WebCrypto API doesn't support PBKDF2 with PRFs other than SHA-1

RESOLVED FIXED

Status

()

defect
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: daniel, Unassigned)

Tracking

43 Branch
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

2.47 KB, text/html
Details
Reporter

Description

3 years ago
Posted file ff.html
User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36

Steps to reproduce:

I start from the example given here :
https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/deriveKey
I correct few typos and add three basic conversion functions.
The test runs correctly on Chrome (47) but fails in Firefox (43.0.1)


Actual results:

The method deriveKey() does'nt exit on the then()
The console gives :
OperationError: The operation failed for an operation-specific reason


Expected results:

Output of the derived key and hex trace for proof

Updated

3 years ago
Status: UNCONFIRMED → NEW
Component: Untriaged → Security
Ever confirmed: true
Product: Firefox → Core
Flags: needinfo?(ttaubert)
Reporter

Comment 1

3 years ago
Line 50 of the HTML : just replace "SHA-256" by "SHA-1" and it works.
This is going to be fixed after bug 1228410. We first need the NSS 3.22 in mozilla-central to support PRFs other than SHA-1 for PBKDF2. I btw fixed that in bug 554827 a while ago.
Depends on: 554827
Flags: needinfo?(ttaubert)
Component: Security → DOM: Security
Summary: web cryptography api deriveKey → WebCrypto API doesn't support PBKDF2 with PRFs other than SHA-1
Bug 1216109 confirms that this is now fixed for Firefox 47.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.