Fetch key for B&A request

spec.bs

@@ -3195,6 +3195,21 @@ The <dfn for=Navigator method>getInterestGroupAdAuctionData(|configIDL|)</dfn> m
 1. Let |p| be [=a new promise=].
 1. Let |queue| be the result of [=starting a new parallel queue=].
 1. [=parallel queue/enqueue steps|Enqueue the following steps=] to |queue|:
+  1. If |config|'s [=auction data config/coordinator=] is not one of the [=implementation-defined=]
+     coordinators supported by this [=user agent=]:
+     1. [=Queue a global task=] on the [=DOM manipulation task source=], given |global|, to
+        [=reject=] |p| with a {{TypeError}}.
+     1. Abort these steps.
+  1. Let |keyInfo| be the result of [=looking up the server encryption key=]
+     with |config|'s [=auction data config/seller=] and |config|'s
+     [=auction data config/coordinator=].
+  1. If |keyInfo| is failure:
+      1. [=Queue a global task=] on the [=DOM manipulation task source=], given |global|, to
+         [=reject=] |p| with a {{TypeError}}.
+      1. Abort these steps.
+  1. Let (|key|, |keyId|) be |keyInfo|.
+  1. Set |config|'s [=auction data config/encryption key=] to |key|.
+  1. Set |config|'s [=auction data config/encryption key id=] to |keyId|.
   1. Let |igMap| be a new [=map=] whose [=map/keys=] are [=origins=] and [=map/values=] are [=lists=].
   1. Let |startTime| be a [=moment=] equal to the [=current wall time=].
   1. [=list/For each=] |ig| of the [=user agent=]'s [=interest group set=]:
@@ -3309,6 +3324,18 @@ The <dfn for=Navigator method>getInterestGroupAdAuctionData(|configIDL|)</dfn> m
   1. Return |configs|.
 </div>
 
+<div algorithm>
+  To <dfn>look up the server encryption key</dfn> given an [=origin=] |seller|
+  and an [=origin=] |coordinator|:
+  1. Let |keys| be a [=list=] of ([=byte sequence=], [=byte=]) pairs returned
+     from looking up the [[RFC9180|HPKE]] public key encryption keys and their
+     corresponding key IDs for |seller| specified by |coordinator|. The actual
+     implementation of this lookup is [=implementation-defined=], and may
+     consist of fetching the keys from a known [=URL=].
+  1. If |keys| is failure or |keys| [=list/is empty=], return failure.
+  1. Return an element from |keys|, chosen at random.
+</div>
+
 # Reporting # {#reporting}
 
 ## {{InterestGroupBiddingAndScoringScriptRunnerGlobalScope/forDebuggingOnly}} ## {#for-debugging-only-header}
@@ -7657,6 +7684,11 @@ An <dfn>auction data config</dfn> is a [=struct=] with the following [=struct/it
   :  <dfn>coordinator</dfn>
   :: The origin of the coordinator hosting public encryption keys for the server
     running the ad auction. The [=origin/scheme=] must be "`https`".
+  :  <dfn>encryption key</dfn>
+  :: A [=byte sequence=]. The public [[RFC9180|HPKE]] encryption key to be used
+     to encrypt the request.
+  : <dfn>encryption key id</dfn>
+  :: A [=byte=] containing the key ID corresponding to the [=auction data config/encryption key=].
   :  <dfn>request size</dfn>
   :: {{unsigned long}} or null. An optional field, containing the desired size
     for the returned encrypted request blob.