If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

WebCrypto API doesn't support PBKDF2 with PRFs other than SHA-1

RESOLVED FIXED

Status

()

Core
DOM: Security
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: daniel.sportes, Unassigned)

Tracking

43 Branch
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

2 years ago
Created attachment 8706023 [details]
ff.html

User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36

Steps to reproduce:

I start from the example given here :
https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/deriveKey
I correct few typos and add three basic conversion functions.
The test runs correctly on Chrome (47) but fails in Firefox (43.0.1)


Actual results:

The method deriveKey() does'nt exit on the then()
The console gives :
OperationError: The operation failed for an operation-specific reason


Expected results:

Output of the derived key and hex trace for proof

Updated

2 years ago
Status: UNCONFIRMED → NEW
Component: Untriaged → Security
Ever confirmed: true
Product: Firefox → Core
Flags: needinfo?(ttaubert)
(Reporter)

Comment 1

2 years ago
Line 50 of the HTML : just replace "SHA-256" by "SHA-1" and it works.
This is going to be fixed after bug 1228410. We first need the NSS 3.22 in mozilla-central to support PRFs other than SHA-1 for PBKDF2. I btw fixed that in bug 554827 a while ago.
Depends on: 554827
Flags: needinfo?(ttaubert)
Component: Security → DOM: Security
Summary: web cryptography api deriveKey → WebCrypto API doesn't support PBKDF2 with PRFs other than SHA-1
Depends on: 1228410
Bug 1216109 confirms that this is now fixed for Firefox 47.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.