react-native-quick-crypto 1.1.3 → 1.1.4

package/lib/module/subtle.js

@@ -1,11 +1,10 @@
 "use strict";
 
-/* eslint-disable @typescript-eslint/no-unused-vars */
 import { Buffer as SBuffer } from 'safe-buffer';
 import { KFormatType, KeyEncoding, KeyType, kNamedCurveAliases } from './utils';
 import { Buffer } from '@craftzdog/react-native-buffer';
 import { CryptoKey, KeyObject, PublicKeyObject, PrivateKeyObject, SecretKeyObject } from './keys';
-import { bufferLikeToArrayBuffer } from './utils/conversion';
+import { binaryLikeToArrayBuffer, bufferLikeToArrayBuffer } from './utils/conversion';
 import { argon2Sync } from './argon2';
 import { lazyDOMException } from './utils/errors';
 import { normalizeHashName, HashContext } from './utils/hashnames';
@@ -76,21 +75,682 @@ function getCanonicalAlgorithmNames() {
   }
   return _canonicalAlgorithmNames;
 }
-function normalizeAlgorithm(algorithm, _operation) {
-  const map = getCanonicalAlgorithmNames();
+
+// Per-algorithm WebIDL converter table. Mirrors Node's kAlgorithmDefinitions
+// (lib/internal/crypto/util.js): each (algorithm, operation) pair maps to a
+// dictionary converter name, or null when only the `name` member is required.
+// Operation keys are missing when an algorithm cannot perform that operation,
+// causing `normalizeAlgorithm` to reject the call.
+const kAlgorithmDefinitions = {
+  'AES-CBC': {
+    generateKey: 'AesKeyGenParams',
+    exportKey: null,
+    importKey: null,
+    encrypt: 'AesCbcParams',
+    decrypt: 'AesCbcParams',
+    'get key length': 'AesDerivedKeyParams'
+  },
+  'AES-CTR': {
+    generateKey: 'AesKeyGenParams',
+    exportKey: null,
+    importKey: null,
+    encrypt: 'AesCtrParams',
+    decrypt: 'AesCtrParams',
+    'get key length': 'AesDerivedKeyParams'
+  },
+  'AES-GCM': {
+    generateKey: 'AesKeyGenParams',
+    exportKey: null,
+    importKey: null,
+    encrypt: 'AeadParams',
+    decrypt: 'AeadParams',
+    'get key length': 'AesDerivedKeyParams'
+  },
+  'AES-KW': {
+    generateKey: 'AesKeyGenParams',
+    exportKey: null,
+    importKey: null,
+    'get key length': 'AesDerivedKeyParams',
+    wrapKey: null,
+    unwrapKey: null
+  },
+  'AES-OCB': {
+    generateKey: 'AesKeyGenParams',
+    exportKey: null,
+    importKey: null,
+    encrypt: 'AeadParams',
+    decrypt: 'AeadParams',
+    'get key length': 'AesDerivedKeyParams'
+  },
+  Argon2d: {
+    deriveBits: 'Argon2Params',
+    'get key length': null,
+    importKey: null
+  },
+  Argon2i: {
+    deriveBits: 'Argon2Params',
+    'get key length': null,
+    importKey: null
+  },
+  Argon2id: {
+    deriveBits: 'Argon2Params',
+    'get key length': null,
+    importKey: null
+  },
+  'ChaCha20-Poly1305': {
+    generateKey: null,
+    exportKey: null,
+    importKey: null,
+    encrypt: 'AeadParams',
+    decrypt: 'AeadParams',
+    'get key length': null
+  },
+  ECDH: {
+    generateKey: 'EcKeyGenParams',
+    exportKey: null,
+    importKey: 'EcKeyImportParams',
+    deriveBits: 'EcdhKeyDeriveParams'
+  },
+  ECDSA: {
+    generateKey: 'EcKeyGenParams',
+    exportKey: null,
+    importKey: 'EcKeyImportParams',
+    sign: 'EcdsaParams',
+    verify: 'EcdsaParams'
+  },
+  Ed25519: {
+    generateKey: null,
+    exportKey: null,
+    importKey: null,
+    sign: null,
+    verify: null
+  },
+  Ed448: {
+    generateKey: null,
+    exportKey: null,
+    importKey: null,
+    sign: 'ContextParams',
+    verify: 'ContextParams'
+  },
+  HKDF: {
+    importKey: null,
+    deriveBits: 'HkdfParams',
+    'get key length': null
+  },
+  HMAC: {
+    generateKey: 'HmacKeyGenParams',
+    exportKey: null,
+    importKey: 'HmacImportParams',
+    sign: null,
+    verify: null,
+    'get key length': 'HmacImportParams'
+  },
+  KMAC128: {
+    generateKey: 'KmacKeyGenParams',
+    exportKey: null,
+    importKey: 'KmacImportParams',
+    sign: 'KmacParams',
+    verify: 'KmacParams',
+    'get key length': 'KmacImportParams'
+  },
+  KMAC256: {
+    generateKey: 'KmacKeyGenParams',
+    exportKey: null,
+    importKey: 'KmacImportParams',
+    sign: 'KmacParams',
+    verify: 'KmacParams',
+    'get key length': 'KmacImportParams'
+  },
+  'ML-DSA-44': {
+    generateKey: null,
+    exportKey: null,
+    importKey: null,
+    sign: 'ContextParams',
+    verify: 'ContextParams'
+  },
+  'ML-DSA-65': {
+    generateKey: null,
+    exportKey: null,
+    importKey: null,
+    sign: 'ContextParams',
+    verify: 'ContextParams'
+  },
+  'ML-DSA-87': {
+    generateKey: null,
+    exportKey: null,
+    importKey: null,
+    sign: 'ContextParams',
+    verify: 'ContextParams'
+  },
+  'ML-KEM-512': {
+    generateKey: null,
+    exportKey: null,
+    importKey: null,
+    encapsulateBits: null,
+    decapsulateBits: null,
+    encapsulateKey: null,
+    decapsulateKey: null
+  },
+  'ML-KEM-768': {
+    generateKey: null,
+    exportKey: null,
+    importKey: null,
+    encapsulateBits: null,
+    decapsulateBits: null,
+    encapsulateKey: null,
+    decapsulateKey: null
+  },
+  'ML-KEM-1024': {
+    generateKey: null,
+    exportKey: null,
+    importKey: null,
+    encapsulateBits: null,
+    decapsulateBits: null,
+    encapsulateKey: null,
+    decapsulateKey: null
+  },
+  PBKDF2: {
+    importKey: null,
+    deriveBits: 'Pbkdf2Params',
+    'get key length': null
+  },
+  'RSA-OAEP': {
+    generateKey: 'RsaHashedKeyGenParams',
+    exportKey: null,
+    importKey: 'RsaHashedImportParams',
+    encrypt: 'RsaOaepParams',
+    decrypt: 'RsaOaepParams'
+  },
+  'RSA-PSS': {
+    generateKey: 'RsaHashedKeyGenParams',
+    exportKey: null,
+    importKey: 'RsaHashedImportParams',
+    sign: 'RsaPssParams',
+    verify: 'RsaPssParams'
+  },
+  'RSASSA-PKCS1-v1_5': {
+    generateKey: 'RsaHashedKeyGenParams',
+    exportKey: null,
+    importKey: 'RsaHashedImportParams',
+    sign: null,
+    verify: null
+  },
+  'SHA-1': {
+    digest: null
+  },
+  'SHA-256': {
+    digest: null
+  },
+  'SHA-384': {
+    digest: null
+  },
+  'SHA-512': {
+    digest: null
+  },
+  'SHA3-256': {
+    digest: null
+  },
+  'SHA3-384': {
+    digest: null
+  },
+  'SHA3-512': {
+    digest: null
+  },
+  cSHAKE128: {
+    digest: 'CShakeParams'
+  },
+  cSHAKE256: {
+    digest: 'CShakeParams'
+  },
+  KT128: {
+    digest: 'KangarooTwelveParams'
+  },
+  KT256: {
+    digest: 'KangarooTwelveParams'
+  },
+  TurboSHAKE128: {
+    digest: 'TurboShakeParams'
+  },
+  TurboSHAKE256: {
+    digest: 'TurboShakeParams'
+  },
+  X25519: {
+    generateKey: null,
+    exportKey: null,
+    importKey: null,
+    deriveBits: 'EcdhKeyDeriveParams'
+  },
+  X448: {
+    generateKey: null,
+    exportKey: null,
+    importKey: null,
+    deriveBits: 'EcdhKeyDeriveParams'
+  }
+};
+for (const v of SLH_DSA_VARIANTS) {
+  kAlgorithmDefinitions[v] = {
+    generateKey: null,
+    exportKey: null,
+    importKey: null,
+    sign: null,
+    verify: null
+  };
+}
+
+// WebIDL dictionary member specs. Mirrors Node's per-converter
+// `createDictionaryConverter` definitions in lib/internal/crypto/webidl.js.
+// `required: true` causes `normalizeAlgorithm` to throw a TypeError when the
+// member is missing — matching the spec'd WebCrypto behavior that
+// `SubtleCrypto.supports` relies on via try/catch.
+
+const kRequiredFields = {
+  AesKeyGenParams: [{
+    key: 'length',
+    required: true
+  }],
+  AesDerivedKeyParams: [{
+    key: 'length',
+    required: true
+  }],
+  AesCbcParams: [{
+    key: 'iv',
+    required: true
+  }],
+  AesCtrParams: [{
+    key: 'counter',
+    required: true
+  }, {
+    key: 'length',
+    required: true
+  }],
+  AeadParams: [{
+    key: 'iv',
+    required: true
+  }, {
+    key: 'tagLength'
+  }, {
+    key: 'additionalData'
+  }],
+  EcKeyGenParams: [{
+    key: 'namedCurve',
+    required: true
+  }],
+  EcKeyImportParams: [{
+    key: 'namedCurve',
+    required: true
+  }],
+  EcdsaParams: [{
+    key: 'hash',
+    required: true
+  }],
+  EcdhKeyDeriveParams: [{
+    key: 'public',
+    required: true
+  }],
+  HmacKeyGenParams: [{
+    key: 'hash',
+    required: true
+  }, {
+    key: 'length'
+  }],
+  HmacImportParams: [{
+    key: 'hash',
+    required: true
+  }, {
+    key: 'length'
+  }],
+  HkdfParams: [{
+    key: 'hash',
+    required: true
+  }, {
+    key: 'salt',
+    required: true
+  }, {
+    key: 'info',
+    required: true
+  }],
+  Pbkdf2Params: [{
+    key: 'hash',
+    required: true
+  }, {
+    key: 'iterations',
+    required: true
+  }, {
+    key: 'salt',
+    required: true
+  }],
+  RsaHashedKeyGenParams: [{
+    key: 'modulusLength',
+    required: true
+  }, {
+    key: 'publicExponent',
+    required: true
+  }, {
+    key: 'hash',
+    required: true
+  }],
+  RsaHashedImportParams: [{
+    key: 'hash',
+    required: true
+  }],
+  RsaOaepParams: [{
+    key: 'label'
+  }],
+  RsaPssParams: [{
+    key: 'saltLength',
+    required: true
+  }],
+  ContextParams: [{
+    key: 'context'
+  }],
+  Argon2Params: [{
+    key: 'nonce',
+    required: true
+  }, {
+    key: 'parallelism',
+    required: true
+  }, {
+    key: 'memory',
+    required: true
+  }, {
+    key: 'passes',
+    required: true
+  }, {
+    key: 'version'
+  }, {
+    key: 'secretValue'
+  }, {
+    key: 'associatedData'
+  }],
+  KmacKeyGenParams: [{
+    key: 'length'
+  }],
+  KmacImportParams: [{
+    key: 'length'
+  }],
+  KmacParams: [{
+    key: 'outputLength',
+    required: true
+  }, {
+    key: 'customization'
+  }],
+  CShakeParams: [{
+    key: 'outputLength',
+    required: true
+  }, {
+    key: 'functionName'
+  }, {
+    key: 'customization'
+  }],
+  KangarooTwelveParams: [{
+    key: 'outputLength',
+    required: true
+  }, {
+    key: 'customization'
+  }],
+  TurboShakeParams: [{
+    key: 'outputLength',
+    required: true
+  }, {
+    key: 'domainSeparation'
+  }]
+};
+function isBufferSource(value) {
+  return value instanceof ArrayBuffer || ArrayBuffer.isView(value);
+}
+function validateBufferSource(algorithm, key) {
+  const value = algorithm[key];
+  if (value === undefined) return undefined;
+  if (!isBufferSource(value)) {
+    throw new TypeError(`Failed to normalize algorithm: '${key}' must be a BufferSource`);
+  }
+  return bufferLikeToArrayBuffer(value);
+}
+function validateBinaryLike(algorithm, key) {
+  const value = algorithm[key];
+  if (value === undefined) return undefined;
+  try {
+    return binaryLikeToArrayBuffer(value);
+  } catch {
+    throw new TypeError(`Failed to normalize algorithm: '${key}' must be a BufferSource`);
+  }
+}
+function validateByteLength(buffer, key, length, message) {
+  if (buffer !== undefined && buffer.byteLength !== length) {
+    throw lazyDOMException(message ?? `${key} must be ${length} bytes`, 'OperationError');
+  }
+}
+function validateUnsignedInteger(algorithm, key) {
+  const value = algorithm[key];
+  if (value === undefined) return undefined;
+  const numberValue = Number(value);
+  if (!Number.isFinite(numberValue) || !Number.isInteger(numberValue) || numberValue < 0) {
+    throw new TypeError(`Failed to normalize algorithm: '${key}' must be an unsigned integer`);
+  }
+  algorithm[key] = numberValue;
+  return numberValue;
+}
+function validateHashAlgorithm(algorithm, converterName) {
+  const hash = algorithm.hash;
+  if (hash === undefined) return;
+  const normalizedHash = normalizeHashName(hash, HashContext.WebCrypto);
+  if (!['SHA-1', 'SHA-256', 'SHA-384', 'SHA-512', 'SHA3-256', 'SHA3-384', 'SHA3-512'].includes(normalizedHash)) {
+    throw lazyDOMException(`Unsupported ${converterName}.hash`, 'NotSupportedError');
+  }
+  algorithm.hash = {
+    name: normalizedHash
+  };
+}
+function validateAesLength(length) {
+  if (length !== undefined && length !== 128 && length !== 192 && length !== 256) {
+    throw lazyDOMException('Invalid key length', 'OperationError');
+  }
+}
+function validateMacLength(algorithm, key, zeroError) {
+  const length = validateUnsignedInteger(algorithm, key);
+  if (length === undefined) return;
+  if (length === 0) {
+    throw lazyDOMException(`${key} cannot be 0`, zeroError);
+  }
+  if (length % 8) {
+    throw lazyDOMException(`Unsupported ${key}`, 'NotSupportedError');
+  }
+}
+function validateAeadParams(algorithm) {
+  const iv = validateBufferSource(algorithm, 'iv');
+  const tagLength = validateUnsignedInteger(algorithm, 'tagLength');
+  validateBufferSource(algorithm, 'additionalData');
+  switch (algorithm.name) {
+    case 'AES-GCM':
+      if (tagLength !== undefined && ![32, 64, 96, 104, 112, 120, 128].includes(tagLength)) {
+        throw lazyDOMException(`${tagLength} is not a valid AES-GCM tag length`, 'OperationError');
+      }
+      break;
+    case 'AES-OCB':
+      if (iv !== undefined && (iv.byteLength < 1 || iv.byteLength > 15)) {
+        throw lazyDOMException('AES-OCB algorithm.iv must be between 1 and 15 bytes', 'OperationError');
+      }
+      if (tagLength !== undefined && ![64, 96, 128].includes(tagLength)) {
+        throw lazyDOMException(`${tagLength} is not a valid AES-OCB tag length`, 'OperationError');
+      }
+      break;
+    case 'ChaCha20-Poly1305':
+      validateByteLength(iv, 'algorithm.iv', 12, 'ChaCha20-Poly1305 IV must be exactly 12 bytes');
+      if (tagLength !== undefined && tagLength !== 128) {
+        throw lazyDOMException(`${tagLength} is not a valid ChaCha20-Poly1305 tag length`, 'OperationError');
+      }
+      break;
+  }
+}
+function validateNormalizedAlgorithm(converterName, algorithm) {
+  switch (converterName) {
+    case 'AesKeyGenParams':
+    case 'AesDerivedKeyParams':
+      validateAesLength(validateUnsignedInteger(algorithm, 'length'));
+      break;
+    case 'AesCbcParams':
+      validateByteLength(validateBufferSource(algorithm, 'iv'), 'algorithm.iv', 16, 'algorithm.iv must contain exactly 16 bytes');
+      break;
+    case 'AesCtrParams':
+      {
+        validateByteLength(validateBufferSource(algorithm, 'counter'), 'algorithm.counter', 16);
+        const length = validateUnsignedInteger(algorithm, 'length');
+        if (length !== undefined && (length === 0 || length > 128)) {
+          throw lazyDOMException('AES-CTR algorithm.length must be between 1 and 128', 'OperationError');
+        }
+        break;
+      }
+    case 'AeadParams':
+      validateAeadParams(algorithm);
+      break;
+    case 'EcdsaParams':
+    case 'HmacKeyGenParams':
+    case 'HmacImportParams':
+    case 'HkdfParams':
+    case 'Pbkdf2Params':
+    case 'RsaHashedKeyGenParams':
+    case 'RsaHashedImportParams':
+      validateHashAlgorithm(algorithm, converterName);
+      if (converterName === 'HmacKeyGenParams') {
+        validateMacLength(algorithm, 'length', 'OperationError');
+      }
+      if (converterName === 'HkdfParams') {
+        validateBinaryLike(algorithm, 'salt');
+        validateBinaryLike(algorithm, 'info');
+      } else if (converterName === 'Pbkdf2Params') {
+        const iterations = validateUnsignedInteger(algorithm, 'iterations');
+        if (iterations === 0) {
+          throw lazyDOMException('iterations cannot be zero', 'OperationError');
+        }
+        validateBinaryLike(algorithm, 'salt');
+      } else if (converterName === 'RsaHashedKeyGenParams') {
+        validateUnsignedInteger(algorithm, 'modulusLength');
+        validateBufferSource(algorithm, 'publicExponent');
+      }
+      break;
+    case 'RsaPssParams':
+      validateUnsignedInteger(algorithm, 'saltLength');
+      break;
+    case 'RsaOaepParams':
+      validateBufferSource(algorithm, 'label');
+      break;
+    case 'ContextParams':
+      validateBufferSource(algorithm, 'context');
+      break;
+    case 'EcdhKeyDeriveParams':
+      if (!(algorithm.public instanceof CryptoKey)) {
+        throw lazyDOMException('algorithm.public must be a public key', 'InvalidAccessError');
+      }
+      break;
+    case 'Argon2Params':
+      {
+        validateBufferSource(algorithm, 'nonce');
+        const parallelism = validateUnsignedInteger(algorithm, 'parallelism');
+        const memory = validateUnsignedInteger(algorithm, 'memory');
+        validateUnsignedInteger(algorithm, 'passes');
+        const version = validateUnsignedInteger(algorithm, 'version');
+        validateBufferSource(algorithm, 'secretValue');
+        validateBufferSource(algorithm, 'associatedData');
+        if (parallelism !== undefined && (parallelism === 0 || parallelism > 2 ** 24 - 1)) {
+          throw lazyDOMException('parallelism must be > 0 and < 16777215', 'OperationError');
+        }
+        if (memory !== undefined && parallelism !== undefined && memory < 8 * parallelism) {
+          throw lazyDOMException('memory must be at least 8 times the degree of parallelism', 'OperationError');
+        }
+        if (version !== undefined && version !== 0x13) {
+          throw lazyDOMException(`${version} is not a valid Argon2 version`, 'OperationError');
+        }
+        break;
+      }
+    case 'KmacKeyGenParams':
+      validateMacLength(algorithm, 'length', 'OperationError');
+      break;
+    case 'KmacImportParams':
+      validateMacLength(algorithm, 'length', 'DataError');
+      break;
+    case 'KmacParams':
+      validateMacLength(algorithm, 'outputLength', 'OperationError');
+      validateBufferSource(algorithm, 'customization');
+      break;
+    case 'CShakeParams':
+    case 'KangarooTwelveParams':
+      {
+        const outputLength = validateUnsignedInteger(algorithm, 'outputLength');
+        if (outputLength !== undefined && (outputLength === 0 || outputLength % 8)) {
+          throw lazyDOMException(`Invalid ${converterName} outputLength`, 'OperationError');
+        }
+        validateBufferSource(algorithm, 'functionName');
+        validateBufferSource(algorithm, 'customization');
+        break;
+      }
+    case 'TurboShakeParams':
+      {
+        const outputLength = validateUnsignedInteger(algorithm, 'outputLength');
+        const domainSeparation = validateUnsignedInteger(algorithm, 'domainSeparation');
+        if (outputLength !== undefined && (outputLength === 0 || outputLength % 8)) {
+          throw lazyDOMException('Invalid TurboShakeParams outputLength', 'OperationError');
+        }
+        if (domainSeparation !== undefined && (domainSeparation < 0x01 || domainSeparation > 0x7f)) {
+          throw lazyDOMException('TurboShakeParams.domainSeparation must be in range 0x01-0x7f', 'OperationError');
+        }
+        break;
+      }
+  }
+}
+
+// WebCrypto §18.4.4 algorithm normalization. Mirrors Node's normalizeAlgorithm
+// in lib/internal/crypto/util.js: canonicalizes `name`, looks up the
+// (name, op) → converter mapping, and rejects inputs that omit required
+// dictionary members. Callers in Subtle.supports rely on this throwing for
+// invalid params — without it, supports() over-reports capability (#1025).
+function normalizeAlgorithm(algorithm, operation) {
   if (typeof algorithm === 'string') {
+    return normalizeAlgorithm({
+      name: algorithm
+    }, operation);
+  }
+  const name = algorithm.name;
+  if (typeof name !== 'string') {
+    throw new TypeError("Algorithm: 'name' is required");
+  }
+  const map = getCanonicalAlgorithmNames();
+  const canonical = map.get(name.toLowerCase());
+  if (canonical === undefined) {
+    throw lazyDOMException('Unrecognized algorithm name', 'NotSupportedError');
+  }
+  const opMap = kAlgorithmDefinitions[canonical];
+  if (!opMap || !(operation in opMap)) {
+    throw lazyDOMException('Unrecognized algorithm name', 'NotSupportedError');
+  }
+  const converterName = opMap[operation];
+  if (converterName == null) {
     return {
-      name: map.get(algorithm.toLowerCase()) ?? algorithm
+      name: canonical
     };
   }
-  if (typeof algorithm.name === 'string') {
-    const canonical = map.get(algorithm.name.toLowerCase()) ?? algorithm.name;
+  const fields = kRequiredFields[converterName];
+  if (!fields) {
     return {
       ...algorithm,
       name: canonical
     };
   }
-  return algorithm;
+  const out = {
+    name: canonical
+  };
+  const src = algorithm;
+  for (const field of fields) {
+    const value = src[field.key];
+    if (value === undefined) {
+      if (field.required) {
+        throw new TypeError(`Failed to normalize algorithm: '${field.key}' is required in '${converterName}'`);
+      }
+      continue;
+    }
+    out[field.key] = value;
+  }
+  validateNormalizedAlgorithm(converterName, out);
+  return out;
 }
 function getAlgorithmName(name, length) {
   switch (name) {
@@ -1967,7 +2627,6 @@ export class Subtle {
   }
   async deriveBits(algorithm, baseKey, length = null) {
     requireArgs(arguments.length, 2, 'deriveBits');
-    const normalizedAlgorithm = normalizeAlgorithm(algorithm, 'deriveBits');
     // WebCrypto §SubtleCrypto.deriveBits step 11: throw InvalidAccessError
     // unless `baseKey.[[usages]]` contains "deriveBits" specifically. The
     // previous `deriveBits || deriveKey` accept-either branch silently
@@ -1976,6 +2635,7 @@ export class Subtle {
     if (!baseKey.usages.includes('deriveBits')) {
       throw lazyDOMException('baseKey does not have deriveBits usage', 'InvalidAccessError');
     }
+    const normalizedAlgorithm = normalizeAlgorithm(algorithm, 'deriveBits');
     if (baseKey.algorithm.name !== normalizedAlgorithm.name) {
       throw lazyDOMException('Key algorithm mismatch', 'InvalidAccessError');
     }
@@ -2009,7 +2669,9 @@ export class Subtle {
   async deriveKey(algorithm, baseKey, derivedKeyAlgorithm, extractable, keyUsages) {
     requireArgs(arguments.length, 5, 'deriveKey');
     const normalizedAlgorithm = normalizeAlgorithm(algorithm, 'deriveBits');
-    const normalizedDerivedKeyAlgorithm = normalizeAlgorithm(derivedKeyAlgorithm, 'importKey');
+    // Validate the derived-key algorithm up front (mirrors Node webcrypto.js:341).
+    // The normalized form is unused — `this.importKey` re-normalizes below.
+    normalizeAlgorithm(derivedKeyAlgorithm, 'importKey');
 
     // Validate baseKey usage
     if (!baseKey.usages.includes('deriveKey')) {
@@ -2020,7 +2682,10 @@ export class Subtle {
     }
 
     // Calculate required key length (may be null for KDF-derived material).
-    const length = getKeyLength(normalizedDerivedKeyAlgorithm);
+    // Mirrors Node webcrypto.js:350 — uses the raw derivedKeyAlgorithm with
+    // op='get key length' so AES `length` survives normalization (the
+    // 'importKey' converter for AES is null and strips dictionary members).
+    const length = getKeyLength(normalizeAlgorithm(derivedKeyAlgorithm, 'get key length'));
 
     // Step 1: Derive bits
     let derivedBits;
@@ -2100,7 +2765,15 @@ export class Subtle {
   }
   async wrapKey(format, key, wrappingKey, wrapAlgorithm) {
     requireArgs(arguments.length, 4, 'wrapKey');
-    const normalizedWrapAlgorithm = normalizeAlgorithm(wrapAlgorithm, 'wrapKey');
+    // Mirrors Node webcrypto.js:923-927: prefer the 'wrapKey' op (only
+    // AES-KW defines it) and fall back to 'encrypt' for cipher-based wrap
+    // algorithms like AES-GCM and RSA-OAEP.
+    let normalizedWrapAlgorithm;
+    try {
+      normalizedWrapAlgorithm = normalizeAlgorithm(wrapAlgorithm, 'wrapKey');
+    } catch {
+      normalizedWrapAlgorithm = normalizeAlgorithm(wrapAlgorithm, 'encrypt');
+    }
     if (normalizedWrapAlgorithm.name !== wrappingKey.algorithm.name) {
       throw lazyDOMException('Key algorithm mismatch', 'InvalidAccessError');
     }
@@ -2139,7 +2812,14 @@ export class Subtle {
   }
   async unwrapKey(format, wrappedKey, unwrappingKey, unwrapAlgorithm, unwrappedKeyAlgorithm, extractable, keyUsages) {
     requireArgs(arguments.length, 7, 'unwrapKey');
-    const normalizedUnwrapAlgorithm = normalizeAlgorithm(unwrapAlgorithm, 'unwrapKey');
+    // Mirrors Node webcrypto.js:1006-1010: prefer 'unwrapKey', fall back to
+    // 'decrypt' for cipher-based unwrap algorithms.
+    let normalizedUnwrapAlgorithm;
+    try {
+      normalizedUnwrapAlgorithm = normalizeAlgorithm(unwrapAlgorithm, 'unwrapKey');
+    } catch {
+      normalizedUnwrapAlgorithm = normalizeAlgorithm(unwrapAlgorithm, 'decrypt');
+    }
     if (normalizedUnwrapAlgorithm.name !== unwrappingKey.algorithm.name) {
       throw lazyDOMException('Key algorithm mismatch', 'InvalidAccessError');
     }