feat: add KMAC128/KMAC256 support to subtle API (#944)

Author: boorad

.docs/implementation-coverage.md

@@ -265,12 +265,12 @@ These ciphers are **not available in Node.js** but are provided by RNQC via libs
 - ✅ Class: `CryptoKeyPair`
   - ✅ `cryptoKeyPair.privateKey`
   - ✅ `cryptoKeyPair.publicKey`
-- 🚧 Class: `CryptoSubtle`
+- ✅ Class: `CryptoSubtle`
   - (see below)
 
 # `SubtleCrypto`
 
-- 🚧 Class: `SubtleCrypto`
+- ✅ Class: `SubtleCrypto`
   - ✅ static `supports(operation, algorithm[, lengthOrAdditionalAlgorithm])`
   - ✅ `subtle.decapsulateBits(decapsulationAlgorithm, decapsulationKey, ciphertext)`
   - ✅ `subtle.decapsulateKey(decapsulationAlgorithm, decapsulationKey, ciphertext, sharedKeyAlgorithm, extractable, usages)`
@@ -282,12 +282,12 @@ These ciphers are **not available in Node.js** but are provided by RNQC via libs
   - ✅ `subtle.encapsulateKey(encapsulationAlgorithm, encapsulationKey, sharedKeyAlgorithm, extractable, usages)`
   - ✅ `subtle.encrypt(algorithm, key, data)`
   - ✅ `subtle.exportKey(format, key)`
-  - 🚧 `subtle.generateKey(algorithm, extractable, keyUsages)`
+  - ✅ `subtle.generateKey(algorithm, extractable, keyUsages)`
   - ✅ `subtle.getPublicKey(key, keyUsages)`
   - ✅ `subtle.importKey(format, keyData, algorithm, extractable, keyUsages)`
-  - 🚧 `subtle.sign(algorithm, key, data)`
+  - ✅ `subtle.sign(algorithm, key, data)`
   - ✅ `subtle.unwrapKey(format, wrappedKey, unwrappingKey, unwrapAlgo, unwrappedKeyAlgo, extractable, keyUsages)`
-  - 🚧 `subtle.verify(algorithm, key, signature, data)`
+  - ✅ `subtle.verify(algorithm, key, signature, data)`
   - ✅ `subtle.wrapKey(format, key, wrappingKey, wrapAlgo)`
 
 ## `subtle.decrypt`
@@ -369,6 +369,8 @@ These ciphers are **not available in Node.js** but are provided by RNQC via libs
 | `Ed25519`           |   ✅   |   ✅    |  ✅   |  ✅   |              |      ✅      |            |
 | `Ed448`             |   ✅   |   ✅    |  ✅   |  ✅   |              |      ✅      |            |
 | `HMAC`              |        |         |  ✅   |  ✅   |      ✅      |              |            |
+| `KMAC128`           |        |         |  ✅   |  ✅   |      ✅      |              |            |
+| `KMAC256`           |        |         |  ✅   |  ✅   |      ✅      |              |            |
 | `ML-DSA-44`         |   ✅   |   ✅    |  ✅   |       |              |      ✅      |     ✅     |
 | `ML-DSA-65`         |   ✅   |   ✅    |  ✅   |       |              |      ✅      |     ✅     |
 | `ML-DSA-87`         |   ✅   |   ✅    |  ✅   |       |              |      ✅      |     ✅     |
@@ -416,8 +418,8 @@ These ciphers are **not available in Node.js** but are provided by RNQC via libs
 | `AES-OCB`           |   ✅   |
 | `ChaCha20-Poly1305` |   ✅   |
 | `HMAC`              |   ✅   |
-| `KMAC128`           |   ❌   |
-| `KMAC256`           |   ❌   |
+| `KMAC128`           |   ✅   |
+| `KMAC256`           |   ✅   |
 
 ## `subtle.importKey`
 
@@ -438,6 +440,8 @@ These ciphers are **not available in Node.js** but are provided by RNQC via libs
 | `Ed448`             |   ✅   |   ✅    |  ✅   |  ✅   |              |      ✅      |            |
 | `HKDF`              |        |         |       |  ✅   |      ✅      |              |            |
 | `HMAC`              |        |         |  ✅   |  ✅   |      ✅      |              |            |
+| `KMAC128`           |        |         |  ✅   |  ✅   |      ✅      |              |            |
+| `KMAC256`           |        |         |  ✅   |  ✅   |      ✅      |              |            |
 | `ML-DSA-44`         |   ✅   |   ✅    |  ✅   |       |              |      ✅      |     ✅     |
 | `ML-DSA-65`         |   ✅   |   ✅    |  ✅   |       |              |      ✅      |     ✅     |
 | `ML-DSA-87`         |   ✅   |   ✅    |  ✅   |       |              |      ✅      |     ✅     |
@@ -459,8 +463,8 @@ These ciphers are **not available in Node.js** but are provided by RNQC via libs
 | `Ed25519`           |   ✅   |
 | `Ed448`             |   ✅   |
 | `HMAC`              |   ✅   |
-| `KMAC128`           |   ❌   |
-| `KMAC256`           |   ❌   |
+| `KMAC128`           |   ✅   |
+| `KMAC256`           |   ✅   |
 | `ML-DSA-44`         |   ✅   |
 | `ML-DSA-65`         |   ✅   |
 | `ML-DSA-87`         |   ✅   |
@@ -516,8 +520,8 @@ These ciphers are **not available in Node.js** but are provided by RNQC via libs
 | `Ed25519`           |   ✅   |
 | `Ed448`             |   ✅   |
 | `HMAC`              |   ✅   |
-| `KMAC128`           |   ❌   |
-| `KMAC256`           |   ❌   |
+| `KMAC128`           |   ✅   |
+| `KMAC256`           |   ✅   |
 | `ML-DSA-44`         |   ✅   |
 | `ML-DSA-65`         |   ✅   |
 | `ML-DSA-87`         |   ✅   |

docs/data/coverage.ts

@@ -401,6 +401,16 @@ export const COVERAGE_DATA: CoverageCategory[] = [
             note: 'spki, pkcs8, raw, jwk, raw-public',
           },
           { name: 'HMAC', status: 'implemented' },
+          {
+            name: 'KMAC128',
+            status: 'implemented',
+            note: 'raw, raw-secret, jwk',
+          },
+          {
+            name: 'KMAC256',
+            status: 'implemented',
+            note: 'raw, raw-secret, jwk',
+          },
           {
             name: 'ML-DSA-44',
             status: 'partial',
@@ -453,8 +463,8 @@ export const COVERAGE_DATA: CoverageCategory[] = [
           { name: 'AES-OCB', status: 'implemented' },
           { name: 'ChaCha20-Poly1305', status: 'implemented' },
           { name: 'HMAC', status: 'implemented' },
-          { name: 'KMAC128', status: 'missing' },
-          { name: 'KMAC256', status: 'missing' },
+          { name: 'KMAC128', status: 'implemented' },
+          { name: 'KMAC256', status: 'implemented' },
         ],
       },
       {
@@ -491,6 +501,16 @@ export const COVERAGE_DATA: CoverageCategory[] = [
           },
           { name: 'HKDF', status: 'implemented', note: 'raw, raw-secret' },
           { name: 'HMAC', status: 'implemented' },
+          {
+            name: 'KMAC128',
+            status: 'implemented',
+            note: 'raw, raw-secret, jwk',
+          },
+          {
+            name: 'KMAC256',
+            status: 'implemented',
+            note: 'raw, raw-secret, jwk',
+          },
           {
             name: 'ML-DSA-44',
             status: 'partial',
@@ -536,8 +556,8 @@ export const COVERAGE_DATA: CoverageCategory[] = [
           { name: 'Ed25519', status: 'implemented' },
           { name: 'Ed448', status: 'implemented' },
           { name: 'HMAC', status: 'implemented' },
-          { name: 'KMAC128', status: 'missing' },
-          { name: 'KMAC256', status: 'missing' },
+          { name: 'KMAC128', status: 'implemented' },
+          { name: 'KMAC256', status: 'implemented' },
           { name: 'ML-DSA-44', status: 'implemented' },
           { name: 'ML-DSA-65', status: 'implemented' },
           { name: 'ML-DSA-87', status: 'implemented' },
@@ -564,8 +584,8 @@ export const COVERAGE_DATA: CoverageCategory[] = [
           { name: 'Ed25519', status: 'implemented' },
           { name: 'Ed448', status: 'implemented' },
           { name: 'HMAC', status: 'implemented' },
-          { name: 'KMAC128', status: 'missing' },
-          { name: 'KMAC256', status: 'missing' },
+          { name: 'KMAC128', status: 'implemented' },
+          { name: 'KMAC256', status: 'implemented' },
           { name: 'ML-DSA-44', status: 'implemented' },
           { name: 'ML-DSA-65', status: 'implemented' },
           { name: 'ML-DSA-87', status: 'implemented' },

example/src/tests/subtle/import_export.ts

@@ -2893,3 +2893,58 @@ test(SUITE, 'ML-KEM-768 unwrapKey with AES-GCM', async () => {
   );
   expect(new Uint8Array(decapsulated)).to.deep.equal(new Uint8Array(sharedKey));
 });
+
+// --- KMAC Import/Export Tests ---
+
+for (const algorithm of ['KMAC128', 'KMAC256'] as const) {
+  test(SUITE, `KMAC import/export raw (${algorithm})`, async () => {
+    const keyBytes = new Uint8Array(32);
+    globalThis.crypto.getRandomValues(keyBytes);
+
+    const key = await subtle.importKey(
+      'raw',
+      keyBytes,
+      { name: algorithm },
+      true,
+      ['sign', 'verify'],
+    );
+
+    const exported = await subtle.exportKey('raw', key);
+    expect(ab2str(exported as ArrayBuffer, 'hex')).to.equal(
+      ab2str(keyBytes.buffer as ArrayBuffer, 'hex'),
+    );
+  });
+}
+
+for (const algorithm of ['KMAC128', 'KMAC256'] as const) {
+  test(SUITE, `KMAC import/export jwk (${algorithm})`, async () => {
+    const key = await subtle.generateKey({ name: algorithm }, true, [
+      'sign',
+      'verify',
+    ]);
+
+    const jwk = await subtle.exportKey('jwk', key as CryptoKey);
+    const jwkObj = jwk as Record<string, unknown>;
+    expect(jwkObj.alg).to.equal(algorithm === 'KMAC128' ? 'K128' : 'K256');
+    expect(jwkObj.kty).to.equal('oct');
+
+    const imported = await subtle.importKey(
+      'jwk',
+      jwk,
+      { name: algorithm },
+      true,
+      ['sign', 'verify'],
+    );
+
+    const data = new TextEncoder().encode('jwk round-trip test');
+    const length = algorithm === 'KMAC128' ? 256 : 512;
+
+    const sig1 = await subtle.sign(
+      { name: algorithm, length },
+      key as CryptoKey,
+      data,
+    );
+    const sig2 = await subtle.sign({ name: algorithm, length }, imported, data);
+    expect(ab2str(sig1, 'hex')).to.equal(ab2str(sig2, 'hex'));
+  });
+}