES-GCM</a><ul><li><a href="#aes-gcm-description">20.11.1. Description</a></li><li><a href="#aes-gcm-registration">20.11.2. Registration</a></li><li><a href="#aes-gcm-params">20.11.3. AesGcmParams dictionary</a></li><li><a href="#aes-gcm-operations">20.11.4. Operations</a></li></ul></li><li><a href="#hmac">20.12. HMAC</a><ul><li><a href="#hmac-description">20.12.1. Description</a></li><li><a href="#hmac-registration">20.12.2. Registration</a></li><li><a href="#hmac-params">20.12.3. HmacParams dictionary</a></li><li><a href="#hmac-operations">20.12.4. Operations</a></li></ul></li><li><a href="#dh">20.13. Diffie-Hellman</a><ul><li><a href="#dh-description">20.13.1. Description</a></li><li><a href="#dh-registration">20.13.2. Registration</a></li><li><a href="#dh-DhKeyGenParams">20.13.3. DhKeyGenParams dictionary</a></li><li><a href="#dh-DhKeyDeriveParams">20.13.4. DhKeyDeriveParams dictionary</a></li><li><a href="#dh-operations">20.13.5. Operations</a></li></ul></li><li><a href="#sha">20.14. SHA</a><ul><li><a href="#sha-description">20.14.1. Description</a></li><li><a href="#sha-registration">20.14.2. Registration</a></li><li><a href="#sha-operations">20.14.3. Operations</a></li></ul></li><li><a href="#concatkdf">20.15. Concat KDF</a><ul><li><a href="#concatkdf-description">20.15.1. Description</a></li><li><a href="#concatkdf-registration">20.15.2. Registration</a></li><li><a href="#concat-params">20.15.3. ConcatParams dictionary</a></li><li><a href="#concat-operations">20.15.4. Operations</a></li></ul></li><li><a href="#pbkdf2">20.16. PBKDF2</a><ul><li><a href="#pbkdf2-description">20.16.1. Description</a></li><li><a href="#pbkdf2-registration">20.16.2. Registration</a></li><li><a href="#pbkdf2-params">20.16.3. Pbkdf2Params dictionary</a></li><li><a href="#pbkdf2-operations">20.16.4. Operations</a></li></ul></li></ul></li><li><a href="#algorithm-normalizing-rules">21. Algorithm normalizing rules</a></li><li><a href="#examples-section">22. JavaScript Example Code</a><ul><li><a href="#examples-signing">22.1. Generate a signing key pair, sign some data</a></li><li><a href="#examples-symmetric-encryption">22.2. Symmetric Encryption</a></li></ul></li><li><a href="#acknowledgements-section">23. Acknowledgements</a></li><li><a href="#references">24. References</a><ul><li><a href="#normative-references">24.1. Normative References</a></li><li><a href="#informative-references">24.2. Informative References</a></li></ul></li></ul></div>
+ <div class="toc"><ul><li><a href="#introduction">1. Introduction</a></li><li><a href="#use-cases">2. Use Cases</a><ul><li><a href="#multifactor-authentication">2.1. Multi-factor Authentication</a></li><li><a href="#protected-document">2.2. Protected Document Exchange</a></li><li><a href="#cloud-storage">2.3. Cloud Storage</a></li><li><a href="#document-signing">2.4. Document Signing</a></li><li><a href="#data-integrity-protection">2.5. Data Integrity Protection</a></li><li><a href="#secure-messaging">2.6. Secure Messaging</a></li><li><a href="#jose">2.7. Javascript Object Signing and Encryption (JOSE)</a></li></ul></li><li><a href="#conformance">3. Conformance</a></li><li><a href="#scope">4. Scope</a><ul><li><a href="#scope-abstraction">4.1. Level of abstraction</a></li><li><a href="#scope-algorithms">4.2. Cryptographic algorithms</a></li><li><a href="#scope-operations">4.3. Operations</a></li><li><a href="#scope-out-of-scope">4.4. Out of scope</a></li></ul></li><li><a href="#security">5. Security considerations</a><ul><li><a href="#security-implementers">5.1. Security considerations for implementers</a></li><li><a href="#security-developers">5.2. Security considerations for developers</a></li></ul></li><li><a href="#privacy">6. Privacy considerations</a></li><li><a href="#dependencies">7. Dependencies</a></li><li><a href="#terminology">8. Terminology</a></li><li><a href="#RandomSource-interface">9. RandomSource interface</a><ul><li><a href="#RandomSource-description">9.1. Description</a></li><li><a href="#RandomSource-interface-methods">9.2. Methods and Parameters</a><ul><li><a href="#RandomSource-method-getRandomValues">9.2.1. The getRandomValues method</a></li></ul></li></ul></li><li><a href="#algorithm-dictionary">10. Algorithm dictionary</a><ul><li><a href="#algorithm-dictionary-members">10.1. Algorithm Dictionary Members</a></li></ul></li><li><a href="#key-interface">11. Key interface</a><ul><li><a href="#key-interface-description">11.1. Description</a></li><li><a href="#key-interface-members">11.2. Key interface members</a></li><li><a href="#key-interface-clone">11.3. Structured clone algorithm</a></li></ul></li><li><a href="#cryptooperation-interface">12. CryptoOperation interface</a><ul><li><a href="#CryptoOperation-processing-model">12.1. Processing Model</a></li><li><a href="#cryptooperation-events">12.2. Event Handler Attributes</a></li><li><a href="#CryptoOperation-attributes">12.3. Attributes</a></li><li><a href="#CryptoOperation-methods">12.4. Methods</a><ul><li><a href="#CryptoOperation-method-process">12.4.1. process(ArrayBufferView data)</a></li><li><a href="#CryptoOperation-method-finish">12.4.2. The finish() method</a></li><li><a href="#CryptoOperation-method-abort">12.4.3. The abort() method</a></li></ul></li></ul></li><li><a href="#KeyOperation-interface">13. KeyOperation interface</a></li><li><a href="#crypto-interface">14. Crypto interface</a></li><li><a href="#subtlecrypto-interface">15. SubtleCrypto interface</a><ul><li><a href="#subtlecrypto-interface-description">15.1. Description</a></li><li><a href="#subtlecrypto-interface-methods">15.2. Methods and Parameters</a><ul><li><a href="#SubtleCrypto-method-encrypt">15.2.1. The encrypt method</a></li><li><a href="#SubtleCrypto-method-decrypt">15.2.2. The decrypt method</a></li><li><a href="#SubtleCrypto-method-sign">15.2.3. The sign method</a></li><li><a href="#SubtleCrypto-method-verify">15.2.4. The verify method</a></li><li><a href="#SubtleCrypto-method-digest">15.2.5. The digest method</a></li><li><a href="#SubtleCrypto-method-generateKey">15.2.6. The generateKey method</a></li><li><a href="#SubtleCrypto-method-deriveKey">15.2.7. The deriveKey method</a></li><li><a href="#SubtleCrypto-method-importKey">15.2.8. The importKey method</a></li><li><a href="#SubtleCrypto-method-exportKey">15.2.9. The exportKey method</a></li></ul></li></ul></li><li><a href="#WorkerCrypto-interface">16. WorkerCrypto interface</a><ul><li><a href="#WorkerCrypto-description">16.1. Description</a></li></ul></li><li><a href="#big-integer">17. BigInteger</a></li><li><a href="#keypair">18. KeyPair</a></li><li><a href="#key-discovery">19. Key Discovery</a></li><li><a href="#algorithms">20. Algorithms</a><ul><li><a href="#recommended-algorithms">20.1. Recommended algorithms</a></li><li><a href="#defining-an-algorithm">20.2. Defining an algorithm</a><ul><li><a href="#recognized-algorithm-name">20.2.1. Recognized algorithm name</a></li><li><a href="#supported-operations">20.2.2. Supported operations</a></li><li><a href="#algorithm-specific-params">20.2.3. Algorithm-specific parameters</a></li><li><a href="#algorithm-result">20.2.4. Algorithm results</a></li><li><a href="#algorithm-alias">20.2.5. Algorithm aliases</a></li></ul></li><li><a href="#rsaes-pkcs1">20.3. RSAES-PKCS1-v1_5</a><ul><li><a href="#rsaes-pkcs1-description">20.3.1. Description</a></li><li><a href="#rsaes-pkcs1-registration">20.3.2. Registration</a></li><li><a href="#RsaKeyGenParams-dictionary">20.3.3. RsaKeyGenParams dictionary</a></li><li><a href="#rsaes-pkcs1-operations">20.3.4. Operations</a></li></ul></li><li><a href="#rsassa-pkcs1">20.4. RSASSA-PKCS1-v1_5</a><ul><li><a href="#rsassa-pkcs1-description">20.4.1. Description</a></li><li><a href="#rsassa-pkcs1-registration">20.4.2. Registration</a></li><li><a href="#RsaSsaParams-dictionary">20.4.3. RsaSsaParams dictionary</a></li><li><a href="#rsassa-pkcs1-operations">20.4.4. Operations</a></li></ul></li><li><a href="#rsa-pss">20.5. RSA-PSS</a><ul><li><a href="#rsa-pss-description">20.5.1. Description</a></li><li><a href="#rsa-pss-registration">20.5.2. Registration</a></li><li><a href="#rsa-pss-params">20.5.3. RsaPssParams dictionary</a></li><li><a href="#rsa-pss-operations">20.5.4. Operations</a></li></ul></li><li><a href="#rsa-oaep">20.6. RSA-OAEP</a><ul><li><a href="#rsa-oaep-description">20.6.1. Description</a></li><li><a href="#rsa-oaep-registration">20.6.2. Registration</a></li><li><a href="#rsa-oaep-params">20.6.3. RsaOaepParams dictionary</a></li><li><a href="#rsa-oaep-operations">20.6.4. Operations</a></li></ul></li><li><a href="#ecdsa">20.7. ECDSA</a><ul><li><a href="#ecdsa-description">20.7.1. Description</a></li><li><a href="#ecdsa-registration">20.7.2. Registration</a></li><li><a href="#EcdsaParams-dictionary">20.7.3. EcdsaParams dictionary</a></li><li><a href="#EcKeyGenParams-dictionary">20.7.4. EcKeyGenParams dictionary</a></li><li><a href="#ecdsa-operations">20.7.5. Operations</a></li></ul></li><li><a href="#ecdh">20.8. ECDH</a><ul><li><a href="#ecdh-description">20.8.1. Description</a></li><li><a href="#ecdh-registration">20.8.2. Registration</a></li><li><a href="#dh-EcdhKeyDeriveParams">20.8.3. EcdhKeyDeriveParams dictionary</a></li><li><a href="#ecdh-operations">20.8.4. Operations</a></li></ul></li><li><a href="#aes-ctr">20.9. AES-CTR</a><ul><li><a href="#aes-ctr-description">20.9.1. Description</a></li><li><a href="#aes-ctr-registration">20.9.2. Registration</a></li><li><a href="#aes-ctr-params">20.9.3. AesCtrParams dictionary</a></li><li><a href="#aes-keygen-params">20.9.4. AesKeyGenParams dictionary</a></li><li><a href="#aes-ctr-operations">20.9.5. Operations</a></li></ul></li><li><a href="#aes-cbc">20.10. AES-CBC</a><ul><li><a href="#aes-cbc-description">20.10.1. Description</a></li><li><a href="#aes-cbc-registration">20.10.2. Registration</a></li><li><a href="#aes-cbc-params">20.10.3. AesCbcParams dictionary</a></li><li><a href="#aes-cbc-operations">20.10.4. Operations</a></li></ul></li><li><a href="#aes-gcm">20.11. AES-GCM</a><ul><li><a href="#aes-gcm-description">20.11.1. Description</a></li><li><a href="#aes-gcm-registration">20.11.2. Registration</a></li><li><a href="#aes-gcm-params">20.11.3. AesGcmParams dictionary</a></li><li><a href="#aes-gcm-operations">20.11.4. Operations</a></li></ul></li><li><a href="#hmac">20.12. HMAC</a><ul><li><a href="#hmac-description">20.12.1. Description</a></li><li><a href="#hmac-registration">20.12.2. Registration</a></li><li><a href="#hmac-params">20.12.3. HmacParams dictionary</a></li><li><a href="#hmac-operations">20.12.4. Operations</a></li></ul></li><li><a href="#dh">20.13. Diffie-Hellman</a><ul><li><a href="#dh-description">20.13.1. Description</a></li><li><a href="#dh-registration">20.13.2. Registration</a></li><li><a href="#dh-DhKeyGenParams">20.13.3. DhKeyGenParams dictionary</a></li><li><a href="#dh-DhKeyDeriveParams">20.13.4. DhKeyDeriveParams dictionary</a></li><li><a href="#dh-operations">20.13.5. Operations</a></li></ul></li><li><a href="#sha">20.14. SHA</a><ul><li><a href="#sha-description">20.14.1. Description</a></li><li><a href="#sha-registration">20.14.2. Registration</a></li><li><a href="#sha-operations">20.14.3. Operations</a></li></ul></li><li><a href="#concatkdf">20.15. Concat KDF</a><ul><li><a href="#concatkdf-description">20.15.1. Description</a></li><li><a href="#concatkdf-registration">20.15.2. Registration</a></li><li><a href="#concat-params">20.15.3. ConcatParams dictionary</a></li><li><a href="#concat-operations">20.15.4. Operations</a></li></ul></li><li><a href="#hkdf-ctr">20.16. HKDF-CTR</a><ul><li><a href="#hkdf-ctr-description">20.16.1. Description</a></li><li><a href="#hkdf-ctr-registration">20.16.2. Registration</a></li><li><a href="#hkdf-ctr-params">20.16.3. HkdfCtrParams dictionary</a></li><li><a href="#hkdf2-ctr-operations">20.16.4. Operations</a></li></ul></li><li><a href="#pbkdf2">20.17. PBKDF2</a><ul><li><a href="#pbkdf2-description">20.17.1. Description</a></li><li><a href="#pbkdf2-registration">20.17.2. Registration</a></li><li><a href="#pbkdf2-params">20.17.3. Pbkdf2Params dictionary</a></li><li><a href="#pbkdf2-operations">20.17.4. Operations</a></li></ul></li></ul></li><li><a href="#algorithm-normalizing-rules">21. Algorithm normalizing rules</a></li><li><a href="#examples-section">22. JavaScript Example Code</a><ul><li><a href="#examples-signing">22.1. Generate a signing key pair, sign some data</a></li><li><a href="#examples-symmetric-encryption">22.2. Symmetric Encryption</a></li></ul></li><li><a href="#acknowledgements-section">23. Acknowledgements</a></li><li><a href="#references">24. References</a><ul><li><a href="#normative-references">24.1. Normative References</a></li><li><a href="#informative-references">24.2. Informative References</a></li></ul></li></ul></div>
</div>
<div id="sections">
@@ -3484,13 +3484,82 @@
</ul>
</div>
</div>
+ <div id="hkdf-ctr" class="section">
+ <h3>20.16. HKDF-CTR</h3>
+ <div id="hkdf-ctr-description" class="section">
+ <h4>20.16.1. Description</h4>
+ <p class="norm">This section is non-normative.</p>
+ <p>
+ The <code>"HKDF-CTR"</code> algorithm identifier is used to
+ perform key derivation using the algorithm described in
+ RFC 5869 [<a href="#RFC5869">RFC5869</a>] and NIST SP 800-56C
+ [<a href="#SP800-56C">SP800-56C</a>], using HMAC in counter mode,
+ as described in Section 5.1 of NIST SP 800-108
+ [<a href="#SP800-108">SP800-108</a>].
+ </p>
+ </div>
+ <div id="hkdf-ctr-registration" class="section">
+ <h4>20.16.2. Registration</h4>
+ <p>
+ The <a href="#recognized-algorithm-name">recognized algorithm name</a>
+ for this algorithm is <code>"HKDF-CTR"</code>.
+ </p>
+ <table>
+ <thead>
+ <tr>
+ <th><a href="#supported-operations">Operation</a></th>
+ <th><a href="#algorithm-specific-params">Parameters</a></th>
+ <th><a href="#algorithm-result">Result</a></th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td>deriveKey</td>
+ <td><a href="#dfn-HkdfCtrParams">HkdfCtrParams</a></td>
+ <td><a href="#dfn-Key">Key</a>?</td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ <div id="hkdf-ctr-params" class="section">
+ <h4>20.16.3. HkdfCtrParams dictionary</h4>
+ <div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
+dictionary <dfn id="dfn-HkdfCtrParams">HkdfCtrParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
+ <span class="comment">// The algorithm to use with HMAC (eg: <a href="#sha-256">SHA-256</a></span>
+ AlgorithmIdentifier hashAlg;
+ <span class="comment">// A bit string that corresponds to the label that identifies the purpose for the derived keying material.</span>
+ ArrayBufferView label;
+ <span class="comment">// A bit string that corresponds to the context of the key derivation, as described in Section 5 of NIST SP 800-108 [<a href="#SP800-108">SP800-108</a>]</span>
+ ArrayBufferView context;
+};
+ </code></pre></div></div>
+ <div class="ednote"><div class="ednoteHeader">Editorial note</div>
+ <p>
+ The definition of HKDF allows the caller to supply an optional pseudorandom salt
+ value, which is used as the key during the extract phase. If this value is not
+ supplied, an all zero string is used instead. However, support for an explicit
+ salt value is not widely implemented in existing APIs, nor is it required by
+ existing usages of HKDF. Should this be an optional parameter, and if so, what
+ should the behaviour be of a user agent that does not support explicit salt
+ values (is it conforming or non-conforming?)
+ </p>
+ </div>
+ </div>
+ <div id="hkdf2-ctr-operations" class="section">
+ <h4>20.16.4. Operations</h4>
+ <ul>
+ <li>Derive Key</li>
+ </ul>
+ </div>
+ </div>
+
<div id="pbkdf2" class="section">
- <h3>20.16. PBKDF2</h3>
+ <h3>20.17. PBKDF2</h3>
<div id="pbkdf2-description" class="section">
- <h4>20.16.1. Description</h4>
+ <h4>20.17.1. Description</h4>
</div>
<div id="pbkdf2-registration" class="section">
- <h4>20.16.2. Registration</h4>
+ <h4>20.17.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"PBKDF2"</code>.
@@ -3513,7 +3582,7 @@
</table>
</div>
<div id="pbkdf2-params" class="section">
- <h4>20.16.3. Pbkdf2Params dictionary</h4>
+ <h4>20.17.3. Pbkdf2Params dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-Pbkdf2Params">Pbkdf2Params</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
ArrayBufferView salt;
@@ -3532,7 +3601,7 @@
</div>
</div>
<div id="pbkdf2-operations" class="section">
- <h4>20.16.4. Operations</h4>
+ <h4>20.17.4. Operations</h4>
<ul>
<li>Derive Key</li>
</ul>
@@ -3844,11 +3913,28 @@
<cite><a href="http://tools.ietf.org/html/rfc5705">Keying Material Exporters for
Transport Layer Security (TLS)</a></cite>, E. Rescorla. IETF.
</dd>
+ <dt id="RFC5869">RFC 5869</dt>
+ <dd>
+ <cite><a href="https://tools.ietf.org/html/rfc5869">HMAC-based Extract-and-Expand
+ Key Derivation Function (HKDF)</a></cite>, H. Krawczyk, P. Eronen. IETF.
+ </dd>
<dt id="SP800-56A">NIST SP 800-56A</dt>
<dd>
<cite><a href="http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf">
- NIST SP 800-56A: Recommendation for Pair-Wise Key Establishment Schemes Using Discrete
- Logarithm Cryptography (Revised)</a></cite>, March 2007, NIST.
+ NIST Special Publication 800-56A: Recommendation for Pair-Wise Key Establishment
+ Schemes Using Discrete Logarithm Cryptography (Revised)</a></cite>, March 2007, NIST.
+ </dd>
+ <dt id="SP800-56C">NIST SP 800-56C</dt>
+ <dd>
+ <cite><a href="http://csrc.nist.gov/publications/nistpubs/800-56C/SP-800-56C.pdf">
+ NIST Special Publication 800-56C: Recommendation for Key Derivation through
+ Extraction-then-Expansion</a></cite>, November 2011, NIST.
+ </dd>
+ <dt id="SP800-108">NIST SP 800-108</dt>
+ <dd>
+ <cite><a href="http://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf">
+ NIST Special Publication 800-108: Recommendation for Key Derivation Using
+ Pseudorandom Functions (Revised)</a></cite>, October 2009, NIST.
</dd>
<dt id="StreamsAPI">StreamsAPI</dt>
<dd>