Implement SubtleCrypto.deriveBits with PBDKF2 (#34164)

* Start implementing SubtleCrypto.deriveBits Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Move shared crypto operations into their own functions Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Update some doclinks Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Remove note about potential no-op It is, indeed, a no-op. Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Move normalized algorithm digest operation into its own function Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Implement mvp for pbkdf2 derivation Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Add missing division to derive bytes instead of bits The length argument specifies the number of bits that we need to derive, so we should divide it by 8 to get the number of bytes. Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Allow using PBKDF2 with usage "importKey" Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Update WPT expectations Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Fix test-tidy errors Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Fix clippy warnings Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> --------- Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
2025-08-12 00:45:33 +01:00 · 2024-11-06 16:52:15 +01:00 · 2024-11-06 16:52:15 +01:00 · 2f6ca9407b
commit 2f6ca9407b
parent c0a4eee1fe
12 changed files with 369 additions and 4447 deletions
--- a/components/script/dom/webidls/SubtleCrypto.webidl
+++ b/components/script/dom/webidls/SubtleCrypto.webidl
@ -44,9 +44,9 @@ interface SubtleCrypto {
  //                        AlgorithmIdentifier derivedKeyType,
  //                        boolean extractable,
  //                        sequence<KeyUsage> keyUsages );
-  // Promise<ArrayBuffer> deriveBits(AlgorithmIdentifier algorithm,
-  //                         CryptoKey baseKey,
-  //                         optional unsigned long? length = null);
+  Promise<ArrayBuffer> deriveBits(AlgorithmIdentifier algorithm,
+                          CryptoKey baseKey,
+                          optional unsigned long? length = null);

  Promise<CryptoKey> importKey(KeyFormat format,
                         (BufferSource or JsonWebKey) keyData,
@ -92,6 +92,13 @@ dictionary AesCtrParams : Algorithm {
  required [EnforceRange] octet length;
 };

+// https://w3c.github.io/webcrypto/#pbkdf2-params
+dictionary Pbkdf2Params : Algorithm {
+  required BufferSource salt;
+  required [EnforceRange] unsigned long iterations;
+  required HashAlgorithmIdentifier hash;
+};
+
 // JWK
 dictionary RsaOtherPrimesInfo {
  // The following fields are defined in Section 6.3.2.7 of JSON Web Algorithms