Using the Web Crypto API from Firefox AddOn

Question

I can't figure out how to access the Web Crypto API from an AddOn script itself (no documentation).

Trying to do it from a content-script gives a permission error accessing then:

JavaScript error:
  resource://gre/modules/commonjs/toolkit/loader.js ->
  resource://gre/modules/commonjs/sdk/loader/sandbox.js -> 
  resource://..../data/content-script.js,
  line 36: Error: Permission denied to access property "then"

The relevant code is:

  var password = new TextEncoder("utf-8").encode('password');
  var salt = new TextEncoder("utf-8").encode('salt');
  var iterations = 1;
  var outputLen = 20;
  return window.crypto.subtle.importKey(
    "raw", password, {"name": "PBKDF2"}, false, ["deriveKey"]
  ).then(function(baseKey) {
    return window.crypto.subtle.deriveKey(
      { "name": "PBKDF2",
        "salt": salt,
        "iterations": iterations,
        "hash": "SHA-1",
      },
      baseKey,                              // input key
      {"name": "AES-CBC", "length": 32*8},  // output key use and size
      true,                                 // output key is extractable
      ["encrypt","decrypt"]);               // output key capabilities
  }).then(function(aesKey) {
    return window.crypto.subtle.exportKey("raw", aesKey);
  }).then(function(keyBytes) {
    var keyArray = Array.slice(new Uint8Array(keyBytes), 0, outputLen);
    keyArray.toHex = toHex;
    keyArray.toPassword = toPassword;
    return keyArray;
  });

Is there any require the Web Crypto API into add-ons, or is there anything else I can do to make this work? I don't really want to use a JS crypto library due to runtime concerns (PBKDF2 runs fast → choose more iterations → more secure).

Answer 1

Components.utils.importGlobalProperties(['crypto']);
var blah = crypto.subtle.deriveKey({....});

Taken from here: https://developer.mozilla.org/en-US/docs/Components.utils.importGlobalProperties