nodejs · nodejs-github-bot · Mar 10, 2026 · Mar 8, 2026
diff --git a/test/fixtures/wpt/README.md b/test/fixtures/wpt/README.md
@@ -34,7 +34,7 @@ Last update:
 - wasm/jsapi: https://github.com/web-platform-tests/wpt/tree/cde25e7e3c/wasm/jsapi
 - wasm/webapi: https://github.com/web-platform-tests/wpt/tree/fd1b23eeaa/wasm/webapi
 - web-locks: https://github.com/web-platform-tests/wpt/tree/10a122a6bc/web-locks
-- WebCryptoAPI: https://github.com/web-platform-tests/wpt/tree/42e47329fd/WebCryptoAPI
+- WebCryptoAPI: https://github.com/web-platform-tests/wpt/tree/c9e955840a/WebCryptoAPI
 - webidl: https://github.com/web-platform-tests/wpt/tree/63ca529a02/webidl
 - webidl/ecmascript-binding/es-exceptions: https://github.com/web-platform-tests/wpt/tree/2f96fa1996/webidl/ecmascript-binding/es-exceptions
 - webmessaging/broadcastchannel: https://github.com/web-platform-tests/wpt/tree/6495c91853/webmessaging/broadcastchannel

diff --git a/test/fixtures/wpt/WebCryptoAPI/normalize-algorithm-name.https.any.js b/test/fixtures/wpt/WebCryptoAPI/normalize-algorithm-name.https.any.js
@@ -0,0 +1,52 @@
+// META: title=WebCryptoAPI: Algorithm normalization matches names ASCII case-insensitively
+// U+212A is the Kelvin Sign
+
+function makeSalt() {
+  return crypto.getRandomValues(new Uint8Array(32));
+}
+
+async function makeKey(algorithm) {
+  const keyData = new Uint8Array([]);
+  return crypto.subtle.importKey("raw", keyData, algorithm, false, ["deriveBits"]);
+}
+
+promise_test(async (t) => {
+  const algorithm = {
+    name: "H\u212ADF",
+    hash: "SHA-256",
+    salt: makeSalt(),
+    info: new TextEncoder().encode(''),
+  };
+  const key = await makeKey("HKDF");
+  const p = crypto.subtle.deriveBits(algorithm, key, 256);
+  return promise_rejects_dom(t, "NotSupportedError", p, algorithm.name);
+}, `"H<U+212A>DF" does not match "HKDF"`);
+
+promise_test(async (t) => {
+  const algorithm = {
+    name: "PB\u212ADF2",
+    hash: "SHA-256",
+    iterations: 1,
+    salt: makeSalt(),
+  };
+  const key = await makeKey("PBKDF2");
+  const p = crypto.subtle.deriveBits(algorithm, key, 256);
+  return promise_rejects_dom(t, "NotSupportedError", p, algorithm.name);
+}, `"PB<U+212A>DF2" does not match "PBKDF2"`);
+
+promise_test(async (t) => {
+  const algorithm = {name: "AES-\u212AW", length: 256};
+  const p = crypto.subtle.generateKey(algorithm, false, ["wrapKey"]);
+  return promise_rejects_dom(t, "NotSupportedError", p, algorithm.name);
+}, `"AES-<U+212A>W" does not match "AES-KW"`);
+
+promise_test(async (t) => {
+  const algorithm = {
+    name: "RSASSA-P\u212ACS1-V1_5",
+    modulusLength: 2048,
+    publicExponent: new Uint8Array([3]),
+    hash: "SHA-256",
+  };
+  const p = crypto.subtle.generateKey(algorithm, false, ["sign"]);
+  return promise_rejects_dom(t, "NotSupportedError", p, algorithm.name);
+}, `"RSASSA-P<U+212A>CS1-V1_5" does not match "RSASSA-PKCS1-V1_5"`);
diff --git a/test/fixtures/wpt/WebCryptoAPI/wrapKey_unwrapKey/wrapKey_unwrapKey.https.any.js b/test/fixtures/wpt/WebCryptoAPI/wrapKey_unwrapKey/wrapKey_unwrapKey.https.any.js
@@ -40,6 +40,11 @@
             name: "AES-KW",
             importParameters: {name: "AES-KW", length: 128},
             wrapParameters: {name: "AES-KW"}
+        },
+        {
+            name: 'ChaCha20-Poly1305',
+            importParameters: {name: "ChaCha20-Poly1305"},
+            wrapParameters: {name: "ChaCha20-Poly1305", iv: new Uint8Array(12), additionalData: new Uint8Array(16)}
         }
     ];
 
@@ -57,7 +62,8 @@
         {algorithm: {name: "AES-CBC", length: 128}, usages: ["encrypt", "decrypt"]},
         {algorithm: {name: "AES-GCM", length: 128}, usages: ["encrypt", "decrypt"]},
         {algorithm: {name: "AES-KW", length: 128}, usages: ["wrapKey", "unwrapKey"]},
-        {algorithm: {name: "HMAC", length: 128, hash: "SHA-256"}, usages: ["sign", "verify"]}
+        {algorithm: {name: "HMAC", length: 128, hash: "SHA-256"}, usages: ["sign", "verify"]},
+        {algorithm: {name: "ChaCha20-Poly1305"}, usages: ['encrypt', 'decrypt']}
     ];
 
     // Import all the keys needed, then iterate over all combinations
@@ -106,9 +112,15 @@
                               .then(function(key) {
                                   wrappers["RSA-OAEP"].unwrappingKey = key;
                               }));
+            } else if (params.name === "ChaCha20-Poly1305") {
+                var algorithm = {name: params.name};
+                promises.push(subtle.importKey("raw", wrappingKeyData["SYMMETRIC256"].raw, algorithm, true, ["wrapKey", "unwrapKey"])
+                              .then(function(key) {
+                                  wrappers[params.name] = {wrappingKey: key, unwrappingKey: key, parameters: params};
+                              }));
             } else {
                 var algorithm = {name: params.name};
-                promises.push(subtle.importKey("raw", wrappingKeyData["SYMMETRIC"].raw, algorithm, true, ["wrapKey", "unwrapKey"])
+                promises.push(subtle.importKey("raw", wrappingKeyData["SYMMETRIC128"].raw, algorithm, true, ["wrapKey", "unwrapKey"])
                               .then(function(key) {
                                   wrappers[params.name] = {wrappingKey: key, unwrappingKey: key, parameters: params};
                               }));
@@ -151,9 +163,12 @@
                 var keyData = toWrapKeyDataFromAlg(params.algorithm.name);
                 promises.push(importAndExport("spki", keyData.spki, params.algorithm, params.publicUsages, "public key "));
                 promises.push(importAndExport("pkcs8", keyData.pkcs8, params.algorithm, params.privateUsages, "private key "));
+            } else if (params.algorithm.name === "ChaCha20-Poly1305") {
+                keys[params.algorithm.name] = {};
+                promises.push(importAndExport("raw", toWrapKeyData["SYMMETRIC256"].raw, params.algorithm, params.usages, ""));
             } else {
                 keys[params.algorithm.name] = {};
-                promises.push(importAndExport("raw", toWrapKeyData["SYMMETRIC"].raw, params.algorithm, params.usages, ""));
+                promises.push(importAndExport("raw", toWrapKeyData["SYMMETRIC128"].raw, params.algorithm, params.usages, ""));
             }
         });
         // Using allSettled to skip unsupported test cases.
@@ -432,6 +447,9 @@
             case "ECDH" :
                 deriveParams = {name: "ECDH"};
                 break;
+            case "ChaCha20-Poly1305":
+                cryptParams = {name: "ChaCha20-Poly1305", iv: new Uint8Array(12)};
+                break;
             default:
                 throw new Error("Unsupported algorithm for key comparison");
         }

diff --git a/test/fixtures/wpt/WebCryptoAPI/wrapKey_unwrapKey/wrapKey_unwrapKey_vectors.js b/test/fixtures/wpt/WebCryptoAPI/wrapKey_unwrapKey/wrapKey_unwrapKey_vectors.js
diff --git a/test/fixtures/wpt/versions.json b/test/fixtures/wpt/versions.json
@@ -96,7 +96,7 @@
     "path": "web-locks"
   },
   "WebCryptoAPI": {
-    "commit": "42e47329fdc92c80d58c2816eb66cb2cf2b32a89",
+    "commit": "c9e955840a21be6e492225a4a53fc4828d8933b9",
     "path": "WebCryptoAPI"
   },
   "webidl": {