crypto: add SHA-3 Web Cryptography digest algorithms

PR-URL: #59365
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ethan Arrowood <ethan@arrowood.dev>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>

Author: panva

doc/api/webcrypto.md

@@ -2,6 +2,9 @@
 
 <!-- YAML
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/59365
+    description: SHA-3 algorithms are now supported.
   - version: REPLACEME
     pr-url: https://github.com/nodejs/node/pull/59365
     description: SHAKE algorithms are now supported.
@@ -99,6 +102,9 @@ Algorithms:
 * `'ML-DSA-44'`[^openssl35]
 * `'ML-DSA-65'`[^openssl35]
 * `'ML-DSA-87'`[^openssl35]
+* `'SHA3-256'`
+* `'SHA3-384'`
+* `'SHA3-512'`
 
 Key Formats:
 
@@ -496,6 +502,9 @@ implementation and the APIs supported for each:
 | `'SHA-256'`                  |               |             |             |           |           |           |             |              |             |        |          | ✔        |
 | `'SHA-384'`                  |               |             |             |           |           |           |             |              |             |        |          | ✔        |
 | `'SHA-512'`                  |               |             |             |           |           |           |             |              |             |        |          | ✔        |
+| `'SHA3-256'`[^modern-algos]  |               |             |             |           |           |           |             |              |             |        |          | ✔        |
+| `'SHA3-384'`[^modern-algos]  |               |             |             |           |           |           |             |              |             |        |          | ✔        |
+| `'SHA3-512'`[^modern-algos]  |               |             |             |           |           |           |             |              |             |        |          | ✔        |
 | `'X25519'`                   | ✔             | ✔           | ✔           |           |           |           |             | ✔            | ✔           |        |          |          |
 | `'X448'`[^secure-curves]     | ✔             | ✔           | ✔           |           |           |           |             | ✔            | ✔           |        |          |          |
 
@@ -808,6 +817,9 @@ The algorithms currently supported include:
 <!-- YAML
 added: v15.0.0
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/59365
+    description: SHA-3 algorithms are now supported.
   - version: REPLACEME
     pr-url: https://github.com/nodejs/node/pull/59365
     description: SHAKE algorithms are now supported.
@@ -829,6 +841,9 @@ If `algorithm` is provided as a {string}, it must be one of:
 * `'SHA-256'`
 * `'SHA-384'`
 * `'SHA-512'`
+* `'SHA3-256'`[^modern-algos]
+* `'SHA3-384'`[^modern-algos]
+* `'SHA3-512'`[^modern-algos]
 
 If `algorithm` is provided as an {Object}, it must have a `name` property
 whose value is one of the above.
@@ -1520,6 +1535,10 @@ added: v15.0.0
 
 <!-- YAML
 added: v15.0.0
+changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/59365
+    description: SHA-3 algorithms are now supported.
 -->
 
 * Type: {string|Algorithm}
@@ -1530,6 +1549,9 @@ If represented as a {string}, the value must be one of:
 * `'SHA-256'`
 * `'SHA-384'`
 * `'SHA-512'`
+* `'SHA3-256'`[^modern-algos]
+* `'SHA3-384'`[^modern-algos]
+* `'SHA3-512'`[^modern-algos]
 
 If represented as an {Algorithm}, the object's `name` property
 must be one of the above listed values.
@@ -1649,6 +1671,10 @@ added: v15.0.0
 
 <!-- YAML
 added: v15.0.0
+changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/59365
+    description: SHA-3 algorithms are now supported.
 -->
 
 * Type: {string|Algorithm}
@@ -1659,6 +1685,9 @@ If represented as a {string}, the value must be one of:
 * `'SHA-256'`
 * `'SHA-384'`
 * `'SHA-512'`
+* `'SHA3-256'`[^modern-algos]
+* `'SHA3-384'`[^modern-algos]
+* `'SHA3-512'`[^modern-algos]
 
 If represented as an {Algorithm}, the object's `name` property
 must be one of the above listed values.
@@ -1705,6 +1734,10 @@ added: v15.0.0
 
 <!-- YAML
 added: v15.0.0
+changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/59365
+    description: SHA-3 algorithms are now supported.
 -->
 
 * Type: {string|Algorithm}
@@ -1715,6 +1748,9 @@ If represented as a {string}, the value must be one of:
 * `'SHA-256'`
 * `'SHA-384'`
 * `'SHA-512'`
+* `'SHA3-256'`[^modern-algos]
+* `'SHA3-384'`[^modern-algos]
+* `'SHA3-512'`[^modern-algos]
 
 If represented as an {Algorithm}, the object's `name` property
 must be one of the above listed values.
@@ -1780,6 +1816,10 @@ added: v15.0.0
 
 <!-- YAML
 added: v15.0.0
+changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/59365
+    description: SHA-3 algorithms are now supported.
 -->
 
 * Type: {string|Algorithm}
@@ -1790,6 +1830,9 @@ If represented as a {string}, the value must be one of:
 * `'SHA-256'`
 * `'SHA-384'`
 * `'SHA-512'`
+* `'SHA3-256'`[^modern-algos]
+* `'SHA3-384'`[^modern-algos]
+* `'SHA3-512'`[^modern-algos]
 
 If represented as an {Algorithm}, the object's `name` property
 must be one of the above listed values.
@@ -1838,6 +1881,10 @@ added: v15.0.0
 
 <!-- YAML
 added: v15.0.0
+changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/59365
+    description: SHA-3 algorithms are now supported.
 -->
 
 * Type: {string|Algorithm}
@@ -1848,6 +1895,9 @@ If represented as a {string}, the value must be one of:
 * `'SHA-256'`
 * `'SHA-384'`
 * `'SHA-512'`
+* `'SHA3-256'`[^modern-algos]
+* `'SHA3-384'`[^modern-algos]
+* `'SHA3-512'`[^modern-algos]
 
 If represented as an {Algorithm}, the object's `name` property
 must be one of the above listed values.
@@ -1890,6 +1940,10 @@ added: v15.0.0
 
 <!-- YAML
 added: v15.0.0
+changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/59365
+    description: SHA-3 algorithms are now supported.
 -->
 
 * Type: {string|Algorithm}
@@ -1900,6 +1954,9 @@ If represented as a {string}, the value must be one of:
 * `'SHA-256'`
 * `'SHA-384'`
 * `'SHA-512'`
+* `'SHA3-256'`[^modern-algos]
+* `'SHA3-384'`[^modern-algos]
+* `'SHA3-512'`[^modern-algos]
 
 If represented as an {Algorithm}, the object's `name` property
 must be one of the above listed values.
@@ -1965,6 +2022,10 @@ added: v15.0.0
 
 <!-- YAML
 added: v15.0.0
+changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/59365
+    description: SHA-3 algorithms are now supported.
 -->
 
 * Type: {string|Algorithm}
@@ -1975,6 +2036,9 @@ If represented as a {string}, the value must be one of:
 * `'SHA-256'`
 * `'SHA-384'`
 * `'SHA-512'`
+* `'SHA3-256'`[^modern-algos]
+* `'SHA3-384'`[^modern-algos]
+* `'SHA3-512'`[^modern-algos]
 
 If represented as an {Algorithm}, the object's `name` property
 must be one of the above listed values.

lib/internal/crypto/hash.js

@@ -212,6 +212,12 @@ async function asyncDigest(algorithm, data) {
       // Fall through
     case 'SHA-512':
       // Fall through
+    case 'SHA3-256':
+      // Fall through
+    case 'SHA3-384':
+      // Fall through
+    case 'SHA3-512':
+      // Fall through
     case 'cSHAKE128':
       // Fall through
     case 'cSHAKE256':

lib/internal/crypto/hashnames.js

@@ -17,46 +17,58 @@ const kHashContextJwkHmac = 6;
 // make it easier in the code.
 
 const kHashNames = {
-  sha1: {
+  'sha1': {
     [kHashContextNode]: 'sha1',
     [kHashContextWebCrypto]: 'SHA-1',
     [kHashContextJwkRsa]: 'RS1',
     [kHashContextJwkRsaPss]: 'PS1',
     [kHashContextJwkRsaOaep]: 'RSA-OAEP',
     [kHashContextJwkHmac]: 'HS1',
   },
-  sha256: {
+  'sha256': {
     [kHashContextNode]: 'sha256',
     [kHashContextWebCrypto]: 'SHA-256',
     [kHashContextJwkRsa]: 'RS256',
     [kHashContextJwkRsaPss]: 'PS256',
     [kHashContextJwkRsaOaep]: 'RSA-OAEP-256',
     [kHashContextJwkHmac]: 'HS256',
   },
-  sha384: {
+  'sha384': {
     [kHashContextNode]: 'sha384',
     [kHashContextWebCrypto]: 'SHA-384',
     [kHashContextJwkRsa]: 'RS384',
     [kHashContextJwkRsaPss]: 'PS384',
     [kHashContextJwkRsaOaep]: 'RSA-OAEP-384',
     [kHashContextJwkHmac]: 'HS384',
   },
-  sha512: {
+  'sha512': {
     [kHashContextNode]: 'sha512',
     [kHashContextWebCrypto]: 'SHA-512',
     [kHashContextJwkRsa]: 'RS512',
     [kHashContextJwkRsaPss]: 'PS512',
     [kHashContextJwkRsaOaep]: 'RSA-OAEP-512',
     [kHashContextJwkHmac]: 'HS512',
   },
-  shake128: {
+  'shake128': {
     [kHashContextNode]: 'shake128',
     [kHashContextWebCrypto]: 'cSHAKE128',
   },
-  shake256: {
+  'shake256': {
     [kHashContextNode]: 'shake256',
     [kHashContextWebCrypto]: 'cSHAKE256',
   },
+  'sha3-256': {
+    [kHashContextNode]: 'sha3-256',
+    [kHashContextWebCrypto]: 'SHA3-256',
+  },
+  'sha3-384': {
+    [kHashContextNode]: 'sha3-384',
+    [kHashContextWebCrypto]: 'SHA3-384',
+  },
+  'sha3-512': {
+    [kHashContextNode]: 'sha3-512',
+    [kHashContextWebCrypto]: 'SHA3-512',
+  },
 };
 
 {

lib/internal/crypto/mac.js

@@ -67,18 +67,6 @@ async function hmacGenerateKey(algorithm, extractable, keyUsages) {
     extractable);
 }
 
-function getAlgorithmName(hash) {
-  switch (hash) {
-    case 'SHA-1': // Fall through
-    case 'SHA-256': // Fall through
-    case 'SHA-384': // Fall through
-    case 'SHA-512': // Fall through
-      return `HS${hash.slice(4)}`;
-    default:
-      throw lazyDOMException('Unsupported digest algorithm', 'DataError');
-  }
-}
-
 function hmacImportKey(
   format,
   keyData,
@@ -126,7 +114,9 @@ function hmacImportKey(
       }
 
       if (keyData.alg !== undefined) {
-        if (keyData.alg !== getAlgorithmName(algorithm.hash.name))
+        const expected =
+          normalizeHashName(algorithm.hash.name, normalizeHashName.kContextJwkHmac);
+        if (expected && keyData.alg !== expected)
           throw lazyDOMException(
             'JWK "alg" does not match the requested algorithm',
             'DataError');

lib/internal/crypto/rsa.js

@@ -281,7 +281,7 @@ function rsaImportKey(
                               algorithm.name === 'RSA-PSS' ? normalizeHashName.kContextJwkRsaPss :
                                 normalizeHashName.kContextJwkRsaOaep);
 
-        if (keyData.alg !== expected)
+        if (expected && keyData.alg !== expected)
           throw lazyDOMException(
             'JWK "alg" does not match the requested algorithm',
             'DataError');

lib/internal/crypto/util.js

@@ -287,6 +287,9 @@ const experimentalAlgorithms = ObjectEntries({
   },
   'cSHAKE128': { digest: 'CShakeParams' },
   'cSHAKE256': { digest: 'CShakeParams' },
+  'SHA3-256': { digest: null },
+  'SHA3-384': { digest: null },
+  'SHA3-512': { digest: null },
 });
 
 for (const { 0: algorithm, 1: nid } of [
@@ -552,15 +555,28 @@ function getBlockSize(name) {
       // Fall through
     case 'SHA-512':
       return 1024;
+    case 'SHA3-256':
+      return 1088;
+    case 'SHA3-384':
+      return 832;
+    case 'SHA3-512':
+      return 576;
   }
 }
 
 function getDigestSizeInBytes(name) {
   switch (name) {
-    case 'SHA-1': return 20;
-    case 'SHA-256': return 32;
-    case 'SHA-384': return 48;
-    case 'SHA-512': return 64;
+    case 'SHA-1':
+      return 20;
+    case 'SHA-256': // Fall through
+    case 'SHA3-256':
+      return 32;
+    case 'SHA-384': // Fall through
+    case 'SHA3-384':
+      return 48;
+    case 'SHA-512': // Fall through
+    case 'SHA3-512':
+      return 64;
   }
 }