Bugzilla – Bug 546
First cut at defining <keygen>. Affects parser, rendering, and form submission.
Last modified: 2009-05-27 14:39:10 CEST
Index: source =================================================================== --- source (revision 2959) +++ source (revision 2960) @@ -37662,6 +37662,317 @@ + <h4>The <dfn><code>keygen</code></dfn> element</h4> + + <dl class="element"> + <dt>Categories</dt> + <dd><span>Flow content</span>.</dd> + <dd><span>Phrasing content</span>.</dd> + <dd><span>Interactive content</span>.</dd> + <dd><span title="category-listed">Listed</span>, <span title="category-label">labelable</span>, <span title="category-submit">submittable</span>, and <span title="category-reset">resettable</span> <span>form-associated element</span>.</dd> + <dt>Contexts in which this element may be used:</dt> + <dd>Where <span>phrasing content</span> is expected.</dd> + <dt>Content model:</dt> + <dd>Empty.</dd> + <dt>Content attributes:</dt> + <dd><span>Global attributes</span></dd> + <dd><code title="attr-fe-autofocus">autofocus</code></dd> + <dd><code title="attr-keygen-challenge">challenge</code></dd> + <dd><code title="attr-fe-disabled">disabled</code></dd> + <dd><code title="attr-fae-form">form</code></dd> + <dd><code title="attr-keygen-keytype">keytype</code></dd> + <dd><code title="attr-fe-name">name</code></dd> + <dt>DOM interface:</dt> + <dd> +<pre class="idl">interface <dfn>HTMLKeygenElement</dfn> : <span>HTMLElement</span> { + attribute boolean <span title="dom-fe-autofocus">autofocus</span>; + attribute DOMString <span title="dom-keygen-challenge">challenge</span>; + attribute boolean <span title="dom-fe-disabled">disabled</span>; + readonly attribute <span>HTMLFormElement</span> <span title="dom-fae-form">form</span>; + attribute DOMString <span title="dom-keygen-keytype">keytype</span>; + attribute DOMString <span title="dom-fe-name">name</span>; + + readonly attribute DOMString <span title="dom-keygen-type">type</span>; + + readonly attribute boolean <span title="dom-cva-willValidate">willValidate</span>; + readonly attribute <span>ValidityState</span> <span title="dom-cva-validity">validity</span>; + readonly attribute DOMString <span title="dom-cva-validationMessage">validationMessage</span>; + boolean <span title="dom-cva-checkValidatity">checkValidity</span>(); + void <span title="dom-cva-setCustomValidity">setCustomValidity</span>(in DOMString error); + + readonly attribute <span>NodeList</span> <span title="dom-lfe-labels">labels</span>; +};</pre> + </dd> + </dl> + + <p>The <code>keygen</code> element <span>represents</span> a key + pair generator control. When the control's form is submitted, the + private key is stored in the local keystore, and the public key is + packaged and sent to the server.</p> + + <p>The <dfn + title="attr-keygen-challenge"><code>challenge</code></dfn> attribute + may be specified. Its value will be packaged with the submitted + key.</p> + + <p>The <dfn title="attr-keygen-keytype"><code>keytype</code></dfn> + attribute is an <span>enumerated attribute</span>. The following + table lists the keywords and states for the attribute — the + keywords in the left column map to the states listed in the cell in + the second column on the same row as the keyword.</p> + + <table> + <thead> <tr> <th> Keyword <th> State + <tbody> + <tr> + <td> <code title="">rsa</code> + <td> <i title="">RSA</i> + </table> + + <p>The <i>invalid value default</i> state is the <i + title="">unknown</i> state. The <i>missing value default</i> state + is the <i title="">RSA</i> state.</p> + + <div class="impl"> + + <p>The user agent may expose a user interface for each + <code>keygen</code> element to allow the user to configure settings + of the element's key pair generator, e.g. the key length.</p> + + <p>The <span title="concept-form-reset-control">reset + algorithm</span> for <code>keygen</code> elements is to set these + various configuration settings back to their defaults.</p> + + <p>The element's <span title="concept-fe-value">value</span> is the + string returned from the following algorithm:</p> + + <!-- XXXrefs: + [X690] http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf + --> + + <ol> + + <li> + + <p>Use the appropriate step from the following list:</p> + + <dl class="switch"> + + <!-- + + <dt>If the <code title="attr-keygen-keytype">keytype</code> + attribute is in the <i title="">EC</i> state</dt> + + <dd> + + <p>... + + </dd> + + http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg05902.html + + --> + + <dt>If the <code title="attr-keygen-keytype">keytype</code> + attribute is in the <i title="">RSA</i> state</dt> + + <dd> + + <p>Generate an RSA key pair using the settings given by the + user, if appropriate.</p> + + <p>Select an RSA signature algorithm from those listed in + section 7.2.1 ("RSA Signature Algorithm") of RFC2459. <a + href="#refsRFC2459">[RFC2459]</a></p> + + </dd> + + <dt>Otherwise, the <code + title="attr-keygen-keytype">keytype</code> attribute is in the <i + title="">unknown</i> state</dt> + + <dd> + + <p>The given key type is not supported. Return the empty string + and abort this algorithm.</p> + + </dd> + + </dl> + + <p>Let <var title="">private key</var> be the generated private key.</p> + + <p>Let <var title="">public key</var> be the generated public key.</p> + + <p>Let <var title="">signature algorithm</var> be the selected + signature algorithm.</p> + + </li> + + <li> + + <p>If the element has a <code + title="attr-keygen-challenge">challenge</code> attribute, then let + <var title="">challenge</var> be that attribute's value. + Otherwise, let <var title="">challenge</var> be the empty + string.</p> + + </li> + + <li> + + <p>Let <var title="">algorithm</var> be an ASN.1 <code + title="">AlgorithmIdentifier</code> structure as defined by + RFC2459, with the <code title="">algorithm</code> field giving the + ASN.1 OID used to identify <var title="">signature + algorithm</var>, using the OIDs defined in section 7.2 ("Signature + Algorithms") of RFC2459, and the <code title="">parameters</code> + field set up as required by RFC2459 for <code + title="">AlgorithmIdentifier</code> structures for that + algorithm. <a href="#refsX690">[X690]</a> <a + href="#refsRFC2459">[RFC2459]</a></p> + + </li> + + <li> + + <p>Let <var title="">spki</var> be an ASN.1 <code + title="">SubjectPublicKeyInfo</code> structure as defined by + RFC2459, with the <code title="">algorithm</code> field set to the + <var title="">algorithm</var> structure from the previous step, + and the <code title="">subjectPublicKey</code> field set to the + BIT STRING value resulting from ASN.1 DER encoding the <var + title="">public key</var>. <a href="#refsX690">[X690]</a> <a + href="#refsRFC2459">[RFC2459]</a></p> + + </li> + + <li> + + <p>Let <var title="">publicKeyAndChallenge</var> be an ASN.1 + <code>PublicKeyAndChallenge</code> structure as defined below, + with the <code title="">spki</code> field set to the <var + title="">spki</var> structure from the previous step, and the + <code title="">challenge</code> field set to the string <var + title="">challenge</var> obtained earlier. <a + href="#refsX690">[X690]</a></p> + + </li> + + <li> + + <p>Let <var title="">signature</var> be the BIT STRING value + resulting from ASN.1 DER encoding the signature generated by + applying the <var title="">signature algorithm</var> to the byte + string obtained by ASN.1 DER encoding the <var + title="">publicKeyAndChallenge</var> structure, using <var + title="">private key</var> as the signing key. <a + href="#refsX690">[X690]</a></p> + + </li> + + <li> + + <p>Let <var title="">signedPublicKeyAndChallenge</var> be an ASN.1 + <code>SignedPublicKeyAndChallenge</code> structure as defined + below, with the <code title="">publicKeyAndChallenge</code> field + set to the <var title="">publicKeyAndChallenge</var> structure, + the <code title="">signatureAlgorithm</code> field set to the <var + title="">algorithm</var> structure, and the <code + title="">signature</code> field set to the BIT STRING <var + title="">signature</var> from the previous step. <a + href="#refsX690">[X690]</a></p> + + </li> + + <li> + + <p>Return the result of base64 encoding the result of ASN.1 DER + encoding the <var title="">signedPublicKeyAndChallenge</var> + structure. <a href="#refsRFC3548">[RFC3548]</a><!--base64--> <a + href="#refsX690">[X690]</a></p> + + </li> + + </ol> + + <p>The data objects used by the above algorithm are defined as + follows. These definitions use the same "ASN.1-like" syntax defined + by RFC2459. <a href="#refsRFC2459">[RFC2459]</a></p> + + <pre class="asn"><dfn>PublicKeyAndChallenge</dfn> ::= SEQUENCE { + spki <span>SubjectPublicKeyInfo</span>, + challenge IA5STRING +} + +<dfn>SignedPublicKeyAndChallenge</dfn> ::= SEQUENCE { + publicKeyAndChallenge <span>PublicKeyAndChallenge</span>, + signatureAlgorithm <span>AlgorithmIdentifier</span>, + signature BIT STRING +}</pre> + + <hr> + + <p><strong>Constraint validation:</strong> The <code>keygen</code> + element is <span>barred from constraint validation</span>.</p> + + </div> + + <p>The <code title="attr-fae-form">form</code> attribute is used to + explicitly associate the <code>keygen</code> element with its + <span>form owner</span>. The <code title="attr-fe-name">name</code> + attribute represents the element's name. The <code + title="attr-fe-disabled">disabled</code> attribute is used to make + the control non-interactive and to prevent its value from being + submitted. The <code title="attr-fe-autofocus">autofocus</code> + attribute controls focus.</p> + + <dl class="domintro"> + + <dt><var title="">keygen</var> . <code title="attr-keygen-type">type</code></dt> + + <dd> + + <p>Returns the string "<code title="">keygen</code>".</p> + + </dd> + + </dl> + + <div class="impl"> + + <p>The <dfn + title="dom-keygen-challenge"><code>challenge</code></dfn> and <dfn + title="dom-keygen-keytype"><code>keytype</code></dfn> DOM attributes + must <span>reflect</span> the respective content attributes of the + same name.</p> + + <p>The <dfn title="dom-keygen-type"><code>type</code></dfn> DOM + attribute must return the value "<code title="">keygen</code>".</p> + + <p>The <code title="dom-cva-willValidate">willValidate</code>, <code + title="dom-cva-validity">validity</code>, and <code + title="dom-cva-validationMessage">validationMessage</code> + attributes, and the <code + title="dom-cva-checkValidatity">checkValidity()</code> and <code + title="dom-cva-setCustomValidity">setCustomValidity()</code> + methods, are part of the <span>constraint validation API</span>. The + <code title="dom-lfe-labels">labels</code> attribute provides a list + of the element's <code>label</code>s.</p> + + </div> + + <p class="note">This specification does not specify how the private + key generated is to be used. It is expected that after receiving the + <code>SignedPublicKeyAndChallenge</code> (SPKAC) structure, the + server will generate a client certificate and offer it back to the + user for download; this certificate, once downloaded and stored in + the key store along with the private key, can then be used to + authenticate to services that use SSL and certificate + authentication.</p> + + + <h4>The <dfn><code>output</code></dfn> element</h4> <dl class="element"> @@ -37750,7 +38061,7 @@ attribute.</p> <p>The <span title="concept-form-reset-control">reset - algorithm</span> for <code>textarea</code> elements is to set the + algorithm</span> for <code>output</code> elements is to set the element's <code>textContent</code> DOM attribute to the value of the element's <code title="dom-output-defaultValue">defaultValue</code> DOM attribute (thus replacing the element's child nodes), and then @@ -67994,7 +68305,8 @@ </dd> <dt>A start tag whose tag name is one of: "area", "basefont", - "bgsound", "br", "embed", "img", "input", "spacer", "wbr"</dt> + "bgsound", "br", "embed", "img", "input", "keygen", "spacer", + "wbr"</dt> <dd> <p><span>Reconstruct the active formatting elements</span>, if @@ -68120,15 +68432,6 @@ </dd> -<!-- XXX keygen support; don't forget form element pointer! - Search for 'keygen' elsewhere in the spec when doing this. - - <dt>A start tag whose tag name is "keygen"</dt> - <dd> - ... - </dd> ---> - <dt>A start tag whose tag name is "textarea"</dt> <dd> @@ -68332,10 +68635,9 @@ "thead", "tr"</dt> <!--<dt>An end tag whose tag name is one of: "area", "base", "basefont", "bgsound", "command", "embed", "hr", "iframe", "image", - "img", "input", "isindex", "link", "meta", "noembed", "noframes", - "param", "script", "select", "source", "spacer", "style", "table", - "textarea", "title", "wbr"</dt>--> <!-- add keygen if we add the - start tag --> + "img", "input", "isindex", "keygen", "link", "meta", "noembed", + "noframes", "param", "script", "select", "source", "spacer", + "style", "table", "textarea", "title", "wbr"</dt>--> <!--<dt>An end tag whose tag name is "noscript", if the <span>scripting flag</span> is enabled</dt>--> <dd> @@ -70228,13 +70530,13 @@ <code>area</code>, <code>base</code>, <code>basefont</code>, <code>bgsound</code>, <code>br</code>, <code>col</code>, <code>embed</code>, <code>frame</code>, <code>hr</code>, - <code>img</code>, <code>input</code>, <code>link</code>, - <code>meta</code>, <code>param</code>, <code>spacer</code>, or - <code>wbr</code> element, then continue on to the next child - node at this point.</p> <!-- also, i guess: image, isindex, - and keygen, but we don't list those because we don't consider - those "elements", more "macros", and thus we should never - serialize them --> + <code>img</code>, <code>input</code>, <code>keygen</code>, + <code>link</code>, <code>meta</code>, <code>param</code>, + <code>spacer</code>, or <code>wbr</code> element, then + continue on to the next child node at this point.</p> <!-- + also, i guess: image and isindex, but we don't list those + because we don't consider those "elements", more "macros", and + thus we should never serialize them --> <p>If <var title="">current node</var> is a <code>pre</code>, <code>textarea</code>, or <code>listing</code> element, append @@ -71829,7 +72131,7 @@ <pre class="css">@namespace url(http://www.w3.org/1999/xhtml); -table, input, select, option, optgroup, button, textarea<!--, keygen --> { +table, input, select, option, optgroup, button, textarea, keygen { text-indent: initial; }</pre> @@ -72724,6 +73026,19 @@ + <h4>The <code>keygen</code> element</h4> + + <pre class="css">@namespace url(http://www.w3.org/1999/xhtml); + +keygen { binding: <i title="">keygen</i>; }</pre> + + <p>When the <i title="">keygen</i> binding applies to a + <code>keygen</code> element, the element is expected to render as an + 'inline-block' box containing a user interface to configure the key + pair to be generated.</p> + + + <h3>Frames and framesets</h3> <p>When an <code>html</code> element's second child element is a @@ -73842,6 +74157,7 @@ Lachlan Hunt, Larry Page, Lars Gunther<!-- Keryx Web -->, + Lars Sunberg<!-- surname uncertain -->, Laura L. Carlson, Laura Wisewell, Laurens Holst, @@ -73981,6 +74297,7 @@ Wladimir Palant, Wolfram Kriesing, Yi-An Huang, + Yngve Nysaeter Pettersen, Zhenbin Xu, and Øistein E. Andersen,