fixup! crypto: add KMAC Web Cryptography algorithms

Author: panva

src/crypto/crypto_kmac.cc

@@ -4,6 +4,7 @@
 #include "threadpoolwork-inl.h"
 
 #if OPENSSL_VERSION_NUMBER >= 0x30100000L
+#include <openssl/core_names.h>
 #include <openssl/params.h>
 #include "crypto/crypto_keys.h"
 #include "crypto/crypto_sig.h"

test/parallel/test-webcrypto-derivekey.js

@@ -1,11 +1,12 @@
-// Flags: --expose-internals --no-warnings
 'use strict';
 
 const common = require('../common');
 
 if (!common.hasCrypto)
   common.skip('missing crypto');
 
+const { hasOpenSSL } = require('../common/crypto');
+
 const assert = require('assert');
 const { subtle } = globalThis.crypto;
 const { KeyObject } = require('crypto');
@@ -167,6 +168,15 @@ const { KeyObject } = require('crypto');
     // [{ name: 'HMAC', hash: 'SHA3-512' }, 'sign', 512],
   ];
 
+  if (hasOpenSSL(3, 1)) {
+    vectors.push(
+      ['KMAC128', 'sign', 128],
+      [{ name: 'KMAC128', length: 384 }, 'sign', 384],
+      ['KMAC256', 'sign', 256],
+      [{ name: 'KMAC256', length: 384 }, 'sign', 384],
+    );
+  }
+
   (async () => {
     const keyPair = await subtle.generateKey({ name: 'ECDH', namedCurve: 'P-521' }, false, ['deriveKey']);
     for (const [derivedKeyAlgorithm, usage, expected] of vectors) {
@@ -183,7 +193,7 @@ const { KeyObject } = require('crypto');
       } else {
         assert.strictEqual(result.status, 'fulfilled');
         const derived = result.value;
-        if (derived.algorithm.name === 'HMAC') {
+        if (derived.algorithm.name === 'HMAC' || derived.algorithm.name.startsWith('KMAC')) {
           assert.strictEqual(derived.algorithm.length, expected);
         } else {
           // KDFs cannot be exportable and do not indicate their length
@@ -211,6 +221,15 @@ const { KeyObject } = require('crypto');
     // [{ name: 'HMAC', hash: 'SHA3-512' }, 'sign', 512],
   ];
 
+  if (hasOpenSSL(3, 1)) {
+    vectors.push(
+      ['KMAC128', 'sign', 128],
+      [{ name: 'KMAC128', length: 384 }, 'sign', 384],
+      ['KMAC256', 'sign', 256],
+      [{ name: 'KMAC256', length: 384 }, 'sign', 384],
+    );
+  }
+
   (async () => {
     for (const [derivedKeyAlgorithm, usage, expected] of vectors) {
       const derived = await subtle.deriveKey(

test/parallel/test-webcrypto-export-import.js

@@ -99,7 +99,6 @@ const { createPrivateKey, createPublicKey, createSecretKey } = require('crypto')
         hash: 'SHA-256'
       }, true, ['sign', 'verify']);
 
-
     assert.strictEqual(key.algorithm, key.algorithm);
     assert.strictEqual(key.usages, key.usages);
 
@@ -113,11 +112,44 @@ const { createPrivateKey, createPublicKey, createSecretKey } = require('crypto')
     assert.deepStrictEqual(jwk.key_ops, ['sign', 'verify']);
     assert(jwk.ext);
     assert.strictEqual(jwk.kty, 'oct');
+    assert.strictEqual(jwk.alg, 'HS256');
 
     assert.deepStrictEqual(
       Buffer.from(jwk.k, 'base64').toString('hex'),
       Buffer.from(raw).toString('hex'));
 
+    await subtle.importKey(
+      'jwk',
+      jwk,
+      {
+        name: 'HMAC',
+        hash: 'SHA-256'
+      },
+      true,
+      ['sign', 'verify']);
+
+    await subtle.importKey(
+      'jwk',
+      { ...jwk, alg: undefined },
+      {
+        name: 'HMAC',
+        hash: 'SHA-256'
+      },
+      true,
+      ['sign', 'verify']);
+
+    await assert.rejects(
+      subtle.importKey(
+        'jwk',
+        { ...jwk, alg: 'HS384' },
+        {
+          name: 'HMAC',
+          hash: 'SHA-256'
+        },
+        true,
+        ['sign', 'verify']),
+      { name: 'DataError', message: 'JWK "alg" does not match the requested algorithm' });
+
     await assert.rejects(
       subtle.importKey(
         'raw',
@@ -161,6 +193,35 @@ if (hasOpenSSL(3, 1)) {
       Buffer.from(jwk.k, 'base64').toString('hex'),
       Buffer.from(raw).toString('hex'));
 
+    await subtle.importKey(
+      'jwk',
+      jwk,
+      name,
+      true,
+      ['sign', 'verify']);
+
+    await subtle.importKey(
+      'jwk',
+      { ...jwk, alg: undefined },
+      name,
+      true,
+      ['sign', 'verify']);
+
+    await assert.rejects(
+      subtle.importKey(
+        'jwk',
+        { ...jwk, alg: name === 'KMAC128' ? 'K256' : 'K128' },
+        name,
+        true,
+        ['sign', 'verify']),
+      { name: 'DataError', message: 'JWK "alg" does not match the requested algorithm' });
+
+    await assert.rejects(
+      subtle.importKey(
+        'raw',
+        keyData, name, true, ['sign', 'verify']),
+      { name: 'NotSupportedError', message: `Unable to import ${name} using raw format` });
+
     await assert.rejects(
       subtle.importKey(
         'raw-secret',