crypto: support non-byte WebCrypto lengths and cSHAKE#63988
Open
panva wants to merge 1 commit into
Open
Conversation
Collaborator
|
Review requested:
|
nodejs-github-bot
added
lib / src
panva
force-pushed
the
webcrypto-non-byte-lengths
branch
3 times, most recently
from
f27f79a to
b9e0073
Compare
panva
changed the title
panva
force-pushed
the
webcrypto-non-byte-lengths
branch
from
b9e0073 to
ffa0349
Compare
jasnell
reviewed
Jun 19, 2026
jasnell
approved these changes
Jun 19, 2026
This comment was marked as outdated.
This comment was marked as outdated.
Add shared bit-length helpers for WebCrypto operations that accept bit sequences whose length is not byte-aligned. Use the helpers for cSHAKE output, ECDH-derived bits, HMAC/KMAC key generation/import/derivation, and KMAC sign/verify output. Preserve the requested bit length in CryptoKey algorithm metadata while storing and exporting rounded-up byte material with unused low bits cleared. Keep byte-multiple validation for algorithms whose specs require it. Extend the lower-end of KMAC's key length support. Enable cSHAKE customization and functionName parameters. Signed-off-by: Filip Skokan <panva.ip@gmail.com>
panva
force-pushed
the
webcrypto-non-byte-lengths
branch
from
86c6e6d to
ee1069c
Compare
panva
added
the
author ready
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
Collaborator
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add shared bit-length helpers for WebCrypto operations that accept bit sequences whose length is not byte-aligned.
Use the helpers for cSHAKE output, ECDH-derived bits, HMAC/KMAC key generation/import/derivation, and KMAC sign/verify output. Preserve the requested bit length in CryptoKey algorithm metadata while storing and exporting rounded-up byte material with unused low bits cleared.
Keep byte-multiple validation for algorithms whose specs require it.
Extend the lower-end of KMAC's key length support.
Enable cSHAKE customization and functionName parameters.