--- a/spec/Overview-WebCryptoAPI.xml Sun Nov 30 23:10:07 2014 +0100
+++ b/spec/Overview-WebCryptoAPI.xml Thu Nov 12 09:36:30 2015 -0800
@@ -3442,21 +3442,6 @@
<td>✔</td>
</tr>
<tr>
- <td><a href="#aes-cmac">AES-CMAC</a></td>
- <td />
- <td />
- <td>✔</td>
- <td>✔</td>
- <td />
- <td>✔</td>
- <td />
- <td />
- <td>✔</td>
- <td>✔</td>
- <td />
- <td />
- </tr>
- <tr>
<td><a href="#aes-gcm">AES-GCM</a></td>
<td>✔</td>
<td>✔</td>
@@ -3472,21 +3457,6 @@
<td>✔</td>
</tr>
<tr>
- <td><a href="#aes-cfb">AES-CFB</a></td>
- <td>✔</td>
- <td>✔</td>
- <td />
- <td />
- <td />
- <td>✔</td>
- <td />
- <td />
- <td>✔</td>
- <td>✔</td>
- <td>✔</td>
- <td>✔</td>
- </tr>
- <tr>
<td><a href="#aes-kw">AES-KW</a></td>
<td></td>
<td></td>
@@ -3517,21 +3487,6 @@
<td />
</tr>
<tr>
- <td><a href="#dh">DH</a></td>
- <td />
- <td />
- <td />
- <td />
- <td />
- <td>✔</td>
- <td>✔</td>
- <td>✔</td>
- <td>✔</td>
- <td>✔</td>
- <td />
- <td />
- </tr>
- <tr>
<td><a href="#sha">SHA-1</a></td>
<td />
<td />
@@ -3592,21 +3547,6 @@
<td />
</tr>
<tr>
- <td><a href="#concatkdf">CONCAT</a></td>
- <td />
- <td />
- <td />
- <td />
- <td />
- <td />
- <td>✔</td>
- <td>✔</td>
- <td>✔</td>
- <td />
- <td />
- <td />
- </tr>
- <tr>
<td><a href="#hkdf-ctr">HKDF-CTR</a></td>
<td />
<td />
@@ -12595,515 +12535,6 @@
</div>
</div>
- <div id="aes-cmac" class="section">
- <h3>AES-CMAC</h3>
- <div id="aes-cmac-description" class="section">
- <h4>Description</h4>
- <p class="norm">This section is non-normative.</p>
- <p>
- The <code>"AES-CMAC"</code> algorithm identifier is used to perform
- message authentication using AES with a cipher-based MAC, as
- described in [<a href="#SP800-38B">NIST SP800-38B</a>].
- </p>
- </div>
- <div id="aes-cmac-registration" class="section">
- <h4>Registration</h4>
- <p>
- The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
- this algorithm is <code>"AES-CMAC"</code>.
- </p>
- <table>
- <thead>
- <tr>
- <th><a href="#supported-operations">Operation</a></th>
- <th><a href="#algorithm-specific-params">Parameters</a></th>
- <th><a href="#algorithm-result">Result</a></th>
- </tr>
- </thead>
- <tbody>
- <tr>
- <td>sign</td>
- <td><a href="#dfn-AesCmacParams">AesCmacParams</a></td>
- <td>ArrayBuffer</td>
- </tr>
- <tr>
- <td>verify</td>
- <td><a href="#dfn-AesCmacParams">AesCmacParams</a></td>
- <td>boolean</td>
- </tr>
- <tr>
- <td>generateKey</td>
- <td><a href="#dfn-AesKeyGenParams">AesKeyGenParams</a></td>
- <td><a href="#dfn-CryptoKey">CryptoKey</a></td>
- </tr>
- <tr>
- <td>importKey</td>
- <td>None</td>
- <td><a href="#dfn-CryptoKey">CryptoKey</a></td>
- </tr>
- <tr>
- <td>exportKey</td>
- <td>None</td>
- <td>object</td>
- </tr>
- <tr>
- <td>get key length</td>
- <td><a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a></td>
- <td>Integer</td>
- </tr>
- </tbody>
- </table>
- </div>
- <div id="aes-cmac-params" class="section">
- <h4>AesCmacParams dictionary</h4>
- <x:codeblock language="idl">
-dictionary <dfn id="dfn-AesCmacParams">AesCmacParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-<span class="comment">// The length, in bits, of the MAC.</span>
-[EnforceRange] required unsigned short <dfn id="dfn-AesCmacParams-length">length</dfn>;
-};
- </x:codeblock>
- </div>
- <div id="aes-cmac-operations" class="section">
- <h4>Operations</h4>
- <dl>
- <dt>Sign</dt>
- <dd>
- <ol>
- <li>
- <p>
- Let <var>length</var> equal the <a href="#dfn-AesCmacParams-length">length</a>
- member of <var>normalizedAlgorithm</var>, if present, and 128 otherwise.
- </p>
- </li>
- <li>
- <p>
- If <var>length</var> is zero or greater than 128,
- then <a href="#concept-throw">throw</a> an
- <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>mac</var> be the result of performing the MAC Generation
- operation described in Section 6.2 of
- [<a href="#SP800-38B">NIST SP800-38B</a>] using AES as the block
- cipher, <var>length</var> as the value of the MAC length parameter,
- <var>Tlen</var>, and <var>message</var> as the message, <var>M</var>.
- </p>
- </li>
- <li>
- <p>
- Return <var>mac</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Verify</dt>
- <dd>
- <ol>
- <li>
- <p>
- Let <var>length</var> equal the <a href="#dfn-AesCmacParams-length">length</a>
- member of <var>normalizedAlgorithm</var>, if present, and 128 otherwise.
- </p>
- </li>
- <li>
- <p>
- If <var>length</var> is zero or greater than 128,
- then <a href="#concept-throw">throw</a> an
- <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>output</var> be the result of performing the MAC Verification
- operation described in Section 6.3 of
- [<a href="#SP800-38B">NIST SP 800-38B</a>] using AES as the block
- cipher, <var>length</var> as the value of the MAC length parameter,
- <var>Tlen</var>, <var>message</var> as the message, <var>M</var> and
- <var>signature</var> as the received MAC, <var>T'</var>.
- </p>
- </li>
- <li>
- <p>
- Return true if <var>output</var> is VALID and false otherwise.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Generate Key</dt>
- <dd>
- <ol>
- <li>
- <p>
- If <var>usages</var> contains any entry which is not
- <code>"sign"</code> or <code>"verify"</code>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the <a href="#dfn-AesKeyGenParams-length">length</a> member of
- <var>normalizedAlgorithm</var> is not equal to one of
- 128, 192 or 256,
- then <a href="#concept-throw">throw</a> an
- <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Generate an AES key of length
- equal to the <a href="#dfn-AesKeyGenParams-length">length</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- If the key generation step fails,
- then <a href="#concept-throw">throw</a> an
- <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>key</var> be a new
- <a href="#dfn-CryptoKey">CryptoKey</a> object representing the
- generated AES key.
- </p>
- </li>
- <li>
- <p>
- Let <var>algorithm</var> be a new
- <a href="#dfn-AesKeyAlgorithm">AesKeyAlgorithm</a>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
- <var>algorithm</var> to <code>"AES-CMAC"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
- <var>algorithm</var> to equal the
- <a href="#dfn-AesKeyGenParams-length">length</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
- slot of <var>key</var> to <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal
- slot of <var>key</var> to be <var>extractable</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
- <var>key</var> to be <var>usages</var>.
- </p>
- </li>
- <li>
- <p>
- Return <var>key</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Import Key</dt>
- <dd>
- <ol>
- <li>
- <p>
- If <var>usages</var> contains an entry which is not
- <code>"sign"</code> or <code>"verify"</code>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
- </p>
- </li>
- <li>
- <dl class="switch">
- <dt>If <var>format</var> is <code>"raw"</code>:</dt>
- <dd>
- <ol>
- <li>
- <p>
- Let <var>data</var> be the <a href="#dfn-octet-string">octet string</a> contained in <var>keyData</var>.
- </p>
- </li>
- <li>
- <p>
- If the length in bits of <var>data</var> is not 128, 192 or 256
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
- <dd>
- <ol>
- <li>
- <p>
- Let <var>jwk</var> be the <a href="#dfn-JsonWebKey">JsonWebKey</a>
- dictionary represented by <var>keyData</var>.
- </p>
- </li>
- <li>
- <p>
- If the <code>"kty"</code> field of <var>jwk</var> is not
- to <code>"oct"</code>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If <var>jwk</var> does not meet the requirements of
- Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>data</var> be the <a href="#dfn-octet-string">octet string</a> obtained by decoding the
- <code>"k"</code> field of <var>jwk</var>.
- </p>
- </li>
- <li>
- <dl class="switch">
- <dt>If <var>data</var> has length 128 bits:</dt>
- <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not <code>"A128CMAC"</code>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
- <dt>If <var>data</var> has length 192 bits:</dt>
- <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not <code>"A192CMAC"</code>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
- <dt>If <var>data</var> has length 256 bits:</dt>
- <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not <code>"A256CMAC"</code>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
- <dt>Otherwise:</dt>
- <dd>
- <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </dd>
- </dl>
- </li>
- <li>
- <p>
- If the <code>"use"</code> field of <var>jwk</var> is present, and is
- not <code>"enc"</code>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the <code>"key_ops"</code> field of <var>jwk</var> is present, and
- is invalid according to the requirements of
- <a href="#jwk">JSON Web Key</a> or
- does not contain all of the specified <var>usages</var> values,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the <code>"ext"</code> field of <var>jwk</var> is present and
- has the value false and <var>extractable</var> is true,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Otherwise:</dt>
- <dd>
- <a href="#concept-throw">throw</a> a
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
- </dd>
- </dl>
- </li>
- <li>
- <p>
- Let <var>key</var> be a new <code><a href="#dfn-CryptoKey">CryptoKey</a></code>
- object representing an AES key with value <var>data</var>.
- </p>
- </li>
- <li>
- <p>
- Let <var>algorithm</var> be a new
- <a href="#dfn-AesKeyAlgorithm">AesKeyAlgorithm</a>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
- <var>algorithm</var> to <code>"AES-CMAC"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
- <var>algorithm</var> to the length, in bits, of <var>data</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
- slot of <var>key</var> to <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Return <var>key</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Export Key</dt>
- <dd>
- <ol>
- <li>
- <p>
- If the underlying cryptographic key material represented by the [[<a
- href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of <var>key</var>
- cannot be accessed, then <a href="#concept-throw">throw</a> an <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <dl class="switch">
- <dt>If <var>format</var> is <code>"raw"</code>:</dt>
- <dd>
- <ol>
- <li>
- <p>
- Let <var>data</var> be the raw octets of the key represented by [[<a
- href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
- <var>key</var>.
- </p>
- </li>
- <li>
- <p>
- Let <var>result</var> be a new <code>ArrayBuffer</code> containing
- <var>data</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
- <dd>
- <ol>
- <li>
- <p>
- Let <var>jwk</var> be a new <a href="#dfn-JsonWebKey">JsonWebKey</a>
- dictionary.
- </p>
- </li>
- <li>
- <p>
- Set the <code>kty</code> attribute of <var>jwk</var> to the
- string <code>"oct"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the <code>k</code> attribute of <var>jwk</var> to be a string
- containing the raw octets of the key represented by [[<a
- href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
- <var>key</var>, encoded according to Section 6.4 of <a
- href="#jwa">JSON Web Algorithms</a>.
- </p>
- </li>
- <li>
- <dl class="switch">
- <dt>If the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
- <var>key</var> is 128:</dt>
- <dd>Set the <code>alg</code> attribute of <var>jwk</var> to
- the string <code>"A128CMAC"</code>.</dd>
- <dt>If the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
- <var>key</var> is 192:</dt>
- <dd>Set the <code>alg</code> attribute of <var>jwk</var> to
- the string <code>"A192CMAC"</code>.</dd>
- <dt>If the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
- <var>key</var> is 256:</dt>
- <dd>Set the <code>alg</code> attribute of <var>jwk</var> to
- the string <code>"A256CMAC"</code>.</dd>
- </dl>
- </li>
- <li>
- <p>
- Set the <code>key_ops</code> attribute of <var>jwk</var> to equal the
- <a href="#dfn-CryptoKey-usages">usages</a> attribute of
- <var>key</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <code>ext</code> attribute of <var>jwk</var> to equal the [[<a
- href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal slot
- of <var>key</var>.
- </p>
- </li>
- <li>
- <p>
- Let <var>result</var> be the result of converting <var>jwk</var>
- to an ECMAScript Object, as defined by [<a href="#WebIDL">WebIDL</a>].
- </p>
- </li>
- </ol>
- </dd>
- <dt>Otherwise:</dt>
- <dd>
- <p>
- <a href="#concept-throw">throw</a> a
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
- </p>
- </dd>
- </dl>
- </li>
- <li>
- <p>
- Return <var>result</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Get key length</dt>
- <dd>
- <ol>
- <li>
- <p>
- If the <a href="#dfn-AesDerivedKeyParams-length">length</a> member of
- <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256,
- then <a href="#concept-throw">throw</a> an
- <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Return the <a href="#dfn-AesDerivedKeyParams-length">length</a> member of
- <var>normalizedDerivedKeyAlgorithm</var>.
- </p>
- </li>
- </ol>
- </dd>
- </dl>
- </div>
- </div>
<div id="aes-gcm" class="section">
<h3>AES-GCM</h3>
<div id="aes-gcm-description" class="section">
@@ -13735,524 +13166,6 @@
</div>
</div>
- <div id="aes-cfb" class="section">
- <h3>AES-CFB</h3>
- <div id="aes-cfb-description" class="section">
- <h4>Description</h4>
- <p class="norm">This section is non-normative.</p>
- <p>
- The <code>"AES-CFB-8"</code> algorithm identifier is used to perform
- encryption and decryption using AES in Cipher Feedback mode, specifically CFB-8,
- as described in Section 6.3 of
- [<a href="#SP800-38A">NIST SP800-38A</a>].
- </p>
- </div>
- <div id="aes-cfb-registration" class="section">
- <h4>Registration</h4>
- <p>
- The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
- this algorithm is <code>"AES-CFB-8"</code>.
- </p>
- <table>
- <thead>
- <tr>
- <th><a href="#supported-operations">Operation</a></th>
- <th><a href="#algorithm-specific-params">Parameters</a></th>
- <th><a href="#algorithm-result">Result</a></th>
- </tr>
- </thead>
- <tbody>
- <tr>
- <td>encrypt</td>
- <td><a href="#dfn-AesCfbParams">AesCfbParams</a></td>
- <td>ArrayBuffer</td>
- </tr>
- <tr>
- <td>decrypt</td>
- <td><a href="#dfn-AesCfbParams">AesCfbParams</a></td>
- <td>ArrayBuffer</td>
- </tr>
- <tr>
- <td>generateKey</td>
- <td><a href="#dfn-AesKeyGenParams">AesKeyGenParams</a></td>
- <td><a href="#dfn-CryptoKey">CryptoKey</a></td>
- </tr>
- <tr>
- <td>importKey</td>
- <td>None</td>
- <td><a href="#dfn-CryptoKey">CryptoKey</a></td>
- </tr>
- <tr>
- <td>exportKey</td>
- <td>None</td>
- <td>object</td>
- </tr>
- <tr>
- <td>get key length</td>
- <td><a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a></td>
- <td>Integer</td>
- </tr>
- </tbody>
- </table>
- </div>
- <div id="aes-cfb-params" class="section">
- <h4>AesCfbParams dictionary</h4>
- <x:codeblock language="idl">
-dictionary <dfn id="dfn-AesCfbParams">AesCfbParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-<span class="comment">// The initialization vector. <span class="RFC2119">MUST</span> be 16 bytes.</span>
-required BufferSource <dfn id="dfn-AesCfbParams-iv">iv</dfn>;
-};
- </x:codeblock>
- </div>
- <div id="aes-cfb-operations" class="section">
- <h4>Operations</h4>
- <dl>
- <dt>Encrypt</dt>
- <dd>
- <ol>
- <li>
- <p>
- If the <a href="#dfn-AesCfbParams-iv">iv</a> member of
- <var>normalizedAlgorithm</var> does not have length 16 bytes, then <a
- href="#concept-throw">throw</a> an <a
- href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>ciphertext</var> be the result of performing the CFB Encryption
- operation described in Section 6.3 of [<a
- href="#SP800-38A">NIST SP800-38A</a>] using AES as the block cipher, <a
- href="#concept-contents-of-arraybuffer">the contents of</a> the <a
- href="#dfn-AesCfbParams-iv">iv</a> member of <var>normalizedAlgorithm</var> as
- the <var>IV</var> input parameter, the value 8 as the input parameter
- <var>s</var>, and <a href="#concept-contents-of-arraybuffer">the contents
- of<var>plaintext</var></a> as the input plaintext.
- </p>
- </li>
- <li>
- <p>
- Return <var>ciphertext</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Decrypt</dt>
- <dd>
- <ol>
- <li>
- <p>
- If the <a href="#dfn-AesCfbParams-iv">iv</a> member of
- <var>normalizedAlgorithm</var> does not have length 16 bytes, then <a
- href="#concept-throw">throw</a> an <a
- href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>plaintext</var> be the result of performing the CFB Decryption
- operation described in Section 6.3 of [<a
- href="#SP800-38A">NIST SP800-38A</a>] using AES as the block cipher, <a
- href="#concept-contents-of-arraybuffer">the contents of</a> the <a
- href="#dfn-AesCfbParams-iv">iv</a> member of <var>normalizedAlgorithm</var> as
- the <var>IV</var> input parameter, the the value 8 as the input parameter
- <var>s</var>, and <a href="#concept-contents-of-arraybuffer">the contents of
- <var>ciphertext</var></a> as the input ciphertext.
- </p>
- </li>
- <li>
- <p>
- Return <var>plaintext</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Generate Key</dt>
- <dd>
- <ol>
- <li>
- <p>
- If <var>usages</var> contains any entry which is not one of
- <code>"encrypt"</code>, <code>"decrypt"</code>, <code>"wrapKey"</code> or
- <code>"unwrapKey"</code>, then <a href="#concept-throw">throw</a> a <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the <a href="#dfn-AesKeyGenParams-length">length</a> member of
- <var>normalizedAlgorithm</var> is not equal to one of 128, 192 or 256, then <a
- href="#concept-throw">throw</a> an <a
- href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Generate an AES key of length equal to the <a
- href="#dfn-AesKeyGenParams-length">length</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- If the key generation step fails,
- then <a href="#concept-throw">throw</a> an
- <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>key</var> be a new
- <a href="#dfn-CryptoKey">CryptoKey</a> object representing the
- generated AES key.
- </p>
- </li>
- <li>
- <p>
- Let <var>algorithm</var> be a new
- <a href="#dfn-AesKeyAlgorithm">AesKeyAlgorithm</a>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
- <var>algorithm</var> to <code>"AES-CFB-8"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
- <var>algorithm</var> to equal the
- <a href="#dfn-AesKeyGenParams-length">length</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
- slot of <var>key</var> to <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal
- slot of <var>key</var> to be <var>extractable</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
- <var>key</var> to be <var>usages</var>.
- </p>
- </li>
- <li>
- <p>
- Return <var>key</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Import Key</dt>
- <dd>
- <ol>
- <li>
- <p>
- If <var>usages</var> contains an entry which is not
- one of <code>"encrypt"</code>, <code>"decrypt"</code>,
- <code>"wrapKey"</code> or <code>"unwrapKey"</code>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
- </p>
- </li>
- <li>
- <dl class="switch">
- <dt>If <var>format</var> is <code>"raw"</code>:</dt>
- <dd>
- <ol>
- <li>
- <p>
- Let <var>data</var> be the <a href="#dfn-octet-string">octet string</a> contained in <var>keyData</var>.
- </p>
- </li>
- <li>
- <p>
- If the length in bits of <var>data</var> is not 128, 192 or 256
-
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
- <dd>
- <ol>
- <li>
- <p>
- Let <var>jwk</var> be the <a href="#dfn-JsonWebKey">JsonWebKey</a>
- dictionary represented by <var>keyData</var>.
- </p>
- </li>
- <li>
- <p>
- If the <code>"kty"</code> field of <var>jwk</var> is not
- <code>"oct"</code>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If <var>jwk</var> does not meet the requirements of
- Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>data</var> be the <a href="#dfn-octet-string">octet string</a> obtained by decoding the
- <code>"k"</code> field of <var>jwk</var>.
- </p>
- </li>
- <li>
- <dl class="switch">
- <dt>If <var>data</var> has length 128 bits:</dt>
- <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not <code>"A128CFB8"</code>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
- <dt>If <var>data</var> has length 192 bits:</dt>
- <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not <code>"A192CFB8"</code>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
- <dt>If <var>data</var> has length 256 bits:</dt>
- <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not <code>"A256CFB8"</code>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
- <dt>Otherwise:</dt>
- <dd>
- <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
- </dl>
- </li>
- <li>
- <p>
- If the <code>"use"</code> field of <var>jwk</var> is present, and is
- not <code>"enc"</code>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the <code>"key_ops"</code> field of <var>jwk</var> is present, and
- is invalid according to the requirements of
- <a href="#jwk">JSON Web Key</a> or
- does not contain all of the specified <var>usages</var> values,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the <code>"ext"</code> field of <var>jwk</var> is present and
- has the value false and <var>extractable</var> is true,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Otherwise:</dt>
- <dd>
- <a href="#concept-throw">throw</a> a
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
- </dd>
- </dl>
- </li>
- <li>
- <p>
- Let <var>key</var> be a new <code><a href="#dfn-CryptoKey">CryptoKey</a></code>
- object representing an AES key with value <var>data</var>.
- </p>
- </li>
- <li>
- <p>
- Let <var>algorithm</var> be a new
- <a href="#dfn-AesKeyAlgorithm">AesKeyAlgorithm</a>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
- <var>algorithm</var> to <code>"AES-CFB-8"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
- <var>algorithm</var> to the length, in bits, of <var>data</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
- slot of <var>key</var> to <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal
- slot of <var>key</var> to <var>extractable</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
- <var>key</var> to the <a href="#concept-normalized-usages">normalized
- value</a> of <var>usages</var>.
- </p>
- </li>
- <li>
- <p>
- Return <var>key</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Export Key</dt>
- <dd>
- <ol>
- <li>
- <p>
- If the underlying cryptographic key material represented by the [[<a
- href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of <var>key</var>
- cannot be accessed, then <a href="#concept-throw">throw</a> an <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <dl class="switch">
- <dt>If <var>format</var> is <code>"raw"</code>:</dt>
- <dd>
- <ol>
- <li>
- <p>
- Let <var>data</var> be the raw octets of the key represented by [[<a
- href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
- <var>key</var>.
- </p>
- </li>
- <li>
- <p>
- Let <var>result</var> be a new <code>ArrayBuffer</code> containing
- <var>data</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
- <dd>
- <ol>
- <li>
- <p>
- Let <var>jwk</var> be a new <a href="#dfn-JsonWebKey">JsonWebKey</a>
- dictionary.
- </p>
- </li>
- <li>
- <p>
- Set the <code>kty</code> attribute of <var>jwk</var> to the
- string <code>"oct"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the <code>k</code> attribute of <var>jwk</var> to be a string
- containing the raw octets of the key represented by [[<a
- href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
- <var>key</var>, encoded according to Section 6.4 of <a
- href="#jwa">JSON Web Algorithms</a>.
- </p>
- </li>
- <li>
- <dl class="switch">
- <dt>If the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
- <var>key</var> is 128:</dt>
- <dd>Set the <code>alg</code> attribute of <var>jwk</var> to
- the string <code>"A128CFB8"</code>.</dd>
- <dt>If the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
- <var>key</var> is 192:</dt>
- <dd>Set the <code>alg</code> attribute of <var>jwk</var> to
- the string <code>"A192CFB8"</code>.</dd>
- <dt>If the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
- <var>key</var> is 256:</dt>
- <dd>Set the <code>alg</code> attribute of <var>jwk</var> to
- the string <code>"A256CFB8"</code>.</dd>
- </dl>
- </li>
- <li>
- <p>
- Set the <code>key_ops</code> attribute of <var>jwk</var> to equal the
- <a href="#dfn-CryptoKey-usages">usages</a> attribute of
- <var>key</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <code>ext</code> attribute of <var>jwk</var> to equal the [[<a
- href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal slot
- of <var>key</var>.
- </p>
- </li>
- <li>
- <p>
- Let <var>result</var> be the result of converting <var>jwk</var>
- to an ECMAScript Object, as defined by [<a href="#WebIDL">WebIDL</a>].
- </p>
- </li>
- </ol>
- </dd>
- <dt>Otherwise:</dt>
- <dd>
- <p>
- <a href="#concept-throw">throw</a> a
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
- </p>
- </dd>
- </dl>
- </li>
- <li>
- <p>
- Return <var>result</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Get key length</dt>
- <dd>
- <ol>
- <li>
- <p>
- If the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
- <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256, then <a
- href="#concept-throw">throw</a> an <a
- href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Return the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
- <var>normalizedDerivedKeyAlgorithm</var>.
- </p>
- </li>
- </ol>
- </dd>
- </dl>
- </div>
- </div>
-
<div id="aes-kw" class="section">
<h3>AES-KW</h3>
<div id="aes-kw-description" class="section">
@@ -15547,889 +14460,7 @@
</dl>
</div>
</div>
- <div id="dh" class="section">
- <h3>Diffie-Hellman</h3>
- <div id="dh-description" class="section">
- <h4>Description</h4>
- <p class="norm">This section is non-normative.</p>
- <p>
- This describes using Diffie-Hellman for key generation and key agreement, as specified
- by <a href="#PKCS3">PKCS #3</a>.
- </p>
- </div>
- <div id="dh-registration" class="section">
- <h4>Registration</h4>
- <p>
- The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
- this algorithm is <code>"DH"</code>.
- </p>
- <table>
- <thead>
- <tr>
- <th><a href="#supported-operations">Operation</a></th>
- <th><a href="#algorithm-specific-params">Parameters</a></th>
- <th><a href="#algorithm-result">Result</a></th>
- </tr>
- </thead>
- <tbody>
- <tr>
- <td>generateKey</td>
- <td><a href="#dfn-DhKeyGenParams">DhKeyGenParams</a></td>
- <td><a href="#dfn-CryptoKeyPair">CryptoKeyPair</a></td>
- </tr>
- <tr>
- <td>deriveBits</td>
- <td><a href="#dfn-DhKeyDeriveParams">DhKeyDeriveParams</a></td>
- <td><a href="#dfn-octet-string">Octet string</a></td>
- </tr>
- <tr>
- <td>importKey</td>
- <td><a href="#dfn-DhImportKeyParams">DhImportKeyParams</a></td>
- <td><a href="#dfn-CryptoKey">CryptoKey</a></td>
- </tr>
- <tr>
- <td>exportKey</td>
- <td>None</td>
- <td>object</td>
- </tr>
- </tbody>
- </table>
- </div>
- <div id="dh-DhKeyGenParams" class="section">
- <h4>DhKeyGenParams dictionary</h4>
- <x:codeblock language="idl">
-dictionary <dfn id="dfn-DhKeyGenParams">DhKeyGenParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-<span class="comment">// The prime p.</span>
-required BigInteger <dfn id="dfn-DhKeyGenParams-prime">prime</dfn>;
-<span class="comment">// The base g.</span>
-required BigInteger <dfn id="dfn-DhKeyGenParams-generator">generator</dfn>;
-};
- </x:codeblock>
- </div>
- <div id="dh-DhKeyAlgorithm" class="section">
- <h4>DhKeyAlgorithm dictionary</h4>
- <x:codeblock language="idl">
-dictionary <dfn id="dfn-DhKeyAlgorithm">DhKeyAlgorithm</dfn> : <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a> {
-<span class="comment">// The prime p.</span>
-required BigInteger <dfn id="dfn-DhKeyAlgorithm-prime">prime</dfn>;
-<span class="comment">// The base g.</span>
-required BigInteger <dfn id="dfn-DhKeyAlgorithm-generator">generator</dfn>;
-};
- </x:codeblock>
- </div>
- <div id="dh-DhKeyDeriveParams" class="section">
- <h4>DhKeyDeriveParams dictionary</h4>
- <x:codeblock language="idl">
-dictionary <dfn id="dfn-DhKeyDeriveParams">DhKeyDeriveParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-<span class="comment">// The peer's public value.</span>
-required <a href="#dfn-CryptoKey">CryptoKey</a> <dfn id="dfn-DhKeyDeriveParams-public">public</dfn>;
-};
- </x:codeblock>
- </div>
- <div id="dh-DhImportKeyParams" class="section">
- <h4>DhImportKeyParams dictionary</h4>
- <x:codeblock language="idl">
-dictionary <dfn id="dfn-DhImportKeyParams">DhImportKeyParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-<span class="comment">// The prime p.</span>
-required BigInteger <dfn id="dfn-DhImportKeyParams-prime">prime</dfn>;
-<span class="comment">// The base g.</span>
-required BigInteger <dfn id="dfn-DhImportKeyParams-generator">generator</dfn>;
-};
- </x:codeblock>
- </div>
- <div id="dh-operations" class="section">
- <h4>Operations</h4>
- <dl>
- <dt>Generate Key</dt>
- <dd>
- <ol>
- <li>
- <p>
- If <var>usages</var> contains a value which is not
- one of <code>"deriveKey"</code> or <code>"deriveBits"</code>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Generate a Diffie-Hellman key pair, as defined in Section 7 of
- [<a href="#PKCS3">PKCS #3</a>], with prime, <var>p</var>, and base,
- <var>g</var>, as specified in the
- <a href="#dfn-DhKeyGenParams-prime">prime</a> and
- <a href="#dfn-DhKeyGenParams-generator">generator</a> properties of
- <var>normalizedAlgorithm</var>, respectively.
- </p>
- </li>
- <li>
- <p>
- If performing the operation results in an error,
- then <a href="#concept-throw">throw</a> an
- <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>algorithm</var> be a new
- <a href="#dfn-DhKeyAlgorithm">DhKeyAlgorithm</a>
- object.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Algorithm-name">name</a> member of
- <var>algorithm</var> to <code>"DH"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-DhKeyAlgorithm-prime">prime</a>
- attribute of <var>algorithm</var> to equal the
- <a href="#dfn-DhKeyGenParams-prime">prime</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-DhKeyAlgorithm-generator">generator</a>
- attribute of <var>algorithm</var> to equal the
- <a href="#dfn-DhKeyGenParams-generator">generator</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Let <var>publicKey</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
- representing the public key of the generated key pair.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
- <var>publicKey</var> to <code>"public"</code>
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
- slot of <var>publicKey</var> to <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal
- slot of <var>publicKey</var> to true.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
- <var>publicKey</var> to be the empty list.
- </p>
- </li>
- <li>
- <p>
- Let <var>privateKey</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
- representing the private key of the generated key pair.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
- <var>privateKey</var> to <code>"private"</code>
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
- slot of <var>privateKey</var> to <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal
- slot of <var>privateKey</var> to <var>extractable</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
- <var>privateKey</var> to be <var>usages</var>.
- </p>
- </li>
- <li>
- <p>
- Let <var>result</var> be a new <a href="#dfn-CryptoKeyPair">CryptoKeyPair</a>
- dictionary.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-CryptoKeyPair-publicKey">publicKey</a> attribute
- of <var>result</var> to be <var>publicKey</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-CryptoKeyPair-privateKey">privateKey</a> attribute
- of <var>result</var> to be <var>privateKey</var>.
- </p>
- </li>
- <li>
- <p>
- Return the result of converting <var>result</var> to an ECMAScript Object, as
- defined by [<a href="#WebIDL">WebIDL</a>].
- </p>
- </li>
- </ol>
- </dd>
- <dt>Derive Bits</dt>
- <dd>
- <ol>
- <li>
- <p>
- If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
- <var>key</var> is not <code>"private"</code>, then <a
- href="#concept-throw">throw</a> an <a
- href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>publicKey</var> be the
- <a href="#dfn-DhKeyDeriveParams-public">public</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- If the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of the [[<a
- href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
- <var>publicKey</var> is not <code>"DH"</code>, then <a
- href="#concept-throw">throw</a> a <a
- href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
- <var>publicKey</var> is not <code>"public"</code>, then <a
- href="#concept-throw">throw</a> a <a
- href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of the [[<a
- href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
- <var>publicKey</var> is not equal to the <a
- href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of the [[<a
- href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
- <var>key</var>, then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the <a href="#dfn-DhKeyAlgorithm-generator">generator</a> attribute of the
- [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
- <var>publicKey</var> is not equal to the <a
- href="#dfn-DhKeyAlgorithm-generator">generator</a> attribute of the [[<a
- href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
- <var>key</var>, then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Perform the Diffie-Hellman Phase II algorithm as specified in Section 8 of [<a
- href="#PKCS3">PKCS #3</a>] with <var>key</var> as the DH private value
- <var>x</var> and the Diffie-Hellman public value represented by the [[<a
- href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of the <a
- href="#dfn-DhKeyDeriveParams-public">public</a> member of
- <var>normalizedAlgorithm</var> as the other's public value <var>PV'</var>.
- </p>
- <dl class="switch">
- <dt>If performing the operation results in an error:</dt>
- <dd>
- <a href="#concept-throw">throw</a> an
- <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </dd>
- <dt>Otherwise:</dt>
- <dd>
- Let <var>secret</var> be the output of the DH Phase II, <var>SK</var>.
- </dd>
- </dl>
- </li>
- <li>
- <dl class="switch">
- <dt>
- If the length of <var>secret</var> in bits is less than
- <var>length</var>:
- </dt>
- <dd>
- <a href="#concept-throw">throw</a> an
- <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </dd>
- <dt>Otherwise:</dt>
- <dd>Return the first <var>length</var> bits of <var>secret</var>.</dd>
- </dl>
- </li>
- </ol>
- </dd>
- <dt>Import Key</dt>
- <dd>
- <dl class="switch">
- <dt>
- If <var>format</var> is <code>"raw"</code>:
- </dt>
- <dd>
- <div class="ednote">
- <p>
- Raw import of private values is presently not supported.
- </p>
- </div>
- <ol>
- <li>
- <p>
- If <var>usages</var> is not empty
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If <var>extractable</var> is false,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>PV</var> be the integer which results from interpreting the
- octets of <var>keyData</var> as an unsigned big integer with most
- significant octet first.
- </p>
- </li>
- <li>
- <p>
- Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
- representing a Diffie-Hellman public key with public value <var>PV</var>
- and with prime, <var>p</var> and base, <var>g</var> equal to the <a
- href="#dfn-DhImportKeyParams-prime">prime</a> and <a
- href="#dfn-DhImportKeyParams-generator">generator</a> properties of
- <var>normalizedAlgorithm</var> respectively.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
- <var>key</var> to <code>"public"</code>.
- </p>
- </li>
- <li>
- <p>
- Let <var>algorithm</var> be a new <a
- href="#dfn-DhKeyAlgorithm">DhKeyAlgorithm</a>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Algorithm-name">name</a> attribute of
- <var>algorithm</var> to <code>"DH"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of
- <var>algorithm</var> to equal the <a
- href="#dfn-DhImportKeyParams-prime">prime</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-DhKeyAlgorithm-generator">generator</a> attribute of
- <var>algorithm</var> to equal the <a
- href="#dfn-DhImportKeyParams-generator">generator</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
- slot of <var>key</var> to <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Return <var>key</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>
- If <var>format</var> is <code>"spki"</code>:
- </dt>
- <dd>
- <ol>
- <li>
- <p>
- If <var>usages</var> is not empty
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>spki</var> be the result of running the <a
- href="#concept-parse-a-spki">parse a subjectPublicKeyInfo</a> algorithm
- over <var>keyData</var>.
- </p>
- </li>
- <li>
- <p>
- If an error occurred while parsing, then <a
- href="#concept-throw">throw</a> a <a
- href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the <code>algorithm</code> object identifier field of the
- <code>algorithm</code> AlgorithmIdentifier field of <var>spki</var> is not
- equivalent to the <code>dhKeyAgreement</code> OID defined in Section 9 of
- [<a href="#PKCS3">PKCS #3</a>], then <a
- href="#concept-throw">throw</a> a <a
- href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the <code>parameters</code> field of the <code>algorithm</code>
- AlgorithmIdentifier field of <var>spki</var> is absent, then <a
- href="#concept-throw">throw</a> a <a
- href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>params</var> be the <code>parameters</code> field of the
- <code>algorithm</code> AlgorithmIdentifier field of <var>spki</var>.
- </p>
- </li>
- <li>
- <p>
- If <var>params</var> is not an instance of the <code>DHParameter</code>
- ASN.1 type defined in Section 9 of <a href="#PKCS3">PKCS #3</a>, then <a
- href="#concept-throw">throw</a> a <a
- href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
- representing the Diffie-Hellman public key obtained by parsing the
- <code>subjectPublicKey</code> field of <var>spki</var> as an ASN.1
- INTEGER.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
- <var>key</var> to <code>"public"</code>.
- </p>
- </li>
- <li>
- <p>
- Let <var>algorithm</var> be a new <a
- href="#dfn-DhKeyAlgorithm">DhKeyAlgorithm</a>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Algorithm-name">name</a> member of
- <var>algorithm</var> to <code>"DH"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of
- <var>algorithm</var> to a new <code>BigInteger</code> equal to the
- <a href="#dfn-octet-string">octet string</a> encoding of the <code>prime</code> field of
- <var>params</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-DhKeyAlgorithm-generator">generator</a> attribute of
- <var>algorithm</var> to a new <code>BigInteger</code> equal to the
- <a href="#dfn-octet-string">octet string</a> encoding of the <code>base</code> field of
- <var>params</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
- slot of <var>key</var> to <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Return <var>key</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>
- If <var>format</var> is <code>"pkcs8"</code>:
- </dt>
- <dd>
- <ol>
- <li>
- <p>
- If <var>usages</var> contains a value which is not one of
- <code>"deriveKey"</code> or <code>"deriveBits"</code>, then <a
- href="#concept-throw">throw</a> a <a
- href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>privateKeyInfo</var> be the result of running the
- <a href="#concept-parse-a-privateKeyInfo">parse a privateKeyInfo</a>
- algorithm over <var>keyData</var>.
- </p>
- </li>
- <li>
- <p>
- If an error occurred while parsing, then <a
- href="#concept-throw">throw</a> a <a
- href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the <code>algorithm</code> object identifier field of the
- <code>algorithm</code> AlgorithmIdentifier field of
- <var>privateKeyInfo</var> is not equivalent to the
- <code>dhKeyAgreement</code> OID defined in Section 9 of [<a
- href="#PKCS3">PKCS #3</a>], then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the <code>parameters</code> field of the
- <code>privateKeyAlgorithm</code> PrivateKeyAlgorithmIdentifier field of
- <var>privateKeyInfo</var> is absent, then <a
- href="#concept-throw">throw</a> a <a
- href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>params</var> be the <code>parameters</code> field of the
- <code>privateKeyAlgorithm</code> PrivateKeyAlgorithmIdentifier field of
- <var>privateKeyInfo</var>.
- </p>
- </li>
- <li>
- <p>
- If <var>params</var> is not an instance of the <code>DHParameter</code>
- ASN.1 type defined in Section 9 of <a href="#PKCS3">PKCS #3</a>, then <a
- href="#concept-throw">throw</a> a <a
- href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
- representing the Diffie-Hellman private key obtained by parsing the
- <code>privateKey</code> field of <var>privateKeyInfo</var> as an ASN.1
- INTEGER.
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
- <var>key</var> to <code>"private"</code>.
- </p>
- </li>
- <li>
- <p>
- Let <var>algorithm</var> be a new
- <a href="#dfn-DhKeyAlgorithm">DhKeyAlgorithm</a>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Algorithm-name">name</a> member of
- <var>algorithm</var> to <code>"DH"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of
- <var>algorithm</var> to a new <code>BigInteger</code> equal to the
- <a href="#dfn-octet-string">octet string</a> encoding of the <code>prime</code> field of
- <var>params</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-DhKeyAlgorithm-generator">generator</a> attribute of
- <var>algorithm</var> to a new <code>BigInteger</code> equal to the
- <a href="#dfn-octet-string">octet string</a> encoding of the <code>base</code> field of
- <var>params</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
- slot of <var>key</var> to <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Return <var>key</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Otherwise:</dt>
- <dd>
- <a href="#concept-throw">throw</a> a
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
- </dd>
- </dl>
- </dd>
- <dt>Export Key</dt>
- <dd>
- <ol>
- <li>
- <p>
- If the underlying cryptographic key material represented by the [[<a
- href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of <var>key</var>
- cannot be accessed, then <a href="#concept-throw">throw</a> an <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <dl class="switch">
- <dt>
- If <var>format</var> is <code>"raw"</code>:
- </dt>
- <dd>
- <ol>
- <li>
- <dl class="switch">
- <dt>
- If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
- of <var>key</var> is <code>"public"</code>:
- </dt>
- <dd>
- Let <var>data</var> be the Public Value, <var>PV</var>, associated
- with <var>key</var> as specified in Section 7 of [<a
- href="#PKCS3">PKCS #3</a>].
- </dd>
- <dt>
- If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
- of <var>key</var> is <code>"private"</code>:
- </dt>
- <dd>
- Let <var>data</var> be the <a href="#dfn-octet-string">octet string</a> that represents the private
- value <var>x</var> associated with <var>key</var> as a big integer,
- most significant octet first.
- </dd>
- </dl>
- </li>
- <li>
- <p>
- Let <var>result</var> be a new <code>ArrayBuffer</code> containing
- <var>data</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>
- If <var>format</var> is <code>"spki"</code>:
- </dt>
- <dd>
- <ol>
- <li>
- <p>
- If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
- of <var>key</var> is not <code>"public"</code>, then <a
- href="#concept-throw">throw</a> an <a
- href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>data</var> be an instance of the <code>subjectPublicKeyInfo</code>
- ASN.1 structure defined in <a href="#RFC5280">RFC 5280</a>
- with the following properties:
- </p>
- <ul>
- <li>
- <p>
- Set the <var>algorithmIdentifier</var> field to an
- <code>AlgorithmIdentifier</code> ASN.1 structure with the
- following properties:
- </p>
- <ul>
- <li>
- <p>
- Set the <var>algorithm</var> field to the
- <code>dhKeyAgreement</code> OID defined in Section 9 of <a
- href="#PKCS3">PKCS #3</a>.
- </p>
- </li>
- <li>
- <p>
- Set the <var>parameters</var> field to an instance of the
- <code>DHParams</code> ASN.1 structure defined in Section 9 of
- <a href="#PKCS3">PKCS #3</a> with the following properties:
- </p>
- <ul>
- <li>
- <p>
- Set the <var>prime</var> field to an ASN.1 INTEGER that is
- equivalent to the <a
- href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of
- the [[<a
- href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
- internal slot of <var>key</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <var>base</var> field to an ASN.1 INTEGER that is
- equivalent to the <a
- href="#dfn-DhKeyAlgorithm-generator">generator</a>
- attribute of the [[<a
- href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
- internal slot of <var>key</var>.
- </p>
- </li>
- </ul>
- </li>
- </ul>
- </li>
- <li>
- <p>
- Set the <var>subjectPublicKey</var> to an ASN.1 INTEGER that
- corresponds to the Diffie-Hellman public value represented by [[<a
- href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
- <var>key</var>.
- </p>
- </li>
- </ul>
- </li>
- <li>
- <p>
- Let <var>result</var> be a new <code>ArrayBuffer</code> containing
- <var>data</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>
- If <var>format</var> is <code>"pkcs8"</code>:
- </dt>
- <dd>
- <ol>
- <li>
- <p>
- If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
- of <var>key</var> is not <code>"private"</code>, then <a
- href="#concept-throw">throw</a> an <a
- href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>data</var> be an instance of the <code>privateKeyInfo</code>
- ASN.1 structure defined in <a href="#RFC5280">RFC 5280</a>
- with the following properties:
- </p>
- <ul>
- <li>
- <p>
- Set the <var>privateKeyAlgorithm</var> field to a
- <code>PrivateKeyAlgorithmIdentifier</code> ASN.1 structure with
- the following properties:
- </p>
- <ul>
- <li>
- <p>
- Set the <var>algorithm</var> field to the
- <code>dhKeyAgreement</code> OID defined in Section 9 of <a
- href="#PKCS3">PKCS #3</a>.
- </p>
- </li>
- <li>
- <p>
- Set the <var>parameters</var> field to an instance of the
- <code>DHParams</code> ASN.1 structure defined in Section 9 of
- <a href="#PKCS3">PKCS #3</a> with the following properties:
- </p>
- <ul>
- <li>
- <p>
- Set the <var>prime</var> field to an ASN.1 INTEGER that is
- equivalent to the <a
- href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of
- the [[<a
- href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
- internal slot of <var>key</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <var>base</var> field to an ASN.1 INTEGER that is
- equivalent to the <a
- href="#dfn-DhKeyAlgorithm-generator">generator</a>
- attribute of the [[<a
- href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
- internal slot of <var>key</var>.
- </p>
- </li>
- </ul>
- </li>
- </ul>
- </li>
- <li>
- <p>
- Set the <var>privateKey</var> field to an ASN.1 INTEGER that
- corresponds to the Diffie-Hellman private value represented by
- [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot
- of <var>key</var>.
- </p>
- </li>
- </ul>
- </li>
- <li>
- <p>
- Let <var>result</var> be a new <code>ArrayBuffer</code> containing
- <var>data</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Otherwise:</dt>
- <dd>
- <a href="#concept-throw">throw</a> a
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
- </dd>
- </dl>
- </li>
- <li>
- <p>
- Return <var>result</var>.
- </p>
- </li>
- </ol>
- </dd>
- </dl>
- </div>
- </div>
- <div id="sha" class="section">
+ <div id="sha" class="section">
<h3>SHA</h3>
<div id="sha-description" class="section">
<h4>Description</h4>
@@ -16538,228 +14569,7 @@
</dl>
</div>
</div>
- <div id="concatkdf" class="section">
- <h3>Concat KDF</h3>
- <div id="concatkdf-description" class="section">
- <h4>Description</h4>
- <p>
- The <code>"CONCAT"</code> algorithm identifier is used to perform key derivation
- using the key derivation algorithm defined in Section 5.8.1 of
- [<a href="#SP800-56A">NIST SP800-56A</a>] using the SHA hash functions defined
- in this specification.
- </p>
- <p>
- <a href="#dfn-applicable-specification">Other specifications</a>
- may specify the use of additional hash algorithms with Concat KDF. Such specifications
- must define digest operations for the additional hash algorithms and
- <dfn id="dfn-concat-extended-import-steps">key import steps</dfn> for Concat KDF.
- </p>
- </div>
- <div id="concatkdf-registration" class="section">
- <h4>Registration</h4>
- <p>
- The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
- this algorithm is <code>"CONCAT"</code>.
- </p>
- <table>
- <thead>
- <tr>
- <th><a href="#supported-operations">Operation</a></th>
- <th><a href="#algorithm-specific-params">Parameters</a></th>
- <th><a href="#algorithm-result">Result</a></th>
- </tr>
- </thead>
- <tbody>
- <tr>
- <td>deriveBits</td>
- <td><a href="#dfn-ConcatParams">ConcatParams</a></td>
- <td><a href="#dfn-octet-string">Octet string</a></td>
- </tr>
- <tr>
- <td>Import key</td>
- <td>None</td>
- <td><a href="#dfn-CryptoKey">CryptoKey</a></td>
- </tr>
- <tr>
- <td>Get key length</td>
- <td>None</td>
- <td>Integer or null</td>
- </tr>
- </tbody>
- </table>
- </div>
- <div id="concat-params" class="section">
- <h4>ConcatParams dictionary</h4>
- <x:codeblock language="idl">
-dictionary <dfn id="dfn-ConcatParams">ConcatParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-<span class="comment">// The digest method to use to derive the keying material.</span>
-<a href="#dfn-HashAlgorithmIdentifier">HashAlgorithmIdentifier</a> <dfn id="dfn-ConcatParams-hash">hash</dfn>;
-
-<span class="comment">// A bit string corresponding to the AlgorithmId field of the OtherInfo parameter.</span>
-<span class="comment">// The AlgorithmId indicates how the derived keying material will be parsed and for which</span>
-<span class="comment">// algorithm(s) the derived secret keying material will be used.</span>
-required BufferSource <dfn id="dfn-ConcatParams-algorithmId">algorithmId</dfn>;
-<span class="comment">// A bit string that corresponds to the PartyUInfo field of the OtherInfo parameter.</span>
-required BufferSource <dfn id="dfn-ConcatParams-partyUInfo">partyUInfo</dfn>;
-<span class="comment">// A bit string that corresponds to the PartyVInfo field of the OtherInfo parameter.</span>
-required BufferSource <dfn id="dfn-ConcatParams-partyVInfo">partyVInfo</dfn>;
-<span class="comment">// An optional bit string that corresponds to the SuppPubInfo field of the OtherInfo parameter.</span>
-BufferSource <dfn id="dfn-ConcatParams-publicInfo">publicInfo</dfn>;
-<span class="comment">// An optional bit string that corresponds to the SuppPrivInfo field of the OtherInfo parameter.</span>
-BufferSource <dfn id="dfn-ConcatParams-privateInfo">privateInfo</dfn>;
-};
- </x:codeblock>
- </div>
- <div id="concat-operations" class="section">
- <h4>Operations</h4>
- <dl>
- <dt>Derive Bits</dt>
- <dd>
- <ol>
- <li>
- <p>
- Let <var>secret</var> be the result of performing the Concatenation Key
- Derivation Function defined in Section 5.8.1 of
- [<a href="#SP800-56A">SP800-56A</a>] with <var>length</var> as
- <var>keydatalen</var>, the hash function identified by the
- <a href="#dfn-ConcatParams-hash">hash</a> member of
- <var>normalizedAlgorithm</var> as <var>H</var>, the
- <a href="#dfn-ConcatParams-algorithmId">algorithmId</a> member of
- <var>normalizedAlgorithm</var> as <var>AlgorithmID</var>, the
- <a href="#dfn-ConcatParams-partyUInfo">partyUInfo</a> member of
- <var>normalizedAlgorithm</var> as <var>PartyUInfo</var>, the
- <a href="#dfn-ConcatParams-partyVInfo">partyVInfo</a> member of
- <var>normalizedAlgorithm</var> as <var>PartyVInfo</var>, the
- <a href="#dfn-ConcatParams-publicInfo">publicInfo</a> member of
- <var>normalizedAlgorithm</var>, if present, as
- <var>SuppPubInfo</var> and the
- <a href="#dfn-ConcatParams-privateInfo">privateInfo</a> member of
- <var>normalizedAlgorithm</var>, if present, as
- <var>SuppPrivInfo</var>.
- </p>
- </li>
- <li>
- <p>
- If the operation fails,
- then <a href="#concept-throw">throw</a> an
- <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Return <var>secret</var>
- </p>
- </li>
- </ol>
- </dd>
- <dt>Import key</dt>
- <dd>
- <ol>
- <li>
- <p>Let <var>keyData</var> be the key data to be imported.</p>
- </li>
- <li>
- <p>
- Perform any <a href="#dfn-concat-extended-import-steps">key import steps</a>
- defined by <a href="#dfn-applicable-specification">other applicable
- specifications</a>, passing <var>keyData</var> and obtaining <var>result</var>.
- </p>
- <dl class="switch">
- <dt>
- If <var>result</var> is a <a href="#dfn-CryptoKey">CryptoKey</a>
- object
- </dt>
- <dd>
- <p>
- Return <var>result</var>.
- </p>
- </dd>
- <dt>
- If <var>result</var> is an error with a name that is not
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
- </dt>
- <dd>
- <p>
- <a href="#concept-throw">throw</a> <var>result</var>.
- </p>
- </dd>
- </dl>
- </li>
- <li>
- <dl class="switch">
- <dt>
- If <var>format</var> is <code>"raw"</code>:
- </dt>
- <dd>
- <ol>
- <li>
- <p>
- If <var>usages</var> contains a value that is not
- <code>"deriveKey"</code> or <code>"deriveBits"</code>,
-
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
- representing the key data provided in <var>keyData</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
- <var>key</var> to <code>"secret"</code>.
- </p>
- </li>
- <li>
- <p>
- Let <var>algorithm</var> be a new
- <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a> object.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
- <var>algorithm</var> to <code>"CONCAT"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
- slot of <var>key</var> to <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Return <var>key</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Otherwise:</dt>
- <dd>
- <a href="#concept-throw">throw</a> a
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
- </dd>
- </dl>
- </li>
- </ol>
- </dd>
- <dt>Get length</dt>
- <dd>
- <ol>
- <li>
- <p>
- Return null.
- </p>
- </li>
- </ol>
- </dd>
- </dl>
- </div>
- </div>
+
<div id="hkdf-ctr" class="section">
<h3>HKDF-CTR</h3>
<div id="hkdf-ctr-description" class="section">
@@ -17610,11 +15420,6 @@
NIST Special Publication 800-108: Recommendation for Key Derivation Using
Pseudorandom Functions (Revised)</a></cite>, October 2009, NIST.
</dd>
- <dt id="PKCS3">PKCS3</dt>
- <dd>
- <cite><a href="http://www.emc.com/domains/rsa/index.htm?id=2126">PKCS #3: Diffie-Hellman
- Key-Agreement Standard</a></cite>, RSA Laboratories.
- </dd>
<dt id="RFC2119">RFC 2119</dt>
<dd>
<cite><a href='http://www.ietf.org/rfc/rfc2119'>Key words for use in RFCs to
@@ -18203,91 +16008,7 @@
</x:codeblock>
</td>
</tr>
- <tr>
- <td>
-<x:codeblock language="es">
-{ kty: "oct",
- alg: "A128CMAC" }
-</x:codeblock>
- </td>
- <td>
-<x:codeblock language="es">
-{ name: "AES-CMAC",
- length: 128 }
-</x:codeblock>
- </td>
- </tr>
- <tr>
- <td>
-<x:codeblock language="es">
-{ kty: "oct",
- alg: "A192CMAC" }
-</x:codeblock>
- </td>
- <td>
-<x:codeblock language="es">
-{ name: "AES-CMAC",
- length: 192 }
-</x:codeblock>
- </td>
- </tr>
- <tr>
- <td>
-<x:codeblock language="es">
-{ kty: "oct",
- alg: "A256CMAC" }
-</x:codeblock>
- </td>
- <td>
-<x:codeblock language="es">
-{ name: "AES-CMAC",
- length: 256 }
-</x:codeblock>
- </td>
- </tr>
- <tr>
- <td>
-<x:codeblock language="es">
-{ kty: "oct",
- alg: "A128CFB8" }
-</x:codeblock>
- </td>
- <td>
-<x:codeblock language="es">
-{ name: "AES-CFB-8",
- length: 128 }
-</x:codeblock>
- </td>
- </tr>
- <tr>
- <td>
-<x:codeblock language="es">
-{ kty: "oct",
- alg: "A192CFB8" }
-</x:codeblock>
- </td>
- <td>
-<x:codeblock language="es">
-{ name: "AES-CFB-8",
- length: 192 }
-</x:codeblock>
- </td>
- </tr>
- <tr>
- <td>
-<x:codeblock language="es">
-{ kty: "oct",
- alg: "A256CFB8" }
-</x:codeblock>
- </td>
- <td>
-<x:codeblock language="es">
-{ name: "AES-CFB-8",
- length: 256 }
-</x:codeblock>
- </td>
- </tr>
- <tr>
+ <tr>
<td>
<x:codeblock language="es">
{ kty: "oct",
@@ -18437,12 +16158,6 @@
<td><code>"DSA"</code></td>
<td><a href="#RFC3279">RFC 3279</a></td>
</tr>
- <tr>
- <td>dhKeyAgreement (1.2.840.113549.1.3.1)</td>
- <td>INTEGER</td>
- <td><code>"DH"</code></td>
- <td><a href="#PKCS3">PKCS #3</a></td>
- </tr>
</tbody>
</table>
<div class="ednote">
@@ -18535,20 +16250,8 @@
<td><code>"DSA"</code></td>
<td><a href="#RFC5958">RFC 5958</a></td>
</tr>
- <tr>
- <td>dhKeyAgreement (1.2.840.113549.1.3.1)</td>
- <td>INTEGER</td>
- <td><code>"DH"</code></td>
- <td><a href="#PKCS3">PKCS #3</a></td>
- </tr>
</tbody>
</table>
- <div class="ednote">
- <p>
- There does not appear to be a normative reference for a DH key being encoded as an
- INTEGER. Only RFC 5958 seems to mention this.
- </p>
- </div>
</div>
</div>
</body>
--- a/spec/Overview.html Sun Nov 30 23:10:07 2014 +0100
+++ b/spec/Overview.html Thu Nov 12 09:36:30 2015 -0800
@@ -28,7 +28,7 @@
<link rel="stylesheet" href="//www.w3.org/StyleSheets/TR/W3C-ED" type="text/css" /></head>
<body>
- <div class="head"><div><a href="http://www.w3.org/"><img src="//www.w3.org/Icons/w3c_home" width="72" height="48" alt="W3C" /></a></div><h1>Web Cryptography API</h1><h2>W3C Editor’s Draft <em>30 November 2014</em></h2><dl><dt>Latest Editor’s Draft:</dt><dd><a href="https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html">https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html</a></dd><dt>Latest Published Version:</dt><dd><a href="http://www.w3.org/TR/WebCryptoAPI/">http://www.w3.org/TR/WebCryptoAPI/</a></dd><dt>Previous Version(s):</dt><dd><a href="https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html">https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html</a></dd><dt>Editors:</dt><dd><a href="http://www.google.com/">Ryan Sleevi</a>, Google, Inc. <sleevi@google.com></dd><dd><a href="http://www.netflix.com/">Mark Watson</a>, Netflix <watsonm@netflix.com></dd><dt>Participate:</dt><dd><p>Send feedback to <a href="mailto:public-webcrypto@w3.org?subject=%5BWebCryptoAPI%5D">public-webcrypto@w3.org</a> (<a href="http://lists.w3.org/Archives/Public/public-webcrypto/">archives</a>), or <a href="https://www.w3.org/Bugs/Public/enter_bug.cgi?product=Web%20Cryptography&component=Web%20Cryptography%20API%20Document">file a bug</a>
+ <div class="head"><div><a href="http://www.w3.org/"><img src="//www.w3.org/Icons/w3c_home" width="72" height="48" alt="W3C" /></a></div><h1>Web Cryptography API</h1><h2>W3C Editor’s Draft <em>12 November 2015</em></h2><dl><dt>Latest Editor’s Draft:</dt><dd><a href="https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html">https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html</a></dd><dt>Latest Published Version:</dt><dd><a href="http://www.w3.org/TR/WebCryptoAPI/">http://www.w3.org/TR/WebCryptoAPI/</a></dd><dt>Previous Version(s):</dt><dd><a href="https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html">https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html</a></dd><dt>Editors:</dt><dd><a href="http://www.google.com/">Ryan Sleevi</a>, Google, Inc. <sleevi@google.com></dd><dd><a href="http://www.netflix.com/">Mark Watson</a>, Netflix <watsonm@netflix.com></dd><dt>Participate:</dt><dd><p>Send feedback to <a href="mailto:public-webcrypto@w3.org?subject=%5BWebCryptoAPI%5D">public-webcrypto@w3.org</a> (<a href="http://lists.w3.org/Archives/Public/public-webcrypto/">archives</a>), or <a href="https://www.w3.org/Bugs/Public/enter_bug.cgi?product=Web%20Cryptography&component=Web%20Cryptography%20API%20Document">file a bug</a>
(see <a href="https://www.w3.org/Bugs/Public/buglist.cgi?product=Web%20Cryptography&component=Web%20Cryptography%20API%20Document&resolution=---">existing bugs</a>).</p></dd></dl><p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> © view <a href="http://www.w3.org/"><abbr title="World Wide Web Consortium">W3C</abbr></a><sup>®</sup> (<a href="http://www.csail.mit.edu/"><abbr title="Massachusetts Institute of Technology">MIT</abbr></a>, <a href="http://www.ercim.org/"><abbr title="European Research Consortium for Informatics and Mathematics">ERCIM</abbr></a>, <a href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. W3C <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply.</p></div><hr />
<div class="section">
@@ -44,7 +44,7 @@
communications.
</p>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div><p>There are 9 further editorial notes in the document.</p></div>
+ <div class="ednote"><div class="ednoteHeader">Editorial note</div><p>There are 7 further editorial notes in the document.</p></div>
</div>
<div class="section">
@@ -56,7 +56,7 @@
report can be found in the <a href="http://www.w3.org/TR/">W3C technical
reports index</a> at http://www.w3.org/TR/.
</em></p><p>
- This document is the 30 November 2014 <b>Editor’s Draft</b> of the
+ This document is the 12 November 2015 <b>Editor’s Draft</b> of the
<cite>Web Cryptography API</cite> specification.
Please send comments about this document to
@@ -134,7 +134,7 @@
<div id="toc">
<h2>Table of Contents</h2>
- <div class="toc"><ul><li><a href="#introduction">1. Introduction</a></li><li><a href="#use-cases">2. Use Cases</a><ul><li><a href="#multifactor-authentication">2.1. Multi-factor Authentication</a></li><li><a href="#protected-document">2.2. Protected Document Exchange</a></li><li><a href="#cloud-storage">2.3. Cloud Storage</a></li><li><a href="#document-signing">2.4. Document Signing</a></li><li><a href="#data-integrity-protection">2.5. Data Integrity Protection</a></li><li><a href="#secure-messaging">2.6. Secure Messaging</a></li><li><a href="#jose">2.7. Javascript Object Signing and Encryption (JOSE)</a></li></ul></li><li><a href="#conformance">3. Conformance</a><ul><li><a href="#extensibility">3.1. Extensibility</a></li></ul></li><li><a href="#scope">4. Scope</a><ul><li><a href="#scope-abstraction">4.1. Level of abstraction</a></li><li><a href="#scope-algorithms">4.2. Cryptographic algorithms</a></li><li><a href="#scope-operations">4.3. Operations</a></li><li><a href="#scope-out-of-scope">4.4. Out of scope</a></li></ul></li><li><a href="#concepts">5. Concepts</a><ul><li><a href="#concepts-underlying-implementation">5.1. Underlying Cryptographic Implementation</a></li><li><a href="#concepts-key-storage">5.2. Key Storage</a></li></ul></li><li><a href="#security-considerations">6. Security considerations</a><ul><li><a href="#security-implementers">6.1. Security considerations for implementers</a></li><li><a href="#security-developers">6.2. Security considerations for authors</a></li><li><a href="#security-users">6.3. Security considerations for users</a></li></ul></li><li><a href="#privacy">7. Privacy considerations</a></li><li><a href="#dependencies">8. Dependencies</a></li><li><a href="#terminology">9. Terminology</a></li><li><a href="#crypto-interface">10. Crypto interface</a><ul><li><a href="#Crypto-description">10.1. Description</a></li><li><a href="#Crypto-interface-methods">10.2. Methods and Parameters</a><ul><li><a href="#Crypto-method-getRandomValues">10.2.1. The getRandomValues method</a></li></ul></li><li><a href="#Crypto-interface-attributes">10.3. Attributes</a><ul><li><a href="#Crypto-attribute-subtle">10.3.1. The subtle attribute</a></li></ul></li></ul></li><li><a href="#algorithm-dictionary">11. Algorithm dictionary</a><ul><li><a href="#algorithm-dictionary-members">11.1. Algorithm Dictionary Members</a></li></ul></li><li><a href="#key-algorithm-dictionary">12. KeyAlgorithm dictionary</a><ul><li><a href="#key-algorithm-dictionary-description">12.1. Description</a></li><li><a href="#key-algorithm-dictionary-members">12.2. KeyAlgorithm dictionary members</a></li></ul></li><li><a href="#cryptokey-interface">13. CryptoKey interface</a><ul><li><a href="#cryptokey-interface-description">13.1. Description</a></li><li><a href="#cryptokey-interface-types">13.2. Key interface data types</a></li><li><a href="#cryptokey-interface-internal-slots">13.3. CryptoKey internal slots</a></li><li><a href="#cryptokey-interface-members">13.4. CryptoKey interface members</a></li><li><a href="#cryptokey-interface-clone">13.5. Structured clone algorithm</a></li></ul></li><li><a href="#subtlecrypto-interface">14. SubtleCrypto interface</a><ul><li><a href="#subtlecrypto-interface-description">14.1. Description</a></li><li><a href="#subtlecrypto-interface-datatypes">14.2. Data Types</a></li><li><a href="#subtlecrypto-interface-methods">14.3. Methods and Parameters</a><ul><li><a href="#SubtleCrypto-method-encrypt">14.3.1. The encrypt method</a></li><li><a href="#SubtleCrypto-method-decrypt">14.3.2. The decrypt method</a></li><li><a href="#SubtleCrypto-method-sign">14.3.3. The sign method</a></li><li><a href="#SubtleCrypto-method-verify">14.3.4. The verify method</a></li><li><a href="#SubtleCrypto-method-digest">14.3.5. The digest method</a></li><li><a href="#SubtleCrypto-method-generateKey">14.3.6. The generateKey method</a></li><li><a href="#SubtleCrypto-method-deriveKey">14.3.7. The deriveKey method</a></li><li><a href="#SubtleCrypto-method-deriveBits">14.3.8. The deriveBits method</a></li><li><a href="#SubtleCrypto-method-importKey">14.3.9. The importKey method</a></li><li><a href="#SubtleCrypto-method-exportKey">14.3.10. The exportKey method</a></li><li><a href="#SubtleCrypto-method-wrapKey">14.3.11. The wrapKey method</a></li><li><a href="#SubtleCrypto-method-unwrapKey">14.3.12. The unwrapKey method</a></li></ul></li><li><a href="#SubtleCrypto-Exceptions">14.4. Exceptions</a></li></ul></li><li><a href="#JsonWebKey-dictionary">15. JsonWebKey dictionary</a></li><li><a href="#big-integer">16. BigInteger</a></li><li><a href="#keypair">17. CryptoKeyPair dictionary</a></li><li><a href="#algorithms">18. Algorithms</a><ul><li><a href="#algorithms-section-overview">18.1. Overview</a></li><li><a href="#algorithm-concepts">18.2. Concepts</a><ul><li><a href="#algorithm-concepts-naming">18.2.1. Naming</a></li><li><a href="#algorithm-concepts-operations">18.2.2. Supported Operations</a></li><li><a href="#algorithm-concepts-normalization">18.2.3. Normalization</a></li></ul></li><li><a href="#algorithm-conventions">18.3. Specification Conventions</a></li><li><a href="#algorithm-normalization">18.4. Algorithm Normalization</a><ul><li><a href="#algorithm-normalization-description">18.4.1. Description</a></li><li><a href="#algorithm-normalization-internal">18.4.2. Internal State Objects</a></li><li><a href="#algorithm-normalization-define-an-algorithm">18.4.3. Defining an Algorithm</a></li><li><a href="#algorithm-normalization-normalize-an-algorithm">18.4.4. Normalizing an algorithm</a></li></ul></li><li><a href="#algorithm-recommendations">18.5. Recommendations</a><ul><li><a href="#algorithm-recommendations-authors">18.5.1. For Authors</a></li><li><a href="#algorithm-recommendations-implementers">18.5.2. For Implementers</a></li></ul></li></ul></li><li><a href="#algorithm-overview">19. Algorithm Overview</a></li><li><a href="#rsassa-pkcs1">20. RSASSA-PKCS1-v1_5</a><ul><li><a href="#rsassa-pkcs1-description">20.1. Description</a></li><li><a href="#rsassa-pkcs1-registration">20.2. Registration</a></li><li><a href="#RsaKeyGenParams-dictionary">20.3. RsaKeyGenParams dictionary</a></li><li><a href="#RsaHashedKeyGenParams-dictionary">20.4. RsaHashedKeyGenParams dictionary</a></li><li><a href="#RsaKeyAlgorithm-dictionary">20.5. RsaKeyAlgorithm dictionary</a></li><li><a href="#RsaHashedKeyAlgorithm-dictionary">20.6. RsaHashedKeyAlgorithm dictionary</a></li><li><a href="#RsaHashedImportParams-dictionary">20.7. RsaHashedImportParams dictionary</a></li><li><a href="#rsassa-pkcs1-operations">20.8. Operations</a></li></ul></li><li><a href="#rsa-pss">21. RSA-PSS</a><ul><li><a href="#rsa-pss-description">21.1. Description</a></li><li><a href="#rsa-pss-registration">21.2. Registration</a></li><li><a href="#RsaPssParams-dictionary">21.3. RsaPssParams dictionary</a></li><li><a href="#rsa-pss-operations">21.4. Operations</a></li></ul></li><li><a href="#rsa-oaep">22. RSA-OAEP</a><ul><li><a href="#rsa-oaep-description">22.1. Description</a></li><li><a href="#rsa-oaep-registration">22.2. Registration</a></li><li><a href="#rsa-oaep-params">22.3. RsaOaepParams dictionary</a></li><li><a href="#rsa-oaep-operations">22.4. Operations</a></li></ul></li><li><a href="#ecdsa">23. ECDSA</a><ul><li><a href="#ecdsa-description">23.1. Description</a></li><li><a href="#ecdsa-registration">23.2. Registration</a></li><li><a href="#EcdsaParams-dictionary">23.3. EcdsaParams dictionary</a></li><li><a href="#EcKeyGenParams-dictionary">23.4. EcKeyGenParams dictionary</a></li><li><a href="#EcKeyAlgorithm-dictionary">23.5. EcKeyAlgorithm dictionary</a></li><li><a href="#EcKeyImportParams-dictionary">23.6. EcKeyImportParams dictionary</a></li><li><a href="#ecdsa-operations">23.7. Operations</a></li></ul></li><li><a href="#ecdh">24. ECDH</a><ul><li><a href="#ecdh-description">24.1. Description</a></li><li><a href="#ecdh-registration">24.2. Registration</a></li><li><a href="#dh-EcdhKeyDeriveParams">24.3. EcdhKeyDeriveParams dictionary</a></li><li><a href="#ecdh-operations">24.4. Operations</a></li></ul></li><li><a href="#aes-ctr">25. AES-CTR</a><ul><li><a href="#aes-ctr-description">25.1. Description</a></li><li><a href="#aes-ctr-registration">25.2. Registration</a></li><li><a href="#aes-ctr-params">25.3. AesCtrParams dictionary</a></li><li><a href="#AesKeyAlgorithm-dictionary">25.4. </a></li><li><a href="#aes-keygen-params">25.5. AesKeyGenParams dictionary</a></li><li><a href="#aes-derivedkey-params">25.6. AesDerivedKeyParams dictionary</a></li><li><a href="#aes-ctr-operations">25.7. Operations</a></li></ul></li><li><a href="#aes-cbc">26. AES-CBC</a><ul><li><a href="#aes-cbc-description">26.1. Description</a></li><li><a href="#aes-cbc-registration">26.2. Registration</a></li><li><a href="#aes-cbc-params">26.3. AesCbcParams dictionary</a></li><li><a href="#aes-cbc-operations">26.4. Operations</a></li></ul></li><li><a href="#aes-cmac">27. AES-CMAC</a><ul><li><a href="#aes-cmac-description">27.1. Description</a></li><li><a href="#aes-cmac-registration">27.2. Registration</a></li><li><a href="#aes-cmac-params">27.3. AesCmacParams dictionary</a></li><li><a href="#aes-cmac-operations">27.4. Operations</a></li></ul></li><li><a href="#aes-gcm">28. AES-GCM</a><ul><li><a href="#aes-gcm-description">28.1. Description</a></li><li><a href="#aes-gcm-registration">28.2. Registration</a></li><li><a href="#aes-gcm-params">28.3. AesGcmParams dictionary</a></li><li><a href="#aes-gcm-operations">28.4. Operations</a></li></ul></li><li><a href="#aes-cfb">29. AES-CFB</a><ul><li><a href="#aes-cfb-description">29.1. Description</a></li><li><a href="#aes-cfb-registration">29.2. Registration</a></li><li><a href="#aes-cfb-params">29.3. AesCfbParams dictionary</a></li><li><a href="#aes-cfb-operations">29.4. Operations</a></li></ul></li><li><a href="#aes-kw">30. AES-KW</a><ul><li><a href="#aes-kw-description">30.1. Description</a></li><li><a href="#aes-kw-registration">30.2. Registration</a></li><li><a href="#aes-kw-operations">30.3. Operations</a></li></ul></li><li><a href="#hmac">31. HMAC</a><ul><li><a href="#hmac-description">31.1. Description</a></li><li><a href="#hmac-registration">31.2. Registration</a></li><li><a href="#hmac-importparams">31.3. HmacImportParams dictionary</a></li><li><a href="#HmacKeyAlgorithm-dictionary">31.4. HmacKeyAlgorithm dictionary</a></li><li><a href="#hmac-keygen-params">31.5. HmacKeyGenParams dictionary</a></li><li><a href="#hmac-operations">31.6. Operations</a></li></ul></li><li><a href="#dh">32. Diffie-Hellman</a><ul><li><a href="#dh-description">32.1. Description</a></li><li><a href="#dh-registration">32.2. Registration</a></li><li><a href="#dh-DhKeyGenParams">32.3. DhKeyGenParams dictionary</a></li><li><a href="#dh-DhKeyAlgorithm">32.4. DhKeyAlgorithm dictionary</a></li><li><a href="#dh-DhKeyDeriveParams">32.5. DhKeyDeriveParams dictionary</a></li><li><a href="#dh-DhImportKeyParams">32.6. DhImportKeyParams dictionary</a></li><li><a href="#dh-operations">32.7. Operations</a></li></ul></li><li><a href="#sha">33. SHA</a><ul><li><a href="#sha-description">33.1. Description</a></li><li><a href="#sha-registration">33.2. Registration</a></li><li><a href="#sha-operations">33.3. Operations</a></li></ul></li><li><a href="#concatkdf">34. Concat KDF</a><ul><li><a href="#concatkdf-description">34.1. Description</a></li><li><a href="#concatkdf-registration">34.2. Registration</a></li><li><a href="#concat-params">34.3. ConcatParams dictionary</a></li><li><a href="#concat-operations">34.4. Operations</a></li></ul></li><li><a href="#hkdf-ctr">35. HKDF-CTR</a><ul><li><a href="#hkdf-ctr-description">35.1. Description</a></li><li><a href="#hkdf-ctr-registration">35.2. Registration</a></li><li><a href="#hkdf-ctr-params">35.3. HkdfCtrParams dictionary</a></li><li><a href="#hkdf2-ctr-operations">35.4. Operations</a></li></ul></li><li><a href="#pbkdf2">36. PBKDF2</a><ul><li><a href="#pbkdf2-description">36.1. Description</a></li><li><a href="#pbkdf2-registration">36.2. Registration</a></li><li><a href="#pbkdf2-params">36.3. Pbkdf2Params dictionary</a></li><li><a href="#pbkdf2-operations">36.4. Operations</a></li></ul></li><li><a href="#examples-section">37. JavaScript Example Code</a><ul><li><a href="#examples-signing">37.1. Generate a signing key pair, sign some data</a></li><li><a href="#examples-symmetric-encryption">37.2. Symmetric Encryption</a></li></ul></li><li><a href="#iana-section">38. IANA Considerations</a><ul><li><a href="#iana-section-jws-jwa">38.1. JSON Web Signature and Encryption Algorithms Registration</a></li><li><a href="#iana-section-jwk">38.2. JSON Web Key Parameters Registration</a></li></ul></li><li><a href="#acknowledgements-section">39. Acknowledgements</a></li><li><a href="#references">40. References</a><ul><li><a href="#normative-references">40.1. Normative References</a></li><li><a href="#informative-references">40.2. Informative References</a></li></ul></li></ul><ul><li><a href="#jwk-mapping">A. Mapping between JSON Web Key / JSON Web Algorithm</a><ul><li><a href="#jwk-mapping-alg">A.1. Algorithm mappings</a></li><li><a href="#jwk-mapping-usage">A.2. Usage mapping</a></li></ul></li><li><a href="#spki-mapping">B. Mapping between Algorithm and SubjectPublicKeyInfo</a></li><li><a href="#pkcs8-mapping">C. Mapping between Algorithm and PKCS#8 PrivateKeyInfo</a></li></ul></div>
+ <div class="toc"><ul><li><a href="#introduction">1. Introduction</a></li><li><a href="#use-cases">2. Use Cases</a><ul><li><a href="#multifactor-authentication">2.1. Multi-factor Authentication</a></li><li><a href="#protected-document">2.2. Protected Document Exchange</a></li><li><a href="#cloud-storage">2.3. Cloud Storage</a></li><li><a href="#document-signing">2.4. Document Signing</a></li><li><a href="#data-integrity-protection">2.5. Data Integrity Protection</a></li><li><a href="#secure-messaging">2.6. Secure Messaging</a></li><li><a href="#jose">2.7. Javascript Object Signing and Encryption (JOSE)</a></li></ul></li><li><a href="#conformance">3. Conformance</a><ul><li><a href="#extensibility">3.1. Extensibility</a></li></ul></li><li><a href="#scope">4. Scope</a><ul><li><a href="#scope-abstraction">4.1. Level of abstraction</a></li><li><a href="#scope-algorithms">4.2. Cryptographic algorithms</a></li><li><a href="#scope-operations">4.3. Operations</a></li><li><a href="#scope-out-of-scope">4.4. Out of scope</a></li></ul></li><li><a href="#concepts">5. Concepts</a><ul><li><a href="#concepts-underlying-implementation">5.1. Underlying Cryptographic Implementation</a></li><li><a href="#concepts-key-storage">5.2. Key Storage</a></li></ul></li><li><a href="#security-considerations">6. Security considerations</a><ul><li><a href="#security-implementers">6.1. Security considerations for implementers</a></li><li><a href="#security-developers">6.2. Security considerations for authors</a></li><li><a href="#security-users">6.3. Security considerations for users</a></li></ul></li><li><a href="#privacy">7. Privacy considerations</a></li><li><a href="#dependencies">8. Dependencies</a></li><li><a href="#terminology">9. Terminology</a></li><li><a href="#crypto-interface">10. Crypto interface</a><ul><li><a href="#Crypto-description">10.1. Description</a></li><li><a href="#Crypto-interface-methods">10.2. Methods and Parameters</a><ul><li><a href="#Crypto-method-getRandomValues">10.2.1. The getRandomValues method</a></li></ul></li><li><a href="#Crypto-interface-attributes">10.3. Attributes</a><ul><li><a href="#Crypto-attribute-subtle">10.3.1. The subtle attribute</a></li></ul></li></ul></li><li><a href="#algorithm-dictionary">11. Algorithm dictionary</a><ul><li><a href="#algorithm-dictionary-members">11.1. Algorithm Dictionary Members</a></li></ul></li><li><a href="#key-algorithm-dictionary">12. KeyAlgorithm dictionary</a><ul><li><a href="#key-algorithm-dictionary-description">12.1. Description</a></li><li><a href="#key-algorithm-dictionary-members">12.2. KeyAlgorithm dictionary members</a></li></ul></li><li><a href="#cryptokey-interface">13. CryptoKey interface</a><ul><li><a href="#cryptokey-interface-description">13.1. Description</a></li><li><a href="#cryptokey-interface-types">13.2. Key interface data types</a></li><li><a href="#cryptokey-interface-internal-slots">13.3. CryptoKey internal slots</a></li><li><a href="#cryptokey-interface-members">13.4. CryptoKey interface members</a></li><li><a href="#cryptokey-interface-clone">13.5. Structured clone algorithm</a></li></ul></li><li><a href="#subtlecrypto-interface">14. SubtleCrypto interface</a><ul><li><a href="#subtlecrypto-interface-description">14.1. Description</a></li><li><a href="#subtlecrypto-interface-datatypes">14.2. Data Types</a></li><li><a href="#subtlecrypto-interface-methods">14.3. Methods and Parameters</a><ul><li><a href="#SubtleCrypto-method-encrypt">14.3.1. The encrypt method</a></li><li><a href="#SubtleCrypto-method-decrypt">14.3.2. The decrypt method</a></li><li><a href="#SubtleCrypto-method-sign">14.3.3. The sign method</a></li><li><a href="#SubtleCrypto-method-verify">14.3.4. The verify method</a></li><li><a href="#SubtleCrypto-method-digest">14.3.5. The digest method</a></li><li><a href="#SubtleCrypto-method-generateKey">14.3.6. The generateKey method</a></li><li><a href="#SubtleCrypto-method-deriveKey">14.3.7. The deriveKey method</a></li><li><a href="#SubtleCrypto-method-deriveBits">14.3.8. The deriveBits method</a></li><li><a href="#SubtleCrypto-method-importKey">14.3.9. The importKey method</a></li><li><a href="#SubtleCrypto-method-exportKey">14.3.10. The exportKey method</a></li><li><a href="#SubtleCrypto-method-wrapKey">14.3.11. The wrapKey method</a></li><li><a href="#SubtleCrypto-method-unwrapKey">14.3.12. The unwrapKey method</a></li></ul></li><li><a href="#SubtleCrypto-Exceptions">14.4. Exceptions</a></li></ul></li><li><a href="#JsonWebKey-dictionary">15. JsonWebKey dictionary</a></li><li><a href="#big-integer">16. BigInteger</a></li><li><a href="#keypair">17. CryptoKeyPair dictionary</a></li><li><a href="#algorithms">18. Algorithms</a><ul><li><a href="#algorithms-section-overview">18.1. Overview</a></li><li><a href="#algorithm-concepts">18.2. Concepts</a><ul><li><a href="#algorithm-concepts-naming">18.2.1. Naming</a></li><li><a href="#algorithm-concepts-operations">18.2.2. Supported Operations</a></li><li><a href="#algorithm-concepts-normalization">18.2.3. Normalization</a></li></ul></li><li><a href="#algorithm-conventions">18.3. Specification Conventions</a></li><li><a href="#algorithm-normalization">18.4. Algorithm Normalization</a><ul><li><a href="#algorithm-normalization-description">18.4.1. Description</a></li><li><a href="#algorithm-normalization-internal">18.4.2. Internal State Objects</a></li><li><a href="#algorithm-normalization-define-an-algorithm">18.4.3. Defining an Algorithm</a></li><li><a href="#algorithm-normalization-normalize-an-algorithm">18.4.4. Normalizing an algorithm</a></li></ul></li><li><a href="#algorithm-recommendations">18.5. Recommendations</a><ul><li><a href="#algorithm-recommendations-authors">18.5.1. For Authors</a></li><li><a href="#algorithm-recommendations-implementers">18.5.2. For Implementers</a></li></ul></li></ul></li><li><a href="#algorithm-overview">19. Algorithm Overview</a></li><li><a href="#rsassa-pkcs1">20. RSASSA-PKCS1-v1_5</a><ul><li><a href="#rsassa-pkcs1-description">20.1. Description</a></li><li><a href="#rsassa-pkcs1-registration">20.2. Registration</a></li><li><a href="#RsaKeyGenParams-dictionary">20.3. RsaKeyGenParams dictionary</a></li><li><a href="#RsaHashedKeyGenParams-dictionary">20.4. RsaHashedKeyGenParams dictionary</a></li><li><a href="#RsaKeyAlgorithm-dictionary">20.5. RsaKeyAlgorithm dictionary</a></li><li><a href="#RsaHashedKeyAlgorithm-dictionary">20.6. RsaHashedKeyAlgorithm dictionary</a></li><li><a href="#RsaHashedImportParams-dictionary">20.7. RsaHashedImportParams dictionary</a></li><li><a href="#rsassa-pkcs1-operations">20.8. Operations</a></li></ul></li><li><a href="#rsa-pss">21. RSA-PSS</a><ul><li><a href="#rsa-pss-description">21.1. Description</a></li><li><a href="#rsa-pss-registration">21.2. Registration</a></li><li><a href="#RsaPssParams-dictionary">21.3. RsaPssParams dictionary</a></li><li><a href="#rsa-pss-operations">21.4. Operations</a></li></ul></li><li><a href="#rsa-oaep">22. RSA-OAEP</a><ul><li><a href="#rsa-oaep-description">22.1. Description</a></li><li><a href="#rsa-oaep-registration">22.2. Registration</a></li><li><a href="#rsa-oaep-params">22.3. RsaOaepParams dictionary</a></li><li><a href="#rsa-oaep-operations">22.4. Operations</a></li></ul></li><li><a href="#ecdsa">23. ECDSA</a><ul><li><a href="#ecdsa-description">23.1. Description</a></li><li><a href="#ecdsa-registration">23.2. Registration</a></li><li><a href="#EcdsaParams-dictionary">23.3. EcdsaParams dictionary</a></li><li><a href="#EcKeyGenParams-dictionary">23.4. EcKeyGenParams dictionary</a></li><li><a href="#EcKeyAlgorithm-dictionary">23.5. EcKeyAlgorithm dictionary</a></li><li><a href="#EcKeyImportParams-dictionary">23.6. EcKeyImportParams dictionary</a></li><li><a href="#ecdsa-operations">23.7. Operations</a></li></ul></li><li><a href="#ecdh">24. ECDH</a><ul><li><a href="#ecdh-description">24.1. Description</a></li><li><a href="#ecdh-registration">24.2. Registration</a></li><li><a href="#dh-EcdhKeyDeriveParams">24.3. EcdhKeyDeriveParams dictionary</a></li><li><a href="#ecdh-operations">24.4. Operations</a></li></ul></li><li><a href="#aes-ctr">25. AES-CTR</a><ul><li><a href="#aes-ctr-description">25.1. Description</a></li><li><a href="#aes-ctr-registration">25.2. Registration</a></li><li><a href="#aes-ctr-params">25.3. AesCtrParams dictionary</a></li><li><a href="#AesKeyAlgorithm-dictionary">25.4. </a></li><li><a href="#aes-keygen-params">25.5. AesKeyGenParams dictionary</a></li><li><a href="#aes-derivedkey-params">25.6. AesDerivedKeyParams dictionary</a></li><li><a href="#aes-ctr-operations">25.7. Operations</a></li></ul></li><li><a href="#aes-cbc">26. AES-CBC</a><ul><li><a href="#aes-cbc-description">26.1. Description</a></li><li><a href="#aes-cbc-registration">26.2. Registration</a></li><li><a href="#aes-cbc-params">26.3. AesCbcParams dictionary</a></li><li><a href="#aes-cbc-operations">26.4. Operations</a></li></ul></li><li><a href="#aes-gcm">27. AES-GCM</a><ul><li><a href="#aes-gcm-description">27.1. Description</a></li><li><a href="#aes-gcm-registration">27.2. Registration</a></li><li><a href="#aes-gcm-params">27.3. AesGcmParams dictionary</a></li><li><a href="#aes-gcm-operations">27.4. Operations</a></li></ul></li><li><a href="#aes-kw">28. AES-KW</a><ul><li><a href="#aes-kw-description">28.1. Description</a></li><li><a href="#aes-kw-registration">28.2. Registration</a></li><li><a href="#aes-kw-operations">28.3. Operations</a></li></ul></li><li><a href="#hmac">29. HMAC</a><ul><li><a href="#hmac-description">29.1. Description</a></li><li><a href="#hmac-registration">29.2. Registration</a></li><li><a href="#hmac-importparams">29.3. HmacImportParams dictionary</a></li><li><a href="#HmacKeyAlgorithm-dictionary">29.4. HmacKeyAlgorithm dictionary</a></li><li><a href="#hmac-keygen-params">29.5. HmacKeyGenParams dictionary</a></li><li><a href="#hmac-operations">29.6. Operations</a></li></ul></li><li><a href="#sha">30. SHA</a><ul><li><a href="#sha-description">30.1. Description</a></li><li><a href="#sha-registration">30.2. Registration</a></li><li><a href="#sha-operations">30.3. Operations</a></li></ul></li><li><a href="#hkdf-ctr">31. HKDF-CTR</a><ul><li><a href="#hkdf-ctr-description">31.1. Description</a></li><li><a href="#hkdf-ctr-registration">31.2. Registration</a></li><li><a href="#hkdf-ctr-params">31.3. HkdfCtrParams dictionary</a></li><li><a href="#hkdf2-ctr-operations">31.4. Operations</a></li></ul></li><li><a href="#pbkdf2">32. PBKDF2</a><ul><li><a href="#pbkdf2-description">32.1. Description</a></li><li><a href="#pbkdf2-registration">32.2. Registration</a></li><li><a href="#pbkdf2-params">32.3. Pbkdf2Params dictionary</a></li><li><a href="#pbkdf2-operations">32.4. Operations</a></li></ul></li><li><a href="#examples-section">33. JavaScript Example Code</a><ul><li><a href="#examples-signing">33.1. Generate a signing key pair, sign some data</a></li><li><a href="#examples-symmetric-encryption">33.2. Symmetric Encryption</a></li></ul></li><li><a href="#iana-section">34. IANA Considerations</a><ul><li><a href="#iana-section-jws-jwa">34.1. JSON Web Signature and Encryption Algorithms Registration</a></li><li><a href="#iana-section-jwk">34.2. JSON Web Key Parameters Registration</a></li></ul></li><li><a href="#acknowledgements-section">35. Acknowledgements</a></li><li><a href="#references">36. References</a><ul><li><a href="#normative-references">36.1. Normative References</a></li><li><a href="#informative-references">36.2. Informative References</a></li></ul></li></ul><ul><li><a href="#jwk-mapping">A. Mapping between JSON Web Key / JSON Web Algorithm</a><ul><li><a href="#jwk-mapping-alg">A.1. Algorithm mappings</a></li><li><a href="#jwk-mapping-usage">A.2. Usage mapping</a></li></ul></li><li><a href="#spki-mapping">B. Mapping between Algorithm and SubjectPublicKeyInfo</a></li><li><a href="#pkcs8-mapping">C. Mapping between Algorithm and PKCS#8 PrivateKeyInfo</a></li></ul></div>
</div>
<div id="sections">
@@ -3389,21 +3389,6 @@
<td>✔</td>
</tr>
<tr>
- <td><a href="#aes-cmac">AES-CMAC</a></td>
- <td></td>
- <td></td>
- <td>✔</td>
- <td>✔</td>
- <td></td>
- <td>✔</td>
- <td></td>
- <td></td>
- <td>✔</td>
- <td>✔</td>
- <td></td>
- <td></td>
- </tr>
- <tr>
<td><a href="#aes-gcm">AES-GCM</a></td>
<td>✔</td>
<td>✔</td>
@@ -3419,21 +3404,6 @@
<td>✔</td>
</tr>
<tr>
- <td><a href="#aes-cfb">AES-CFB</a></td>
- <td>✔</td>
- <td>✔</td>
- <td></td>
- <td></td>
- <td></td>
- <td>✔</td>
- <td></td>
- <td></td>
- <td>✔</td>
- <td>✔</td>
- <td>✔</td>
- <td>✔</td>
- </tr>
- <tr>
<td><a href="#aes-kw">AES-KW</a></td>
<td></td>
<td></td>
@@ -3464,21 +3434,6 @@
<td></td>
</tr>
<tr>
- <td><a href="#dh">DH</a></td>
- <td></td>
- <td></td>
- <td></td>
- <td></td>
- <td></td>
- <td>✔</td>
- <td>✔</td>
- <td>✔</td>
- <td>✔</td>
- <td>✔</td>
- <td></td>
- <td></td>
- </tr>
- <tr>
<td><a href="#sha">SHA-1</a></td>
<td></td>
<td></td>
@@ -3539,21 +3494,6 @@
<td></td>
</tr>
<tr>
- <td><a href="#concatkdf">CONCAT</a></td>
- <td></td>
- <td></td>
- <td></td>
- <td></td>
- <td></td>
- <td></td>
- <td>✔</td>
- <td>✔</td>
- <td>✔</td>
- <td></td>
- <td></td>
- <td></td>
- </tr>
- <tr>
<td><a href="#hkdf-ctr">HKDF-CTR</a></td>
<td></td>
<td></td>
@@ -12159,523 +12099,19 @@
</div>
</div>
- <div id="aes-cmac" class="section">
- <h3>27. AES-CMAC</h3>
- <div id="aes-cmac-description" class="section">
+ <div id="aes-gcm" class="section">
+ <h3>27. AES-GCM</h3>
+ <div id="aes-gcm-description" class="section">
<h4>27.1. Description</h4>
<p class="norm">This section is non-normative.</p>
<p>
- The <code>"AES-CMAC"</code> algorithm identifier is used to perform
- message authentication using AES with a cipher-based MAC, as
- described in [<a href="#SP800-38B">NIST SP800-38B</a>].
- </p>
- </div>
- <div id="aes-cmac-registration" class="section">
- <h4>27.2. Registration</h4>
- <p>
- The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
- this algorithm is <code>"AES-CMAC"</code>.
- </p>
- <table>
- <thead>
- <tr>
- <th><a href="#supported-operations">Operation</a></th>
- <th><a href="#algorithm-specific-params">Parameters</a></th>
- <th><a href="#algorithm-result">Result</a></th>
- </tr>
- </thead>
- <tbody>
- <tr>
- <td>sign</td>
- <td><a href="#dfn-AesCmacParams">AesCmacParams</a></td>
- <td>ArrayBuffer</td>
- </tr>
- <tr>
- <td>verify</td>
- <td><a href="#dfn-AesCmacParams">AesCmacParams</a></td>
- <td>boolean</td>
- </tr>
- <tr>
- <td>generateKey</td>
- <td><a href="#dfn-AesKeyGenParams">AesKeyGenParams</a></td>
- <td><a href="#dfn-CryptoKey">CryptoKey</a></td>
- </tr>
- <tr>
- <td>importKey</td>
- <td>None</td>
- <td><a href="#dfn-CryptoKey">CryptoKey</a></td>
- </tr>
- <tr>
- <td>exportKey</td>
- <td>None</td>
- <td>object</td>
- </tr>
- <tr>
- <td>get key length</td>
- <td><a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a></td>
- <td>Integer</td>
- </tr>
- </tbody>
- </table>
- </div>
- <div id="aes-cmac-params" class="section">
- <h4>27.3. AesCmacParams dictionary</h4>
- <div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
-dictionary <dfn id="dfn-AesCmacParams">AesCmacParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-<span class="comment">// The length, in bits, of the MAC.</span>
-[EnforceRange] required unsigned short <dfn id="dfn-AesCmacParams-length">length</dfn>;
-};
- </code></pre></div></div>
- </div>
- <div id="aes-cmac-operations" class="section">
- <h4>27.4. Operations</h4>
- <dl>
- <dt>Sign</dt>
- <dd>
- <ol>
- <li>
- <p>
- Let <var>length</var> equal the <a href="#dfn-AesCmacParams-length">length</a>
- member of <var>normalizedAlgorithm</var>, if present, and 128 otherwise.
- </p>
- </li>
- <li>
- <p>
- If <var>length</var> is zero or greater than 128,
- then <a href="#concept-throw">throw</a> an
- <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>mac</var> be the result of performing the MAC Generation
- operation described in Section 6.2 of
- [<a href="#SP800-38B">NIST SP800-38B</a>] using AES as the block
- cipher, <var>length</var> as the value of the MAC length parameter,
- <var>Tlen</var>, and <var>message</var> as the message, <var>M</var>.
- </p>
- </li>
- <li>
- <p>
- Return <var>mac</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Verify</dt>
- <dd>
- <ol>
- <li>
- <p>
- Let <var>length</var> equal the <a href="#dfn-AesCmacParams-length">length</a>
- member of <var>normalizedAlgorithm</var>, if present, and 128 otherwise.
- </p>
- </li>
- <li>
- <p>
- If <var>length</var> is zero or greater than 128,
- then <a href="#concept-throw">throw</a> an
- <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>output</var> be the result of performing the MAC Verification
- operation described in Section 6.3 of
- [<a href="#SP800-38B">NIST SP 800-38B</a>] using AES as the block
- cipher, <var>length</var> as the value of the MAC length parameter,
- <var>Tlen</var>, <var>message</var> as the message, <var>M</var> and
- <var>signature</var> as the received MAC, <var>T'</var>.
- </p>
- </li>
- <li>
- <p>
- Return true if <var>output</var> is VALID and false otherwise.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Generate Key</dt>
- <dd>
- <ol>
- <li>
- <p>
- If <var>usages</var> contains any entry which is not
- <code>"sign"</code> or <code>"verify"</code>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the <a href="#dfn-AesKeyGenParams-length">length</a> member of
- <var>normalizedAlgorithm</var> is not equal to one of
- 128, 192 or 256,
- then <a href="#concept-throw">throw</a> an
- <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Generate an AES key of length
- equal to the <a href="#dfn-AesKeyGenParams-length">length</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- If the key generation step fails,
- then <a href="#concept-throw">throw</a> an
- <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>key</var> be a new
- <a href="#dfn-CryptoKey">CryptoKey</a> object representing the
- generated AES key.
- </p>
- </li>
- <li>
- <p>
- Let <var>algorithm</var> be a new
- <a href="#dfn-AesKeyAlgorithm">AesKeyAlgorithm</a>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
- <var>algorithm</var> to <code>"AES-CMAC"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
- <var>algorithm</var> to equal the
- <a href="#dfn-AesKeyGenParams-length">length</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
- slot of <var>key</var> to <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal
- slot of <var>key</var> to be <var>extractable</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
- <var>key</var> to be <var>usages</var>.
- </p>
- </li>
- <li>
- <p>
- Return <var>key</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Import Key</dt>
- <dd>
- <ol>
- <li>
- <p>
- If <var>usages</var> contains an entry which is not
- <code>"sign"</code> or <code>"verify"</code>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
- </p>
- </li>
- <li>
- <dl class="switch">
- <dt>If <var>format</var> is <code>"raw"</code>:</dt>
- <dd>
- <ol>
- <li>
- <p>
- Let <var>data</var> be the <a href="#dfn-octet-string">octet string</a> contained in <var>keyData</var>.
- </p>
- </li>
- <li>
- <p>
- If the length in bits of <var>data</var> is not 128, 192 or 256
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
- <dd>
- <ol>
- <li>
- <p>
- Let <var>jwk</var> be the <a href="#dfn-JsonWebKey">JsonWebKey</a>
- dictionary represented by <var>keyData</var>.
- </p>
- </li>
- <li>
- <p>
- If the <code>"kty"</code> field of <var>jwk</var> is not
- to <code>"oct"</code>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If <var>jwk</var> does not meet the requirements of
- Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>data</var> be the <a href="#dfn-octet-string">octet string</a> obtained by decoding the
- <code>"k"</code> field of <var>jwk</var>.
- </p>
- </li>
- <li>
- <dl class="switch">
- <dt>If <var>data</var> has length 128 bits:</dt>
- <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not <code>"A128CMAC"</code>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
- <dt>If <var>data</var> has length 192 bits:</dt>
- <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not <code>"A192CMAC"</code>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
- <dt>If <var>data</var> has length 256 bits:</dt>
- <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not <code>"A256CMAC"</code>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
- <dt>Otherwise:</dt>
- <dd>
- <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </dd>
- </dl>
- </li>
- <li>
- <p>
- If the <code>"use"</code> field of <var>jwk</var> is present, and is
- not <code>"enc"</code>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the <code>"key_ops"</code> field of <var>jwk</var> is present, and
- is invalid according to the requirements of
- <a href="#jwk">JSON Web Key</a> or
- does not contain all of the specified <var>usages</var> values,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the <code>"ext"</code> field of <var>jwk</var> is present and
- has the value false and <var>extractable</var> is true,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Otherwise:</dt>
- <dd>
- <a href="#concept-throw">throw</a> a
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
- </dd>
- </dl>
- </li>
- <li>
- <p>
- Let <var>key</var> be a new <code><a href="#dfn-CryptoKey">CryptoKey</a></code>
- object representing an AES key with value <var>data</var>.
- </p>
- </li>
- <li>
- <p>
- Let <var>algorithm</var> be a new
- <a href="#dfn-AesKeyAlgorithm">AesKeyAlgorithm</a>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
- <var>algorithm</var> to <code>"AES-CMAC"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
- <var>algorithm</var> to the length, in bits, of <var>data</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
- slot of <var>key</var> to <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Return <var>key</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Export Key</dt>
- <dd>
- <ol>
- <li>
- <p>
- If the underlying cryptographic key material represented by the [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of <var>key</var>
- cannot be accessed, then <a href="#concept-throw">throw</a> an <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <dl class="switch">
- <dt>If <var>format</var> is <code>"raw"</code>:</dt>
- <dd>
- <ol>
- <li>
- <p>
- Let <var>data</var> be the raw octets of the key represented by [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
- <var>key</var>.
- </p>
- </li>
- <li>
- <p>
- Let <var>result</var> be a new <code>ArrayBuffer</code> containing
- <var>data</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
- <dd>
- <ol>
- <li>
- <p>
- Let <var>jwk</var> be a new <a href="#dfn-JsonWebKey">JsonWebKey</a>
- dictionary.
- </p>
- </li>
- <li>
- <p>
- Set the <code>kty</code> attribute of <var>jwk</var> to the
- string <code>"oct"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the <code>k</code> attribute of <var>jwk</var> to be a string
- containing the raw octets of the key represented by [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
- <var>key</var>, encoded according to Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>.
- </p>
- </li>
- <li>
- <dl class="switch">
- <dt>If the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
- <var>key</var> is 128:</dt>
- <dd>Set the <code>alg</code> attribute of <var>jwk</var> to
- the string <code>"A128CMAC"</code>.</dd>
- <dt>If the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
- <var>key</var> is 192:</dt>
- <dd>Set the <code>alg</code> attribute of <var>jwk</var> to
- the string <code>"A192CMAC"</code>.</dd>
- <dt>If the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
- <var>key</var> is 256:</dt>
- <dd>Set the <code>alg</code> attribute of <var>jwk</var> to
- the string <code>"A256CMAC"</code>.</dd>
- </dl>
- </li>
- <li>
- <p>
- Set the <code>key_ops</code> attribute of <var>jwk</var> to equal the
- <a href="#dfn-CryptoKey-usages">usages</a> attribute of
- <var>key</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <code>ext</code> attribute of <var>jwk</var> to equal the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal slot
- of <var>key</var>.
- </p>
- </li>
- <li>
- <p>
- Let <var>result</var> be the result of converting <var>jwk</var>
- to an ECMAScript Object, as defined by [<a href="#WebIDL">WebIDL</a>].
- </p>
- </li>
- </ol>
- </dd>
- <dt>Otherwise:</dt>
- <dd>
- <p>
- <a href="#concept-throw">throw</a> a
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
- </p>
- </dd>
- </dl>
- </li>
- <li>
- <p>
- Return <var>result</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Get key length</dt>
- <dd>
- <ol>
- <li>
- <p>
- If the <a href="#dfn-AesDerivedKeyParams-length">length</a> member of
- <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256,
- then <a href="#concept-throw">throw</a> an
- <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Return the <a href="#dfn-AesDerivedKeyParams-length">length</a> member of
- <var>normalizedDerivedKeyAlgorithm</var>.
- </p>
- </li>
- </ol>
- </dd>
- </dl>
- </div>
- </div>
- <div id="aes-gcm" class="section">
- <h3>28. AES-GCM</h3>
- <div id="aes-gcm-description" class="section">
- <h4>28.1. Description</h4>
- <p class="norm">This section is non-normative.</p>
- <p>
The <code>"AES-GCM"</code> algorithm identifier is used to perform
authenticated encryption and decryption using AES in Galois/Counter Mode mode,
as described in [<a href="#SP800-38D">NIST SP 800-38D</a>].
</p>
</div>
<div id="aes-gcm-registration" class="section">
- <h4>28.2. Registration</h4>
+ <h4>27.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"AES-GCM"</code>.
@@ -12723,7 +12159,7 @@
</table>
</div>
<div id="aes-gcm-params" class="section">
- <h4>28.3. AesGcmParams dictionary</h4>
+ <h4>27.3. AesGcmParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-AesGcmParams">AesGcmParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
<span class="comment">// The initialization vector to use. May be up to 2^64-1 bytes long.</span>
@@ -12736,7 +12172,7 @@
</code></pre></div></div>
</div>
<div id="aes-gcm-operations" class="section">
- <h4>28.4. Operations</h4>
+ <h4>27.4. Operations</h4>
<dl>
<dt>Encrypt</dt>
<dd>
@@ -13275,508 +12711,10 @@
</div>
</div>
- <div id="aes-cfb" class="section">
- <h3>29. AES-CFB</h3>
- <div id="aes-cfb-description" class="section">
- <h4>29.1. Description</h4>
- <p class="norm">This section is non-normative.</p>
- <p>
- The <code>"AES-CFB-8"</code> algorithm identifier is used to perform
- encryption and decryption using AES in Cipher Feedback mode, specifically CFB-8,
- as described in Section 6.3 of
- [<a href="#SP800-38A">NIST SP800-38A</a>].
- </p>
- </div>
- <div id="aes-cfb-registration" class="section">
- <h4>29.2. Registration</h4>
- <p>
- The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
- this algorithm is <code>"AES-CFB-8"</code>.
- </p>
- <table>
- <thead>
- <tr>
- <th><a href="#supported-operations">Operation</a></th>
- <th><a href="#algorithm-specific-params">Parameters</a></th>
- <th><a href="#algorithm-result">Result</a></th>
- </tr>
- </thead>
- <tbody>
- <tr>
- <td>encrypt</td>
- <td><a href="#dfn-AesCfbParams">AesCfbParams</a></td>
- <td>ArrayBuffer</td>
- </tr>
- <tr>
- <td>decrypt</td>
- <td><a href="#dfn-AesCfbParams">AesCfbParams</a></td>
- <td>ArrayBuffer</td>
- </tr>
- <tr>
- <td>generateKey</td>
- <td><a href="#dfn-AesKeyGenParams">AesKeyGenParams</a></td>
- <td><a href="#dfn-CryptoKey">CryptoKey</a></td>
- </tr>
- <tr>
- <td>importKey</td>
- <td>None</td>
- <td><a href="#dfn-CryptoKey">CryptoKey</a></td>
- </tr>
- <tr>
- <td>exportKey</td>
- <td>None</td>
- <td>object</td>
- </tr>
- <tr>
- <td>get key length</td>
- <td><a href="#dfn-AesDerivedKeyParams">AesDerivedKeyParams</a></td>
- <td>Integer</td>
- </tr>
- </tbody>
- </table>
- </div>
- <div id="aes-cfb-params" class="section">
- <h4>29.3. AesCfbParams dictionary</h4>
- <div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
-dictionary <dfn id="dfn-AesCfbParams">AesCfbParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-<span class="comment">// The initialization vector. <span class="RFC2119">MUST</span> be 16 bytes.</span>
-required BufferSource <dfn id="dfn-AesCfbParams-iv">iv</dfn>;
-};
- </code></pre></div></div>
- </div>
- <div id="aes-cfb-operations" class="section">
- <h4>29.4. Operations</h4>
- <dl>
- <dt>Encrypt</dt>
- <dd>
- <ol>
- <li>
- <p>
- If the <a href="#dfn-AesCfbParams-iv">iv</a> member of
- <var>normalizedAlgorithm</var> does not have length 16 bytes, then <a href="#concept-throw">throw</a> an <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>ciphertext</var> be the result of performing the CFB Encryption
- operation described in Section 6.3 of [<a href="#SP800-38A">NIST SP800-38A</a>] using AES as the block cipher, <a href="#concept-contents-of-arraybuffer">the contents of</a> the <a href="#dfn-AesCfbParams-iv">iv</a> member of <var>normalizedAlgorithm</var> as
- the <var>IV</var> input parameter, the value 8 as the input parameter
- <var>s</var>, and <a href="#concept-contents-of-arraybuffer">the contents
- of<var>plaintext</var></a> as the input plaintext.
- </p>
- </li>
- <li>
- <p>
- Return <var>ciphertext</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Decrypt</dt>
- <dd>
- <ol>
- <li>
- <p>
- If the <a href="#dfn-AesCfbParams-iv">iv</a> member of
- <var>normalizedAlgorithm</var> does not have length 16 bytes, then <a href="#concept-throw">throw</a> an <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>plaintext</var> be the result of performing the CFB Decryption
- operation described in Section 6.3 of [<a href="#SP800-38A">NIST SP800-38A</a>] using AES as the block cipher, <a href="#concept-contents-of-arraybuffer">the contents of</a> the <a href="#dfn-AesCfbParams-iv">iv</a> member of <var>normalizedAlgorithm</var> as
- the <var>IV</var> input parameter, the the value 8 as the input parameter
- <var>s</var>, and <a href="#concept-contents-of-arraybuffer">the contents of
- <var>ciphertext</var></a> as the input ciphertext.
- </p>
- </li>
- <li>
- <p>
- Return <var>plaintext</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Generate Key</dt>
- <dd>
- <ol>
- <li>
- <p>
- If <var>usages</var> contains any entry which is not one of
- <code>"encrypt"</code>, <code>"decrypt"</code>, <code>"wrapKey"</code> or
- <code>"unwrapKey"</code>, then <a href="#concept-throw">throw</a> a <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the <a href="#dfn-AesKeyGenParams-length">length</a> member of
- <var>normalizedAlgorithm</var> is not equal to one of 128, 192 or 256, then <a href="#concept-throw">throw</a> an <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Generate an AES key of length equal to the <a href="#dfn-AesKeyGenParams-length">length</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- If the key generation step fails,
- then <a href="#concept-throw">throw</a> an
- <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>key</var> be a new
- <a href="#dfn-CryptoKey">CryptoKey</a> object representing the
- generated AES key.
- </p>
- </li>
- <li>
- <p>
- Let <var>algorithm</var> be a new
- <a href="#dfn-AesKeyAlgorithm">AesKeyAlgorithm</a>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
- <var>algorithm</var> to <code>"AES-CFB-8"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
- <var>algorithm</var> to equal the
- <a href="#dfn-AesKeyGenParams-length">length</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
- slot of <var>key</var> to <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal
- slot of <var>key</var> to be <var>extractable</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
- <var>key</var> to be <var>usages</var>.
- </p>
- </li>
- <li>
- <p>
- Return <var>key</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Import Key</dt>
- <dd>
- <ol>
- <li>
- <p>
- If <var>usages</var> contains an entry which is not
- one of <code>"encrypt"</code>, <code>"decrypt"</code>,
- <code>"wrapKey"</code> or <code>"unwrapKey"</code>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
- </p>
- </li>
- <li>
- <dl class="switch">
- <dt>If <var>format</var> is <code>"raw"</code>:</dt>
- <dd>
- <ol>
- <li>
- <p>
- Let <var>data</var> be the <a href="#dfn-octet-string">octet string</a> contained in <var>keyData</var>.
- </p>
- </li>
- <li>
- <p>
- If the length in bits of <var>data</var> is not 128, 192 or 256
-
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
- <dd>
- <ol>
- <li>
- <p>
- Let <var>jwk</var> be the <a href="#dfn-JsonWebKey">JsonWebKey</a>
- dictionary represented by <var>keyData</var>.
- </p>
- </li>
- <li>
- <p>
- If the <code>"kty"</code> field of <var>jwk</var> is not
- <code>"oct"</code>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If <var>jwk</var> does not meet the requirements of
- Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>data</var> be the <a href="#dfn-octet-string">octet string</a> obtained by decoding the
- <code>"k"</code> field of <var>jwk</var>.
- </p>
- </li>
- <li>
- <dl class="switch">
- <dt>If <var>data</var> has length 128 bits:</dt>
- <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not <code>"A128CFB8"</code>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
- <dt>If <var>data</var> has length 192 bits:</dt>
- <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not <code>"A192CFB8"</code>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
- <dt>If <var>data</var> has length 256 bits:</dt>
- <dd>If the <code>"alg"</code> field of <var>jwk</var> is present, and is
- not <code>"A256CFB8"</code>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
- <dt>Otherwise:</dt>
- <dd>
- <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.</dd>
- </dl>
- </li>
- <li>
- <p>
- If the <code>"use"</code> field of <var>jwk</var> is present, and is
- not <code>"enc"</code>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the <code>"key_ops"</code> field of <var>jwk</var> is present, and
- is invalid according to the requirements of
- <a href="#jwk">JSON Web Key</a> or
- does not contain all of the specified <var>usages</var> values,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the <code>"ext"</code> field of <var>jwk</var> is present and
- has the value false and <var>extractable</var> is true,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Otherwise:</dt>
- <dd>
- <a href="#concept-throw">throw</a> a
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
- </dd>
- </dl>
- </li>
- <li>
- <p>
- Let <var>key</var> be a new <code><a href="#dfn-CryptoKey">CryptoKey</a></code>
- object representing an AES key with value <var>data</var>.
- </p>
- </li>
- <li>
- <p>
- Let <var>algorithm</var> be a new
- <a href="#dfn-AesKeyAlgorithm">AesKeyAlgorithm</a>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
- <var>algorithm</var> to <code>"AES-CFB-8"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
- <var>algorithm</var> to the length, in bits, of <var>data</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
- slot of <var>key</var> to <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal
- slot of <var>key</var> to <var>extractable</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
- <var>key</var> to the <a href="#concept-normalized-usages">normalized
- value</a> of <var>usages</var>.
- </p>
- </li>
- <li>
- <p>
- Return <var>key</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Export Key</dt>
- <dd>
- <ol>
- <li>
- <p>
- If the underlying cryptographic key material represented by the [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of <var>key</var>
- cannot be accessed, then <a href="#concept-throw">throw</a> an <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <dl class="switch">
- <dt>If <var>format</var> is <code>"raw"</code>:</dt>
- <dd>
- <ol>
- <li>
- <p>
- Let <var>data</var> be the raw octets of the key represented by [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
- <var>key</var>.
- </p>
- </li>
- <li>
- <p>
- Let <var>result</var> be a new <code>ArrayBuffer</code> containing
- <var>data</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>If <var>format</var> is <code>"jwk"</code>:</dt>
- <dd>
- <ol>
- <li>
- <p>
- Let <var>jwk</var> be a new <a href="#dfn-JsonWebKey">JsonWebKey</a>
- dictionary.
- </p>
- </li>
- <li>
- <p>
- Set the <code>kty</code> attribute of <var>jwk</var> to the
- string <code>"oct"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the <code>k</code> attribute of <var>jwk</var> to be a string
- containing the raw octets of the key represented by [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
- <var>key</var>, encoded according to Section 6.4 of <a href="#jwa">JSON Web Algorithms</a>.
- </p>
- </li>
- <li>
- <dl class="switch">
- <dt>If the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
- <var>key</var> is 128:</dt>
- <dd>Set the <code>alg</code> attribute of <var>jwk</var> to
- the string <code>"A128CFB8"</code>.</dd>
- <dt>If the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
- <var>key</var> is 192:</dt>
- <dd>Set the <code>alg</code> attribute of <var>jwk</var> to
- the string <code>"A192CFB8"</code>.</dd>
- <dt>If the <a href="#dfn-AesKeyAlgorithm-length">length</a> attribute of
- <var>key</var> is 256:</dt>
- <dd>Set the <code>alg</code> attribute of <var>jwk</var> to
- the string <code>"A256CFB8"</code>.</dd>
- </dl>
- </li>
- <li>
- <p>
- Set the <code>key_ops</code> attribute of <var>jwk</var> to equal the
- <a href="#dfn-CryptoKey-usages">usages</a> attribute of
- <var>key</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <code>ext</code> attribute of <var>jwk</var> to equal the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal slot
- of <var>key</var>.
- </p>
- </li>
- <li>
- <p>
- Let <var>result</var> be the result of converting <var>jwk</var>
- to an ECMAScript Object, as defined by [<a href="#WebIDL">WebIDL</a>].
- </p>
- </li>
- </ol>
- </dd>
- <dt>Otherwise:</dt>
- <dd>
- <p>
- <a href="#concept-throw">throw</a> a
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
- </p>
- </dd>
- </dl>
- </li>
- <li>
- <p>
- Return <var>result</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Get key length</dt>
- <dd>
- <ol>
- <li>
- <p>
- If the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
- <var>normalizedDerivedKeyAlgorithm</var> is not 128, 192 or 256, then <a href="#concept-throw">throw</a> an <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Return the <a href="#dfn-AesDerivedKeyParams-length">length</a> property of
- <var>normalizedDerivedKeyAlgorithm</var>.
- </p>
- </li>
- </ol>
- </dd>
- </dl>
- </div>
- </div>
-
<div id="aes-kw" class="section">
- <h3>30. AES-KW</h3>
+ <h3>28. AES-KW</h3>
<div id="aes-kw-description" class="section">
- <h4>30.1. Description</h4>
+ <h4>28.1. Description</h4>
<p class="norm">This section is non-normative.</p>
<p>
The <code>"AES-KW"</code> algorithm identifier is used to perform
@@ -13785,7 +12723,7 @@
</p>
</div>
<div id="aes-kw-registration" class="section">
- <h4>30.2. Registration</h4>
+ <h4>28.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"AES-KW"</code>.
@@ -13833,7 +12771,7 @@
</table>
</div>
<div id="aes-kw-operations" class="section">
- <h4>30.3. Operations</h4>
+ <h4>28.3. Operations</h4>
<dl>
<dt>Wrap Key</dt>
<dd>
@@ -14241,9 +13179,9 @@
</div>
<div id="hmac" class="section">
- <h3>31. HMAC</h3>
+ <h3>29. HMAC</h3>
<div id="hmac-description" class="section">
- <h4>31.1. Description</h4>
+ <h4>29.1. Description</h4>
<p class="norm">This section is non-normative.</p>
<p>
The <code>HMAC</code> algorithm calculates and verifies hash-based message
@@ -14260,7 +13198,7 @@
</div>
<div id="hmac-registration" class="section">
- <h4>31.2. Registration</h4>
+ <h4>29.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"HMAC"</code>.
@@ -14308,7 +13246,7 @@
</table>
</div>
<div id="hmac-importparams" class="section">
- <h4>31.3. HmacImportParams dictionary</h4>
+ <h4>29.3. HmacImportParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-HmacImportParams">HmacImportParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
<span class="comment">// The inner hash function to use.</span>
@@ -14319,7 +13257,7 @@
</code></pre></div></div>
</div>
<div id="HmacKeyAlgorithm-dictionary" class="section">
- <h4>31.4. HmacKeyAlgorithm dictionary</h4>
+ <h4>29.4. HmacKeyAlgorithm dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-HmacKeyAlgorithm">HmacKeyAlgorithm</dfn> : <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a> {
<span class="comment">// The inner hash function to use.</span>
@@ -14330,7 +13268,7 @@
</code></pre></div></div>
</div>
<div id="hmac-keygen-params" class="section">
- <h4>31.5. HmacKeyGenParams dictionary</h4>
+ <h4>29.5. HmacKeyGenParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-HmacKeyGenParams">HmacKeyGenParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
<span class="comment">// The inner hash function to use.</span>
@@ -14343,7 +13281,7 @@
</code></pre></div></div>
</div>
<div id="hmac-operations" class="section">
- <h4>31.6. Operations</h4>
+ <h4>29.6. Operations</h4>
<dl>
<dt>Sign</dt>
<dd>
@@ -15045,843 +13983,17 @@
</dl>
</div>
</div>
- <div id="dh" class="section">
- <h3>32. Diffie-Hellman</h3>
- <div id="dh-description" class="section">
- <h4>32.1. Description</h4>
- <p class="norm">This section is non-normative.</p>
- <p>
- This describes using Diffie-Hellman for key generation and key agreement, as specified
- by <a href="#PKCS3">PKCS #3</a>.
- </p>
- </div>
- <div id="dh-registration" class="section">
- <h4>32.2. Registration</h4>
- <p>
- The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
- this algorithm is <code>"DH"</code>.
- </p>
- <table>
- <thead>
- <tr>
- <th><a href="#supported-operations">Operation</a></th>
- <th><a href="#algorithm-specific-params">Parameters</a></th>
- <th><a href="#algorithm-result">Result</a></th>
- </tr>
- </thead>
- <tbody>
- <tr>
- <td>generateKey</td>
- <td><a href="#dfn-DhKeyGenParams">DhKeyGenParams</a></td>
- <td><a href="#dfn-CryptoKeyPair">CryptoKeyPair</a></td>
- </tr>
- <tr>
- <td>deriveBits</td>
- <td><a href="#dfn-DhKeyDeriveParams">DhKeyDeriveParams</a></td>
- <td><a href="#dfn-octet-string">Octet string</a></td>
- </tr>
- <tr>
- <td>importKey</td>
- <td><a href="#dfn-DhImportKeyParams">DhImportKeyParams</a></td>
- <td><a href="#dfn-CryptoKey">CryptoKey</a></td>
- </tr>
- <tr>
- <td>exportKey</td>
- <td>None</td>
- <td>object</td>
- </tr>
- </tbody>
- </table>
- </div>
- <div id="dh-DhKeyGenParams" class="section">
- <h4>32.3. DhKeyGenParams dictionary</h4>
- <div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
-dictionary <dfn id="dfn-DhKeyGenParams">DhKeyGenParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-<span class="comment">// The prime p.</span>
-required BigInteger <dfn id="dfn-DhKeyGenParams-prime">prime</dfn>;
-<span class="comment">// The base g.</span>
-required BigInteger <dfn id="dfn-DhKeyGenParams-generator">generator</dfn>;
-};
- </code></pre></div></div>
- </div>
- <div id="dh-DhKeyAlgorithm" class="section">
- <h4>32.4. DhKeyAlgorithm dictionary</h4>
- <div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
-dictionary <dfn id="dfn-DhKeyAlgorithm">DhKeyAlgorithm</dfn> : <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a> {
-<span class="comment">// The prime p.</span>
-required BigInteger <dfn id="dfn-DhKeyAlgorithm-prime">prime</dfn>;
-<span class="comment">// The base g.</span>
-required BigInteger <dfn id="dfn-DhKeyAlgorithm-generator">generator</dfn>;
-};
- </code></pre></div></div>
- </div>
- <div id="dh-DhKeyDeriveParams" class="section">
- <h4>32.5. DhKeyDeriveParams dictionary</h4>
- <div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
-dictionary <dfn id="dfn-DhKeyDeriveParams">DhKeyDeriveParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-<span class="comment">// The peer's public value.</span>
-required <a href="#dfn-CryptoKey">CryptoKey</a> <dfn id="dfn-DhKeyDeriveParams-public">public</dfn>;
-};
- </code></pre></div></div>
- </div>
- <div id="dh-DhImportKeyParams" class="section">
- <h4>32.6. DhImportKeyParams dictionary</h4>
- <div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
-dictionary <dfn id="dfn-DhImportKeyParams">DhImportKeyParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-<span class="comment">// The prime p.</span>
-required BigInteger <dfn id="dfn-DhImportKeyParams-prime">prime</dfn>;
-<span class="comment">// The base g.</span>
-required BigInteger <dfn id="dfn-DhImportKeyParams-generator">generator</dfn>;
-};
- </code></pre></div></div>
- </div>
- <div id="dh-operations" class="section">
- <h4>32.7. Operations</h4>
- <dl>
- <dt>Generate Key</dt>
- <dd>
- <ol>
- <li>
- <p>
- If <var>usages</var> contains a value which is not
- one of <code>"deriveKey"</code> or <code>"deriveBits"</code>,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Generate a Diffie-Hellman key pair, as defined in Section 7 of
- [<a href="#PKCS3">PKCS #3</a>], with prime, <var>p</var>, and base,
- <var>g</var>, as specified in the
- <a href="#dfn-DhKeyGenParams-prime">prime</a> and
- <a href="#dfn-DhKeyGenParams-generator">generator</a> properties of
- <var>normalizedAlgorithm</var>, respectively.
- </p>
- </li>
- <li>
- <p>
- If performing the operation results in an error,
- then <a href="#concept-throw">throw</a> an
- <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>algorithm</var> be a new
- <a href="#dfn-DhKeyAlgorithm">DhKeyAlgorithm</a>
- object.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Algorithm-name">name</a> member of
- <var>algorithm</var> to <code>"DH"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-DhKeyAlgorithm-prime">prime</a>
- attribute of <var>algorithm</var> to equal the
- <a href="#dfn-DhKeyGenParams-prime">prime</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-DhKeyAlgorithm-generator">generator</a>
- attribute of <var>algorithm</var> to equal the
- <a href="#dfn-DhKeyGenParams-generator">generator</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Let <var>publicKey</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
- representing the public key of the generated key pair.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
- <var>publicKey</var> to <code>"public"</code>
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
- slot of <var>publicKey</var> to <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal
- slot of <var>publicKey</var> to true.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
- <var>publicKey</var> to be the empty list.
- </p>
- </li>
- <li>
- <p>
- Let <var>privateKey</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
- representing the private key of the generated key pair.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
- <var>privateKey</var> to <code>"private"</code>
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
- slot of <var>privateKey</var> to <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-extractable">extractable</a>]] internal
- slot of <var>privateKey</var> to <var>extractable</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-usages">usages</a>]] internal slot of
- <var>privateKey</var> to be <var>usages</var>.
- </p>
- </li>
- <li>
- <p>
- Let <var>result</var> be a new <a href="#dfn-CryptoKeyPair">CryptoKeyPair</a>
- dictionary.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-CryptoKeyPair-publicKey">publicKey</a> attribute
- of <var>result</var> to be <var>publicKey</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-CryptoKeyPair-privateKey">privateKey</a> attribute
- of <var>result</var> to be <var>privateKey</var>.
- </p>
- </li>
- <li>
- <p>
- Return the result of converting <var>result</var> to an ECMAScript Object, as
- defined by [<a href="#WebIDL">WebIDL</a>].
- </p>
- </li>
- </ol>
- </dd>
- <dt>Derive Bits</dt>
- <dd>
- <ol>
- <li>
- <p>
- If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
- <var>key</var> is not <code>"private"</code>, then <a href="#concept-throw">throw</a> an <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>publicKey</var> be the
- <a href="#dfn-DhKeyDeriveParams-public">public</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- If the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
- <var>publicKey</var> is not <code>"DH"</code>, then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
- <var>publicKey</var> is not <code>"public"</code>, then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
- <var>publicKey</var> is not equal to the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
- <var>key</var>, then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the <a href="#dfn-DhKeyAlgorithm-generator">generator</a> attribute of the
- [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
- <var>publicKey</var> is not equal to the <a href="#dfn-DhKeyAlgorithm-generator">generator</a> attribute of the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal slot of
- <var>key</var>, then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Perform the Diffie-Hellman Phase II algorithm as specified in Section 8 of [<a href="#PKCS3">PKCS #3</a>] with <var>key</var> as the DH private value
- <var>x</var> and the Diffie-Hellman public value represented by the [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of the <a href="#dfn-DhKeyDeriveParams-public">public</a> member of
- <var>normalizedAlgorithm</var> as the other's public value <var>PV'</var>.
- </p>
- <dl class="switch">
- <dt>If performing the operation results in an error:</dt>
- <dd>
- <a href="#concept-throw">throw</a> an
- <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </dd>
- <dt>Otherwise:</dt>
- <dd>
- Let <var>secret</var> be the output of the DH Phase II, <var>SK</var>.
- </dd>
- </dl>
- </li>
- <li>
- <dl class="switch">
- <dt>
- If the length of <var>secret</var> in bits is less than
- <var>length</var>:
- </dt>
- <dd>
- <a href="#concept-throw">throw</a> an
- <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </dd>
- <dt>Otherwise:</dt>
- <dd>Return the first <var>length</var> bits of <var>secret</var>.</dd>
- </dl>
- </li>
- </ol>
- </dd>
- <dt>Import Key</dt>
- <dd>
- <dl class="switch">
- <dt>
- If <var>format</var> is <code>"raw"</code>:
- </dt>
- <dd>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div>
- <p>
- Raw import of private values is presently not supported.
- </p>
- </div>
- <ol>
- <li>
- <p>
- If <var>usages</var> is not empty
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If <var>extractable</var> is false,
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>PV</var> be the integer which results from interpreting the
- octets of <var>keyData</var> as an unsigned big integer with most
- significant octet first.
- </p>
- </li>
- <li>
- <p>
- Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
- representing a Diffie-Hellman public key with public value <var>PV</var>
- and with prime, <var>p</var> and base, <var>g</var> equal to the <a href="#dfn-DhImportKeyParams-prime">prime</a> and <a href="#dfn-DhImportKeyParams-generator">generator</a> properties of
- <var>normalizedAlgorithm</var> respectively.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
- <var>key</var> to <code>"public"</code>.
- </p>
- </li>
- <li>
- <p>
- Let <var>algorithm</var> be a new <a href="#dfn-DhKeyAlgorithm">DhKeyAlgorithm</a>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Algorithm-name">name</a> attribute of
- <var>algorithm</var> to <code>"DH"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of
- <var>algorithm</var> to equal the <a href="#dfn-DhImportKeyParams-prime">prime</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-DhKeyAlgorithm-generator">generator</a> attribute of
- <var>algorithm</var> to equal the <a href="#dfn-DhImportKeyParams-generator">generator</a> member of
- <var>normalizedAlgorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
- slot of <var>key</var> to <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Return <var>key</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>
- If <var>format</var> is <code>"spki"</code>:
- </dt>
- <dd>
- <ol>
- <li>
- <p>
- If <var>usages</var> is not empty
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>spki</var> be the result of running the <a href="#concept-parse-a-spki">parse a subjectPublicKeyInfo</a> algorithm
- over <var>keyData</var>.
- </p>
- </li>
- <li>
- <p>
- If an error occurred while parsing, then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the <code>algorithm</code> object identifier field of the
- <code>algorithm</code> AlgorithmIdentifier field of <var>spki</var> is not
- equivalent to the <code>dhKeyAgreement</code> OID defined in Section 9 of
- [<a href="#PKCS3">PKCS #3</a>], then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the <code>parameters</code> field of the <code>algorithm</code>
- AlgorithmIdentifier field of <var>spki</var> is absent, then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>params</var> be the <code>parameters</code> field of the
- <code>algorithm</code> AlgorithmIdentifier field of <var>spki</var>.
- </p>
- </li>
- <li>
- <p>
- If <var>params</var> is not an instance of the <code>DHParameter</code>
- ASN.1 type defined in Section 9 of <a href="#PKCS3">PKCS #3</a>, then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
- representing the Diffie-Hellman public key obtained by parsing the
- <code>subjectPublicKey</code> field of <var>spki</var> as an ASN.1
- INTEGER.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
- <var>key</var> to <code>"public"</code>.
- </p>
- </li>
- <li>
- <p>
- Let <var>algorithm</var> be a new <a href="#dfn-DhKeyAlgorithm">DhKeyAlgorithm</a>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Algorithm-name">name</a> member of
- <var>algorithm</var> to <code>"DH"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of
- <var>algorithm</var> to a new <code>BigInteger</code> equal to the
- <a href="#dfn-octet-string">octet string</a> encoding of the <code>prime</code> field of
- <var>params</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-DhKeyAlgorithm-generator">generator</a> attribute of
- <var>algorithm</var> to a new <code>BigInteger</code> equal to the
- <a href="#dfn-octet-string">octet string</a> encoding of the <code>base</code> field of
- <var>params</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
- slot of <var>key</var> to <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Return <var>key</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>
- If <var>format</var> is <code>"pkcs8"</code>:
- </dt>
- <dd>
- <ol>
- <li>
- <p>
- If <var>usages</var> contains a value which is not one of
- <code>"deriveKey"</code> or <code>"deriveBits"</code>, then <a href="#concept-throw">throw</a> a <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>privateKeyInfo</var> be the result of running the
- <a href="#concept-parse-a-privateKeyInfo">parse a privateKeyInfo</a>
- algorithm over <var>keyData</var>.
- </p>
- </li>
- <li>
- <p>
- If an error occurred while parsing, then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the <code>algorithm</code> object identifier field of the
- <code>algorithm</code> AlgorithmIdentifier field of
- <var>privateKeyInfo</var> is not equivalent to the
- <code>dhKeyAgreement</code> OID defined in Section 9 of [<a href="#PKCS3">PKCS #3</a>], then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- If the <code>parameters</code> field of the
- <code>privateKeyAlgorithm</code> PrivateKeyAlgorithmIdentifier field of
- <var>privateKeyInfo</var> is absent, then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>params</var> be the <code>parameters</code> field of the
- <code>privateKeyAlgorithm</code> PrivateKeyAlgorithmIdentifier field of
- <var>privateKeyInfo</var>.
- </p>
- </li>
- <li>
- <p>
- If <var>params</var> is not an instance of the <code>DHParameter</code>
- ASN.1 type defined in Section 9 of <a href="#PKCS3">PKCS #3</a>, then <a href="#concept-throw">throw</a> a <a href="#dfn-DataError"><code>DataError</code></a>.
- </p>
- </li>
- <li>
- Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
- representing the Diffie-Hellman private key obtained by parsing the
- <code>privateKey</code> field of <var>privateKeyInfo</var> as an ASN.1
- INTEGER.
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
- <var>key</var> to <code>"private"</code>.
- </p>
- </li>
- <li>
- <p>
- Let <var>algorithm</var> be a new
- <a href="#dfn-DhKeyAlgorithm">DhKeyAlgorithm</a>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-Algorithm-name">name</a> member of
- <var>algorithm</var> to <code>"DH"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of
- <var>algorithm</var> to a new <code>BigInteger</code> equal to the
- <a href="#dfn-octet-string">octet string</a> encoding of the <code>prime</code> field of
- <var>params</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-DhKeyAlgorithm-generator">generator</a> attribute of
- <var>algorithm</var> to a new <code>BigInteger</code> equal to the
- <a href="#dfn-octet-string">octet string</a> encoding of the <code>base</code> field of
- <var>params</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
- slot of <var>key</var> to <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Return <var>key</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Otherwise:</dt>
- <dd>
- <a href="#concept-throw">throw</a> a
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
- </dd>
- </dl>
- </dd>
- <dt>Export Key</dt>
- <dd>
- <ol>
- <li>
- <p>
- If the underlying cryptographic key material represented by the [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of <var>key</var>
- cannot be accessed, then <a href="#concept-throw">throw</a> an <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <dl class="switch">
- <dt>
- If <var>format</var> is <code>"raw"</code>:
- </dt>
- <dd>
- <ol>
- <li>
- <dl class="switch">
- <dt>
- If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
- of <var>key</var> is <code>"public"</code>:
- </dt>
- <dd>
- Let <var>data</var> be the Public Value, <var>PV</var>, associated
- with <var>key</var> as specified in Section 7 of [<a href="#PKCS3">PKCS #3</a>].
- </dd>
- <dt>
- If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
- of <var>key</var> is <code>"private"</code>:
- </dt>
- <dd>
- Let <var>data</var> be the <a href="#dfn-octet-string">octet string</a> that represents the private
- value <var>x</var> associated with <var>key</var> as a big integer,
- most significant octet first.
- </dd>
- </dl>
- </li>
- <li>
- <p>
- Let <var>result</var> be a new <code>ArrayBuffer</code> containing
- <var>data</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>
- If <var>format</var> is <code>"spki"</code>:
- </dt>
- <dd>
- <ol>
- <li>
- <p>
- If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
- of <var>key</var> is not <code>"public"</code>, then <a href="#concept-throw">throw</a> an <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>data</var> be an instance of the <code>subjectPublicKeyInfo</code>
- ASN.1 structure defined in <a href="#RFC5280">RFC 5280</a>
- with the following properties:
- </p>
- <ul>
- <li>
- <p>
- Set the <var>algorithmIdentifier</var> field to an
- <code>AlgorithmIdentifier</code> ASN.1 structure with the
- following properties:
- </p>
- <ul>
- <li>
- <p>
- Set the <var>algorithm</var> field to the
- <code>dhKeyAgreement</code> OID defined in Section 9 of <a href="#PKCS3">PKCS #3</a>.
- </p>
- </li>
- <li>
- <p>
- Set the <var>parameters</var> field to an instance of the
- <code>DHParams</code> ASN.1 structure defined in Section 9 of
- <a href="#PKCS3">PKCS #3</a> with the following properties:
- </p>
- <ul>
- <li>
- <p>
- Set the <var>prime</var> field to an ASN.1 INTEGER that is
- equivalent to the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of
- the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
- internal slot of <var>key</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <var>base</var> field to an ASN.1 INTEGER that is
- equivalent to the <a href="#dfn-DhKeyAlgorithm-generator">generator</a>
- attribute of the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
- internal slot of <var>key</var>.
- </p>
- </li>
- </ul>
- </li>
- </ul>
- </li>
- <li>
- <p>
- Set the <var>subjectPublicKey</var> to an ASN.1 INTEGER that
- corresponds to the Diffie-Hellman public value represented by [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot of
- <var>key</var>.
- </p>
- </li>
- </ul>
- </li>
- <li>
- <p>
- Let <var>result</var> be a new <code>ArrayBuffer</code> containing
- <var>data</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>
- If <var>format</var> is <code>"pkcs8"</code>:
- </dt>
- <dd>
- <ol>
- <li>
- <p>
- If the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot
- of <var>key</var> is not <code>"private"</code>, then <a href="#concept-throw">throw</a> an <a href="#dfn-InvalidAccessError"><code>InvalidAccessError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>data</var> be an instance of the <code>privateKeyInfo</code>
- ASN.1 structure defined in <a href="#RFC5280">RFC 5280</a>
- with the following properties:
- </p>
- <ul>
- <li>
- <p>
- Set the <var>privateKeyAlgorithm</var> field to a
- <code>PrivateKeyAlgorithmIdentifier</code> ASN.1 structure with
- the following properties:
- </p>
- <ul>
- <li>
- <p>
- Set the <var>algorithm</var> field to the
- <code>dhKeyAgreement</code> OID defined in Section 9 of <a href="#PKCS3">PKCS #3</a>.
- </p>
- </li>
- <li>
- <p>
- Set the <var>parameters</var> field to an instance of the
- <code>DHParams</code> ASN.1 structure defined in Section 9 of
- <a href="#PKCS3">PKCS #3</a> with the following properties:
- </p>
- <ul>
- <li>
- <p>
- Set the <var>prime</var> field to an ASN.1 INTEGER that is
- equivalent to the <a href="#dfn-DhKeyAlgorithm-prime">prime</a> attribute of
- the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
- internal slot of <var>key</var>.
- </p>
- </li>
- <li>
- <p>
- Set the <var>base</var> field to an ASN.1 INTEGER that is
- equivalent to the <a href="#dfn-DhKeyAlgorithm-generator">generator</a>
- attribute of the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]]
- internal slot of <var>key</var>.
- </p>
- </li>
- </ul>
- </li>
- </ul>
- </li>
- <li>
- <p>
- Set the <var>privateKey</var> field to an ASN.1 INTEGER that
- corresponds to the Diffie-Hellman private value represented by
- [[<a href="#dfn-CryptoKey-slot-handle">handle</a>]] internal slot
- of <var>key</var>.
- </p>
- </li>
- </ul>
- </li>
- <li>
- <p>
- Let <var>result</var> be a new <code>ArrayBuffer</code> containing
- <var>data</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Otherwise:</dt>
- <dd>
- <a href="#concept-throw">throw</a> a
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
- </dd>
- </dl>
- </li>
- <li>
- <p>
- Return <var>result</var>.
- </p>
- </li>
- </ol>
- </dd>
- </dl>
- </div>
- </div>
- <div id="sha" class="section">
- <h3>33. SHA</h3>
+ <div id="sha" class="section">
+ <h3>30. SHA</h3>
<div id="sha-description" class="section">
- <h4>33.1. Description</h4>
+ <h4>30.1. Description</h4>
<p>
This describes the SHA-1 and SHA-2 families, as specified by
[<a href="#FIPS180-4">FIPS PUB 180-4</a>].
</p>
</div>
<div id="sha-registration" class="section">
- <h4>33.2. Registration</h4>
+ <h4>30.2. Registration</h4>
<p>
The following algorithms are added as <a href="#recognized-algorithm-name">
recognized algorithm names</a>:
@@ -15914,7 +14026,7 @@
</table>
</div>
<div id="sha-operations" class="section">
- <h4>33.3. Operations</h4>
+ <h4>30.3. Operations</h4>
<dl>
<dt>Digest</dt>
<dd>
@@ -15978,232 +14090,11 @@
</dl>
</div>
</div>
- <div id="concatkdf" class="section">
- <h3>34. Concat KDF</h3>
- <div id="concatkdf-description" class="section">
- <h4>34.1. Description</h4>
- <p>
- The <code>"CONCAT"</code> algorithm identifier is used to perform key derivation
- using the key derivation algorithm defined in Section 5.8.1 of
- [<a href="#SP800-56A">NIST SP800-56A</a>] using the SHA hash functions defined
- in this specification.
- </p>
- <p>
- <a href="#dfn-applicable-specification">Other specifications</a>
- may specify the use of additional hash algorithms with Concat KDF. Such specifications
- must define digest operations for the additional hash algorithms and
- <dfn id="dfn-concat-extended-import-steps">key import steps</dfn> for Concat KDF.
- </p>
- </div>
- <div id="concatkdf-registration" class="section">
- <h4>34.2. Registration</h4>
- <p>
- The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
- this algorithm is <code>"CONCAT"</code>.
- </p>
- <table>
- <thead>
- <tr>
- <th><a href="#supported-operations">Operation</a></th>
- <th><a href="#algorithm-specific-params">Parameters</a></th>
- <th><a href="#algorithm-result">Result</a></th>
- </tr>
- </thead>
- <tbody>
- <tr>
- <td>deriveBits</td>
- <td><a href="#dfn-ConcatParams">ConcatParams</a></td>
- <td><a href="#dfn-octet-string">Octet string</a></td>
- </tr>
- <tr>
- <td>Import key</td>
- <td>None</td>
- <td><a href="#dfn-CryptoKey">CryptoKey</a></td>
- </tr>
- <tr>
- <td>Get key length</td>
- <td>None</td>
- <td>Integer or null</td>
- </tr>
- </tbody>
- </table>
- </div>
- <div id="concat-params" class="section">
- <h4>34.3. ConcatParams dictionary</h4>
- <div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
-dictionary <dfn id="dfn-ConcatParams">ConcatParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
-<span class="comment">// The digest method to use to derive the keying material.</span>
-<a href="#dfn-HashAlgorithmIdentifier">HashAlgorithmIdentifier</a> <dfn id="dfn-ConcatParams-hash">hash</dfn>;
-
-<span class="comment">// A bit string corresponding to the AlgorithmId field of the OtherInfo parameter.</span>
-<span class="comment">// The AlgorithmId indicates how the derived keying material will be parsed and for which</span>
-<span class="comment">// algorithm(s) the derived secret keying material will be used.</span>
-required BufferSource <dfn id="dfn-ConcatParams-algorithmId">algorithmId</dfn>;
-<span class="comment">// A bit string that corresponds to the PartyUInfo field of the OtherInfo parameter.</span>
-required BufferSource <dfn id="dfn-ConcatParams-partyUInfo">partyUInfo</dfn>;
-<span class="comment">// A bit string that corresponds to the PartyVInfo field of the OtherInfo parameter.</span>
-required BufferSource <dfn id="dfn-ConcatParams-partyVInfo">partyVInfo</dfn>;
-<span class="comment">// An optional bit string that corresponds to the SuppPubInfo field of the OtherInfo parameter.</span>
-BufferSource <dfn id="dfn-ConcatParams-publicInfo">publicInfo</dfn>;
-<span class="comment">// An optional bit string that corresponds to the SuppPrivInfo field of the OtherInfo parameter.</span>
-BufferSource <dfn id="dfn-ConcatParams-privateInfo">privateInfo</dfn>;
-};
- </code></pre></div></div>
- </div>
- <div id="concat-operations" class="section">
- <h4>34.4. Operations</h4>
- <dl>
- <dt>Derive Bits</dt>
- <dd>
- <ol>
- <li>
- <p>
- Let <var>secret</var> be the result of performing the Concatenation Key
- Derivation Function defined in Section 5.8.1 of
- [<a href="#SP800-56A">SP800-56A</a>] with <var>length</var> as
- <var>keydatalen</var>, the hash function identified by the
- <a href="#dfn-ConcatParams-hash">hash</a> member of
- <var>normalizedAlgorithm</var> as <var>H</var>, the
- <a href="#dfn-ConcatParams-algorithmId">algorithmId</a> member of
- <var>normalizedAlgorithm</var> as <var>AlgorithmID</var>, the
- <a href="#dfn-ConcatParams-partyUInfo">partyUInfo</a> member of
- <var>normalizedAlgorithm</var> as <var>PartyUInfo</var>, the
- <a href="#dfn-ConcatParams-partyVInfo">partyVInfo</a> member of
- <var>normalizedAlgorithm</var> as <var>PartyVInfo</var>, the
- <a href="#dfn-ConcatParams-publicInfo">publicInfo</a> member of
- <var>normalizedAlgorithm</var>, if present, as
- <var>SuppPubInfo</var> and the
- <a href="#dfn-ConcatParams-privateInfo">privateInfo</a> member of
- <var>normalizedAlgorithm</var>, if present, as
- <var>SuppPrivInfo</var>.
- </p>
- </li>
- <li>
- <p>
- If the operation fails,
- then <a href="#concept-throw">throw</a> an
- <a href="#dfn-OperationError"><code>OperationError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Return <var>secret</var>
- </p>
- </li>
- </ol>
- </dd>
- <dt>Import key</dt>
- <dd>
- <ol>
- <li>
- <p>Let <var>keyData</var> be the key data to be imported.</p>
- </li>
- <li>
- <p>
- Perform any <a href="#dfn-concat-extended-import-steps">key import steps</a>
- defined by <a href="#dfn-applicable-specification">other applicable
- specifications</a>, passing <var>keyData</var> and obtaining <var>result</var>.
- </p>
- <dl class="switch">
- <dt>
- If <var>result</var> is a <a href="#dfn-CryptoKey">CryptoKey</a>
- object
- </dt>
- <dd>
- <p>
- Return <var>result</var>.
- </p>
- </dd>
- <dt>
- If <var>result</var> is an error with a name that is not
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>
- </dt>
- <dd>
- <p>
- <a href="#concept-throw">throw</a> <var>result</var>.
- </p>
- </dd>
- </dl>
- </li>
- <li>
- <dl class="switch">
- <dt>
- If <var>format</var> is <code>"raw"</code>:
- </dt>
- <dd>
- <ol>
- <li>
- <p>
- If <var>usages</var> contains a value that is not
- <code>"deriveKey"</code> or <code>"deriveBits"</code>,
-
- then <a href="#concept-throw">throw</a> a
- <a href="#dfn-SyntaxError"><code>SyntaxError</code></a>.
- </p>
- </li>
- <li>
- <p>
- Let <var>key</var> be a new <a href="#dfn-CryptoKey">CryptoKey</a> object
- representing the key data provided in <var>keyData</var>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-type">type</a>]] internal slot of
- <var>key</var> to <code>"secret"</code>.
- </p>
- </li>
- <li>
- <p>
- Let <var>algorithm</var> be a new
- <a href="#dfn-KeyAlgorithm">KeyAlgorithm</a> object.
- </p>
- </li>
- <li>
- <p>
- Set the <a href="#dfn-KeyAlgorithm-name">name</a> attribute of
- <var>algorithm</var> to <code>"CONCAT"</code>.
- </p>
- </li>
- <li>
- <p>
- Set the [[<a href="#dfn-CryptoKey-slot-algorithm">algorithm</a>]] internal
- slot of <var>key</var> to <var>algorithm</var>.
- </p>
- </li>
- <li>
- <p>
- Return <var>key</var>.
- </p>
- </li>
- </ol>
- </dd>
- <dt>Otherwise:</dt>
- <dd>
- <a href="#concept-throw">throw</a> a
- <a href="#dfn-NotSupportedError"><code>NotSupportedError</code></a>.
- </dd>
- </dl>
- </li>
- </ol>
- </dd>
- <dt>Get length</dt>
- <dd>
- <ol>
- <li>
- <p>
- Return null.
- </p>
- </li>
- </ol>
- </dd>
- </dl>
- </div>
- </div>
+
<div id="hkdf-ctr" class="section">
- <h3>35. HKDF-CTR</h3>
+ <h3>31. HKDF-CTR</h3>
<div id="hkdf-ctr-description" class="section">
- <h4>35.1. Description</h4>
+ <h4>31.1. Description</h4>
<p class="norm">This section is non-normative.</p>
<p>
The <code>"HKDF-CTR"</code> algorithm identifier is used to
@@ -16220,7 +14111,7 @@
</p>
</div>
<div id="hkdf-ctr-registration" class="section">
- <h4>35.2. Registration</h4>
+ <h4>31.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a>
for this algorithm is <code>"HKDF-CTR"</code>.
@@ -16253,7 +14144,7 @@
</table>
</div>
<div id="hkdf-ctr-params" class="section">
- <h4>35.3. HkdfCtrParams dictionary</h4>
+ <h4>31.3. HkdfCtrParams dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-HkdfCtrParams">HkdfCtrParams</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
<span class="comment">// The algorithm to use with HMAC (e.g.: <a href="#alg-sha-256">SHA-256</a>)</span>
@@ -16266,7 +14157,7 @@
</code></pre></div></div>
</div>
<div id="hkdf2-ctr-operations" class="section">
- <h4>35.4. Operations</h4>
+ <h4>31.4. Operations</h4>
<dl>
<dt>Derive Bits</dt>
<dd>
@@ -16453,9 +14344,9 @@
</div>
<div id="pbkdf2" class="section">
- <h3>36. PBKDF2</h3>
+ <h3>32. PBKDF2</h3>
<div id="pbkdf2-description" class="section">
- <h4>36.1. Description</h4>
+ <h4>32.1. Description</h4>
<p class="norm">This section is non-normative.</p>
<p>
The <code>"PBKDF2"</code> algorithm identifier is used to
@@ -16472,7 +14363,7 @@
</p>
</div>
<div id="pbkdf2-registration" class="section">
- <h4>36.2. Registration</h4>
+ <h4>32.2. Registration</h4>
<p>
The <a href="#recognized-algorithm-name">recognized algorithm name</a> for
this algorithm is <code>"PBKDF2"</code>.
@@ -16510,7 +14401,7 @@
</table>
</div>
<div id="pbkdf2-params" class="section">
- <h4>36.3. Pbkdf2Params dictionary</h4>
+ <h4>32.3. Pbkdf2Params dictionary</h4>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
dictionary <dfn id="dfn-Pbkdf2Params">Pbkdf2Params</dfn> : <a href="#dfn-Algorithm">Algorithm</a> {
required BufferSource <dfn id="dfn-Pbkdf2Params-salt">salt</dfn>;
@@ -16520,7 +14411,7 @@
</code></pre></div></div>
</div>
<div id="pbkdf2-operations" class="section">
- <h4>36.4. Operations</h4>
+ <h4>32.4. Operations</h4>
<dl>
<dt>Derive bits</dt>
<dd>
@@ -16711,9 +14602,9 @@
<div id="examples-section" class="section">
- <h2>37. JavaScript Example Code</h2>
+ <h2>33. JavaScript Example Code</h2>
<div id="examples-signing" class="section">
- <h3>37.1. Generate a signing key pair, sign some data</h3>
+ <h3>33.1. Generate a signing key pair, sign some data</h3>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
<span class="comment">// Algorithm Object</span>
@@ -16747,7 +14638,7 @@
</code></pre></div></div>
</div>
<div id="examples-symmetric-encryption" class="section">
- <h3>37.2. Symmetric Encryption</h3>
+ <h3>33.2. Symmetric Encryption</h3>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
var clearDataArrayBufferView = convertPlainTextToArrayBufferView("Plain Text Data");
<span class="comment">// TODO: create example utility function that converts text -> ArrayBufferView</span>
@@ -16775,9 +14666,9 @@
</div>
</div>
<div id="iana-section" class="section">
- <h2>38. IANA Considerations</h2>
+ <h2>34. IANA Considerations</h2>
<div id="iana-section-jws-jwa" class="section">
- <h3>38.1. JSON Web Signature and Encryption Algorithms Registration</h3>
+ <h3>34.1. JSON Web Signature and Encryption Algorithms Registration</h3>
<p>
This section registers the following algorithm identifiers in the IANA JSON Web
Signature and Encryption Algorithms Registry for use with JSON Web Key. Note that the
@@ -16915,7 +14806,7 @@
</ul>
</div>
<div id="iana-section-jwk" class="section">
- <h3>38.2. JSON Web Key Parameters Registration</h3>
+ <h3>34.2. JSON Web Key Parameters Registration</h3>
<ul>
<li>Parameter Name: "ext"</li>
<li>Parameter Description: Extractable</li>
@@ -16927,7 +14818,7 @@
</div>
</div>
<div id="acknowledgements-section" class="section">
- <h2>39. Acknowledgements</h2>
+ <h2>35. Acknowledgements</h2>
<p>
The editors would like to thank Adam Barth, Alex Russell, Ali Asad, Arun Ranganathan,
Brian Smith, Brian Warner, Channy Yun, Eric Roman, Glenn Adams, Jim Schaad, Kai Engert,
@@ -16950,9 +14841,9 @@
</p>
</div>
<div id="references" class="section">
- <h2>40. References</h2>
+ <h2>36. References</h2>
<div id="normative-references" class="section">
- <h3>40.1. Normative References</h3>
+ <h3>36.1. Normative References</h3>
<dl>
<dt id="DOM4">DOM4</dt>
<dd>
@@ -17038,11 +14929,6 @@
NIST Special Publication 800-108: Recommendation for Key Derivation Using
Pseudorandom Functions (Revised)</a></cite>, October 2009, NIST.
</dd>
- <dt id="PKCS3">PKCS3</dt>
- <dd>
- <cite><a href="http://www.emc.com/domains/rsa/index.htm?id=2126">PKCS #3: Diffie-Hellman
- Key-Agreement Standard</a></cite>, RSA Laboratories.
- </dd>
<dt id="RFC2119">RFC 2119</dt>
<dd>
<cite><a href="http://www.ietf.org/rfc/rfc2119">Key words for use in RFCs to
@@ -17118,7 +15004,7 @@
</dl>
</div>
<div id="informative-references" class="section">
- <h3>40.2. Informative References</h3>
+ <h3>36.2. Informative References</h3>
<dl>
<dt id="CDSA">CDSA</dt>
<dd>
@@ -17631,91 +15517,7 @@
</code></pre></div></div>
</td>
</tr>
- <tr>
- <td>
-<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
-{ kty: "oct",
- alg: "A128CMAC" }
-</code></pre></div></div>
- </td>
- <td>
-<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
-{ name: "AES-CMAC",
- length: 128 }
-</code></pre></div></div>
- </td>
- </tr>
- <tr>
- <td>
-<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
-{ kty: "oct",
- alg: "A192CMAC" }
-</code></pre></div></div>
- </td>
- <td>
-<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
-{ name: "AES-CMAC",
- length: 192 }
-</code></pre></div></div>
- </td>
- </tr>
- <tr>
- <td>
-<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
-{ kty: "oct",
- alg: "A256CMAC" }
-</code></pre></div></div>
- </td>
- <td>
-<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
-{ name: "AES-CMAC",
- length: 256 }
-</code></pre></div></div>
- </td>
- </tr>
- <tr>
- <td>
-<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
-{ kty: "oct",
- alg: "A128CFB8" }
-</code></pre></div></div>
- </td>
- <td>
-<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
-{ name: "AES-CFB-8",
- length: 128 }
-</code></pre></div></div>
- </td>
- </tr>
- <tr>
- <td>
-<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
-{ kty: "oct",
- alg: "A192CFB8" }
-</code></pre></div></div>
- </td>
- <td>
-<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
-{ name: "AES-CFB-8",
- length: 192 }
-</code></pre></div></div>
- </td>
- </tr>
- <tr>
- <td>
-<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
-{ kty: "oct",
- alg: "A256CFB8" }
-</code></pre></div></div>
- </td>
- <td>
-<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
-{ name: "AES-CFB-8",
- length: 256 }
-</code></pre></div></div>
- </td>
- </tr>
- <tr>
+ <tr>
<td>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
{ kty: "oct",
@@ -17865,12 +15667,6 @@
<td><code>"DSA"</code></td>
<td><a href="#RFC3279">RFC 3279</a></td>
</tr>
- <tr>
- <td>dhKeyAgreement (1.2.840.113549.1.3.1)</td>
- <td>INTEGER</td>
- <td><code>"DH"</code></td>
- <td><a href="#PKCS3">PKCS #3</a></td>
- </tr>
</tbody>
</table>
<div class="ednote"><div class="ednoteHeader">Editorial note</div>
@@ -17963,20 +15759,8 @@
<td><code>"DSA"</code></td>
<td><a href="#RFC5958">RFC 5958</a></td>
</tr>
- <tr>
- <td>dhKeyAgreement (1.2.840.113549.1.3.1)</td>
- <td>INTEGER</td>
- <td><code>"DH"</code></td>
- <td><a href="#PKCS3">PKCS #3</a></td>
- </tr>
</tbody>
</table>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div>
- <p>
- There does not appear to be a normative reference for a DH key being encoded as an
- INTEGER. Only RFC 5958 seems to mention this.
- </p>
- </div>
</div>
</div>
</body>