Skip to content

crypto: add JWK support for ML-KEM and SLH-DSA key types#62706

Open
panva wants to merge 1 commit intonodejs:mainfrom
panva:pqc-jwk
Open

crypto: add JWK support for ML-KEM and SLH-DSA key types#62706
panva wants to merge 1 commit intonodejs:mainfrom
panva:pqc-jwk

Conversation

@panva
Copy link
Copy Markdown
Member

@panva panva commented Apr 12, 2026
edited
Loading

  • ML-KEM JWK in node:crypto and Web Cryptography
  • SLH-DSA JWK in node:crypto

@nodejs-github-bot
Copy link
Copy Markdown
Collaborator

nodejs-github-bot commented Apr 12, 2026

Review requested:

  • @nodejs/crypto
  • @nodejs/gyp

@nodejs-github-bot nodejs-github-bot added lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. labels Apr 12, 2026
@panva panva force-pushed the pqc-jwk branch 2 times, most recently from d4cc11f to 0e43511 Compare April 12, 2026 12:39
@panva panva marked this pull request as ready for review April 12, 2026 12:49
@codecov
Copy link
Copy Markdown

codecov bot commented Apr 12, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 86.08696% with 16 lines in your changes missing coverage. Please review.
✅ Project coverage is 89.68%. Comparing base (ed05549) to head (770f6d9).
⚠️ Report is 3 commits behind head on main.

Files with missing lines Patch % Lines
src/crypto/crypto_pqc.cc 82.79% 3 Missing and 13 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #62706      +/-   ##
==========================================
- Coverage   89.69%   89.68%   -0.01%     
==========================================
  Files         706      706              
  Lines      218127   218148      +21     
  Branches    41734    41748      +14     
==========================================
  Hits       195651   195651              
- Misses      14400    14408       +8     
- Partials     8076     8089      +13
Files with missing lines Coverage Δ
lib/internal/crypto/ml_kem.js 92.83% <100.00%> (+0.37%) ⬆️
lib/internal/crypto/webcrypto.js 96.58% <100.00%> (+0.01%) ⬆️
src/crypto/crypto_keys.cc 73.59% <100.00%> (ø)
src/crypto/crypto_pqc.cc 82.79% <82.79%> (ø)

... and 26 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@panva panva added crypto Issues and PRs related to the crypto subsystem. webcrypto labels Apr 12, 2026
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@panva panva requested review from anonrig and jasnell April 12, 2026 15:21
@tniessen
Copy link
Copy Markdown
Member

tniessen commented Apr 15, 2026

Is my assumption correct that this is based on draft-ietf-jose-pqc-kem-05 / draft-ietf-cose-dilithium-11?

@panva
Copy link
Copy Markdown
Member Author

panva commented Apr 15, 2026
edited
Loading

@tniessen

correct, sort of. the AKP kty comes from dilithium, the jose-pqc-kem draft is not quite certain to be moving forward for JOSE but regardless of that specifically we did decide on the kty to use in the WG and based on the discussion with @twiss in Web Crypto space we will regardless of pqc-kem moving forward or not register the algs for JWK use so that we have a KEM-only JWK representation. that is pretty much set in stone since browsers have started their implementation at this point

WICG/webcrypto-modern-algos#64

tniessen
tniessen approved these changes Apr 15, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@tniessen tniessen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work @panva!

Comment thread src/crypto/crypto_pqc.cc
@panva panva added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Apr 15, 2026
@panva
crypto: add JWK support for ML-KEM and SLH-DSA key types
770f6d9 
Signed-off-by: Filip Skokan <panva.ip@gmail.com>
@panva
Copy link
Copy Markdown
Member Author

panva commented Apr 15, 2026

rebased because of a conflict in docs

@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@nodejs-github-bot
Copy link
Copy Markdown
Collaborator

nodejs-github-bot commented Apr 15, 2026

CI: https://ci.nodejs.org/job/node-test-pull-request/72706/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tniessen tniessen tniessen approved these changes

@jasnell jasnell Awaiting requested review from jasnell

@anonrig anonrig Awaiting requested review from anonrig

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

author ready PRs that have at least one approval, no pending requests for changes, and a CI started. crypto Issues and PRs related to the crypto subsystem. lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. webcrypto

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@panva @nodejs-github-bot @tniessen