- The "`AES-CTR`" algorithm identifier is used to perform - encryption and decryption using AES in Counter mode, - as described in [[NIST-SP800-38A]]. + The "`Ed448`" algorithm identifier is used to perform signing + and verification using the Ed448 algorithm specified in + [[RFC8032]].
- The [= recognized algorithm name =] for - this algorithm is "`AES-CTR`". + The [= recognized algorithm name =] + for this algorithm is "`Ed448`".
| encrypt | -{{AesCtrParams}} | +sign | +{{ContextParams}} | [= byte sequence =] | |
| decrypt | -{{AesCtrParams}} | -[= byte sequence =] | +verify | +{{ContextParams}} | +boolean |
| generateKey | -{{AesKeyGenParams}} | -{{CryptoKey}} | +None | +{{CryptoKeyPair}} | |
| importKey | @@ -12077,261 +12107,2048 @@None | object | |||
| get key length | -{{AesDerivedKeyParams}} | -Integer | -
-dictionary AesCtrParams : Algorithm {
- required BufferSource counter;
- required [EnforceRange] octet length;
-};
-
- The counter member contains the initial value of the counter block. {{AesCtrParams/counter}} MUST be 16 bytes (the AES block size). The counter bits are the rightmost length - bits of the counter block. The rest of the counter block is for - the nonce. The counter bits are incremented using the standard - incrementing function specified in NIST SP 800-38A Appendix B.1: - the counter bits are interpreted as a big-endian integer and - incremented by one.
-The length member contains the length, in bits, of the rightmost part of the counter block that is incremented.
-
-dictionary AesKeyAlgorithm : KeyAlgorithm {
- required unsigned short length;
-};
-
- The length member represents the length, in bits, of the key.
-
-dictionary AesKeyGenParams : Algorithm {
- required [EnforceRange] unsigned short length;
-};
-
- The length member represents the length, in bits, of the key.
-
-dictionary AesDerivedKeyParams : Algorithm {
- required [EnforceRange] unsigned short length;
+dictionary ContextParams : Algorithm {
+ BufferSource context;
};
- The length member represents the length, in bits, of the key.
+The context member represents the optional context data to associate with the message.
- If the {{AesCtrParams/counter}} member of - |normalizedAlgorithm| does not have - a [= byte sequence/length =] of 16 bytes, - then [= exception/throw =] an - {{OperationError}}. + If the {{CryptoKey/[[type]]}} internal slot of + |key| is not {{KeyType/"private"}}, then [= exception/throw =] an {{InvalidAccessError}}.
- If the {{AesCtrParams/length}} member of - |normalizedAlgorithm| is zero or is greater - than 128, - then [= exception/throw =] an - {{OperationError}}. + Let |context| be the result of + [= get a copy of the buffer source | + getting a copy of the bytes held by =] + the {{ContextParams/context}} member of |normalizedAlgorithm| + or the empty byte sequence if the {{ContextParams/context}} member of + |normalizedAlgorithm| is not present.
- Let |ciphertext| be the result of performing the CTR Encryption - operation described in Section 6.5 of [[NIST-SP800-38A]] using AES as the block cipher, the {{AesCtrParams/counter}} member of - |normalizedAlgorithm| as the initial value of the counter block, the - {{AesCtrParams/length}} member of - |normalizedAlgorithm| as the input parameter |m| to the - standard counter block incrementing function defined in Appendix B.1 of - [[NIST-SP800-38A]] and - |plaintext| as the input plaintext. + If |context| has a length greater than 255 bytes, + then [= exception/throw =] an {{OperationError}}.
- Return |ciphertext|. + Let |result| be the result of performing the Ed448 + signing process, as specified in [[RFC8032]], + Section 5.2.6, with |message| as |M| + and |context| as |C|, + using the Ed448 private key associated with |key|. +
++ Some implementations may (wish to) generate randomized signatures + as per draft-irtf-cfrg-det-sigs-with-noise + instead of deterministic signatures as per [[RFC8032]]. +
++ Return |result|.
- If the {{AesCtrParams/counter}} member of - |normalizedAlgorithm| does not have - a [= byte sequence/length =] of 16 bytes, - then [= exception/throw =] an - {{OperationError}}. + If the {{CryptoKey/[[type]]}} internal slot of + |key| is not {{KeyType/"public"}}, then [= exception/throw =] an {{InvalidAccessError}}.
- If the {{AesCtrParams/length}} member of - |normalizedAlgorithm| is zero or is greater - than 128, - then [= exception/throw =] an - {{OperationError}}. + Let |context| be the result of + [= get a copy of the buffer source | + getting a copy of the bytes held by =] + the {{ContextParams/context}} member of |normalizedAlgorithm| + or the empty byte sequence if the {{ContextParams/context}} member of + |normalizedAlgorithm| is not present.
- Let |plaintext| be the result of performing the CTR Decryption - operation described in Section 6.5 of [[NIST-SP800-38A]] using AES as the block cipher, the {{AesCtrParams/counter}} member of - |normalizedAlgorithm| as the initial value of the counter block, the - {{AesCtrParams/length}} member of - |normalizedAlgorithm| as the input parameter |m| to the - standard counter block incrementing function defined in Appendix B.1 of - [[NIST-SP800-38A]] and - |ciphertext| as the input ciphertext. + If |context| has a length greater than 255 bytes, + then [= exception/throw =] an {{OperationError}}.
- Return |plaintext|. + If the key data of |key| represents an invalid point or a small-order element + on the Elliptic Curve of Ed448, return `false`. +
++ Not all implementations perform this check.
- If |usages| contains any entry which is not - one of "`encrypt`", "`decrypt`", - "`wrapKey`" or "`unwrapKey`", - then [= exception/throw =] a - {{SyntaxError}}. + If the point R, encoded in the first half of |signature|, + represents an invalid point or a small-order element + on the Elliptic Curve of Ed448, return `false`. +
++ Not all implementations perform this check.
- If the {{AesKeyGenParams/length}} member of - |normalizedAlgorithm| is not equal to one of - 128, 192 or 256, - then [= exception/throw =] an - {{OperationError}}. + Perform the Ed448 verification steps, as specified in [[RFC8032]], + Section 5.2.7, using the cofactorless (unbatched) equation, + `[S]B = R + [k]A'`, on the |signature|, with |message| as |M| + and |context| as |C|, + using the Ed448 public key associated with |key|.
- Generate an AES key of length - equal to the {{AesKeyGenParams/length}} member of - |normalizedAlgorithm|. + Let |result| be a boolean with the value `true` if the signature is valid + and the value `false` otherwise.
- If the key generation step fails, - then [= exception/throw =] an - {{OperationError}}. + Return |result|.
- Let |key| be a new - {{CryptoKey}} object representing the - generated AES key. + If |usages| contains a value which is not + one of "`sign`" or "`verify`", + then [= exception/throw =] a + {{SyntaxError}}.
- Let |algorithm| be a new - {{AesKeyAlgorithm}}. + Generate an Ed448 key pair, as defined in [[RFC8032]], section 5.1.5. +
++ Let |algorithm| be a new {{KeyAlgorithm}} object.
Set the {{KeyAlgorithm/name}} attribute of - |algorithm| to "`AES-CTR`". + |algorithm| to "`Ed448`".
- Set the {{AesKeyAlgorithm/length}} attribute of - |algorithm| to equal the - {{AesKeyGenParams/length}} member of - |normalizedAlgorithm|. + Let |publicKey| be a new {{CryptoKey}} associated with the + [= relevant global object =] + of `this` [[HTML]], and + representing the public key of the generated key pair.
Set the {{CryptoKey/[[type]]}} internal slot of - |key| to {{KeyType/"secret"}}. + |publicKey| to "`public`"
Set the {{CryptoKey/[[algorithm]]}} internal - slot of |key| to |algorithm|. + slot of |publicKey| to |algorithm|.
Set the {{CryptoKey/[[extractable]]}} internal - slot of |key| to be |extractable|. + slot of |publicKey| to true.
Set the {{CryptoKey/[[usages]]}} internal slot of - |key| to be |usages|. + |publicKey| to be the [= usage intersection =] + of |usages| and `[ "verify" ]`.
- Return |key|. + Let |privateKey| be a new {{CryptoKey}} associated with the + [= relevant global object =] + of `this` [[HTML]], and + representing the private key of the generated key pair.
- If |usages| contains an entry which is not - one of "`encrypt`", "`decrypt`", - "`wrapKey`" or "`unwrapKey`", - then [= exception/throw =] a - {{SyntaxError}}. + Set the {{CryptoKey/[[type]]}} internal slot of + |privateKey| to {{KeyType/"private"}}
+ Set the {{CryptoKey/[[algorithm]]}} internal + slot of |privateKey| to |algorithm|. +
++ Set the {{CryptoKey/[[extractable]]}} internal + slot of |privateKey| to |extractable|. +
++ Set the {{CryptoKey/[[usages]]}} internal slot of + |privateKey| to be the [= usage intersection =] + of |usages| and `[ "sign" ]`. +
++ Let |result| be a new {{CryptoKeyPair}} + dictionary. +
++ Set the {{CryptoKeyPair/publicKey}} attribute + of |result| to be |publicKey|. +
++ Set the {{CryptoKeyPair/privateKey}} attribute + of |result| to be |privateKey|. +
++ Return the result of converting |result| to an ECMAScript Object, as + defined by [[WebIDL]]. +
+Let |keyData| be the key data to be imported.
++ If |usages| contains a value which is not + "`verify`" + then [= exception/throw =] a + {{SyntaxError}}. +
++ Let |spki| be the result of running the + [= parse a subjectPublicKeyInfo =] + algorithm over |keyData|. +
++ If an error occurred while parsing, + then [= exception/throw =] a + {{DataError}}. +
++ If the `algorithm` object identifier field of the + `algorithm` AlgorithmIdentifier field of |spki| is + not equal to the `id-Ed448` + object identifier defined in [[RFC8410]], + then [= exception/throw =] a + {{DataError}}. +
++ If the `parameters` field of the `algorithm` + AlgorithmIdentifier field of |spki| is present, + then [= exception/throw =] a + {{DataError}}. +
++ Let |publicKey| be the Ed448 public key identified by + the `subjectPublicKey` field of |spki|. +
++ Let |key| be a new {{CryptoKey}} associated with the + [= relevant global object =] + of `this` [[HTML]], and + that represents |publicKey|. +
++ Set the {{CryptoKey/[[type]]}} internal slot + of |key| to "`public`" +
++ Let |algorithm| be a new {{KeyAlgorithm}}. +
++ Set the {{KeyAlgorithm/name}} attribute of + |algorithm| to "`Ed448`". +
++ Set the {{CryptoKey/[[algorithm]]}} + internal slot of |key| to |algorithm|. +
++ If |usages| contains a value which is not + "`sign`" + then [= exception/throw =] a + {{SyntaxError}}. +
++ Let |privateKeyInfo| be the result of running the + [= parse a privateKeyInfo =] + algorithm over |keyData|. +
++ If an error occurs while parsing, + then [= exception/throw =] a + {{DataError}}. +
++ If the `algorithm` object identifier field of the + `privateKeyAlgorithm` PrivateKeyAlgorithm field of + |privateKeyInfo| is not equal to the + `id-Ed448` object identifier defined in [[RFC8410]], + then [= exception/throw =] a + {{DataError}}. +
++ If the `parameters` field of the + `privateKeyAlgorithm` PrivateKeyAlgorithmIdentifier field + of |privateKeyInfo| is present, + then [= exception/throw =] a + {{DataError}}. +
++ Let |curvePrivateKey| be the result of performing the [= parse an ASN.1 structure =] + algorithm, with |data| as the `privateKey` field + of |privateKeyInfo|, |structure| as the ASN.1 + `CurvePrivateKey` structure specified in Section 7 of [[RFC8410]], and |exactData| set to true. +
++ If an error occurred while parsing, + then [= exception/throw =] a + {{DataError}}. +
++ Let |key| be a new {{CryptoKey}} associated with the + [= relevant global object =] + of `this` [[HTML]], and + that represents the Ed448 private key identified by |curvePrivateKey|. +
++ Set the {{CryptoKey/[[type]]}} internal slot + of |key| to {{KeyType/"private"}} +
++ Let |algorithm| be a new {{KeyAlgorithm}}. +
++ Set the {{KeyAlgorithm/name}} attribute of + |algorithm| to "`Ed448`". +
++ Set the {{CryptoKey/[[algorithm]]}} + internal slot of |key| to |algorithm|. +
+Let |jwk| equal |keyData|.
[= exception/Throw =] a {{DataError}}.
+ If the {{JsonWebKey/d}} field is present and |usages| contains + a value which is not + "`sign`", or, + if the {{JsonWebKey/d}} field is not present and |usages| contains + a value which is not + "`verify`" + then [= exception/throw =] a + {{SyntaxError}}. +
++ If the {{JsonWebKey/kty}} field of |jwk| is not + "`OKP`", + then [= exception/throw =] a + {{DataError}}. +
++ If the {{JsonWebKey/crv}} field of |jwk| is not + "`Ed448`", + then [= exception/throw =] a + {{DataError}}. +
++ If the {{JsonWebKey/alg}} field of |jwk| is present and is + not "`Ed448`" or "`EdDSA`", + then [= exception/throw =] a + {{DataError}}. +
++ If |usages| is non-empty and the {{JsonWebKey/use}} field of |jwk| is present and is + not "`sig`", + then [= exception/throw =] a + {{DataError}}. +
++ If the {{JsonWebKey/key_ops}} field of |jwk| is present, and + is invalid according to the requirements of JSON Web + Key [[JWK]], or it does not contain all of the specified |usages| + values, + then [= exception/throw =] a + {{DataError}}. +
++ If the {{JsonWebKey/ext}} field of |jwk| is present and + has the value false and |extractable| is true, + then [= exception/throw =] a + {{DataError}}. +
++ If |jwk| does not meet the requirements of + the JWK private key format described in Section 2 + of [[RFC8037]], then [= exception/throw =] a {{DataError}}. +
++ Let |key| be a new {{CryptoKey}} object that represents the + Ed448 private key identified by interpreting + |jwk| according to Section 2 of [[RFC8037]]. +
++ Set the {{CryptoKey/[[type]]}} + internal slot of |Key| to {{KeyType/"private"}}. +
++ If |jwk| does not meet the requirements of + the JWK public key format described in Section 2 + of [[RFC8037]], then [= exception/throw =] a {{DataError}}. +
++ Let |key| be a new {{CryptoKey}} object that represents the + Ed448 public key identified by interpreting + |jwk| according to Section 2 of [[RFC8037]]. +
++ Set the {{CryptoKey/[[type]]}} + internal slot of |Key| to {{KeyType/"public"}}. +
++ Let |algorithm| be a new instance of a {{KeyAlgorithm}} object. +
++ Set the {{KeyAlgorithm/name}} attribute of + |algorithm| to "`Ed448`". +
++ Set the {{CryptoKey/[[algorithm]]}} + internal slot of |key| to |algorithm|. +
++ If |usages| contains a value which is not + "`verify`" + then [= exception/throw =] a + {{SyntaxError}}. +
++ Let |data| be |keyData|. +
++ If the [= length in bits =] of |data| is not 448 then [= exception/throw =] a {{DataError}}. +
++ Let |algorithm| be a new {{KeyAlgorithm}} object. +
++ Set the {{KeyAlgorithm/name}} attribute of + |algorithm| to "`Ed448`". +
++ Let |key| be a new {{CryptoKey}} associated with the + [= relevant global object =] + of `this` [[HTML]], and that represents |data|. +
++ Set the {{CryptoKey/[[type]]}} internal slot + of |key| to "`public`" +
++ Set the {{CryptoKey/[[algorithm]]}} + internal slot of |key| to |algorithm|. +
++ [= exception/throw =] a + {{NotSupportedError}}. +
++ Return |key| +
++ Let |key| be the {{CryptoKey}} to be + exported. +
++ If the underlying cryptographic key material represented by the {{CryptoKey/[[handle]]}} internal slot of |key| + cannot be accessed, then [= exception/throw =] an {{OperationError}}. +
++ If the {{CryptoKey/[[type]]}} internal slot + of |key| is not "`public`", then [= exception/throw =] an {{InvalidAccessError}}. +
++ Let |data| be an instance of the `subjectPublicKeyInfo` + ASN.1 structure defined in [[RFC5280]] + with the following properties: +
++ Set the |algorithm| field to an + `AlgorithmIdentifier` ASN.1 type with the following + properties: +
++ Set the |algorithm| object identifier to the + `id-Ed448` OID defined in [[RFC8410]]. +
++ Set the |subjectPublicKey| field to |keyData|. +
++ Let |result| be a new {{ArrayBuffer}} associated with the + [= relevant global object =] + of `this` [[HTML]], and containing + |data|. +
++ If the {{CryptoKey/[[type]]}} internal slot + of |key| is not {{KeyType/"private"}}, then [= exception/throw =] an {{InvalidAccessError}}. +
++ Let |data| be an instance of the `privateKeyInfo` + ASN.1 structure defined in [[RFC5208]] + with the following properties: +
++ Set the |version| field to `0`. +
++ Set the |privateKeyAlgorithm| field to a + `PrivateKeyAlgorithmIdentifier` ASN.1 type with the + following properties: +
++ Set the |algorithm| object identifier to the + `id-Ed448` OID defined in [[RFC8410]]. +
++ Set the |privateKey| field to the result of DER-encoding + a `CurvePrivateKey` ASN.1 type, as defined in Section 7 of [[RFC8410]], that represents the + Ed448 private key represented by the {{CryptoKey/[[handle]]}} internal slot of + |key| +
++ Let |result| be a new {{ArrayBuffer}} associated with the + [= relevant global object =] + of `this` [[HTML]], and containing + |data|. +
++ Let |jwk| be a new {{JsonWebKey}} + dictionary. +
++ Set the `kty` attribute of |jwk| to + "`OKP`". +
++ Set the `alg` attribute of |jwk| to + "`Ed448`". +
++ Set the `crv` attribute of |jwk| to + "`Ed448`". +
++ Set the {{JsonWebKey/x}} attribute of |jwk| according to the + definition in Section 2 of [[RFC8037]]. +
++ Set the `key_ops` attribute of |jwk| to the {{CryptoKey/usages}} attribute of |key|. +
++ Set the `ext` attribute of |jwk| to the {{CryptoKey/[[extractable]]}} internal slot + of |key|. +
++ Let |result| be the result of converting |jwk| + to an ECMAScript Object, as defined by [[WebIDL]]. +
++ If the {{CryptoKey/[[type]]}} internal slot + of |key| is not "`public`", then [= exception/throw =] an {{InvalidAccessError}}. +
++ Let |data| be a [= byte sequence =] + representing the Ed448 public key represented by the {{CryptoKey/[[handle]]}} + internal slot of |key|. +
++ Let |result| be a new {{ArrayBuffer}} associated with the + [= relevant global object =] + of `this` [[HTML]], and containing + |data|. +
++ [= exception/throw =] a + {{NotSupportedError}}. +
++ Return |result|. +
++ The "`X448`" algorithm identifier is used to perform + key agreement using the X448 algorithm specified in + [[RFC7748]]. +
++ The [= recognized algorithm name =] + for this algorithm is "`X448`". +
+| Operation | +Parameters | +Result | +
|---|---|---|
| deriveBits | +{{EcdhKeyDeriveParams}} | +[= byte sequence =] | +
| generateKey | +None | +{{CryptoKeyPair}} | +
| importKey | +None | +{{CryptoKey}} | +
| exportKey | +None | +object | +
+ If the {{CryptoKey/[[type]]}} internal slot of + |key| is not {{KeyType/"private"}}, then [= exception/throw =] an {{InvalidAccessError}}. +
++ Let |publicKey| be the + {{EcdhKeyDeriveParams/public}} member of + |normalizedAlgorithm|. +
++ If the {{CryptoKey/[[type]]}} internal slot of + |publicKey| is not "`public`", then [= exception/throw =] an {{InvalidAccessError}}. +
++ If the {{KeyAlgorithm/name}} attribute of + the {{CryptoKey/[[algorithm]]}} internal slot of + |publicKey| is not equal to the {{KeyAlgorithm/name}} property of the {{CryptoKey/[[algorithm]]}} internal slot of + |key|, then [= exception/throw =] an {{InvalidAccessError}}. +
++ Let |secret| be the result of performing the X448 function specified in + [[RFC7748]] Section 5 with |key| as the X448 private key |k| + and the X448 public key represented by the {{CryptoKey/[[handle]]}} + internal slot of |publicKey| as the X448 public key |u|. +
++ If |secret| is the all-zero value, + then [= exception/throw =] a {{OperationError}}. + This check must be performed in constant-time, as per [[RFC7748]] Section 6.2. +
++ If |usages| contains an entry which is not + "`deriveKey`" or "`deriveBits`" + then [= exception/throw =] a + {{SyntaxError}}. +
++ Generate an X448 key pair, with the private key being 56 random bytes, + and the public key being `X448(a, 5)`, + as defined in [[RFC7748]], section 6.2. +
++ Let |algorithm| be a new {{KeyAlgorithm}} object. +
++ Set the {{KeyAlgorithm/name}} attribute of + |algorithm| to "`X448`". +
++ Let |publicKey| be a new {{CryptoKey}} associated with the + [= relevant global object =] + of `this` [[HTML]], and + representing the public key of the generated key pair. +
++ Set the {{CryptoKey/[[type]]}} internal slot of + |publicKey| to "`public`" +
++ Set the {{CryptoKey/[[algorithm]]}} internal + slot of |publicKey| to |algorithm|. +
++ Set the {{CryptoKey/[[extractable]]}} internal + slot of |publicKey| to true. +
++ Set the {{CryptoKey/[[usages]]}} internal slot of + |publicKey| to be the empty list. +
++ Let |privateKey| be a new {{CryptoKey}} associated with the + [= relevant global object =] + of `this` [[HTML]], and + representing the private key of the generated key pair. +
++ Set the {{CryptoKey/[[type]]}} internal slot of + |privateKey| to {{KeyType/"private"}} +
++ Set the {{CryptoKey/[[algorithm]]}} internal + slot of |privateKey| to |algorithm|. +
++ Set the {{CryptoKey/[[extractable]]}} internal + slot of |privateKey| to |extractable|. +
++ Set the {{CryptoKey/[[usages]]}} internal slot of + |privateKey| to be the + [= usage intersection =] of + |usages| and `[ "deriveKey", "deriveBits" ]`. +
++ Let |result| be a new {{CryptoKeyPair}} + dictionary. +
++ Set the {{CryptoKeyPair/publicKey}} attribute + of |result| to be |publicKey|. +
++ Set the {{CryptoKeyPair/privateKey}} attribute + of |result| to be |privateKey|. +
++ Return the result of converting |result| to an ECMAScript Object, as + defined by [[WebIDL]]. +
+Let |keyData| be the key data to be imported.
++ If |usages| is not empty + then [= exception/throw =] a + {{SyntaxError}}. +
++ Let |spki| be the result of running the + [= parse a subjectPublicKeyInfo =] + algorithm over |keyData|. +
++ If an error occurred while parsing, + then [= exception/throw =] a + {{DataError}}. +
++ If the `algorithm` object identifier field of the + `algorithm` AlgorithmIdentifier field of |spki| is + not equal to the `id-X448` + object identifier defined in [[RFC8410]], + then [= exception/throw =] a + {{DataError}}. +
++ If the `parameters` field of the `algorithm` + AlgorithmIdentifier field of |spki| is present, + then [= exception/throw =] a + {{DataError}}. +
++ Let |publicKey| be the X448 public key identified by + the `subjectPublicKey` field of |spki|. +
++ Let |key| be a new {{CryptoKey}} associated with the + [= relevant global object =] + of `this` [[HTML]], and + that represents |publicKey|. +
++ Set the {{CryptoKey/[[type]]}} internal slot + of |key| to "`public`" +
++ Let |algorithm| be a new {{KeyAlgorithm}}. +
++ Set the {{KeyAlgorithm/name}} attribute of + |algorithm| to "`X448`". +
++ Set the {{CryptoKey/[[algorithm]]}} + internal slot of |key| to |algorithm|. +
++ If |usages| contains an entry which is not + "`deriveKey`" or "`deriveBits`" + then [= exception/throw =] a + {{SyntaxError}}. +
++ Let |privateKeyInfo| be the result of running the + [= parse a privateKeyInfo =] + algorithm over |keyData|. +
++ If an error occurs while parsing, + then [= exception/throw =] a + {{DataError}}. +
++ If the `algorithm` object identifier field of the + `privateKeyAlgorithm` PrivateKeyAlgorithm field of + |privateKeyInfo| is not equal to the + `id-X448` object identifier defined in [[RFC8410]], + then [= exception/throw =] a + {{DataError}}. +
++ If the `parameters` field of the + `privateKeyAlgorithm` PrivateKeyAlgorithmIdentifier field + of |privateKeyInfo| is present, + then [= exception/throw =] a + {{DataError}}. +
++ Let |curvePrivateKey| be the result of performing the [= parse an ASN.1 structure =] + algorithm, with |data| as the `privateKey` field + of |privateKeyInfo|, |structure| as the ASN.1 + `CurvePrivateKey` structure specified in Section 7 of [[RFC8410]], and |exactData| set to true. +
++ If an error occurred while parsing, + then [= exception/throw =] a + {{DataError}}. +
++ Let |key| be a new {{CryptoKey}} associated with the + [= relevant global object =] + of `this` [[HTML]], and + that represents the X448 private key identified by |curvePrivateKey|. +
++ Set the {{CryptoKey/[[type]]}} internal slot + of |key| to {{KeyType/"private"}} +
++ Let |algorithm| be a new {{KeyAlgorithm}}. +
++ Set the {{KeyAlgorithm/name}} attribute of + |algorithm| to "`X448`". +
++ Set the {{CryptoKey/[[algorithm]]}} + internal slot of |key| to |algorithm|. +
+Let |jwk| equal |keyData|.
[= exception/Throw =] a {{DataError}}.
+ If the {{JsonWebKey/d}} field is present and if |usages| + contains an entry which is not + "`deriveKey`" or "`deriveBits`" + then [= exception/throw =] a + {{SyntaxError}}. +
++ If the {{JsonWebKey/d}} field is not present and if |usages| is not + empty + then [= exception/throw =] a + {{SyntaxError}}. +
++ If the {{JsonWebKey/kty}} field of |jwk| is not + "`OKP`", + then [= exception/throw =] a + {{DataError}}. +
++ If the {{JsonWebKey/crv}} field of |jwk| is not + "`X448`", + then [= exception/throw =] a + {{DataError}}. +
++ If |usages| is non-empty and the {{JsonWebKey/use}} field of |jwk| is present + and is not equal to "`enc`" then [= exception/throw =] a + {{DataError}}. +
++ If the {{JsonWebKey/key_ops}} field of |jwk| is present, and + is invalid according to the requirements of JSON Web + Key [[JWK]], or it does not contain all of the specified |usages| + values, + then [= exception/throw =] a + {{DataError}}. +
++ If the {{JsonWebKey/ext}} field of |jwk| is present and + has the value false and |extractable| is true, + then [= exception/throw =] a + {{DataError}}. +
++ If |jwk| does not meet the requirements of + the JWK private key format described in Section 2 + of [[RFC8037]], then [= exception/throw =] a {{DataError}}. +
++ Let |key| be a new {{CryptoKey}} object that represents the + X448 private key identified by interpreting + |jwk| according to Section 2 of [[RFC8037]]. +
++ Set the {{CryptoKey/[[type]]}} + internal slot of |Key| to {{KeyType/"private"}}. +
++ If |jwk| does not meet the requirements of + the JWK public key format described in Section 2 + of [[RFC8037]], then [= exception/throw =] a {{DataError}}. +
++ Let |key| be a new {{CryptoKey}} object that represents the + X448 public key identified by interpreting + |jwk| according to Section 2 of [[RFC8037]]. +
++ Set the {{CryptoKey/[[type]]}} + internal slot of |Key| to {{KeyType/"public"}}. +
++ Let |algorithm| be a new instance of a {{KeyAlgorithm}} object. +
++ Set the {{KeyAlgorithm/name}} attribute of + |algorithm| to "`X448`". +
++ Set the {{CryptoKey/[[algorithm]]}} + internal slot of |key| to |algorithm|. +
++ If |usages| is not empty + then [= exception/throw =] a + {{SyntaxError}}. +
++ Let |data| be |keyData|. +
++ If the [= length in bits =] of |data| is not 448 then [= exception/throw =] a {{DataError}}. +
++ Let |algorithm| be a new {{KeyAlgorithm}} object. +
++ Set the {{KeyAlgorithm/name}} attribute of + |algorithm| to "`X448`". +
++ Let |key| be a new {{CryptoKey}} associated with the + [= relevant global object =] + of `this` [[HTML]], and that represents |data|. +
++ Set the {{CryptoKey/[[type]]}} internal slot + of |key| to "`public`" +
++ Set the {{CryptoKey/[[algorithm]]}} + internal slot of |key| to |algorithm|. +
++ [= exception/throw =] a + {{NotSupportedError}}. +
++ Return |key| +
++ Let |key| be the {{CryptoKey}} to be + exported. +
++ If the underlying cryptographic key material represented by the {{CryptoKey/[[handle]]}} internal slot of |key| + cannot be accessed, then [= exception/throw =] an {{OperationError}}. +
++ If the {{CryptoKey/[[type]]}} internal slot + of |key| is not "`public`", then [= exception/throw =] an {{InvalidAccessError}}. +
++ Let |data| be an instance of the `subjectPublicKeyInfo` + ASN.1 structure defined in [[RFC5280]] + with the following properties: +
++ Set the |algorithm| field to an + `AlgorithmIdentifier` ASN.1 type with the following + properties: +
++ Set the |algorithm| object identifier to the + `id-X448` OID defined in [[RFC8410]]. +
++ Set the |subjectPublicKey| field to |keyData|. +
++ Let |result| be a new {{ArrayBuffer}} associated with the + [= relevant global object =] + of `this` [[HTML]], and containing + |data|. +
++ If the {{CryptoKey/[[type]]}} internal slot + of |key| is not {{KeyType/"private"}}, then [= exception/throw =] an {{InvalidAccessError}}. +
++ Let |data| be an instance of the `privateKeyInfo` + ASN.1 structure defined in [[RFC5208]] + with the following properties: +
++ Set the |version| field to `0`. +
++ Set the |privateKeyAlgorithm| field to a + `PrivateKeyAlgorithmIdentifier` ASN.1 type with the + following properties: +
++ Set the |algorithm| object identifier to the + `id-X448` OID defined in [[RFC8410]]. +
++ Set the |privateKey| field to the result of DER-encoding + a `CurvePrivateKey` ASN.1 type, as defined in Section 7 of [[RFC8410]], that represents the + X448 private key represented by the {{CryptoKey/[[handle]]}} internal slot of + |key| +
++ Let |result| be a new {{ArrayBuffer}} associated with the + [= relevant global object =] + of `this` [[HTML]], and containing + |data|. +
++ Let |jwk| be a new {{JsonWebKey}} + dictionary. +
++ Set the `kty` attribute of |jwk| to + "`OKP`". +
++ Set the `crv` attribute of |jwk| to + "`X448`". +
++ Set the {{JsonWebKey/x}} attribute of |jwk| according to the + definition in Section 2 of [[RFC8037]]. +
++ Set the `key_ops` attribute of |jwk| to the {{CryptoKey/usages}} attribute of |key|. +
++ Set the `ext` attribute of |jwk| to the {{CryptoKey/[[extractable]]}} internal slot + of |key|. +
++ Let |result| be the result of converting |jwk| + to an ECMAScript Object, as defined by [[WebIDL]]. +
++ If the {{CryptoKey/[[type]]}} internal slot + of |key| is not "`public`", then [= exception/throw =] an {{InvalidAccessError}}. +
++ Let |data| be a [= byte sequence =] representing the X448 + public key represented by the {{CryptoKey/[[handle]]}} internal slot of + |key|. +
++ Let |result| be a new {{ArrayBuffer}} associated with the + [= relevant global object =] + of `this` [[HTML]], and containing + |data|. +
++ [= exception/throw =] a + {{NotSupportedError}}. +
++ Return |result|. +
++ The "`AES-CTR`" algorithm identifier is used to perform + encryption and decryption using AES in Counter mode, + as described in [[NIST-SP800-38A]]. +
++ The [= recognized algorithm name =] for + this algorithm is "`AES-CTR`". +
+| Operation | +Parameters | +Result | +
|---|---|---|
| encrypt | +{{AesCtrParams}} | +[= byte sequence =] | +
| decrypt | +{{AesCtrParams}} | +[= byte sequence =] | +
| generateKey | +{{AesKeyGenParams}} | +{{CryptoKey}} | +
| importKey | +None | +{{CryptoKey}} | +
| exportKey | +None | +object | +
| get key length | +{{AesDerivedKeyParams}} | +Integer | +
+dictionary AesCtrParams : Algorithm {
+ required BufferSource counter;
+ required [EnforceRange] octet length;
+};
+
+ The counter member contains the initial value of the counter block. {{AesCtrParams/counter}} MUST be 16 bytes (the AES block size). The counter bits are the rightmost length + bits of the counter block. The rest of the counter block is for + the nonce. The counter bits are incremented using the standard + incrementing function specified in NIST SP 800-38A Appendix B.1: + the counter bits are interpreted as a big-endian integer and + incremented by one.
+The length member contains the length, in bits, of the rightmost part of the counter block that is incremented.
+
+dictionary AesKeyAlgorithm : KeyAlgorithm {
+ required unsigned short length;
+};
+
+ The length member represents the length, in bits, of the key.
+
+dictionary AesKeyGenParams : Algorithm {
+ required [EnforceRange] unsigned short length;
+};
+
+ The length member represents the length, in bits, of the key.
+
+dictionary AesDerivedKeyParams : Algorithm {
+ required [EnforceRange] unsigned short length;
+};
+
+ The length member represents the length, in bits, of the key.
++ If the {{AesCtrParams/counter}} member of + |normalizedAlgorithm| does not have + a [= byte sequence/length =] of 16 bytes, + then [= exception/throw =] an + {{OperationError}}. +
++ If the {{AesCtrParams/length}} member of + |normalizedAlgorithm| is zero or is greater + than 128, + then [= exception/throw =] an + {{OperationError}}. +
++ Let |ciphertext| be the result of performing the CTR Encryption + operation described in Section 6.5 of [[NIST-SP800-38A]] using AES as the block cipher, the {{AesCtrParams/counter}} member of + |normalizedAlgorithm| as the initial value of the counter block, the + {{AesCtrParams/length}} member of + |normalizedAlgorithm| as the input parameter |m| to the + standard counter block incrementing function defined in Appendix B.1 of + [[NIST-SP800-38A]] and + |plaintext| as the input plaintext. +
++ Return |ciphertext|. +
++ If the {{AesCtrParams/counter}} member of + |normalizedAlgorithm| does not have + a [= byte sequence/length =] of 16 bytes, + then [= exception/throw =] an + {{OperationError}}. +
++ If the {{AesCtrParams/length}} member of + |normalizedAlgorithm| is zero or is greater + than 128, + then [= exception/throw =] an + {{OperationError}}. +
++ Let |plaintext| be the result of performing the CTR Decryption + operation described in Section 6.5 of [[NIST-SP800-38A]] using AES as the block cipher, the {{AesCtrParams/counter}} member of + |normalizedAlgorithm| as the initial value of the counter block, the + {{AesCtrParams/length}} member of + |normalizedAlgorithm| as the input parameter |m| to the + standard counter block incrementing function defined in Appendix B.1 of + [[NIST-SP800-38A]] and + |ciphertext| as the input ciphertext. +
++ Return |plaintext|. +
++ If |usages| contains any entry which is not + one of "`encrypt`", "`decrypt`", + "`wrapKey`" or "`unwrapKey`", + then [= exception/throw =] a + {{SyntaxError}}. +
++ If the {{AesKeyGenParams/length}} member of + |normalizedAlgorithm| is not equal to one of + 128, 192 or 256, + then [= exception/throw =] an + {{OperationError}}. +
++ Generate an AES key of length + equal to the {{AesKeyGenParams/length}} member of + |normalizedAlgorithm|. +
++ If the key generation step fails, + then [= exception/throw =] an + {{OperationError}}. +
++ Let |key| be a new + {{CryptoKey}} object representing the + generated AES key. +
++ Let |algorithm| be a new + {{AesKeyAlgorithm}}. +
++ Set the {{KeyAlgorithm/name}} attribute of + |algorithm| to "`AES-CTR`". +
++ Set the {{AesKeyAlgorithm/length}} attribute of + |algorithm| to equal the + {{AesKeyGenParams/length}} member of + |normalizedAlgorithm|. +
++ Set the {{CryptoKey/[[type]]}} internal slot of + |key| to {{KeyType/"secret"}}. +
++ Set the {{CryptoKey/[[algorithm]]}} internal + slot of |key| to |algorithm|. +
++ Set the {{CryptoKey/[[extractable]]}} internal + slot of |key| to be |extractable|. +
++ Set the {{CryptoKey/[[usages]]}} internal slot of + |key| to be |usages|. +
++ Return |key|. +
++ If |usages| contains an entry which is not + one of "`encrypt`", "`decrypt`", + "`wrapKey`" or "`unwrapKey`", + then [= exception/throw =] a + {{SyntaxError}}. +
+Let |data| be |keyData|.
@@ -16033,6 +17850,33 @@
+{ kty: "OKP",
+ crv: "Ed448",
+ alg: "Ed448" }
+
+
+{ name: "Ed448" }
+
+
+{ kty: "OKP",
+ crv: "X448" }
+
+
+{ name: "X448" }
+
+
{ kty: "oct",
alg: "A128CTR" }
@@ -16358,6 +18202,26 @@