nodejs · nodejs-github-bot · May 3, 2026
diff --git a/test/fixtures/wpt/README.md b/test/fixtures/wpt/README.md
@@ -34,7 +34,7 @@ Last update:
 - wasm/jsapi: https://github.com/web-platform-tests/wpt/tree/65a2134d50/wasm/jsapi
 - wasm/webapi: https://github.com/web-platform-tests/wpt/tree/fd1b23eeaa/wasm/webapi
 - web-locks: https://github.com/web-platform-tests/wpt/tree/10a122a6bc/web-locks
-- WebCryptoAPI: https://github.com/web-platform-tests/wpt/tree/2cb332d710/WebCryptoAPI
+- WebCryptoAPI: https://github.com/web-platform-tests/wpt/tree/1f26f6b643/WebCryptoAPI
 - webidl: https://github.com/web-platform-tests/wpt/tree/63ca529a02/webidl
 - webidl/ecmascript-binding/es-exceptions: https://github.com/web-platform-tests/wpt/tree/2f96fa1996/webidl/ecmascript-binding/es-exceptions
 - webmessaging/broadcastchannel: https://github.com/web-platform-tests/wpt/tree/6495c91853/webmessaging/broadcastchannel

diff --git a/test/fixtures/wpt/WebCryptoAPI/supports-modern.tentative.https.any.js b/test/fixtures/wpt/WebCryptoAPI/supports-modern.tentative.https.any.js
@@ -0,0 +1,156 @@
+// META: title=WebCrypto API: supports method tests for algorithms in https://wicg.github.io/webcrypto-modern-algos/
+// META: script=util/helpers.js
+
+'use strict';
+
+const modernAlgorithms = {
+  // Asymmetric algorithms
+  'ML-DSA-44': {
+    operations: ['generateKey', 'importKey', 'sign', 'verify'],
+  },
+  'ML-DSA-65': {
+    operations: ['generateKey', 'importKey', 'sign', 'verify'],
+  },
+  'ML-DSA-87': {
+    operations: ['generateKey', 'importKey', 'sign', 'verify'],
+  },
+  'ML-KEM-512': {
+    operations: [
+      'generateKey', 'importKey', 'encapsulateKey', 'encapsulateBits',
+      'decapuslateKey', 'decapsulateBits'
+    ],
+  },
+  'ML-KEM-768': {
+    operations: [
+      'generateKey', 'importKey', 'encapsulateKey', 'encapsulateBits',
+      'decapsulateKey', 'decapsulateBits'
+    ],
+  },
+  'ML-KEM-1024': {
+    operations: [
+      'generateKey', 'importKey', 'encapsulateKey', 'encapsulateBits',
+      'decapsulateKey', 'decapsulateBits'
+    ],
+  },
+
+  // Symmetric algorithms
+  'ChaCha20-Poly1305': {
+    operations: ['generateKey', 'importKey', 'encrypt', 'decrypt'],
+    encryptParams: {name: 'ChaCha20-Poly1305', iv: new Uint8Array(12)},
+  },
+
+};
+
+const operations = [
+  'generateKey',
+  'importKey',
+  'sign',
+  'verify',
+  'encrypt',
+  'decrypt',
+  'deriveBits',
+  'digest',
+  'encapsulateKey',
+  'encapsulateBits',
+  'decapsulateKey',
+  'decapsulateBits',
+];
+
+// Test that supports method exists and is a static method
+test(() => {
+  assert_true(
+      typeof SubtleCrypto.supports === 'function',
+      'SubtleCrypto.supports should be a function');
+}, 'SubtleCrypto.supports method exists');
+
+
+// Test standard WebCrypto algorithms for requested operations
+for (const [algorithmName, algorithmInfo] of Object.entries(modernAlgorithms)) {
+  for (const operation of operations) {
+    promise_test(async (t) => {
+      const isSupported = algorithmInfo.operations.includes(operation);
+
+      // Use appropriate algorithm parameters for each operation
+      let algorithm;
+      let length;
+      switch (operation) {
+        case 'generateKey':
+          algorithm = algorithmInfo.keyGenParams || algorithmName;
+          break;
+        case 'importKey':
+          algorithm = algorithmInfo.importParams || algorithmName;
+          break;
+        case 'sign':
+        case 'verify':
+          algorithm = algorithmInfo.signParams || algorithmName;
+          break;
+        case 'encrypt':
+        case 'decrypt':
+          algorithm = algorithmInfo.encryptParams || algorithmName;
+          break;
+        case 'deriveBits':
+          algorithm = algorithmInfo.deriveBitsParams || algorithmName;
+          if (algorithm?.public instanceof Promise) {
+            algorithm.public = (await algorithm.public).publicKey;
+          }
+          if (algorithmName === 'PBKDF2' || algorithmName === 'HKDF') {
+            length = 256;
+          }
+          break;
+        case 'digest':
+          algorithm = algorithmName;
+          break;
+        case 'encapsulateKey':
+        case 'encapsulateBits':
+        case 'decapsulateKey':
+        case 'decapsulateBits':
+          algorithm = algorithmName;
+          break;
+        default:
+          algorithm = algorithmName;
+      }
+
+      const result = SubtleCrypto.supports(operation, algorithm, length);
+
+      if (isSupported) {
+        assert_true(result, `${algorithmName} should support ${operation}`);
+      } else {
+        assert_false(
+            result, `${algorithmName} should not support ${operation}`);
+      }
+    }, `supports(${operation}, ${algorithmName})`);
+  }
+}
+
+// Test some algorithm objects with valid parameters
+test(() => {
+  assert_true(
+      SubtleCrypto.supports('encrypt', {
+        name: 'ChaCha20-Poly1305',
+        iv: new Uint8Array(12),
+        tagLength: 128,
+      }),
+      'ChaCha20-Poly1305 encrypt with valid tagLength');
+}, 'supports returns true for algorithm objects with valid parameters');
+
+// Test some algorithm objects with invalid parameters
+test(() => {
+  assert_false(
+      SubtleCrypto.supports('encrypt', {
+        name: 'ChaCha20-Poly1305',
+        iv: new Uint8Array(12),
+        tagLength: 100,
+      }),
+      'ChaCha20-Poly1305 encrypt with invalid tagLength');
+
+  assert_false(
+      SubtleCrypto.supports('encrypt', {
+        name: 'ChaCha20-Poly1305',
+        iv: new Uint8Array(10),
+        tagLength: 128,
+      }),
+      'ChaCha20-Poly1305 encrypt with invalid iv');
+}, 'supports returns false for algorithm objects with invalid parameters');
+
+
+done();
diff --git a/test/fixtures/wpt/WebCryptoAPI/supports.tentative.https.any.js b/test/fixtures/wpt/WebCryptoAPI/supports.tentative.https.any.js
@@ -268,6 +268,137 @@ test(() => {
     }),
     'Invalid hash parameter should return false'
   );
+  assert_false(
+      SubtleCrypto.supports(
+          'encrypt', {name: 'AES-CBC', iv: new Uint8Array(10)}),
+      'Invalid IV for AES-CBC should return false');
+  assert_false(
+      SubtleCrypto.supports('encrypt', {
+        name: 'AES-CTR',
+        counter: new Uint8Array(10),
+        length: 128,
+      }),
+      'Invalid IV for AES-CTR should return false');
+  assert_false(
+      SubtleCrypto.supports('encrypt', {
+        name: 'AES-CTR',
+        counter: new Uint8Array(16),
+        length: 0,
+      }),
+      'Invalid length=0 for AES-CTR should return false');
+  assert_false(
+      SubtleCrypto.supports('encrypt', {
+        name: 'AES-CTR',
+        counter: new Uint8Array(16),
+        length: 129,
+      }),
+      'Invalid length=129 for AES-CTR should return false');
+  assert_false(
+      SubtleCrypto.supports('encrypt', {
+        name: 'AES-GCM',
+        iv: new Uint8Array(16),
+        tagLength: 100,
+      }),
+      'Invalid tag length for AES-GCM should return false');
+  assert_false(
+      SubtleCrypto.supports('generateKey', {name: 'ECDH', namedCurve: 'P-51'}),
+      'Invalid curve for ECDH should return false');
+  assert_false(
+      SubtleCrypto.supports(
+          'deriveBits', {
+            name: 'HKDF',
+            hash: 'SHA-25',
+            salt: new Uint8Array(16),
+            info: new Uint8Array(0),
+          },
+          8),
+      'Invalid hash for HKDF should return false');
+  assert_false(
+      SubtleCrypto.supports(
+          'deriveBits', {
+            name: 'HKDF',
+            hash: 'SHA-256',
+            salt: new Uint8Array(16),
+            info: new Uint8Array(0),
+          },
+          11),
+      'Invalid length for HKDF should return false');
+  assert_false(
+      SubtleCrypto.supports(
+          'deriveBits', {
+            name: 'HKDF',
+            hash: 'SHA-256',
+            salt: new Uint8Array(16),
+            info: new Uint8Array(0),
+          }),
+      'null length for HKDF should return false');
+  assert_false(
+      SubtleCrypto.supports('generateKey', {
+        name: 'HMAC',
+        hash: 'SHA-25',
+      }),
+      'Invalid hash for HMAC should return false');
+  assert_false(
+      SubtleCrypto.supports('generateKey', {
+        name: 'HMAC',
+        hash: 'SHA-256',
+        length: 0,
+      }),
+      'Invalid length for HMAC should return false');
+  assert_false(
+      SubtleCrypto.supports(
+          'deriveBits', {
+            name: 'PBKDF2',
+            hash: 'SHA-25',
+            salt: new Uint8Array(16),
+            iterations: 100000,
+          },
+          8),
+      'Invalid hash for PBKDF2 should return false');
+  assert_false(
+      SubtleCrypto.supports(
+          'deriveBits', {
+            name: 'PBKDF2',
+            hash: 'SHA-256',
+            salt: new Uint8Array(16),
+            iterations: 100000,
+          },
+          11),
+      'Invalid length for PBKDF2 should return false');
+  assert_false(
+      SubtleCrypto.supports(
+          'deriveBits', {
+            name: 'PBKDF2',
+            hash: 'SHA-256',
+            salt: new Uint8Array(16),
+            iterations: 100000,
+          }),
+      'null length for PBKDF2 should return false');
+  assert_false(
+      SubtleCrypto.supports('generateKey', {
+        name: 'RSASSA-PKCS1-v1_5',
+        modulusLength: 2048,
+        publicExponent: new Uint8Array([1, 0, 1]),
+        hash: 'SHA-56',
+      }),
+      'Invalid hash for RSA PKCS1 should return false');
+  assert_false(
+      SubtleCrypto.supports('generateKey', {
+        name: 'RSA-PSS',
+        modulusLength: 2048,
+        publicExponent: new Uint8Array([1, 0, 1]),
+        hash: 'SHA-56',
+      }),
+      'Invalid hash for RSA PSS should return false');
+  assert_false(
+      SubtleCrypto.supports('generateKey', {
+        name: 'RSA-OAEP',
+        modulusLength: 2048,
+        publicExponent: new Uint8Array([1, 0, 1]),
+        hash: 'SHA-26',
+      }),
+      'Invalid hash for RSA OAEP should return false');
+
 }, 'supports returns false for algorithm objects with invalid parameters');
 
 // Test some specific combinations that should work
@@ -394,4 +525,49 @@ test(() => {
   );
 }, 'Invalid algorithm and operation combinations fail');
 
+// Test supports for deriveKey op
+test(() => {
+  assert_true(
+      SubtleCrypto.supports(
+          'deriveKey', {
+            name: 'HKDF',
+            hash: 'SHA-256',
+            salt: new Uint8Array(16),
+            info: new Uint8Array(0),
+          },
+          {name: 'HMAC', hash: 'SHA-256'}),
+
+      'deriveKey HKDF-HMAC should pass');
+}, 'deriveKey tests');
+
+promise_test(async (t) => {
+  let keypair = await crypto.subtle.generateKey(
+      {
+        name: 'X25519',
+      },
+      false, ['deriveKey', 'deriveBits']);
+
+  assert_true(
+      SubtleCrypto.supports(
+          'deriveKey', {
+            name: 'X25519',
+            public: keypair.publicKey,
+          },
+          {name: 'AES-GCM', length: 256}),
+
+      'deriveKey X25519-AES-GCM-256 should pass');
+
+  assert_false(
+      SubtleCrypto.supports(
+          'deriveKey', {
+            name: 'X25519',
+            public: keypair.publicKey,
+          },
+          {name: 'HMAC', hash: 'SHA-256'}),
+
+      'deriveKey X25519-HMAC-SHA-256 should fail');
+}, 'deriveKey promise tests');
+
+
+
 done();
diff --git a/test/fixtures/wpt/versions.json b/test/fixtures/wpt/versions.json
@@ -96,7 +96,7 @@
     "path": "web-locks"
   },
   "WebCryptoAPI": {
-    "commit": "2cb332d71030ba0200610d72b94bb1badf447418",
+    "commit": "1f26f6b64332958fdb81cb26e2986cf287b0ade5",
     "path": "WebCryptoAPI"
   },
   "webidl": {