Implement SubtleCrypto.deriveBits with PBDKF2 (#34164)

* Start implementing SubtleCrypto.deriveBits Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Move shared crypto operations into their own functions Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Update some doclinks Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Remove note about potential no-op It is, indeed, a no-op. Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Move normalized algorithm digest operation into its own function Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Implement mvp for pbkdf2 derivation Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Add missing division to derive bytes instead of bits The length argument specifies the number of bits that we need to derive, so we should divide it by 8 to get the number of bytes. Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Allow using PBKDF2 with usage "importKey" Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Update WPT expectations Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Fix test-tidy errors Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Fix clippy warnings Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> --------- Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
2025-08-04 13:10:20 +01:00 · 2024-11-06 16:52:15 +01:00 · 2024-11-06 16:52:15 +01:00 · 2f6ca9407b
commit 2f6ca9407b
parent c0a4eee1fe
12 changed files with 369 additions and 4447 deletions
--- a/components/script/dom/bindings/codegen/Bindings.conf
+++ b/components/script/dom/bindings/codegen/Bindings.conf
@ -433,8 +433,8 @@ DOMInterfaces = {
 },
 'SubtleCrypto': {
-    'inRealms': ['Encrypt', 'Decrypt', 'GenerateKey', 'Digest', 'ImportKey', 'ExportKey'],
+    'inRealms': ['Encrypt', 'Decrypt', 'GenerateKey', 'DeriveBits', 'Digest', 'ImportKey', 'ExportKey'],
-    'canGc': ['Encrypt', 'Decrypt', 'GenerateKey', 'Digest', 'ImportKey', 'ExportKey'],
+    'canGc': ['Encrypt', 'Decrypt', 'GenerateKey', 'DeriveBits', 'Digest', 'ImportKey', 'ExportKey'],
 },
 'SVGElement': {
--- a/components/script/dom/cryptokey.rs
+++ b/components/script/dom/cryptokey.rs
@ -26,6 +26,7 @@ pub enum Handle {
    Aes128(Vec<u8>),
    Aes192(Vec<u8>),
    Aes256(Vec<u8>),
    Pbkdf2(Vec<u8>),
 }
 /// <https://w3c.github.io/webcrypto/#cryptokey-interface>
@ -114,23 +115,23 @@ impl CryptoKey {
 }
 impl CryptoKeyMethods for CryptoKey {
-    /// <https://w3c.github.io/webcrypto/#cryptokey-interface-members>
+    /// <https://w3c.github.io/webcrypto/#dom-cryptokey-type>
    fn Type(&self) -> KeyType {
        self.key_type
    }
-    /// <https://w3c.github.io/webcrypto/#cryptokey-interface-members>
+    /// <https://w3c.github.io/webcrypto/#dom-cryptokey-extractable>
    fn Extractable(&self) -> bool {
        self.extractable.get()
    }
-    /// <https://w3c.github.io/webcrypto/#cryptokey-interface-members>
+    /// <https://w3c.github.io/webcrypto/#dom-cryptokey-algorithm>
    fn Algorithm(&self, _cx: JSContext) -> NonNull<JSObject> {
        NonNull::new(self.algorithm_object.get()).unwrap()
    }
    #[allow(unsafe_code)]
-    /// <https://w3c.github.io/webcrypto/#cryptokey-interface-members>
+    /// <https://w3c.github.io/webcrypto/#dom-cryptokey-usages>
    fn Usages(&self, cx: JSContext) -> NonNull<JSObject> {
        unsafe {
            rooted!(in(*cx) let mut usages: Value);
@ -139,3 +140,14 @@ impl CryptoKeyMethods for CryptoKey {
        }
    }
 }
 impl Handle {
    pub fn as_bytes(&self) -> &[u8] {
        match self {
            Self::Aes128(bytes) => bytes,
            Self::Aes192(bytes) => bytes,
            Self::Aes256(bytes) => bytes,
            Self::Pbkdf2(bytes) => bytes,
        }
    }
 }
--- a/components/script/dom/subtlecrypto.rs
+++ b/components/script/dom/subtlecrypto.rs
@ -2,6 +2,7 @@
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
 use std::num::NonZero;
 use std::ptr;
 use std::rc::Rc;
@ -16,7 +17,7 @@ use js::jsapi::{JSObject, JS_NewObject};
 use js::jsval::ObjectValue;
 use js::rust::MutableHandleObject;
 use js::typedarray::ArrayBufferU8;
-use ring::digest;
+use ring::{digest, pbkdf2};
 use servo_rand::{RngCore, ServoRng};
 use crate::dom::bindings::buffer_source::create_buffer_source;
@ -26,12 +27,12 @@ use crate::dom::bindings::codegen::Bindings::CryptoKeyBinding::{
 };
 use crate::dom::bindings::codegen::Bindings::SubtleCryptoBinding::{
    AesCbcParams, AesCtrParams, AesKeyAlgorithm, AesKeyGenParams, Algorithm, AlgorithmIdentifier,
-    JsonWebKey, KeyAlgorithm, KeyFormat, SubtleCryptoMethods,
+    JsonWebKey, KeyAlgorithm, KeyFormat, Pbkdf2Params, SubtleCryptoMethods,
 };
 use crate::dom::bindings::codegen::UnionTypes::{
    ArrayBufferViewOrArrayBuffer, ArrayBufferViewOrArrayBufferOrJsonWebKey,
 };
-use crate::dom::bindings::error::Error;
+use crate::dom::bindings::error::{Error, Fallible};
 use crate::dom::bindings::import::module::SafeJSContext;
 use crate::dom::bindings::inheritance::Castable;
 use crate::dom::bindings::refcounted::{Trusted, TrustedPromise};
@ -149,7 +150,7 @@ impl SubtleCryptoMethods for SubtleCrypto {
        comp: InRealm,
        can_gc: CanGc,
    ) -> Rc<Promise> {
-        let normalized_algorithm = normalize_algorithm(cx, algorithm, "encrypt");
+        let normalized_algorithm = normalize_algorithm(cx, &algorithm, "encrypt");
        let promise = Promise::new_in_current_realm(comp, can_gc);
        let data = match data {
            ArrayBufferViewOrArrayBuffer::ArrayBufferView(view) => view.to_vec(),
@ -218,7 +219,7 @@ impl SubtleCryptoMethods for SubtleCrypto {
        comp: InRealm,
        can_gc: CanGc,
    ) -> Rc<Promise> {
-        let normalized_algorithm = normalize_algorithm(cx, algorithm, "decrypt");
+        let normalized_algorithm = normalize_algorithm(cx, &algorithm, "decrypt");
        let promise = Promise::new_in_current_realm(comp, can_gc);
        let data = match data {
            ArrayBufferViewOrArrayBuffer::ArrayBufferView(view) => view.to_vec(),
@ -287,7 +288,6 @@ impl SubtleCryptoMethods for SubtleCrypto {
        can_gc: CanGc,
    ) -> Rc<Promise> {
        // Step 1. Let algorithm be the algorithm parameter passed to the digest() method.
        // NOTE I think this is a no-op?
        // Step 2. Let data be the result of getting a copy of the bytes held by the
        // data parameter passed to the digest() method.
@ -299,7 +299,7 @@ impl SubtleCryptoMethods for SubtleCrypto {
        // Step 3. Let normalizedAlgorithm be the result of normalizing an algorithm,
        // with alg set to algorithm and op set to "digest".
        let promise = Promise::new_in_current_realm(comp, can_gc);
-        let normalized_algorithm = match normalize_algorithm(cx, algorithm, "digest") {
+        let normalized_algorithm = match normalize_algorithm(cx, &algorithm, "digest") {
            Ok(normalized_algorithm) => normalized_algorithm,
            Err(e) => {
                // Step 4. If an error occurred, return a Promise rejected with normalizedAlgorithm.
@ -324,19 +324,16 @@ impl SubtleCryptoMethods for SubtleCrypto {
                // Step 8. Let result be the result of performing the digest operation specified by
                // normalizedAlgorithm using algorithm, with data as message.
-                let algorithm = match alg {
+                let digest = match alg.digest(&data) {
-                    NormalizedAlgorithm::Sha1 => &digest::SHA1_FOR_LEGACY_USE_ONLY,
+                    Ok(digest) => digest,
-                    NormalizedAlgorithm::Sha256 => &digest::SHA256,
+                    Err(e) => {
-                    NormalizedAlgorithm::Sha384 => &digest::SHA384,
+                        promise.reject_error(e);
                    NormalizedAlgorithm::Sha512 => &digest::SHA512,
                    _ => {
                        promise.reject_error(Error::NotSupported);
                        return;
-                    },
+                    }
                };
                let cx = GlobalScope::get_cx();
                rooted!(in(*cx) let mut array_buffer_ptr = ptr::null_mut::<JSObject>());
                let digest = digest::digest(algorithm, &data);
                create_buffer_source::<ArrayBufferU8>(cx, digest.as_ref(), array_buffer_ptr.handle_mut())
                    .expect("failed to create buffer source for exported key.");
@ -360,7 +357,7 @@ impl SubtleCryptoMethods for SubtleCrypto {
        comp: InRealm,
        can_gc: CanGc,
    ) -> Rc<Promise> {
-        let normalized_algorithm = normalize_algorithm(cx, algorithm, "generateKey");
+        let normalized_algorithm = normalize_algorithm(cx, &algorithm, "generateKey");
        let promise = Promise::new_in_current_realm(comp, can_gc);
        if let Err(e) = normalized_algorithm {
            promise.reject_error(e);
@ -392,6 +389,80 @@ impl SubtleCryptoMethods for SubtleCrypto {
        promise
    }
    /// <https://w3c.github.io/webcrypto/#dfn-SubtleCrypto-method-deriveBits>
    fn DeriveBits(
        &self,
        cx: SafeJSContext,
        algorithm: AlgorithmIdentifier,
        base_key: &CryptoKey,
        length: Option<u32>,
        comp: InRealm,
        can_gc: CanGc,
    ) -> Rc<Promise> {
        // Step 1.  Let algorithm, baseKey and length, be the algorithm, baseKey and
        // length parameters passed to the deriveBits() method, respectively.
        // Step 2. Let normalizedAlgorithm be the result of normalizing an algorithm,
        // with alg set to algorithm and op set to "deriveBits".
        let promise = Promise::new_in_current_realm(comp, can_gc);
        let normalized_algorithm = match normalize_algorithm(cx, &algorithm, "deriveBits") {
            Ok(algorithm) => algorithm,
            Err(e) => {
                // Step 3. If an error occurred, return a Promise rejected with normalizedAlgorithm.
                promise.reject_error(e);
                return promise;
            },
        };
        // Step 4. Let promise be a new Promise object.
        // NOTE: We did that in preparation of Step 3.
        // Step 5. Return promise and perform the remaining steps in parallel.
        let (task_source, canceller) = self.task_source_with_canceller();
        let trusted_promise = TrustedPromise::new(promise.clone());
        let trusted_base_key = Trusted::new(base_key);
        let _ = task_source.queue_with_canceller(
            task!(import_key: move || {
                // Step 6. If the following steps or referenced procedures say to throw an error,
                // reject promise with the returned error and then terminate the algorithm.
                // TODO Step 7. If the name member of normalizedAlgorithm is not equal to the name attribute
                // of the [[algorithm]] internal slot of baseKey then throw an InvalidAccessError.
                let promise = trusted_promise.root();
                let base_key = trusted_base_key.root();
                // Step 8. If the [[usages]] internal slot of baseKey does not contain an entry that
                // is "deriveBits", then throw an InvalidAccessError.
                if !base_key.usages().contains(&KeyUsage::DeriveBits) {
                    promise.reject_error(Error::InvalidAccess);
                    return;
                }
                // Step 9. Let result be the result of creating an ArrayBuffer containing the result of performing the
                // derive bits operation specified by normalizedAlgorithm using baseKey, algorithm and length.
                let cx = GlobalScope::get_cx();
                rooted!(in(*cx) let mut array_buffer_ptr = ptr::null_mut::<JSObject>());
                let result = match normalized_algorithm.derive_bits(&base_key, length) {
                    Ok(derived_bits) => derived_bits,
                    Err(e) => {
                        promise.reject_error(e);
                        return;
                    }
                };
                create_buffer_source::<ArrayBufferU8>(cx, &result, array_buffer_ptr.handle_mut())
                    .expect("failed to create buffer source for derived bits.");
                // Step 10. Resolve promise with result.
                promise.resolve_native(&*array_buffer_ptr);
            }),
            &canceller,
        );
        promise
    }
    /// <https://w3c.github.io/webcrypto/#SubtleCrypto-method-importKey>
    fn ImportKey(
        &self,
@ -404,12 +475,14 @@ impl SubtleCryptoMethods for SubtleCrypto {
        comp: InRealm,
        can_gc: CanGc,
    ) -> Rc<Promise> {
        let normalized_algorithm = normalize_algorithm(cx, algorithm, "importKey");
        let promise = Promise::new_in_current_realm(comp, can_gc);
-        if let Err(e) = normalized_algorithm {
+        let normalized_algorithm = match normalize_algorithm(cx, &algorithm, "importKey") {
-            promise.reject_error(e);
+            Ok(algorithm) => algorithm,
-            return promise;
+            Err(e) => {
-        }
+                promise.reject_error(e);
                return promise;
            },
        };
        // TODO: Figure out a way to Send this data so per-algorithm JWK checks can happen
        let data = match key_data {
@ -443,19 +516,7 @@ impl SubtleCryptoMethods for SubtleCrypto {
            task!(import_key: move || {
                let subtle = this.root();
                let promise = trusted_promise.root();
-                let alg = match normalized_algorithm {
+                let imported_key = normalized_algorithm.import_key(&subtle, format, &data, extractable, key_usages);
                    Ok(NormalizedAlgorithm::Algorithm(name)) => name,
                    _ => {
                        promise.reject_error(Error::NotSupported);
                        return;
                    },
                };
                let imported_key = match alg.name.as_str() {
                    ALG_AES_CBC => subtle.import_key_aes(format, &data, extractable, key_usages, ALG_AES_CBC),
                    ALG_AES_CTR => subtle.import_key_aes(format, &data, extractable, key_usages, ALG_AES_CTR),
                    _ => Err(Error::NotSupported),
                };
                match imported_key {
                    Ok(k) => promise.resolve_native(&k),
                    Err(e) => promise.reject_error(e),
@ -533,6 +594,7 @@ pub enum NormalizedAlgorithm {
    AesCbcParams(SubtleAesCbcParams),
    AesCtrParams(SubtleAesCtrParams),
    AesKeyGenParams(SubtleAesKeyGenParams),
    Pbkdf2Params(SubtlePbkdf2Params),
    /// <https://w3c.github.io/webcrypto/#sha>
    Sha1,
@ -620,29 +682,64 @@ impl From<AesKeyGenParams> for SubtleAesKeyGenParams {
    }
 }
 /// <https://w3c.github.io/webcrypto/#dfn-Pbkdf2Params>
 #[derive(Clone, Debug)]
 pub struct SubtlePbkdf2Params {
    /// <https://w3c.github.io/webcrypto/#dfn-Pbkdf2Params-salt>
    salt: Vec<u8>,
    /// <https://w3c.github.io/webcrypto/#dfn-Pbkdf2Params-iterations>
    iterations: u32,
    /// <https://w3c.github.io/webcrypto/#dfn-Pbkdf2Params-hash>
    hash: Box<NormalizedAlgorithm>,
 }
 impl SubtlePbkdf2Params {
    fn new(cx: JSContext, params: RootedTraceableBox<Pbkdf2Params>) -> Fallible<Self> {
        let salt = match &params.salt {
            ArrayBufferViewOrArrayBuffer::ArrayBufferView(view) => view.to_vec(),
            ArrayBufferViewOrArrayBuffer::ArrayBuffer(buffer) => buffer.to_vec(),
        };
        let params = Self {
            salt,
            iterations: params.iterations,
            hash: Box::new(normalize_algorithm(cx, &params.hash, "digest")?),
        };
        Ok(params)
    }
 }
 /// <https://w3c.github.io/webcrypto/#algorithm-normalization-normalize-an-algorithm>
 #[allow(unsafe_code)]
 fn normalize_algorithm(
    cx: JSContext,
-    algorithm: AlgorithmIdentifier,
+    algorithm: &AlgorithmIdentifier,
    operation: &str,
 ) -> Result<NormalizedAlgorithm, Error> {
    match algorithm {
-        AlgorithmIdentifier::String(name) => Ok(NormalizedAlgorithm::Algorithm(name.into())),
+        AlgorithmIdentifier::String(name) => {
            Ok(NormalizedAlgorithm::Algorithm(name.clone().into()))
        },
        AlgorithmIdentifier::Object(obj) => {
            rooted!(in(*cx) let value = ObjectValue(unsafe { *obj.get_unsafe() }));
            let Ok(ConversionResult::Success(algorithm)) = Algorithm::new(cx, value.handle())
            else {
                return Err(Error::Syntax);
            };
-            match (algorithm.name.str().to_uppercase().as_str(), operation) {
+            let normalized_name = algorithm.name.str().to_uppercase();
            // This implements the table from https://w3c.github.io/webcrypto/#algorithm-overview
            let normalized_algorithm = match (normalized_name.as_str(), operation) {
                (ALG_AES_CBC, "encrypt") | (ALG_AES_CBC, "decrypt") => {
                    let params_result =
                        AesCbcParams::new(cx, value.handle()).map_err(|_| Error::Operation)?;
                    let ConversionResult::Success(params) = params_result else {
                        return Err(Error::Syntax);
                    };
-                    Ok(NormalizedAlgorithm::AesCbcParams(params.into()))
+                    NormalizedAlgorithm::AesCbcParams(params.into())
                },
                (ALG_AES_CTR, "encrypt") | (ALG_AES_CTR, "decrypt") => {
                    let params_result =
@ -650,7 +747,7 @@ fn normalize_algorithm(
                    let ConversionResult::Success(params) = params_result else {
                        return Err(Error::Syntax);
                    };
-                    Ok(NormalizedAlgorithm::AesCtrParams(params.into()))
+                    NormalizedAlgorithm::AesCtrParams(params.into())
                },
                (ALG_AES_CBC, "generateKey") | (ALG_AES_CTR, "generateKey") => {
                    let params_result =
@ -658,20 +755,40 @@ fn normalize_algorithm(
                    let ConversionResult::Success(params) = params_result else {
                        return Err(Error::Syntax);
                    };
-                    Ok(NormalizedAlgorithm::AesKeyGenParams(params.into()))
+                    NormalizedAlgorithm::AesKeyGenParams(params.into())
                },
-                (ALG_AES_CBC, "importKey") => Ok(NormalizedAlgorithm::Algorithm(SubtleAlgorithm {
+                (ALG_ECDSA, "deriveBits") => NormalizedAlgorithm::Algorithm(SubtleAlgorithm {
                    name: ALG_ECDSA.to_string(),
                }),
                (ALG_HKDF, "deriveBits") => NormalizedAlgorithm::Algorithm(SubtleAlgorithm {
                    name: ALG_HKDF.to_string(),
                }),
                (ALG_PBKDF2, "deriveBits") => {
                    let params_result =
                        Pbkdf2Params::new(cx, value.handle()).map_err(|_| Error::Operation)?;
                    let ConversionResult::Success(params) = params_result else {
                        return Err(Error::Syntax);
                    };
                    let subtle_params = SubtlePbkdf2Params::new(cx, params)?;
                    NormalizedAlgorithm::Pbkdf2Params(subtle_params)
                },
                (ALG_AES_CBC, "importKey") => NormalizedAlgorithm::Algorithm(SubtleAlgorithm {
                    name: ALG_AES_CBC.to_string(),
-                })),
+                }),
-                (ALG_AES_CTR, "importKey") => Ok(NormalizedAlgorithm::Algorithm(SubtleAlgorithm {
+                (ALG_AES_CTR, "importKey") => NormalizedAlgorithm::Algorithm(SubtleAlgorithm {
                    name: ALG_AES_CTR.to_string(),
-                })),
+                }),
-                (ALG_SHA1, "digest") => Ok(NormalizedAlgorithm::Sha1),
+                (ALG_PBKDF2, "importKey") => NormalizedAlgorithm::Algorithm(SubtleAlgorithm {
-                (ALG_SHA256, "digest") => Ok(NormalizedAlgorithm::Sha256),
+                    name: ALG_PBKDF2.to_string(),
-                (ALG_SHA384, "digest") => Ok(NormalizedAlgorithm::Sha384),
+                }),
-                (ALG_SHA512, "digest") => Ok(NormalizedAlgorithm::Sha512),
+                (ALG_SHA1, "digest") => NormalizedAlgorithm::Sha1,
-                _ => Err(Error::NotSupported),
+                (ALG_SHA256, "digest") => NormalizedAlgorithm::Sha256,
-            }
+                (ALG_SHA384, "digest") => NormalizedAlgorithm::Sha384,
                (ALG_SHA512, "digest") => NormalizedAlgorithm::Sha512,
                _ => return Err(Error::NotSupported),
            };
            Ok(normalized_algorithm)
        },
    }
 }
@ -706,6 +823,7 @@ impl SubtleCrypto {
                let key_data = GenericArray::from_slice(data);
                Aes256CbcEnc::new(key_data, iv).encrypt_padded_vec_mut::<Pkcs7>(&plaintext)
            },
            _ => return Err(Error::Data),
        };
        create_buffer_source::<ArrayBufferU8>(cx, &ct, handle)
@ -749,6 +867,7 @@ impl SubtleCrypto {
                    .decrypt_padded_mut::<Pkcs7>(ciphertext.as_mut_slice())
                    .map_err(|_| Error::Operation)?
            },
            _ => return Err(Error::Data),
        };
        create_buffer_source::<ArrayBufferU8>(cx, plaintext, handle)
@ -786,6 +905,7 @@ impl SubtleCrypto {
                let key_data = GenericArray::from_slice(data);
                Aes256Ctr::new(key_data, counter).apply_keystream(&mut ciphertext)
            },
            _ => return Err(Error::Data),
        };
        create_buffer_source::<ArrayBufferU8>(cx, &ciphertext, handle)
@ -915,6 +1035,7 @@ impl SubtleCrypto {
                Handle::Aes128(key_data) => Ok(AesExportedKey::Raw(key_data.as_slice().to_vec())),
                Handle::Aes192(key_data) => Ok(AesExportedKey::Raw(key_data.as_slice().to_vec())),
                Handle::Aes256(key_data) => Ok(AesExportedKey::Raw(key_data.as_slice().to_vec())),
                _ => Err(Error::Data),
            },
            KeyFormat::Jwk => {
                let (alg, k) = match key.handle() {
@ -927,6 +1048,7 @@ impl SubtleCrypto {
                    Handle::Aes256(key_data) => {
                        data_to_jwk_params(key.algorithm().as_str(), "256", key_data.as_slice())
                    },
                    _ => return Err(Error::Data),
                };
                let jwk = JsonWebKey {
                    alg: Some(alg),
@ -953,6 +1075,58 @@ impl SubtleCrypto {
            _ => Err(Error::NotSupported),
        }
    }
    /// <https://w3c.github.io/webcrypto/#pbkdf2-operations>
    #[allow(unsafe_code)]
    fn import_key_pbkdf2(
        &self,
        format: KeyFormat,
        data: &[u8],
        extractable: bool,
        usages: Vec<KeyUsage>,
    ) -> Result<DomRoot<CryptoKey>, Error> {
        // Step 1. If format is not "raw", throw a NotSupportedError
        if format != KeyFormat::Raw {
            return Err(Error::NotSupported);
        }
        // Step 2. If usages contains a value that is not "deriveKey" or "deriveBits", then throw a SyntaxError.
        if usages
            .iter()
            .any(|usage| !matches!(usage, KeyUsage::DeriveKey | KeyUsage::DeriveBits))
        {
            return Err(Error::Syntax);
        }
        // Step 3. If extractable is not false, then throw a SyntaxError.
        if extractable {
            return Err(Error::Syntax);
        }
        // Step 4. Let key be a new CryptoKey representing keyData.
        // Step 5. Set the [[type]] internal slot of key to "secret".
        // Step 6. Let algorithm be a new KeyAlgorithm object.
        // Step 7. Set the name attribute of algorithm to "PBKDF2".
        // Step 8. Set the [[algorithm]] internal slot of key to algorithm.
        let name = DOMString::from(ALG_PBKDF2);
        let cx = GlobalScope::get_cx();
        rooted!(in(*cx) let mut algorithm_object = unsafe {JS_NewObject(*cx, ptr::null()) });
        assert!(!algorithm_object.is_null());
        KeyAlgorithm::from_name(name.clone(), algorithm_object.handle_mut(), cx);
        let key = CryptoKey::new(
            &self.global(),
            KeyType::Secret,
            extractable,
            name,
            algorithm_object.handle(),
            usages,
            Handle::Pbkdf2(data.to_vec()),
        );
        // Step 9. Return key.
        Ok(key)
    }
 }
 pub enum AesExportedKey {
@ -971,13 +1145,26 @@ fn data_to_jwk_params(alg: &str, size: &str, key: &[u8]) -> (DOMString, DOMStrin
    (jwk_alg, DOMString::from(data))
 }
 impl KeyAlgorithm {
    /// Fill the object referenced by `out` with an [KeyAlgorithm]
    /// of the specified name and size.
    #[allow(unsafe_code)]
    fn from_name(name: DOMString, out: MutableHandleObject, cx: JSContext) {
        let key_algorithm = Self { name };
        unsafe {
            key_algorithm.to_jsobject(*cx, out);
        }
    }
 }
 impl AesKeyAlgorithm {
    /// Fill the object referenced by `out` with an [AesKeyAlgorithm]
    /// of the specified name and size.
    #[allow(unsafe_code)]
    fn from_name_and_size(name: DOMString, size: u16, out: MutableHandleObject, cx: JSContext) {
        let key_algorithm = Self {
-            parent: KeyAlgorithm { name: name.clone() },
+            parent: KeyAlgorithm { name },
            length: size,
        };
@ -986,3 +1173,105 @@ impl AesKeyAlgorithm {
        }
    }
 }
 impl SubtlePbkdf2Params {
    /// <https://w3c.github.io/webcrypto/#pbkdf2-operations>
    fn derive_bits(&self, key: &CryptoKey, length: Option<u32>) -> Result<Vec<u8>, Error> {
        // Step 1. If length is null or zero, or is not a multiple of 8, then throw an OperationError.
        let Some(length) = length else {
            return Err(Error::Operation);
        };
        if length == 0 || length % 8 != 0 {
            return Err(Error::Operation);
        };
        // Step 2. If the iterations member of normalizedAlgorithm is zero, then throw an OperationError.
        let Ok(iterations) = NonZero::<u32>::try_from(self.iterations) else {
            return Err(Error::Operation);
        };
        // Step 3. Let prf be the MAC Generation function described in Section 4 of [FIPS-198-1]
        // using the hash function described by the hash member of normalizedAlgorithm.
        let NormalizedAlgorithm::Algorithm(alg) = &*self.hash else {
            return Err(Error::NotSupported);
        };
        let prf = match alg.name.as_str() {
            ALG_SHA1 => pbkdf2::PBKDF2_HMAC_SHA1,
            ALG_SHA256 => pbkdf2::PBKDF2_HMAC_SHA256,
            ALG_SHA384 => pbkdf2::PBKDF2_HMAC_SHA384,
            ALG_SHA512 => pbkdf2::PBKDF2_HMAC_SHA512,
            _ => return Err(Error::NotSupported),
        };
        // Step 4. Let result be the result of performing the PBKDF2 operation defined in Section 5.2 of [RFC8018] using
        // prf as the pseudo-random function, PRF, the password represented by [[handle]] internal slot of key as
        // the password, P, the contents of the salt attribute of normalizedAlgorithm as the salt, S, the value of
        // the iterations attribute of normalizedAlgorithm as the iteration count, c, and length divided by 8 as the
        // intended key length, dkLen.
        let mut result = vec![0; length as usize / 8];
        pbkdf2::derive(
            prf,
            iterations,
            &self.salt,
            key.handle().as_bytes(),
            &mut result,
        );
        // Step 5. If the key derivation operation fails, then throw an OperationError.
        // TODO: Investigate when key derivation can fail and how ring handles that case
        // (pbkdf2::derive does not return a Result type)
        // Step 6. Return result
        Ok(result)
    }
 }
 impl NormalizedAlgorithm {
    fn derive_bits(&self, key: &CryptoKey, length: Option<u32>) -> Result<Vec<u8>, Error> {
        match self {
            Self::Pbkdf2Params(pbkdf2_params) => pbkdf2_params.derive_bits(key, length),
            _ => Err(Error::NotSupported),
        }
    }
    fn import_key(
        &self,
        subtle: &SubtleCrypto,
        format: KeyFormat,
        secret: &[u8],
        extractable: bool,
        key_usages: Vec<KeyUsage>,
    ) -> Result<DomRoot<CryptoKey>, Error> {
        let alg = match self {
            Self::Algorithm(name) => name,
            _ => {
                return Err(Error::NotSupported);
            },
        };
        match alg.name.as_str() {
            ALG_AES_CBC => {
                subtle.import_key_aes(format, secret, extractable, key_usages, ALG_AES_CBC)
            },
            ALG_AES_CTR => {
                subtle.import_key_aes(format, secret, extractable, key_usages, ALG_AES_CTR)
            },
            ALG_PBKDF2 => subtle.import_key_pbkdf2(format, secret, extractable, key_usages),
            _ => Err(Error::NotSupported),
        }
    }
    fn digest(&self, data: &[u8]) -> Result<impl AsRef<[u8]>, Error> {
        let algorithm = match self {
            Self::Sha1 => &digest::SHA1_FOR_LEGACY_USE_ONLY,
            Self::Sha256 => &digest::SHA256,
            Self::Sha384 => &digest::SHA384,
            Self::Sha512 => &digest::SHA512,
            _ => {
                return Err(Error::NotSupported);
            },
        };
        Ok(digest::digest(algorithm, data))
    }
 }
--- a/components/script/dom/webidls/SubtleCrypto.webidl
+++ b/components/script/dom/webidls/SubtleCrypto.webidl
@ -44,9 +44,9 @@ interface SubtleCrypto {
  //                        AlgorithmIdentifier derivedKeyType,
  //                        boolean extractable,
  //                        sequence<KeyUsage> keyUsages );
-  // Promise<ArrayBuffer> deriveBits(AlgorithmIdentifier algorithm,
+  Promise<ArrayBuffer> deriveBits(AlgorithmIdentifier algorithm,
-  //                         CryptoKey baseKey,
+                          CryptoKey baseKey,
-  //                         optional unsigned long? length = null);
+                          optional unsigned long? length = null);
  Promise<CryptoKey> importKey(KeyFormat format,
                         (BufferSource or JsonWebKey) keyData,
@ -92,6 +92,13 @@ dictionary AesCtrParams : Algorithm {
  required [EnforceRange] octet length;
 };
 // https://w3c.github.io/webcrypto/#pbkdf2-params
 dictionary Pbkdf2Params : Algorithm {
  required BufferSource salt;
  required [EnforceRange] unsigned long iterations;
  required HashAlgorithmIdentifier hash;
 };
 // JWK
 dictionary RsaOtherPrimesInfo {
  // The following fields are defined in Section 6.3.2.7 of JSON Web Algorithms
--- a/tests/wpt/meta/WebCryptoAPI/derive_bits_keys/cfrg_curves_bits_curve25519.https.any.js.ini
+++ b/tests/wpt/meta/WebCryptoAPI/derive_bits_keys/cfrg_curves_bits_curve25519.https.any.js.ini
@ -30,12 +30,6 @@
  [X25519 non-multiple of 8 bits]
    expected: FAIL
  [X25519 missing public property]
    expected: FAIL
  [X25519 public property of algorithm is not a CryptoKey]
    expected: FAIL
  [X25519 mismatched algorithms]
    expected: FAIL
@ -86,12 +80,6 @@
  [X25519 non-multiple of 8 bits]
    expected: FAIL
  [X25519 missing public property]
    expected: FAIL
  [X25519 public property of algorithm is not a CryptoKey]
    expected: FAIL
  [X25519 mismatched algorithms]
    expected: FAIL
--- a/tests/wpt/meta/WebCryptoAPI/derive_bits_keys/cfrg_curves_bits_curve448.https.any.js.ini
+++ b/tests/wpt/meta/WebCryptoAPI/derive_bits_keys/cfrg_curves_bits_curve448.https.any.js.ini
@ -26,12 +26,6 @@
  [X448 non-multiple of 8 bits]
    expected: FAIL
  [X448 missing public property]
    expected: FAIL
  [X448 public property of algorithm is not a CryptoKey]
    expected: FAIL
  [X448 mismatched algorithms]
    expected: FAIL
@ -80,12 +74,6 @@
  [X448 non-multiple of 8 bits]
    expected: FAIL
  [X448 missing public property]
    expected: FAIL
  [X448 public property of algorithm is not a CryptoKey]
    expected: FAIL
  [X448 mismatched algorithms]
    expected: FAIL
--- a/tests/wpt/meta/WebCryptoAPI/derive_bits_keys/derived_bits_length.https.any.js.ini
+++ b/tests/wpt/meta/WebCryptoAPI/derive_bits_keys/derived_bits_length.https.any.js.ini
@ -14,21 +14,6 @@
  [HKDF derivation with omitted as 'length' parameter]
    expected: FAIL
  [PBKDF2 derivation with 256 as 'length' parameter]
    expected: FAIL
  [PBKDF2 derivation with 0 as 'length' parameter]
    expected: FAIL
  [PBKDF2 derivation with null as 'length' parameter]
    expected: FAIL
  [PBKDF2 derivation with undefined as 'length' parameter]
    expected: FAIL
  [PBKDF2 derivation with omitted as 'length' parameter]
    expected: FAIL
  [ECDH derivation with 256 as 'length' parameter]
    expected: FAIL
@ -65,12 +50,6 @@
  [HKDF derivation with 230 as 'length' parameter]
    expected: FAIL
  [PBKDF2 derivation with 384 as 'length' parameter]
    expected: FAIL
  [PBKDF2 derivation with 230 as 'length' parameter]
    expected: FAIL
  [ECDH derivation with 384 as 'length' parameter]
    expected: FAIL
@ -100,21 +79,6 @@
  [HKDF derivation with omitted as 'length' parameter]
    expected: FAIL
  [PBKDF2 derivation with 256 as 'length' parameter]
    expected: FAIL
  [PBKDF2 derivation with 0 as 'length' parameter]
    expected: FAIL
  [PBKDF2 derivation with null as 'length' parameter]
    expected: FAIL
  [PBKDF2 derivation with undefined as 'length' parameter]
    expected: FAIL
  [PBKDF2 derivation with omitted as 'length' parameter]
    expected: FAIL
  [ECDH derivation with 256 as 'length' parameter]
    expected: FAIL
@ -151,12 +115,6 @@
  [HKDF derivation with 230 as 'length' parameter]
    expected: FAIL
  [PBKDF2 derivation with 384 as 'length' parameter]
    expected: FAIL
  [PBKDF2 derivation with 230 as 'length' parameter]
    expected: FAIL
  [ECDH derivation with 384 as 'length' parameter]
    expected: FAIL
--- a/tests/wpt/meta/WebCryptoAPI/derive_bits_keys/ecdh_bits.https.any.js.ini
+++ b/tests/wpt/meta/WebCryptoAPI/derive_bits_keys/ecdh_bits.https.any.js.ini
@ -11,12 +11,6 @@
  [P-521 non-multiple of 8 bits]
    expected: FAIL
  [P-521 missing public curve]
    expected: FAIL
  [P-521 public property of algorithm is not a CryptoKey]
    expected: FAIL
  [P-521 mismatched curves]
    expected: FAIL
@ -50,12 +44,6 @@
  [P-256 non-multiple of 8 bits]
    expected: FAIL
  [P-256 missing public curve]
    expected: FAIL
  [P-256 public property of algorithm is not a CryptoKey]
    expected: FAIL
  [P-256 mismatched curves]
    expected: FAIL
@ -89,12 +77,6 @@
  [P-384 non-multiple of 8 bits]
    expected: FAIL
  [P-384 missing public curve]
    expected: FAIL
  [P-384 public property of algorithm is not a CryptoKey]
    expected: FAIL
  [P-384 mismatched curves]
    expected: FAIL
@ -130,12 +112,6 @@
  [P-521 non-multiple of 8 bits]
    expected: FAIL
  [P-521 missing public curve]
    expected: FAIL
  [P-521 public property of algorithm is not a CryptoKey]
    expected: FAIL
  [P-521 mismatched curves]
    expected: FAIL
@ -169,12 +145,6 @@
  [P-256 non-multiple of 8 bits]
    expected: FAIL
  [P-256 missing public curve]
    expected: FAIL
  [P-256 public property of algorithm is not a CryptoKey]
    expected: FAIL
  [P-256 mismatched curves]
    expected: FAIL
@ -208,12 +178,6 @@
  [P-384 non-multiple of 8 bits]
    expected: FAIL
  [P-384 missing public curve]
    expected: FAIL
  [P-384 public property of algorithm is not a CryptoKey]
    expected: FAIL
  [P-384 mismatched curves]
    expected: FAIL
--- a/tests/wpt/meta/WebCryptoAPI/derive_bits_keys/hkdf.https.any.js.ini
+++ b/tests/wpt/meta/WebCryptoAPI/derive_bits_keys/hkdf.https.any.js.ini
--- a/tests/wpt/meta/WebCryptoAPI/derive_bits_keys/pbkdf2.https.any.js.ini
+++ b/tests/wpt/meta/WebCryptoAPI/derive_bits_keys/pbkdf2.https.any.js.ini
--- a/tests/wpt/meta/WebCryptoAPI/idlharness.https.any.js.ini
+++ b/tests/wpt/meta/WebCryptoAPI/idlharness.https.any.js.ini
@ -53,15 +53,6 @@
  [SubtleCrypto interface: calling unwrapKey(KeyFormat, BufferSource, CryptoKey, AlgorithmIdentifier, AlgorithmIdentifier, boolean, sequence<KeyUsage>) on crypto.subtle with too few arguments must throw TypeError]
    expected: FAIL
  [SubtleCrypto interface: operation deriveBits(AlgorithmIdentifier, CryptoKey, optional unsigned long?)]
    expected: FAIL
  [SubtleCrypto interface: crypto.subtle must inherit property "deriveBits(AlgorithmIdentifier, CryptoKey, optional unsigned long?)" with the proper type]
    expected: FAIL
  [SubtleCrypto interface: calling deriveBits(AlgorithmIdentifier, CryptoKey, optional unsigned long?) on crypto.subtle with too few arguments must throw TypeError]
    expected: FAIL
 [idlharness.https.any.html]
  [SubtleCrypto interface: operation sign(AlgorithmIdentifier, CryptoKey, BufferSource)]
@ -117,12 +108,3 @@
  [SubtleCrypto interface: calling unwrapKey(KeyFormat, BufferSource, CryptoKey, AlgorithmIdentifier, AlgorithmIdentifier, boolean, sequence<KeyUsage>) on crypto.subtle with too few arguments must throw TypeError]
    expected: FAIL
  [SubtleCrypto interface: operation deriveBits(AlgorithmIdentifier, CryptoKey, optional unsigned long?)]
    expected: FAIL
  [SubtleCrypto interface: crypto.subtle must inherit property "deriveBits(AlgorithmIdentifier, CryptoKey, optional unsigned long?)" with the proper type]
    expected: FAIL
  [SubtleCrypto interface: calling deriveBits(AlgorithmIdentifier, CryptoKey, optional unsigned long?) on crypto.subtle with too few arguments must throw TypeError]
    expected: FAIL
--- a/tests/wpt/meta/WebCryptoAPI/import_export/symmetric_importKey.https.any.js.ini
+++ b/tests/wpt/meta/WebCryptoAPI/import_export/symmetric_importKey.https.any.js.ini
@ -458,33 +458,6 @@
  [Good parameters: 256 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 16: 17, 17: 18, 18: 19, 19: 20, 2: 3, 20: 21, 21: 22, 22: 23, 23: 24, 24: 25, 25: 26, 26: 27, 27: 28, 28: 29, 29: 30, 3: 4, 30: 31, 31: 32, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: HKDF}, false, [deriveKey\])]
    expected: FAIL
  [Good parameters: 128 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 2: 3, 3: 4, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: PBKDF2}, false, [deriveBits\])]
    expected: FAIL
  [Good parameters: 128 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 2: 3, 3: 4, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: PBKDF2}, false, [deriveKey, deriveBits\])]
    expected: FAIL
  [Good parameters: 128 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 2: 3, 3: 4, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: PBKDF2}, false, [deriveKey\])]
    expected: FAIL
  [Good parameters: 192 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 16: 17, 17: 18, 18: 19, 19: 20, 2: 3, 20: 21, 21: 22, 22: 23, 23: 24, 3: 4, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: PBKDF2}, false, [deriveBits\])]
    expected: FAIL
  [Good parameters: 192 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 16: 17, 17: 18, 18: 19, 19: 20, 2: 3, 20: 21, 21: 22, 22: 23, 23: 24, 3: 4, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: PBKDF2}, false, [deriveKey, deriveBits\])]
    expected: FAIL
  [Good parameters: 192 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 16: 17, 17: 18, 18: 19, 19: 20, 2: 3, 20: 21, 21: 22, 22: 23, 23: 24, 3: 4, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: PBKDF2}, false, [deriveKey\])]
    expected: FAIL
  [Good parameters: 256 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 16: 17, 17: 18, 18: 19, 19: 20, 2: 3, 20: 21, 21: 22, 22: 23, 23: 24, 24: 25, 25: 26, 26: 27, 27: 28, 28: 29, 29: 30, 3: 4, 30: 31, 31: 32, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: PBKDF2}, false, [deriveBits\])]
    expected: FAIL
  [Good parameters: 256 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 16: 17, 17: 18, 18: 19, 19: 20, 2: 3, 20: 21, 21: 22, 22: 23, 23: 24, 24: 25, 25: 26, 26: 27, 27: 28, 28: 29, 29: 30, 3: 4, 30: 31, 31: 32, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: PBKDF2}, false, [deriveKey, deriveBits\])]
    expected: FAIL
  [Good parameters: 256 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 16: 17, 17: 18, 18: 19, 19: 20, 2: 3, 20: 21, 21: 22, 22: 23, 23: 24, 24: 25, 25: 26, 26: 27, 27: 28, 28: 29, 29: 30, 3: 4, 30: 31, 31: 32, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: PBKDF2}, false, [deriveKey\])]
    expected: FAIL
  [Empty Usages: 128 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 2: 3, 3: 4, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: AES-GCM}, true, [\])]
    expected: FAIL
@ -800,15 +773,6 @@
  [Good parameters: 256 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 16: 17, 17: 18, 18: 19, 19: 20, 2: 3, 20: 21, 21: 22, 22: 23, 23: 24, 24: 25, 25: 26, 26: 27, 27: 28, 28: 29, 29: 30, 3: 4, 30: 31, 31: 32, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: HKDF}, false, [deriveBits, deriveKey, deriveBits, deriveKey\])]
    expected: FAIL
  [Good parameters: 128 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 2: 3, 3: 4, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: PBKDF2}, false, [deriveBits, deriveKey, deriveBits, deriveKey\])]
    expected: FAIL
  [Good parameters: 192 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 16: 17, 17: 18, 18: 19, 19: 20, 2: 3, 20: 21, 21: 22, 22: 23, 23: 24, 3: 4, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: PBKDF2}, false, [deriveBits, deriveKey, deriveBits, deriveKey\])]
    expected: FAIL
  [Good parameters: 256 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 16: 17, 17: 18, 18: 19, 19: 20, 2: 3, 20: 21, 21: 22, 22: 23, 23: 24, 24: 25, 25: 26, 26: 27, 27: 28, 28: 29, 29: 30, 3: 4, 30: 31, 31: 32, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: PBKDF2}, false, [deriveBits, deriveKey, deriveBits, deriveKey\])]
    expected: FAIL
 [symmetric_importKey.https.any.worker.html]
  [Good parameters: 128 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 2: 3, 3: 4, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: AES-GCM}, true, [encrypt\])]
@ -1270,33 +1234,6 @@
  [Good parameters: 256 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 16: 17, 17: 18, 18: 19, 19: 20, 2: 3, 20: 21, 21: 22, 22: 23, 23: 24, 24: 25, 25: 26, 26: 27, 27: 28, 28: 29, 29: 30, 3: 4, 30: 31, 31: 32, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: HKDF}, false, [deriveKey\])]
    expected: FAIL
  [Good parameters: 128 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 2: 3, 3: 4, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: PBKDF2}, false, [deriveBits\])]
    expected: FAIL
  [Good parameters: 128 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 2: 3, 3: 4, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: PBKDF2}, false, [deriveKey, deriveBits\])]
    expected: FAIL
  [Good parameters: 128 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 2: 3, 3: 4, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: PBKDF2}, false, [deriveKey\])]
    expected: FAIL
  [Good parameters: 192 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 16: 17, 17: 18, 18: 19, 19: 20, 2: 3, 20: 21, 21: 22, 22: 23, 23: 24, 3: 4, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: PBKDF2}, false, [deriveBits\])]
    expected: FAIL
  [Good parameters: 192 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 16: 17, 17: 18, 18: 19, 19: 20, 2: 3, 20: 21, 21: 22, 22: 23, 23: 24, 3: 4, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: PBKDF2}, false, [deriveKey, deriveBits\])]
    expected: FAIL
  [Good parameters: 192 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 16: 17, 17: 18, 18: 19, 19: 20, 2: 3, 20: 21, 21: 22, 22: 23, 23: 24, 3: 4, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: PBKDF2}, false, [deriveKey\])]
    expected: FAIL
  [Good parameters: 256 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 16: 17, 17: 18, 18: 19, 19: 20, 2: 3, 20: 21, 21: 22, 22: 23, 23: 24, 24: 25, 25: 26, 26: 27, 27: 28, 28: 29, 29: 30, 3: 4, 30: 31, 31: 32, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: PBKDF2}, false, [deriveBits\])]
    expected: FAIL
  [Good parameters: 256 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 16: 17, 17: 18, 18: 19, 19: 20, 2: 3, 20: 21, 21: 22, 22: 23, 23: 24, 24: 25, 25: 26, 26: 27, 27: 28, 28: 29, 29: 30, 3: 4, 30: 31, 31: 32, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: PBKDF2}, false, [deriveKey, deriveBits\])]
    expected: FAIL
  [Good parameters: 256 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 16: 17, 17: 18, 18: 19, 19: 20, 2: 3, 20: 21, 21: 22, 22: 23, 23: 24, 24: 25, 25: 26, 26: 27, 27: 28, 28: 29, 29: 30, 3: 4, 30: 31, 31: 32, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: PBKDF2}, false, [deriveKey\])]
    expected: FAIL
  [Empty Usages: 128 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 2: 3, 3: 4, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: AES-GCM}, true, [\])]
    expected: FAIL
@ -1611,12 +1548,3 @@
  [Good parameters: 256 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 16: 17, 17: 18, 18: 19, 19: 20, 2: 3, 20: 21, 21: 22, 22: 23, 23: 24, 24: 25, 25: 26, 26: 27, 27: 28, 28: 29, 29: 30, 3: 4, 30: 31, 31: 32, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: HKDF}, false, [deriveBits, deriveKey, deriveBits, deriveKey\])]
    expected: FAIL
  [Good parameters: 128 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 2: 3, 3: 4, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: PBKDF2}, false, [deriveBits, deriveKey, deriveBits, deriveKey\])]
    expected: FAIL
  [Good parameters: 192 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 16: 17, 17: 18, 18: 19, 19: 20, 2: 3, 20: 21, 21: 22, 22: 23, 23: 24, 3: 4, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: PBKDF2}, false, [deriveBits, deriveKey, deriveBits, deriveKey\])]
    expected: FAIL
  [Good parameters: 256 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 16: 17, 17: 18, 18: 19, 19: 20, 2: 3, 20: 21, 21: 22, 22: 23, 23: 24, 24: 25, 25: 26, 26: 27, 27: 28, 28: 29, 29: 30, 3: 4, 30: 31, 31: 32, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: PBKDF2}, false, [deriveBits, deriveKey, deriveBits, deriveKey\])]
    expected: FAIL