support more derived key algorithms in crypto.subtle.deriveKey
Categories
(Core :: DOM: Web Crypto, enhancement)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox119 | --- | fixed |
People
(Reporter: keeler, Assigned: keeler)
References
(Blocks 1 open bug)
Details
(Keywords: dev-doc-complete)
Attachments
(1 file)
crypto.subtle.deriveKey doesn't support that many derived key algorithms right now. In particular, it seems we should support HKDF.
|
Assignee | |
Comment 1•8 months ago
|
||
|
||
Updated•8 months ago
|
|
|
Assignee | |
Updated•8 months ago
|
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/58731d4cdf3a webcrypto: use the entire output of ECDH key derivation when the target algorithm doesn't specify a length r=jschanck
|
||
Comment 3•8 months ago
|
||
| bugherder | ||
|
||
Comment 4•7 months ago
|
||
FF119 MDN docs for this can be tracked in https://github.com/mdn/content/issues/29411.
This appears to be an update to SubtleCrypto.deriveKey().
The description says:
crypto.subtle.deriveKey doesn't support that many derived key algorithms right now. In particular, it seems we should support HKDF.
But then the actual patch
use the entire output of ECDH key derivation when the target algorithm doesn't specify a length r=jschanck
SO what does this actually deliver?
- Would I be correct in stating that following this update we support HKDF (we did not before?).
- Do we already support the other algorithms listed here: ECDH and PBKDF2
- Do we support all the derivedKeyAlgorithm options?
- Is there are wpt.live test I can run to verify what is supported by different browsers?
If it's just support for HKDF which was missing I'd probably just add a browser compatibility update: but if I do so, good to be able to know whether these are also supported on Chrome, Firefox and so on.
|
|
Assignee | |
Comment 5•7 months ago
|
||
(In reply to Hamish Willee from comment #4)
- Would I be correct in stating that following this update we support HKDF (we did not before?).
Yes, as the derivedKeyAlgorithm in the document you link below.
- Do we already support the other algorithms listed here: ECDH and PBKDF2
Those are unchanged (we support them as algorithm in the linked document).
- Do we support all the derivedKeyAlgorithm options?
Yes.
- Is there are wpt.live test I can run to verify what is supported by different browsers?
https://wpt.fyi/results/WebCryptoAPI/derive_bits_keys?label=master&label=experimental&aligned (unfortunately I don't know which specific test illustrates this - there may not be one).
If it's just support for HKDF which was missing I'd probably just add a browser compatibility update: but if I do so, good to be able to know whether these are also supported on Chrome, Firefox and so on.
Chrome supports it.
|
|
||
Comment 6•7 months ago
|
||
@Dana, thank you. So to confirm what I am doing makes sense, and confirm broadly what else might be missing in the docs.
- I added HKDF option to
derivedKeyAlgorithmin the docs and a corresponding update in browser compatibility data. - Does this also add HKDF support to the
algorithmparam inSubtleCrypto.importKey()too? - I've also added
PBKDF2toderivedKeyAlgorithm- Have we supported this for lifetime ofderiveKey()? import()defines a number of other algorithms - are these valid forderivedKeyAlgorithmtoo: RSASSA-PKCS1-v1_5, RSA-PSS, or RSA-OAEP. IN fact there is a table in the spec here - which can bederivedKeyAlgorithmoptions?- Given your answer to 4, does FF support all of those from the first version? Which don't we support?
Last of all, and probably stupid, when would you want to create a derived HKDF key? The docs give an example for two users who exchange public keys, and use ECDH to create a shared AES key that they can use to communicate. Why would you instead create a derived HKDF key?
|
|
Assignee | |
Comment 7•7 months ago
|
||
(In reply to Hamish Willee from comment #6)
- I added HKDF option to
derivedKeyAlgorithmin the docs and a corresponding update in browser compatibility data.
Awesome!
- Does this also add HKDF support to the
algorithmparam inSubtleCrypto.importKey()too?
I believe we already supported that, so I suppose it makes sense to update the docs anyway.
- I've also added
PBKDF2toderivedKeyAlgorithm- Have we supported this for lifetime ofderiveKey()?
Actually, it doesn't look like that's working. I filed bug 1856679.
import()defines a number of other algorithms - are these valid forderivedKeyAlgorithmtoo: RSASSA-PKCS1-v1_5, RSA-PSS, or RSA-OAEP. IN fact there is a table in the spec here - which can bederivedKeyAlgorithmoptions?
I think just the AES ones, HMAC, HKDF, and PBKDF2. Certainly none of the RSA ones, and I'm fairly sure none of the EC ones.
- Given your answer to 4, does FF support all of those from the first version? Which don't we support?
We've always supported the AES ones, and I think HMAC.
Last of all, and probably stupid, when would you want to create a derived HKDF key? The docs give an example for two users who exchange public keys, and use ECDH to create a shared AES key that they can use to communicate. Why would you instead create a derived HKDF key?
It's for if you want to derive an HKDF key to then derive other keys from that key, basically (so rather than just one AES key, this lets you create a number of derived AES keys, for example).
|
|
Assignee | |
Updated•7 months ago
|
|
|
||
Comment 8•7 months ago
|
||
Thank you! I have tried to update the BCD for the derivedKeyAlgorithm options on deriveKey(). Decided not to do that for the import at this time because it is out of scope for my release. But if we ever touch the import method I will. Docs/compatibility changes now in review.
Description
•