Throw on truncation in the X25519 and X448 derive bits operation

javifernandez · javifernandez · commit 9d647b69d302 · 2024-10-03T13:30:24.000+02:00
diff --git a/index.html b/index.html
@@ -150,6 +150,11 @@ <h4>Operations</h4>
                 |key|, then [= exception/throw =] an {{InvalidAccessError}}.
               </p>
             </li>
+            <li>
+              <p>
+                If |length| is not null, and not equal to 256, then [= exception/throw =] an {{OperationError}}.
+              </p>
+            </li>
             <li>
               <p>
                 Let |secret| be the result of performing the X25519 function specified in
@@ -166,27 +171,7 @@ <h4>Operations</h4>
               </p>
             </li>
             <li>
-              <dl class="switch">
-                <dt>If |length| is null:</dt>
-                <dd>Return |secret|</dd>
-                <dt>Otherwise:</dt>
-                <dd>
-                  <dl class="switch">
-                    <dt>
-                      If the length of |secret| in bits is less than
-                      |length|:
-                    </dt>
-                    <dd>
-                      [= exception/throw =] an
-                      {{OperationError}}.
-                    </dd>
-                    <dt>Otherwise:</dt>
-                    <dd>
-                      Return an <a data-cite="WebCryptoAPI#octet-string-containing">octet string containing</a> the first |length| bits of |secret|.
-                    </dd>
-                  </dl>
-                </dd>
-              </dl>
+                Return |secret|.
             </li>
           </ol>
         </dd>
@@ -1002,6 +987,11 @@ <h4>Operations</h4>
                 |key|, then [= exception/throw =] an {{InvalidAccessError}}.
               </p>
             </li>
+            <li>
+              <p>
+                If |length| is not null, and not equal to 448, then [= exception/throw =] an {{OperationError}}.
+              </p>
+            </li>
             <li>
               <p>
                 Let |secret| be the result of performing the X448 function specified in
@@ -1018,27 +1008,7 @@ <h4>Operations</h4>
               </p>
             </li>
             <li>
-              <dl class="switch">
-                <dt>If |length| is null:</dt>
-                <dd>Return |secret|</dd>
-                <dt>Otherwise:</dt>
-                <dd>
-                  <dl class="switch">
-                    <dt>
-                      If the length of |secret| in bits is less than
-                      |length|:
-                    </dt>
-                    <dd>
-                      [= exception/throw =] an
-                      {{OperationError}}.
-                    </dd>
-                    <dt>Otherwise:</dt>
-                    <dd>
-                      Return an <a data-cite="WebCryptoAPI#octet-string-containing">octet string containing</a> the first |length| bits of |secret|.
-                    </dd>
-                  </dl>
-                </dd>
-              </dl>
+                Return |secret|.
             </li>
           </ol>
         </dd>
