From 63e211db589c5d260a10bd52a4a948e64eca11ff Mon Sep 17 00:00:00 2001 From: Daniel Huigens Date: Tue, 7 Jan 2025 18:41:10 +0100 Subject: [PATCH 1/7] Refer to byte sequences rather than octet strings --- spec/Overview.html | 121 ++++++++++++++++++++++----------------------- 1 file changed, 60 insertions(+), 61 deletions(-) diff --git a/spec/Overview.html b/spec/Overview.html index d1a1984..70f742e 100644 --- a/spec/Overview.html +++ b/spec/Overview.html @@ -612,24 +612,22 @@

Terminology

{{BufferSource}} are defined in [[WEBIDL]].

- An octet string is an ordered sequence of zero or more - integers, each in the range 0 to 255 inclusive. + The term [= byte sequence =] is defined in [[Infra]].

- An octet string containing a bit string |b| is the - [= octet string =] obtained by first appending zero or more + A byte sequence containing a bit string |b| is the + [= byte sequence =] obtained by first appending zero or more bits of value zero to |b| such that the length of the resulting bit string is minimal and an integer multiple of 8 - and then considering each consecutive sequence of 8 bits in that string as a binary integer, most significant - bit first. + and then considering each consecutive sequence of 8 bits in that string as a byte.

- When this specification says to convert a non-negative - integer |i| to an octet string of length |n|, where |n| * 8 + When this specification says to convert a non-negative + integer |i| to a byte sequence of length |n|, where |n| * 8 is greater than the logarithm to base 2 of |i|, the user agent must first calculate the binary representation of |i|, most significant bit first, prefix this with sufficient zero bits to form a bit string of length |n| * 8, and - then return the [= octet string =] formed by considering each consecutive - sequence of 8 bits in that bit string as a binary integer, most significant bit first. + then return the [= byte sequence =] formed by considering each consecutive + sequence of 8 bits in that bit string as a byte.

Comparing two strings in a case-sensitive @@ -3860,7 +3858,7 @@

Registration

sign None - [= octet string =] + [= byte sequence =] verify @@ -4929,7 +4927,7 @@

Registration

sign {{RsaPssParams}} - [= octet string =] + [= byte sequence =] verify @@ -5944,12 +5942,12 @@

Registration

encrypt {{RsaOaepParams}} - [= octet string =] + [= byte sequence =] decrypt {{RsaOaepParams}} - [= octet string =] + [= byte sequence =] generateKey @@ -5996,7 +5994,7 @@

Operations

  • Let |label| be the {{RsaOaepParams/label}} member of - |normalizedAlgorithm| or the empty octet string if the + |normalizedAlgorithm| or the empty byte sequence if the {{RsaOaepParams/label}} member of |normalizedAlgorithm| is not present.

    @@ -6047,7 +6045,7 @@

    Operations

  • Let |label| be the {{RsaOaepParams/label}} member of - |normalizedAlgorithm| or the empty octet string if the + |normalizedAlgorithm| or the empty byte sequence if the {{RsaOaepParams/label}} member of |normalizedAlgorithm| is not present.

    @@ -6988,7 +6986,7 @@

    Registration

    sign {{EcdsaParams}} - [= octet string =] + [= byte sequence =] verify @@ -7142,14 +7140,14 @@

    Operations

  • - Convert |r| to an octet string of - length |n| and append this sequence of bytes to |result|. + Convert |r| to a byte sequence of + length |n| and append it to |result|.

  • - Convert |s| to an octet string of - length |n| and append this sequence of bytes to |result|. + Convert |s| to a byte sequence of + length |n| and append it to |result|.

    • @@ -8260,7 +8258,7 @@

    Operations

    Let |keyData| be the - [= octet string =] that + [= byte sequence =] that represents the Elliptic Curve public key represented by the {{CryptoKey/[[handle]]}} internal slot of |key| according to the encoding rules specified in Section 2.2 of [[RFC5480]] and using the @@ -8651,7 +8649,7 @@

    Operations

    - Let |data| be an [= octet string =] representing the Elliptic Curve + Let |data| be a [= byte sequence =] representing the Elliptic Curve point |Q| represented by {{CryptoKey/[[handle]]}} internal slot of |key| according to [[SEC1]] 2.3.3 using the uncompressed format.

    @@ -8739,7 +8737,7 @@

    Registration

    deriveBits {{EcdhKeyDeriveParams}} - [= octet string =] + [= byte sequence =] importKey @@ -8985,8 +8983,9 @@

    Operations

  • - Let |secret| be the result of applying the field element to - [= octet string =] conversion defined in Section + Let |secret| be a [= byte sequence =] containing + the result of applying the field element to + octet string conversion defined in Section 6.2 of [[RFC6090]] to the output of the ECDH primitive.

    @@ -9040,7 +9039,7 @@

    Operations

    • Otherwise:
    - Return an [= octet string containing =] the first |length| bits of |secret|. + Return a [= byte sequence containing =] the first |length| bits of |secret|.
    @@ -9838,7 +9837,7 @@

    Operations

    - Let |keyData| be the [= octet string =] that + Let |keyData| be the [= byte sequence =] that represents the Elliptic Curve public key represented by the {{CryptoKey/[[handle]]}} internal slot of |key| according to the encoding rules specified in Section 2.3.3 of [[SEC1]] and using the @@ -10220,7 +10219,7 @@

    Operations

    - Let |data| be the [= octet string =] that + Let |data| be the [= byte sequence =] that represents the Elliptic Curve public key represented by the {{CryptoKey/[[handle]]}} internal slot of |key| according to the encoding rules specified in Section 2.3.3 of [[SEC1]] and using the @@ -10289,7 +10288,7 @@

    Registration

    sign None - [= octet string =] + [= byte sequence =] verify @@ -11089,7 +11088,7 @@

    Operations

  • - Let |data| be an [= octet string =] representing the Ed25519 + Let |data| be a [= byte sequence =] representing the Ed25519 public key represented by the {{CryptoKey/[[handle]]}} internal slot of |key|.

    @@ -11149,7 +11148,7 @@

    Registration

    deriveBits {{EcdhKeyDeriveParams}} - [= octet string =] + [= byte sequence =] generateKey @@ -11235,7 +11234,7 @@

    Operations

    • Otherwise:
    - Return an [= octet string containing =] the first |length| bits of |secret|. + Return a [= byte sequence containing =] the first |length| bits of |secret|.
    @@ -11923,7 +11922,7 @@

    Operations

  • - Let |data| be an [= octet string =] representing the X25519 + Let |data| be a [= byte sequence =] representing the X25519 public key represented by the {{CryptoKey/[[handle]]}} internal slot of |key|.

    @@ -11983,12 +11982,12 @@

    Registration

    encrypt {{AesCtrParams}} - [= octet string =] + [= byte sequence =] decrypt {{AesCtrParams}} - [= octet string =] + [= byte sequence =] generateKey @@ -12254,7 +12253,7 @@

    Operations

    1. - Let |data| be the [= octet string =] contained in |keyData|. + Let |data| be the [= byte sequence =] contained in |keyData|.

    2. @@ -12295,7 +12294,7 @@

      Operations

    3. - Let |data| be the [= octet string =] obtained by decoding the + Let |data| be the [= byte sequence =] obtained by decoding the {{JsonWebKey/k}} field of |jwk|.

      4. @@ -12559,12 +12558,12 @@

      Registration

      encrypt {{AesCbcParams}} - [= octet string =] + [= byte sequence =] decrypt {{AesCbcParams}} - [= octet string =] + [= byte sequence =] generateKey @@ -12796,7 +12795,7 @@

      Operations

      1. - Let |data| be the [= octet string =] contained in |keyData|. + Let |data| be the [= byte sequence =] contained in |keyData|.

      2. @@ -12837,7 +12836,7 @@

        Operations

      3. - Let |data| be the [= octet string =] obtained by decoding the + Let |data| be the [= byte sequence =] obtained by decoding the {{JsonWebKey/k}} field of |jwk|.

        4. @@ -13091,12 +13090,12 @@

        Registration

        encrypt {{AesGcmParams}} - [= octet string =] + [= byte sequence =] decrypt {{AesGcmParams}} - [= octet string =] + [= byte sequence =] generateKey @@ -13186,8 +13185,8 @@

        Operations

      4. Let |additionalData| be the {{AesGcmParams/additionalData}} member of - |normalizedAlgorithm| if present or the empty octet - string otherwise. + |normalizedAlgorithm| if present or an empty [= byte sequence =] + otherwise.

      5. @@ -13275,8 +13274,8 @@

        Operations

      6. Let |additionalData| be the {{AesGcmParams/additionalData}} member of - |normalizedAlgorithm| if present or the empty octet - string otherwise. + |normalizedAlgorithm| if present or an empty [= byte sequence =] + otherwise.

      7. @@ -13422,7 +13421,7 @@

        Operations

        1. - Let |data| be the [= octet string =] contained in |keyData|. + Let |data| be the [= byte sequence =] contained in |keyData|.

        2. @@ -13463,7 +13462,7 @@

          Operations

        3. - Let |data| be the [= octet string =] obtained by decoding the + Let |data| be the [= byte sequence =] obtained by decoding the {{JsonWebKey/k}} field of |jwk|.

          4. @@ -13719,12 +13718,12 @@

          Registration

          wrapKey None - [= octet string =] + [= byte sequence =] unwrapKey None - [= octet string =] + [= byte sequence =] generateKey @@ -13908,7 +13907,7 @@

          Operations

          1. - Let |data| be the [= octet string =] contained in |keyData|. + Let |data| be the [= byte sequence =] contained in |keyData|.

          2. @@ -13950,7 +13949,7 @@

            Operations

          3. - Let |data| be the [= octet string =] obtained by decoding the + Let |data| be the [= byte sequence =] obtained by decoding the {{JsonWebKey/k}} field of |jwk|.

            4. @@ -14212,7 +14211,7 @@

            Registration

            sign None - [= octet string =] + [= byte sequence =] verify @@ -14468,7 +14467,7 @@

            Operations

            1. - Let |data| be the [= octet string =] contained in |keyData|. + Let |data| be the [= byte sequence =] contained in |keyData|.

            2. @@ -14508,7 +14507,7 @@

              Operations

            3. - Let |data| be the [= octet string =] obtained by decoding the + Let |data| be the [= byte sequence =] obtained by decoding the {{JsonWebKey/k}} field of |jwk|.

              4. @@ -14731,7 +14730,7 @@

              Operations

            4. - Let |data| be an [= octet string containing =] |bits|. + Let |data| be a [= byte sequence containing =] |bits|.

            5. @@ -14932,7 +14931,7 @@

              Registration

              digest None - [= octet string =] + [= byte sequence =] @@ -15037,7 +15036,7 @@

              Registration

              deriveBits {{HkdfParams}} - [= octet string =] + [= byte sequence =] importKey @@ -15258,7 +15257,7 @@

              Registration

              deriveBits {{Pbkdf2Params}} - [= octet string =] + [= byte sequence =] importKey From 2c0acc41a481eaa8bb188870002fe4669031d153 Mon Sep 17 00:00:00 2001 From: Daniel Huigens Date: Tue, 7 Jan 2025 19:35:46 +0100 Subject: [PATCH 2/7] Remove superfluous mentions of "the byte sequence contained in" a byte sequence --- spec/Overview.html | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/spec/Overview.html b/spec/Overview.html index 70f742e..5fface2 100644 --- a/spec/Overview.html +++ b/spec/Overview.html @@ -12253,7 +12253,7 @@

              Operations

              1. - Let |data| be the [= byte sequence =] contained in |keyData|. + Let |data| be |keyData|.

              2. @@ -12795,7 +12795,7 @@

                Operations

                1. - Let |data| be the [= byte sequence =] contained in |keyData|. + Let |data| be |keyData|.

                2. @@ -13421,7 +13421,7 @@

                  Operations

                  1. - Let |data| be the [= byte sequence =] contained in |keyData|. + Let |data| be |keyData|.

                  2. @@ -13907,13 +13907,12 @@

                    Operations

                    1. - Let |data| be the [= byte sequence =] contained in |keyData|. + Let |data| be |keyData|.

                    2. If the length in bits of |data| is not 128, 192 or 256 - then [= exception/throw =] a {{DataError}}.

                      @@ -14467,7 +14466,7 @@

                      Operations

                      1. - Let |data| be the [= byte sequence =] contained in |keyData|. + Let |data| be |keyData|.

                      2. From 7fdee33f59a52d198e31da12a29e3c56367a4799 Mon Sep 17 00:00:00 2001 From: Daniel Huigens Date: Tue, 7 Jan 2025 19:59:02 +0100 Subject: [PATCH 3/7] Explicitly return byte sequences in export key operations --- spec/Overview.html | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/spec/Overview.html b/spec/Overview.html index 5fface2..400596d 100644 --- a/spec/Overview.html +++ b/spec/Overview.html @@ -12415,7 +12415,8 @@

                        Operations

                        1. - Let |data| be the raw octets of the key represented by {{CryptoKey/[[handle]]}} internal slot of + Let |data| be a [= byte sequence =] containing + the raw octets of the key represented by {{CryptoKey/[[handle]]}} internal slot of |key|.

                          2. @@ -12958,7 +12959,8 @@

                          Operations

                          1. - Let |data| be the raw octets of the key represented by {{CryptoKey/[[handle]]}} internal slot of + Let |data| be a [= byte sequence =] containing + the raw octets of the key represented by {{CryptoKey/[[handle]]}} internal slot of |key|.

                            2. @@ -13584,7 +13586,8 @@

                            Operations

                            1. - Let |data| be the raw octets of the key represented by {{CryptoKey/[[handle]]}} internal slot of + Let |data| be a [= byte sequence =] containing + the raw octets of the key represented by {{CryptoKey/[[handle]]}} internal slot of |key|.

                              2. @@ -14069,7 +14072,8 @@

                              Operations

                              1. - Let |data| be the raw octets of the key represented by {{CryptoKey/[[handle]]}} internal slot of + Let |data| be a [= byte sequence =] containing + the raw octets of the key represented by {{CryptoKey/[[handle]]}} internal slot of |key|.

                                2. From f12defbc02a28a03f5a844ee5e5361e3a0fdc751 Mon Sep 17 00:00:00 2001 From: Daniel Huigens Date: Tue, 7 Jan 2025 20:10:02 +0100 Subject: [PATCH 4/7] Rename "bit string" to "bit sequence" --- spec/Overview.html | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/spec/Overview.html b/spec/Overview.html index 400596d..ad3b6db 100644 --- a/spec/Overview.html +++ b/spec/Overview.html @@ -615,9 +615,9 @@

                                Terminology

                                The term [= byte sequence =] is defined in [[Infra]].

                                - A byte sequence containing a bit string |b| is the + A byte sequence containing a bit sequence |b| is the [= byte sequence =] obtained by first appending zero or more - bits of value zero to |b| such that the length of the resulting bit string is minimal and an integer multiple of 8 + bits of value zero to |b| such that the length of the resulting bit sequence is minimal and an integer multiple of 8 and then considering each consecutive sequence of 8 bits in that string as a byte.

                                @@ -625,9 +625,9 @@

                                Terminology

                                integer |i| to a byte sequence of length |n|, where |n| * 8 is greater than the logarithm to base 2 of |i|, the user agent must first calculate the binary representation of |i|, most significant bit first, - prefix this with sufficient zero bits to form a bit string of length |n| * 8, and + prefix this with sufficient zero bits to form a bit sequence of length |n| * 8, and then return the [= byte sequence =] formed by considering each consecutive - sequence of 8 bits in that bit string as a byte. + sequence of 8 bits in that bit sequence as a byte.

                                Comparing two strings in a case-sensitive @@ -15064,8 +15064,8 @@

                                HkdfParams dictionary

                                };

                                The hash member represents the algorithm to use with HMAC (e.g.: SHA-256).

                                -

                                The salt member represents a bit string that corresponds to the salt used in the extract step.

                                -

                                The info member represents a bit string that corresponds to the context and application specific context for the derived keying material.

                                +

                                The salt member represents the salt used in the extract step.

                                +

                                The info member represents application specific context for the derived keying material.

                                Operations

                                From 5c9076d1e8a02ec25cf8a583fb0d9fc0ee646c1f Mon Sep 17 00:00:00 2001 From: Daniel Huigens Date: Tue, 7 Jan 2025 20:09:48 +0100 Subject: [PATCH 5/7] Fix "represented by [[handle]] internal slot" typos --- spec/Overview.html | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/spec/Overview.html b/spec/Overview.html index ad3b6db..30e2315 100644 --- a/spec/Overview.html +++ b/spec/Overview.html @@ -8650,7 +8650,7 @@

                                Operations

                                Let |data| be a [= byte sequence =] representing the Elliptic Curve - point |Q| represented by {{CryptoKey/[[handle]]}} internal slot of + point |Q| represented by the {{CryptoKey/[[handle]]}} internal slot of |key| according to [[SEC1]] 2.3.3 using the uncompressed format.

                                @@ -12416,7 +12416,7 @@

                                Operations

                              2. Let |data| be a [= byte sequence =] containing - the raw octets of the key represented by {{CryptoKey/[[handle]]}} internal slot of + the raw octets of the key represented by the {{CryptoKey/[[handle]]}} internal slot of |key|.

                                3. @@ -12445,7 +12445,7 @@

                                Operations

                              3. Set the {{JsonWebKey/k}} attribute of |jwk| to be a string - containing the raw octets of the key represented by {{CryptoKey/[[handle]]}} internal slot of + containing the raw octets of the key represented by the {{CryptoKey/[[handle]]}} internal slot of |key|, encoded according to Section 6.4 of JSON Web Algorithms [[JWA]].

                                4. @@ -12960,7 +12960,7 @@

                                Operations

                              4. Let |data| be a [= byte sequence =] containing - the raw octets of the key represented by {{CryptoKey/[[handle]]}} internal slot of + the raw octets of the key represented by the {{CryptoKey/[[handle]]}} internal slot of |key|.

                                5. @@ -12986,7 +12986,7 @@

                                Operations

                              5. Set the {{JsonWebKey/k}} attribute of |jwk| to be a string - containing the raw octets of the key represented by {{CryptoKey/[[handle]]}} internal slot of + containing the raw octets of the key represented by the {{CryptoKey/[[handle]]}} internal slot of |key|, encoded according to Section 6.4 of JSON Web Algorithms [[JWA]].

                                6. @@ -13587,7 +13587,7 @@

                                Operations

                              6. Let |data| be a [= byte sequence =] containing - the raw octets of the key represented by {{CryptoKey/[[handle]]}} internal slot of + the raw octets of the key represented by the {{CryptoKey/[[handle]]}} internal slot of |key|.

                                7. @@ -13616,7 +13616,7 @@

                                Operations

                              7. Set the {{JsonWebKey/k}} attribute of |jwk| to be a string - containing the raw octets of the key represented by {{CryptoKey/[[handle]]}} internal slot of + containing the raw octets of the key represented by the {{CryptoKey/[[handle]]}} internal slot of |key|, encoded according to Section 6.4 of JSON Web Algorithms [[JWA]].

                                8. @@ -14073,7 +14073,7 @@

                                Operations

                              8. Let |data| be a [= byte sequence =] containing - the raw octets of the key represented by {{CryptoKey/[[handle]]}} internal slot of + the raw octets of the key represented by the {{CryptoKey/[[handle]]}} internal slot of |key|.

                                9. @@ -14102,7 +14102,7 @@

                                Operations

                              9. Set the {{JsonWebKey/k}} attribute of |jwk| to be a string - containing the raw octets of the key represented by {{CryptoKey/[[handle]]}} internal slot of + containing the raw octets of the key represented by the {{CryptoKey/[[handle]]}} internal slot of |key|, encoded according to Section 6.4 of JSON Web Algorithms [[JWA]].

                                10. @@ -14287,7 +14287,7 @@

                                Operations

                                Let |mac| be the result of performing the MAC Generation operation described in Section 4 of [[FIPS-198-1]] using - the key represented by {{CryptoKey/[[handle]]}} + the key represented by the {{CryptoKey/[[handle]]}} internal slot of |key|, the hash function identified by the {{HmacKeyAlgorithm/hash}} attribute of the {{CryptoKey/[[algorithm]]}} internal slot of |key| and |message| as the input data |text|.

                                @@ -14306,7 +14306,7 @@

                                Operations

                                Let |mac| be the result of performing the MAC Generation operation described in Section 4 of [[FIPS-198-1]] using - the key represented by {{CryptoKey/[[handle]]}} + the key represented by the {{CryptoKey/[[handle]]}} internal slot of |key|, the hash function identified by the {{HmacKeyAlgorithm/hash}} attribute of the {{CryptoKey/[[algorithm]]}} internal slot of |key| and |message| as the input data |text|.

                                @@ -14727,7 +14727,7 @@

                                Operations

                              10. - Let |bits| be the raw bits of the key represented by {{CryptoKey/[[handle]]}} internal slot of + Let |bits| be the raw bits of the key represented by the {{CryptoKey/[[handle]]}} internal slot of |key|.

                                11. @@ -15080,7 +15080,7 @@

                                Operations

                              11. - Let |keyDerivationKey| be the secret represented by {{CryptoKey/[[handle]]}} internal slot of |key|. + Let |keyDerivationKey| be the secret represented by the {{CryptoKey/[[handle]]}} internal slot of |key|.

                              12. @@ -15320,7 +15320,7 @@

                                Operations

                                Let |result| be the result of performing the PBKDF2 operation defined in Section 5.2 of [[RFC8018]] using |prf| as the - pseudo-random function, |PRF|, the password represented by {{CryptoKey/[[handle]]}} internal slot of |key| + pseudo-random function, |PRF|, the password represented by the {{CryptoKey/[[handle]]}} internal slot of |key| as the password, |P|, the {{Pbkdf2Params/salt}} attribute of |normalizedAlgorithm| as the salt, |S|, the value of the {{Pbkdf2Params/iterations}} attribute of From f3bf2c3a767480a6e8fcce9435eb1700ab134f4c Mon Sep 17 00:00:00 2001 From: Daniel Huigens Date: Tue, 7 Jan 2025 20:27:47 +0100 Subject: [PATCH 6/7] Properly define the length in bits of a byte sequence --- spec/Overview.html | 44 ++++++++++++++++++++++++-------------------- 1 file changed, 24 insertions(+), 20 deletions(-) diff --git a/spec/Overview.html b/spec/Overview.html index 30e2315..ab2e248 100644 --- a/spec/Overview.html +++ b/spec/Overview.html @@ -614,6 +614,10 @@

                                Terminology

                                The term [= byte sequence =] is defined in [[Infra]].

                                +

                                + The length in bits of a [= byte sequence =] + is its [= byte sequence/length =] multiplied by 8. +

                                A byte sequence containing a bit sequence |b| is the [= byte sequence =] obtained by first appending zero or more @@ -9030,7 +9034,7 @@

                                Operations

                                - If the length of |secret| in bits is less than + If the [= length in bits =] of |secret| is less than |length|:
                                @@ -12258,7 +12262,7 @@

                                Operations

                              13. - If the length in bits of |data| is not 128, 192 or 256 + If the [= length in bits =] of |data| is not 128, 192 or 256 then [= exception/throw =] a {{DataError}}.

                                @@ -12300,17 +12304,17 @@

                                Operations

                              14. -
                                If |data| has length 128 bits:
                                +
                                If the [= length in bits =] of |data| is 128:
                                If the {{JsonWebKey/alg}} field of |jwk| is present, and is not "`A128CTR`", then [= exception/throw =] a {{DataError}}.
                                -
                                If |data| has length 192 bits:
                                +
                                If the [= length in bits =] of |data| is 192:
                                If the {{JsonWebKey/alg}} field of |jwk| is present, and is not "`A192CTR`", then [= exception/throw =] a {{DataError}}.
                                -
                                If |data| has length 256 bits:
                                +
                                If the [= length in bits =] of |data| is 256:
                                If the {{JsonWebKey/alg}} field of |jwk| is present, and is not "`A256CTR`", then [= exception/throw =] a {{DataError}}. @@ -12801,7 +12805,7 @@

                                Operations

                              15. - If the length in bits of |data| is not 128, 192 or 256 + If the [= length in bits =] of |data| is not 128, 192 or 256 then [= exception/throw =] a {{DataError}}.

                                @@ -12843,17 +12847,17 @@

                                Operations

                              16. -
                                If |data| has length 128 bits:
                                +
                                If the [= length in bits =] of |data| is 128:
                                If the {{JsonWebKey/alg}} field of |jwk| is present, and is not "`A128CBC`", then [= exception/throw =] a {{DataError}}.
                                -
                                If |data| has length 192 bits:
                                +
                                If the [= length in bits =] of |data| is 192:
                                If the {{JsonWebKey/alg}} field of |jwk| is present, and is not "`A192CBC`", then [= exception/throw =] a {{DataError}}.
                                -
                                If |data| has length 256 bits:
                                +
                                If the [= length in bits =] of |data| is 256:
                                If the {{JsonWebKey/alg}} field of |jwk| is present, and is not "`A256CBC`", then [= exception/throw =] a @@ -13237,7 +13241,7 @@

                                Operations

                              17. - If |ciphertext| has a length less than |tagLength| bits, + If |ciphertext| has a [= length in bits =] less than |tagLength|, then [= exception/throw =] an {{OperationError}}.

                                @@ -13428,7 +13432,7 @@

                                Operations

                              18. - If the length in bits of |data| is not 128, 192 or 256 + If the [= length in bits =] of |data| is not 128, 192 or 256 then [= exception/throw =] a {{DataError}}.

                                @@ -13470,17 +13474,17 @@

                                Operations

                              19. -
                                If |data| has length 128 bits:
                                +
                                If the [= length in bits =] of |data| is 128:
                                If the {{JsonWebKey/alg}} field of |jwk| is present, and is not "`A128GCM`", then [= exception/throw =] a {{DataError}}.
                                -
                                If |data| has length 192 bits:
                                +
                                If the [= length in bits =] of |data| is 192:
                                If the {{JsonWebKey/alg}} field of |jwk| is present, and is not "`A192GCM`", then [= exception/throw =] a {{DataError}}.
                                -
                                If |data| has length 256 bits:
                                +
                                If the [= length in bits =] of |data| is 256:
                                If the {{JsonWebKey/alg}} field of |jwk| is present, and is not "`A256GCM`", then [= exception/throw =] a @@ -13915,7 +13919,7 @@

                                Operations

                              20. - If the length in bits of |data| is not 128, 192 or 256 + If the [= length in bits =] of |data| is not 128, 192 or 256 then [= exception/throw =] a {{DataError}}.

                                @@ -13957,17 +13961,17 @@

                                Operations

                              21. -
                                If |data| has length 128 bits:
                                +
                                If the [= length in bits =] of |data| is 128:
                                If the {{JsonWebKey/alg}} field of |jwk| is present, and is not "`A128KW`", then [= exception/throw =] a {{DataError}}.
                                -
                                If |data| has length 192 bits:
                                +
                                If the [= length in bits =] of |data| is 192:
                                If the {{JsonWebKey/alg}} field of |jwk| is present, and is not "`A192KW`", then [= exception/throw =] a {{DataError}}.
                                -
                                If |data| has length 256 bits:
                                +
                                If the [= length in bits =] of |data| is 256:
                                If the {{JsonWebKey/alg}} field of |jwk| is present, and is not "`A256KW`", then [= exception/throw =] a @@ -14619,8 +14623,8 @@

                                Operations

                              22. - Let |length| be equivalent to the length, in octets, of - |data|, multiplied by 8. + Let |length| be the [= length in bits =] of + |data|.

                              23. From 071f8b99e6c91aafdd6f528c35d7da799072b6db Mon Sep 17 00:00:00 2001 From: Daniel Huigens Date: Tue, 7 Jan 2025 20:30:57 +0100 Subject: [PATCH 7/7] Link to byte sequence/length where appropriate --- spec/Overview.html | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/spec/Overview.html b/spec/Overview.html index ab2e248..8d88155 100644 --- a/spec/Overview.html +++ b/spec/Overview.html @@ -12070,8 +12070,8 @@

                                Operations

                              24. If the {{AesCtrParams/counter}} member of - |normalizedAlgorithm| does not have length 16 - bytes, + |normalizedAlgorithm| does not have + a [= byte sequence/length =] of 16 bytes, then [= exception/throw =] an {{OperationError}}.

                                @@ -12110,8 +12110,8 @@

                                Operations

                              25. If the {{AesCtrParams/counter}} member of - |normalizedAlgorithm| does not have length 16 - bytes, + |normalizedAlgorithm| does not have + a [= byte sequence/length =] of 16 bytes, then [= exception/throw =] an {{OperationError}}.

                                @@ -12611,8 +12611,8 @@

                                Operations

                              26. If the {{AesCbcParams/iv}} member of - |normalizedAlgorithm| does not have length 16 - bytes, + |normalizedAlgorithm| does not have + a [= byte sequence/length =] of 16 bytes, then [= exception/throw =] an {{OperationError}}.

                                @@ -12647,8 +12647,8 @@

                                Operations

                              27. If the {{AesCbcParams/iv}} member of - |normalizedAlgorithm| does not have length 16 - bytes, + |normalizedAlgorithm| does not have + a [= byte sequence/length =] of 16 bytes, then [= exception/throw =] an {{OperationError}}.

                                @@ -13147,8 +13147,8 @@

                                Operations

                                1. - If |plaintext| has a length greater than 2^39 - 256 - bytes, + If |plaintext| has a [= byte sequence/length =] + greater than 2^39 - 256 bytes, then [= exception/throw =] an {{OperationError}}.

                                  @@ -13156,8 +13156,8 @@

                                  Operations

                                2. If the {{AesGcmParams/iv}} member of - |normalizedAlgorithm| has a length greater than 2^64 - 1 - bytes, + |normalizedAlgorithm| has a [= byte sequence/length =] + greater than 2^64 - 1 bytes, then [= exception/throw =] an {{OperationError}}.

                                  @@ -13165,7 +13165,8 @@

                                  Operations

                                3. If the {{AesGcmParams/additionalData}} member - of |normalizedAlgorithm| is present and has a length + of |normalizedAlgorithm| is present and has a + [= byte sequence/length =] greater than 2^64 - 1 bytes, then [= exception/throw =] an {{OperationError}}. @@ -13249,8 +13250,8 @@

                                  Operations

                                4. If the {{AesGcmParams/iv}} member of - |normalizedAlgorithm| has a length greater than 2^64 - 1 - bytes, + |normalizedAlgorithm| has a [= byte sequence/length =] + greater than 2^64 - 1 bytes, then [= exception/throw =] an {{OperationError}}.

                                  @@ -13258,9 +13259,9 @@

                                  Operations

                                5. If the {{AesGcmParams/additionalData}} member - of |normalizedAlgorithm| is present and has a length - greater than 2^64 - 1 - bytes, + of |normalizedAlgorithm| is present and has a + [= byte sequence/length =] + greater than 2^64 - 1 bytes, then [= exception/throw =] an {{OperationError}}.