1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
|
[NoInterfaceObject]
interface GlobalCrypto {
readonly attribute Crypto crypto;
};
//Window implements GlobalCrypto;
//WorkerGlobalScope implements GlobalCrypto;
[Exposed=(Window,Worker)]
interface Crypto {
readonly attribute SubtleCrypto subtle;
ArrayBufferView getRandomValues(ArrayBufferView array);
};
typedef (object or DOMString) AlgorithmIdentifier;
typedef AlgorithmIdentifier HashAlgorithmIdentifier;
dictionary Algorithm {
required DOMString name;
};
dictionary KeyAlgorithm {
required DOMString name;
};
enum KeyType { "public", "private", "secret" };
enum KeyUsage { "encrypt", "decrypt", "sign", "verify", "deriveKey", "deriveBits", "wrapKey", "unwrapKey" };
[Exposed=(Window,Worker)]
interface CryptoKey {
readonly attribute KeyType type;
readonly attribute boolean extractable;
readonly attribute object algorithm;
readonly attribute object usages;
};
enum KeyFormat { "raw", "spki", "pkcs8", "jwk" };
[Exposed=(Window,Worker)]
interface SubtleCrypto {
Promise<any> encrypt(AlgorithmIdentifier algorithm,
CryptoKey key,
BufferSource data);
Promise<any> decrypt(AlgorithmIdentifier algorithm,
CryptoKey key,
BufferSource data);
Promise<any> sign(AlgorithmIdentifier algorithm,
CryptoKey key,
BufferSource data);
Promise<any> verify(AlgorithmIdentifier algorithm,
CryptoKey key,
BufferSource signature,
BufferSource data);
Promise<any> digest(AlgorithmIdentifier algorithm,
BufferSource data);
Promise<any> generateKey(AlgorithmIdentifier algorithm,
boolean extractable,
sequence<KeyUsage> keyUsages );
Promise<any> deriveKey(AlgorithmIdentifier algorithm,
CryptoKey baseKey,
AlgorithmIdentifier derivedKeyType,
boolean extractable,
sequence<KeyUsage> keyUsages );
Promise<any> deriveBits(AlgorithmIdentifier algorithm,
CryptoKey baseKey,
unsigned long length);
Promise<any> importKey(KeyFormat format,
(BufferSource or JsonWebKey) keyData,
AlgorithmIdentifier algorithm,
boolean extractable,
sequence<KeyUsage> keyUsages );
Promise<any> exportKey(KeyFormat format, CryptoKey key);
Promise<any> wrapKey(KeyFormat format,
CryptoKey key,
CryptoKey wrappingKey,
AlgorithmIdentifier wrapAlgorithm);
Promise<any> unwrapKey(KeyFormat format,
BufferSource wrappedKey,
CryptoKey unwrappingKey,
AlgorithmIdentifier unwrapAlgorithm,
AlgorithmIdentifier unwrappedKeyAlgorithm,
boolean extractable,
sequence<KeyUsage> keyUsages );
};
dictionary RsaOtherPrimesInfo {
// The following fields are defined in Section 6.3.2.7 of JSON Web Algorithms
DOMString r;
DOMString d;
DOMString t;
};
dictionary JsonWebKey {
// The following fields are defined in Section 3.1 of JSON Web Key
DOMString kty;
DOMString use;
sequence<DOMString> key_ops;
DOMString alg;
// The following fields are defined in JSON Web Key Parameters Registration
boolean ext;
// The following fields are defined in Section 6 of JSON Web Algorithms
DOMString crv;
DOMString x;
DOMString y;
DOMString d;
DOMString n;
DOMString e;
DOMString p;
DOMString q;
DOMString dp;
DOMString dq;
DOMString qi;
sequence<RsaOtherPrimesInfo> oth;
DOMString k;
};
typedef Uint8Array BigInteger;
dictionary CryptoKeyPair {
CryptoKey publicKey;
CryptoKey privateKey;
};
dictionary RsaKeyGenParams : Algorithm {
// The length, in bits, of the RSA modulus
[EnforceRange] required unsigned long modulusLength;
// The RSA public exponent
required BigInteger publicExponent;
};
dictionary RsaHashedKeyGenParams : RsaKeyGenParams {
// The hash algorithm to use
required HashAlgorithmIdentifier hash;
};
dictionary RsaKeyAlgorithm : KeyAlgorithm {
// The length, in bits, of the RSA modulus
required unsigned long modulusLength;
// The RSA public exponent
required BigInteger publicExponent;
};
dictionary RsaHashedKeyAlgorithm : RsaKeyAlgorithm {
// The hash algorithm that is used with this key
required KeyAlgorithm hash;
};
dictionary RsaHashedImportParams {
// The hash algorithm to use
required HashAlgorithmIdentifier hash;
};
dictionary RsaPssParams : Algorithm {
// The desired length of the random salt
[EnforceRange] required unsigned long saltLength;
};
dictionary RsaOaepParams : Algorithm {
// The optional label/application data to associate with the message
BufferSource label;
};
dictionary EcdsaParams : Algorithm {
// The hash algorithm to use
required HashAlgorithmIdentifier hash;
};
typedef DOMString NamedCurve;
dictionary EcKeyGenParams : Algorithm {
// A named curve
required NamedCurve namedCurve;
};
dictionary EcKeyAlgorithm : KeyAlgorithm {
// The named curve that the key uses
required NamedCurve namedCurve;
};
dictionary EcKeyImportParams : Algorithm {
// A named curve
required NamedCurve namedCurve;
};
dictionary EcdhKeyDeriveParams : Algorithm {
// The peer's EC public key.
required CryptoKey public;
};
dictionary AesCtrParams : Algorithm {
// The initial value of the counter block. counter MUST be 16 bytes
// (the AES block size). The counter bits are the rightmost length
// bits of the counter block. The rest of the counter block is for
// the nonce. The counter bits are incremented using the standard
// incrementing function specified in NIST SP 800-38A Appendix B.1:
// the counter bits are interpreted as a big-endian integer and
// incremented by one.
required BufferSource counter;
// The length, in bits, of the rightmost part of the counter block
// that is incremented.
[EnforceRange] required octet length;
};
dictionary AesKeyAlgorithm : KeyAlgorithm {
// The length, in bits, of the key.
required unsigned short length;
};
dictionary AesKeyGenParams : Algorithm {
// The length, in bits, of the key.
[EnforceRange] required unsigned short length;
};
dictionary AesDerivedKeyParams : Algorithm {
// The length, in bits, of the key.
[EnforceRange] required unsigned short length;
};
dictionary AesCbcParams : Algorithm {
// The initialization vector. MUST be 16 bytes.
required BufferSource iv;
};
dictionary AesGcmParams : Algorithm {
// The initialization vector to use. May be up to 2^64-1 bytes long.
required BufferSource iv;
// The additional authentication data to include.
BufferSource additionalData;
// The desired length of the authentication tag. May be 0 - 128.
[EnforceRange] octet tagLength;
};
dictionary HmacImportParams : Algorithm {
// The inner hash function to use.
HashAlgorithmIdentifier hash;
// The length (in bits) of the key.
[EnforceRange] unsigned long length;
};
dictionary HmacKeyAlgorithm : KeyAlgorithm {
// The inner hash function to use.
required KeyAlgorithm hash;
// The length (in bits) of the key.
required unsigned long length;
};
dictionary HmacKeyGenParams : Algorithm {
// The inner hash function to use.
required HashAlgorithmIdentifier hash;
// The length (in bits) of the key to generate. If unspecified, the
// recommended length will be used, which is the size of the associated hash function's block
// size.
[EnforceRange] unsigned long length;
};
dictionary HkdfCtrParams : Algorithm {
// The algorithm to use with HMAC (e.g.: SHA-256)
required HashAlgorithmIdentifier hash;
// A bit string that corresponds to the label that identifies the purpose for the derived keying material.
required BufferSource label;
// A bit string that corresponds to the context of the key derivation, as described in Section 5 of [NIST SP800-108]
required BufferSource context;
};
dictionary Pbkdf2Params : Algorithm {
required BufferSource salt;
[EnforceRange] required unsigned long iterations;
required HashAlgorithmIdentifier hash;
};
|