crypto: modern algorithms in Web Cryptography API#59365

panva · 2025-08-05T14:00:36Z

This PR implements a subset of the new features proposed to WICG as an extension to the Web Cryptography API.

The proposal is hosted at https://wicg.github.io/webcrypto-modern-algos/ and is accepted for incubation.

I'm including these all in one PR with commit-queue-rebase Add this label to allow the Commit Queue to land a PR in several commits. because of their dependency on the webcrypto.md table formatting that would only cause conflicts with each change merged individually.

Included:

ML-DSA-44, ML-DSA-65, and ML-DSA-87 algorithm support in sign, verify, importKey, exportKey, generateKey
cSHAKE128 and cSHAKE256 support in digest
SHA3-256, SHA3-384, SHA3-512 support in digest and hash members of RsaHashedKeyGenParams, RsaHashedImportParams, HmacKeyGenParams, EcdsaParams, HmacImportParams, HkdfParams, Pbkdf2Params
ChaCha20-Poly1305 support in encrypt, decrypt, wrapKey, unwrapKey, generateKey, importKey, exportKey
SubtleCrypto.supports() feature detection utility method
crypto.subtle.getPublicKey() public key derivation utility method
import/export key formats raw-seed, raw-public, and raw-secret
- for existing symmetric algorithms raw-secret acts as an alias for raw
- for existing asymmetric algorithms raw-public acts as an alias for raw

The functions and algorithms are added as experimental Issues and PRs related to experimental features. with an emitted warning and all algorithms have been refactored to take into account availability when linked with BoringSSL to properly result in NotSupportedError.

Follow up to this will include ML-KEM, Argon2, AES-OCB, and KMAC

nodejs-github-bot · 2025-08-05T14:00:42Z

Review requested:

@nodejs/crypto
@nodejs/gyp
@nodejs/performance
@nodejs/security-wg

panva · 2025-08-05T14:26:25Z

I'm opening this now to give ample time for review prior to the extension's adoption. I'm including these all in one PR with commit-queue-rebase Add this label to allow the Commit Queue to land a PR in several commits. because of their dependency on the webcrypto.md table formatting that would only cause conflicts with each change merged individually.

github-actions · 2025-08-05T14:27:27Z

The notable-change PRs with changes that should be highlighted in changelogs. label has been added by @panva.

Please suggest a text for the release notes if you'd like to include a more detailed summary, then proceed to update the PR description with the text or a link to the notable change suggested text comment. Otherwise, the commit will be placed in the Other Notable Changes section.

codecov · 2025-08-05T15:16:26Z

Codecov Report

❌ Patch coverage is 90.29745% with 137 lines in your changes missing coverage. Please review.
✅ Project coverage is 89.88%. Comparing base (786431f) to head (1d4d95b).
⚠️ Report is 26 commits behind head on main.

Files with missing lines	Patch %	Lines
src/crypto/crypto_chacha20_poly1305.cc	46.38%	56 Missing and 33 partials ⚠️
lib/internal/crypto/ml_dsa.js	94.33%	18 Missing ⚠️
lib/internal/crypto/chacha20_poly1305.js	94.76%	10 Missing ⚠️
lib/internal/crypto/util.js	96.12%	9 Missing ⚠️
lib/internal/crypto/webcrypto.js	97.39%	9 Missing ⚠️
src/crypto/crypto_chacha20_poly1305.h	33.33%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #59365      +/-   ##
==========================================
- Coverage   89.89%   89.88%   -0.01%     
==========================================
  Files         656      661       +5     
  Lines      193142   194616    +1474     
  Branches    37886    38242     +356     
==========================================
+ Hits       173619   174930    +1311     
- Misses      12060    12149      +89     
- Partials     7463     7537      +74

Files with missing lines	Coverage Δ
lib/internal/crypto/hash.js	`98.93% <100.00%> (+0.04%)`	⬆️
lib/internal/crypto/hashnames.js	`100.00% <100.00%> (ø)`
lib/internal/crypto/hkdf.js	`95.97% <100.00%> (+0.02%)`	⬆️
lib/internal/crypto/keys.js	`95.05% <100.00%> (+0.05%)`	⬆️
lib/internal/crypto/mac.js	`91.95% <100.00%> (+2.28%)`	⬆️
lib/internal/crypto/pbkdf2.js	`94.69% <100.00%> (+0.04%)`	⬆️
lib/internal/crypto/rsa.js	`94.00% <100.00%> (+1.36%)`	⬆️
lib/internal/crypto/webidl.js	`98.73% <100.00%> (+0.13%)`	⬆️
src/node_crypto.cc	`81.81% <ø> (ø)`
src/crypto/crypto_chacha20_poly1305.h	`33.33% <33.33%> (ø)`
... and 5 more

... and 57 files with indirect coverage changes

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

deps/ncrypto/ncrypto.cc

doc/api/crypto.md

joyeecheung

Rubber Stamp LGTM

nodejs-github-bot · 2025-08-19T13:54:10Z

Commit Queue failed

- Loading data for nodejs/node/pull/59365 ✔ Done loading data for nodejs/node/pull/59365 ----------------------------------- PR info ------------------------------------ Title crypto: modern algorithms in Web Cryptography API (#59365) Author Filip Skokan <panva.ip@gmail.com> (@panva) Branch panva:big-beautiful-pr -> nodejs:main Labels crypto, semver-minor, lib / src, experimental, author ready, needs-ci, review wanted, webcrypto, commit-queue-rebase, dont-land-on-v20.x, web-standards, dont-land-on-v22.x Commits 13 - crypto: support ML-DSA in Web Cryptography - crypto: add SubtleCrypto.supports feature detection in Web Cryptography - crypto: add SHAKE Web Cryptography digest algorithms - crypto: add SHA-3 Web Cryptography digest algorithms - crypto: add subtle.getPublicKey() utility function in Web Cryptography - test: cleanup test-webcrypto-supports - doc: compress Web Cryptography Algorithm matrix - test: add Web Cryptography wrap/unwrap vectors - crypto: add ChaCha20-Poly1305 Web Cryptography algorithm - crypto: subject some algorithms in Web Cryptography on BoringSSL absence - lib: refactor kSupportedAlgorithms - crypto: support ML-DSA spki/pkcs8 key formats in Web Cryptography - fixup! crypto: add ChaCha20-Poly1305 Web Cryptography algorithm Committers 1 - Filip Skokan <panva.ip@gmail.com> PR-URL: https://github.com/nodejs/node/pull/59365 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ethan Arrowood <ethan@arrowood.dev> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> ------------------------------ Generated metadata ------------------------------ PR-URL: https://github.com/nodejs/node/pull/59365 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ethan Arrowood <ethan@arrowood.dev> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> -------------------------------------------------------------------------------- ℹ This PR was created on Tue, 05 Aug 2025 14:00:36 GMT ✔ Approvals: 4 ✔ - James M Snell (@jasnell) (TSC): https://github.com/nodejs/node/pull/59365#pullrequestreview-3090261108 ✔ - Ethan Arrowood (@Ethan-Arrowood): https://github.com/nodejs/node/pull/59365#pullrequestreview-3101487054 ✔ - Yagiz Nizipli (@anonrig) (TSC): https://github.com/nodejs/node/pull/59365#pullrequestreview-3130105097 ✔ - Joyee Cheung (@joyeecheung) (TSC): https://github.com/nodejs/node/pull/59365#pullrequestreview-3132423014 ✔ Last GitHub CI successful ℹ Last Full PR CI on 2025-08-19T11:57:22Z: https://ci.nodejs.org/job/node-test-pull-request/68733/ - Querying data for job/node-test-pull-request/68733/ ✔ Last Jenkins CI successful -------------------------------------------------------------------------------- ✔ No git cherry-pick in progress ✔ No git am in progress ✔ No git rebase in progress -------------------------------------------------------------------------------- - Bringing origin/main up to date... From https://github.com/nodejs/node * branch main -> FETCH_HEAD ✔ origin/main is now up-to-date - Downloading patch for 59365 From https://github.com/nodejs/node * branch refs/pull/59365/merge -> FETCH_HEAD ✔ Fetched commits as 7c9fbc15bc13..1d4d95b32975 -------------------------------------------------------------------------------- [main 843245159c] crypto: support ML-DSA in Web Cryptography Author: Filip Skokan <panva.ip@gmail.com> Date: Wed Jul 30 11:57:03 2025 +0200 14 files changed, 1348 insertions(+), 144 deletions(-) create mode 100644 lib/internal/crypto/ml_dsa.js create mode 100644 test/fixtures/crypto/ml-dsa.js create mode 100644 test/parallel/test-webcrypto-export-import-ml-dsa.js create mode 100644 test/parallel/test-webcrypto-sign-verify-ml-dsa.js [main a6185e3913] crypto: add SubtleCrypto.supports feature detection in Web Cryptography Author: Filip Skokan <panva.ip@gmail.com> Date: Sun Mar 2 09:45:13 2025 +0100 9 files changed, 598 insertions(+) create mode 100644 test/fixtures/webcrypto/supports-level-2.mjs create mode 100644 test/fixtures/webcrypto/supports-modern-algorithms.mjs create mode 100644 test/fixtures/webcrypto/supports-secure-curves.mjs create mode 100644 test/parallel/test-webcrypto-supports.mjs [main 0005e6cef6] crypto: add SHAKE Web Cryptography digest algorithms Author: Filip Skokan <panva.ip@gmail.com> Date: Tue Mar 4 15:34:25 2025 +0100 12 files changed, 197 insertions(+), 46 deletions(-) [main f529a64e0d] crypto: add SHA-3 Web Cryptography digest algorithms Author: Filip Skokan <panva.ip@gmail.com> Date: Wed Aug 28 10:21:55 2024 +0200 22 files changed, 784 insertions(+), 77 deletions(-) create mode 100644 test/fixtures/webcrypto/supports-sha3.mjs [main 1b5e213228] crypto: add subtle.getPublicKey() utility function in Web Cryptography Author: Filip Skokan <panva.ip@gmail.com> Date: Fri Aug 1 22:09:12 2025 +0200 5 files changed, 176 insertions(+), 31 deletions(-) create mode 100644 test/parallel/test-webcrypto-get-public-key.mjs [main 188063ff52] test: cleanup test-webcrypto-supports Author: Filip Skokan <panva.ip@gmail.com> Date: Fri Aug 1 22:40:10 2025 +0200 1 file changed, 13 insertions(+), 13 deletions(-) [main eeb2a20bcf] doc: compress Web Cryptography Algorithm matrix Author: Filip Skokan <panva.ip@gmail.com> Date: Sat Aug 2 00:51:00 2025 +0200 1 file changed, 30 insertions(+), 30 deletions(-) [main a75738ccea] test: add Web Cryptography wrap/unwrap vectors Author: Filip Skokan <panva.ip@gmail.com> Date: Fri Aug 8 13:09:05 2025 +0200 1 file changed, 36 insertions(+), 5 deletions(-) [main c4eebba5df] crypto: add ChaCha20-Poly1305 Web Cryptography algorithm Author: Filip Skokan <panva.ip@gmail.com> Date: Fri Aug 8 13:02:42 2025 +0200 25 files changed, 1236 insertions(+), 176 deletions(-) create mode 100644 lib/internal/crypto/chacha20_poly1305.js create mode 100644 src/crypto/crypto_chacha20_poly1305.cc create mode 100644 src/crypto/crypto_chacha20_poly1305.h create mode 100644 test/fixtures/crypto/chacha20_poly1305.js create mode 100644 test/parallel/test-webcrypto-encrypt-decrypt-chacha20-poly1305.js [main 04a8b9f3d5] crypto: subject some algorithms in Web Cryptography on BoringSSL absence Author: Filip Skokan <panva.ip@gmail.com> Date: Sat Aug 9 09:21:18 2025 +0200 22 files changed, 437 insertions(+), 277 deletions(-) [main a1829cf262] lib: refactor kSupportedAlgorithms Author: Filip Skokan <panva.ip@gmail.com> Date: Sat Aug 9 13:41:45 2025 +0200 1 file changed, 205 insertions(+), 160 deletions(-) [main 42bfbe9d7b] crypto: support ML-DSA spki/pkcs8 key formats in Web Cryptography Author: Filip Skokan <panva.ip@gmail.com> Date: Mon Aug 11 14:19:05 2025 +0200 4 files changed, 280 insertions(+), 22 deletions(-) [main 6654f4fe2a] fixup! crypto: add ChaCha20-Poly1305 Web Cryptography algorithm Author: Filip Skokan <panva.ip@gmail.com> Date: Mon Aug 18 17:00:01 2025 +0200 1 file changed, 1 insertion(+), 1 deletion(-) ✔ Patches applied There are 13 commits in the PR. Attempting autorebase. Rebasing (2/25) Executing: git node land --amend --yes --------------------------------- New Message ---------------------------------- crypto: support ML-DSA in Web Cryptography

PR-URL: #59365
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ethan Arrowood <ethan@arrowood.dev>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>

[detached HEAD c34757936c] crypto: support ML-DSA in Web Cryptography
Author: Filip Skokan <panva.ip@gmail.com>
Date: Wed Jul 30 11:57:03 2025 +0200
14 files changed, 1348 insertions(+), 144 deletions(-)
create mode 100644 lib/internal/crypto/ml_dsa.js
create mode 100644 test/fixtures/crypto/ml-dsa.js
create mode 100644 test/parallel/test-webcrypto-export-import-ml-dsa.js
create mode 100644 test/parallel/test-webcrypto-sign-verify-ml-dsa.js
Rebasing (3/25)
Rebasing (4/25)
Executing: git node land --amend --yes
--------------------------------- New Message ----------------------------------
crypto: add SubtleCrypto.supports feature detection in Web Cryptography

PR-URL: #59365
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ethan Arrowood <ethan@arrowood.dev>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>

[detached HEAD 69c287e0ea] crypto: add SubtleCrypto.supports feature detection in Web Cryptography
Author: Filip Skokan <panva.ip@gmail.com>
Date: Sun Mar 2 09:45:13 2025 +0100
9 files changed, 598 insertions(+)
create mode 100644 test/fixtures/webcrypto/supports-level-2.mjs
create mode 100644 test/fixtures/webcrypto/supports-modern-algorithms.mjs
create mode 100644 test/fixtures/webcrypto/supports-secure-curves.mjs
create mode 100644 test/parallel/test-webcrypto-supports.mjs
Rebasing (5/25)
Rebasing (6/25)
Executing: git node land --amend --yes
--------------------------------- New Message ----------------------------------
crypto: add SHAKE Web Cryptography digest algorithms

PR-URL: #59365
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ethan Arrowood <ethan@arrowood.dev>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>

[detached HEAD f4542b8039] crypto: add SHAKE Web Cryptography digest algorithms
Author: Filip Skokan <panva.ip@gmail.com>
Date: Tue Mar 4 15:34:25 2025 +0100
12 files changed, 197 insertions(+), 46 deletions(-)
Rebasing (7/25)
Rebasing (8/25)
Executing: git node land --amend --yes
--------------------------------- New Message ----------------------------------
crypto: add SHA-3 Web Cryptography digest algorithms

PR-URL: #59365
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ethan Arrowood <ethan@arrowood.dev>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>

[detached HEAD 9f0cdc22d1] crypto: add SHA-3 Web Cryptography digest algorithms
Author: Filip Skokan <panva.ip@gmail.com>
Date: Wed Aug 28 10:21:55 2024 +0200
22 files changed, 784 insertions(+), 77 deletions(-)
create mode 100644 test/fixtures/webcrypto/supports-sha3.mjs
Rebasing (9/25)
Rebasing (10/25)
Executing: git node land --amend --yes
--------------------------------- New Message ----------------------------------
crypto: add subtle.getPublicKey() utility function in Web Cryptography

PR-URL: #59365
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ethan Arrowood <ethan@arrowood.dev>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>

[detached HEAD 84cc864174] crypto: add subtle.getPublicKey() utility function in Web Cryptography
Author: Filip Skokan <panva.ip@gmail.com>
Date: Fri Aug 1 22:09:12 2025 +0200
5 files changed, 176 insertions(+), 31 deletions(-)
create mode 100644 test/parallel/test-webcrypto-get-public-key.mjs
Rebasing (11/25)
Rebasing (12/25)
Executing: git node land --amend --yes
--------------------------------- New Message ----------------------------------
test: cleanup test-webcrypto-supports

PR-URL: #59365
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ethan Arrowood <ethan@arrowood.dev>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>

[detached HEAD 6b9ad4545a] test: cleanup test-webcrypto-supports
Author: Filip Skokan <panva.ip@gmail.com>
Date: Fri Aug 1 22:40:10 2025 +0200
1 file changed, 13 insertions(+), 13 deletions(-)
Rebasing (13/25)
Rebasing (14/25)
Executing: git node land --amend --yes
--------------------------------- New Message ----------------------------------
doc: compress Web Cryptography Algorithm matrix

PR-URL: #59365
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ethan Arrowood <ethan@arrowood.dev>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>

[detached HEAD 6fe87e924c] doc: compress Web Cryptography Algorithm matrix
Author: Filip Skokan <panva.ip@gmail.com>
Date: Sat Aug 2 00:51:00 2025 +0200
1 file changed, 30 insertions(+), 30 deletions(-)
Rebasing (15/25)
Rebasing (16/25)
Executing: git node land --amend --yes
--------------------------------- New Message ----------------------------------
test: add Web Cryptography wrap/unwrap vectors

PR-URL: #59365
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ethan Arrowood <ethan@arrowood.dev>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>

[detached HEAD ca21f38a9e] test: add Web Cryptography wrap/unwrap vectors
Author: Filip Skokan <panva.ip@gmail.com>
Date: Fri Aug 8 13:09:05 2025 +0200
1 file changed, 36 insertions(+), 5 deletions(-)
Rebasing (17/25)
Rebasing (18/25)
Auto-merging test/parallel/test-webcrypto-encrypt-decrypt-chacha20-poly1305.js
CONFLICT (content): Merge conflict in test/parallel/test-webcrypto-encrypt-decrypt-chacha20-poly1305.js
error: could not apply 6654f4fe2a... fixup! crypto: add ChaCha20-Poly1305 Web Cryptography algorithm
hint: Resolve all conflicts manually, mark them as resolved with
hint: "git add/rm <conflicted_files>", then run "git rebase --continue".
hint: You can instead skip this commit: run "git rebase --skip".
hint: To abort and get back to the state before "git rebase", run "git rebase --abort".
hint: Disable this message with "git config set advice.mergeConflict false"
Could not apply 6654f4fe2a... # fixup! crypto: add ChaCha20-Poly1305 Web Cryptography algorithm
Couldn't rebase 13 commits in the PR automatically
Please run the following commands to complete landing

$ git rebase origin/main --no-keep-empty -i -x "git node land --amend" --autosquash
$ git node land --continue

https://github.com/nodejs/node/actions/runs/17071722800

PR-URL: #59365 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ethan Arrowood <ethan@arrowood.dev> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>

panva · 2025-08-19T13:57:54Z

Landed in 7c9fbc1...eaf1c15

PR-URL: #59365 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ethan Arrowood <ethan@arrowood.dev> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>

panva added crypto Issues and PRs related to the crypto subsystem. blocked PRs that are blocked by other issues or PRs. experimental Issues and PRs related to experimental features. review wanted PRs that need reviews. webcrypto labels Aug 5, 2025

nodejs-github-bot added lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. labels Aug 5, 2025

panva added the commit-queue-rebase Add this label to allow the Commit Queue to land a PR in several commits. label Aug 5, 2025

This comment was marked as outdated.

Sign in to view

panva force-pushed the big-beautiful-pr branch from 2907808 to 0f8f626 Compare August 5, 2025 14:25

panva added semver-minor PRs that contain new features and should be released in the next minor version. notable-change PRs with changes that should be highlighted in changelogs. labels Aug 5, 2025

panva added dont-land-on-v20.x PRs that should not land on the v20.x-staging branch and should not be released in v20.x. dont-land-on-v22.x PRs that should not land on the v22.x-staging branch and should not be released in v22.x. labels Aug 5, 2025