+ The signDigest method returns a + new Promise object that will sign a pre-computed digest using the specified {{AlgorithmIdentifier}} with the supplied + {{CryptoKey}}. + It must act as follows: +
++ Let |algorithm| and |key| be the + `algorithm` and `key` parameters + passed to the {{SubtleCrypto/signDigest()}} method, + respectively. +
++ Let |normalizedAlgorithm| be the result of + normalizing an algorithm, with + `alg` set to |algorithm| and `op` set to + "`signDigest`". +
++ If an error occurred, return a Promise rejected with + |normalizedAlgorithm|. +
++ Let |data| be the result of + [= get a copy of the buffer source | + getting a copy of the bytes held by =] the `digest` parameter passed to the + {{SubtleCrypto/signDigest()}} method. +
++ Let |realm| be the [= relevant realm =] of [= this =]. +
++ Let |promise| be a new Promise. +
++ Return |promise| and perform the remaining steps [= in parallel =]. +
++ If the following steps or referenced procedures say to + [= exception/throw =] an error, + [= queue a global task =] on the [= crypto task source =], + given |realm|'s global object, + to reject |promise| with the returned error; + and then [= terminate the algorithm =]. +
++ If the {{Algorithm/name}} member of + |normalizedAlgorithm| is not equal to the + {{KeyAlgorithm/name}} attribute of the + {{CryptoKey/[[algorithm]]}} internal slot of + |key| then [= exception/throw =] an {{InvalidAccessError}}. +
++ If the {{CryptoKey/[[usages]]}} internal slot of + |key| does not contain an entry that is "`sign`", then [= exception/throw =] an {{InvalidAccessError}}. +
++ Let |signature| be the result of performing the signDigest operation + specified by |normalizedAlgorithm| using |key| and + |algorithm| and with |data| as |digest|. +
++ [= Queue a global task =] on the [= crypto task source =], + given |realm|'s global object, to perform the remaining steps. +
++ Let |result| be the result of [= ArrayBuffer/create | creating =] an {{ArrayBuffer}} + in |realm|, containing |signature|. +
++ Resolve |promise| with + |result|. +
++ The verifyDigest method returns + a new Promise object that will verify a signature against a pre-computed digest using the specified {{AlgorithmIdentifier}} with the supplied + {{CryptoKey}}. + It must act as follows: +
++ Let |algorithm| and |key| + be the `algorithm` and `key` parameters passed to the + {{SubtleCrypto/verifyDigest()}} method, respectively. +
++ Let |normalizedAlgorithm| be the result of + normalizing an algorithm, with + `alg` set to |algorithm| and `op` set to + "`verifyDigest`". +
++ If an error occurred, return a Promise rejected with + |normalizedAlgorithm|. +
++ Let |signature| be the result of + [= get a copy of the buffer source | + getting a copy of the bytes held by =] the `signature` parameter passed to the + {{SubtleCrypto/verifyDigest()}} method. +
++ Let |data| be the result of + [= get a copy of the buffer source | + getting a copy of the bytes held by =] the `digest` parameter passed to the + {{SubtleCrypto/verifyDigest()}} method. +
++ Let |realm| be the [= relevant realm =] of [= this =]. +
++ Let |promise| be a new Promise. +
++ Return |promise| and perform the remaining steps [= in parallel =]. +
++ If the following steps or referenced procedures say to + [= exception/throw =] an error, + [= queue a global task =] on the [= crypto task source =], + given |realm|'s global object, + to reject |promise| with the returned error; + and then [= terminate the algorithm =]. +
++ If the {{Algorithm/name}} member of + |normalizedAlgorithm| is not equal to the + {{KeyAlgorithm/name}} attribute of the + {{CryptoKey/[[algorithm]]}} internal slot of + |key| then [= exception/throw =] an {{InvalidAccessError}}. +
++ If the {{CryptoKey/[[usages]]}} internal slot of + |key| does not contain an entry that is "`verify`", then [= exception/throw =] an {{InvalidAccessError}}. +
++ Let |result| be the result of performing the verifyDigest operation + specified by |normalizedAlgorithm| using |key|, + |algorithm| and + |signature| and with |data| as |digest|. +
++ [= Queue a global task =] on the [= crypto task source =], + given |realm|'s global object, to perform the remaining steps. +
++ Resolve |promise| with + |result|. +
+@@ -3118,6 +3345,8 @@
The {{SubtleCrypto/verify}} method requires the verify operation.
The {{SubtleCrypto/signDigest}} method requires the signDigest operation.
+The {{SubtleCrypto/verifyDigest}} method requires the verifyDigest operation.
+The {{SubtleCrypto/generateKey}} method requires the generateKey operation.
+ If the {{CryptoKey/[[type]]}} internal slot of + |key| is not {{KeyType/"private"}}, then [= exception/throw =] an {{InvalidAccessError}}. +
++ If the [= byte sequence/length =] of |digest| is not equal to + the digest length of the hash function identified by the + {{RsaHashedKeyAlgorithm/hash}} attribute of the + {{CryptoKey/[[algorithm]]}} internal slot of |key|, + then [= exception/throw =] an {{OperationError}}. +
++ Perform the signature generation operation defined in Section 8.2 of [[RFC3447]] with the key represented by the {{CryptoKey/[[handle]]}} internal slot of |key| + as the signer's private key and |digest| as + the digest for the EMSA-PKCS1-v1_5 encoding method, and using the hash function specified in the {{RsaHashedKeyAlgorithm/hash}} attribute of the {{CryptoKey/[[algorithm]]}} internal slot of + |key| as the Hash option for identifying the hash in the DigestInfo encoding. +
++ If performing the operation results in an error, + then [= exception/throw =] an + {{OperationError}}. +
++ Let |signature| be the value |S| that results from + performing the operation. +
++ Return |signature|. +
++ If the {{CryptoKey/[[type]]}} internal slot of + |key| is not "`public`", then [= exception/throw =] an {{InvalidAccessError}}. +
++ If the [= byte sequence/length =] of |digest| is not equal to + the digest length of the hash function identified by the + {{RsaHashedKeyAlgorithm/hash}} attribute of the + {{CryptoKey/[[algorithm]]}} internal slot of |key|, + then return false. +
++ Perform the signature verification operation defined in Section 8.2 of + [[RFC3447]] with the key represented by the + {{CryptoKey/[[handle]]}} internal slot of + |key| as the signer's RSA public key and |digest| as + the digest for the EMSA-PKCS1-v1_5 encoding method and + |signature| as |S| and using the hash function specified + in the {{RsaHashedKeyAlgorithm/hash}} attribute of the + {{CryptoKey/[[algorithm]]}} internal slot of + |key| as the Hash option for identifying the hash in the DigestInfo encoding. +
++ Let |result| be a boolean with value true if the + result of the operation was "valid signature" and the value + false otherwise. +
+Return |result|.
++ If the {{CryptoKey/[[type]]}} internal slot of + |key| is not {{KeyType/"private"}}, then [= exception/throw =] an {{InvalidAccessError}}. +
++ Perform the signature generation operation defined in Section 8.1 of [[RFC3447]] with the key represented by the {{CryptoKey/[[handle]]}} internal slot of |key| + as the signer's private key, |K|, and |message| as + the message to be signed, |M|, and using the hash function specified + by the {{RsaHashedKeyAlgorithm/hash}} attribute of the + {{CryptoKey/[[algorithm]]}} internal slot of + |key| as the Hash option, MGF1 (defined in Section B.2.1 of [[RFC3447]]) as the MGF option and the saltLength member of + |normalizedAlgorithm| as the salt length option for the + EMSA-PSS-ENCODE operation. +
++ If performing the operation results in an error, + then [= exception/throw =] an + {{OperationError}}. +
++ Let |signature| be the + signature, S, that results from performing the operation. +
++ Return |signature|. +
++ If the {{CryptoKey/[[type]]}} internal slot of + |key| is not "`public`", then [= exception/throw =] an {{InvalidAccessError}}. +
++ Perform the signature verification operation defined in Section 8.1 of + [[RFC3447]] with the key represented by the + {{CryptoKey/[[handle]]}} internal slot of + |key| as the signer's RSA public key and |message| as + |M| and + |signature| as |S| and using the hash function specified + by the {{RsaHashedKeyAlgorithm/hash}} attribute of the + {{CryptoKey/[[algorithm]]}} internal slot of + |key| as the Hash option, MGF1 (defined in Section B.2.1 of [[RFC3447]]) as the MGF option and the saltLength member of + |normalizedAlgorithm| as the salt length option for the + EMSA-PSS-VERIFY operation. +
++ Let |result| be a boolean with the value true if the + result of the operation was "valid signature" and the value + false otherwise. +
+Return |result|.
++ If the [= byte sequence/length =] of |digest| is not equal to + the digest length of the hash function identified by the + {{RsaHashedKeyAlgorithm/hash}} attribute of the + {{CryptoKey/[[algorithm]]}} internal slot of |key|, + then [= exception/throw =] an {{OperationError}}. +
+Perform the signature generation operation defined in Section 8.1 of [[RFC3447]] with the key represented by the {{CryptoKey/[[handle]]}} internal slot of |key| - as the signer's private key, |K|, and |message| as - the message to be signed, |M|, and using the hash function specified + as the signer's private key, |K|, and |digest| as + the hash value for the EMSA-PSS-ENCODE operation, and using the hash function specified by the {{RsaHashedKeyAlgorithm/hash}} attribute of the {{CryptoKey/[[algorithm]]}} internal slot of |key| as the Hash option, MGF1 (defined in Section B.2.1 of [[RFC3447]]) as the MGF option and the saltLength member of @@ -5012,8 +5488,8 @@
+ If the [= byte sequence/length =] of |digest| is not equal to + the digest length of the hash function identified by the + {{RsaHashedKeyAlgorithm/hash}} attribute of the + {{CryptoKey/[[algorithm]]}} internal slot of |key|, + then return false. +
+Perform the signature verification operation defined in Section 8.1 of [[RFC3447]] with the key represented by the {{CryptoKey/[[handle]]}} internal slot of - |key| as the signer's RSA public key and |message| as - |M| and + |key| as the signer's RSA public key and |digest| as + the hash value for the EMSA-PSS-VERIFY operation and |signature| as |S| and using the hash function specified by the {{RsaHashedKeyAlgorithm/hash}} attribute of the {{CryptoKey/[[algorithm]]}} internal slot of @@ -5044,6 +5529,9 @@
Return |result|.
++ If the {{CryptoKey/[[type]]}} internal slot of + |key| is not {{KeyType/"private"}}, then [= exception/throw =] an {{InvalidAccessError}}. +
++ Let |hashAlgorithm| be the {{EcdsaParams/hash}} + member of |normalizedAlgorithm|. +
++ If the [= byte sequence/length =] of |digest| is not equal to + the digest length of the hash function identified by + |hashAlgorithm|, + then [= exception/throw =] an {{OperationError}}. +
++ Let |M| be |digest|. +
++ Let |d| be the ECDSA private key associated with |key|. +
++ Let |params| be the EC domain parameters associated with + |key|. +
++ Perform the ECDSA signing process, as specified in [[RFC6090]], + Section 5.4.2, with |M| as the message, using |params| as the + EC domain parameters, and with |d| as the private key. +
++ Let |r| and |s| be the pair of integers resulting from + performing the ECDSA signing process. +
++ Let |result| be an empty [= byte sequence =]. +
++ Let |n| be the smallest integer such that |n| * 8 is greater than + the logarithm to base 2 of the order of the base point of the elliptic curve identified + by |params|. +
++ Convert |r| to a byte sequence of + length |n| and append it to |result|. +
++ Convert |s| to a byte sequence of + length |n| and append it to |result|. +
++ Perform the [= ECDSA signature steps =] + specified in that specification, passing in |M|, |params| + and |d| and resulting in |result|. +
++ Return |result|. +
++ If the {{CryptoKey/[[type]]}} internal slot of + |key| is not "`public`", then [= exception/throw =] an {{InvalidAccessError}}. +
++ Let |hashAlgorithm| be the {{EcdsaParams/hash}} + member of + |normalizedAlgorithm|. +
++ If the [= byte sequence/length =] of |digest| is not equal to + the digest length of the hash function identified by + |hashAlgorithm|, + then return false. +
++ Let |M| be |digest|. +
++ Let |Q| be the ECDSA public key associated with |key|. +
++ Let |params| be the EC domain parameters associated with + |key|. +
++ Let |n| be the smallest integer such that |n| * 8 is greater than + the logarithm to base 2 of the order of the base point of the elliptic curve identified + by |params|. +
++ If |signature| does not have a [= byte sequence/length =] of |n| * 2 bytes, + then return false. +
++ Let |r| be the result of + converting the first |n| bytes of |signature| to an integer. +
++ Let |s| be the result of + converting the last |n| bytes of |signature| to an integer. +
++ Perform the ECDSA verifying process, as specified in [[RFC6090]], Section 5.4.3, with |M| as the received + message, (|r|, |s|) as the signature and using + |params| as the EC domain parameters, and + |Q| as the public key. +
++ Perform the [= ECDSA verification steps =] + specified in that specification passing in |M|, |signature|, + |params| and |Q| and resulting in an indication of whether + or not the purported signature is valid. +
++ Let |result| be a boolean with the value `true` if the signature is valid + and the value `false` otherwise. +
++ Return |result|. +
+