panva
diff --git a/‎cookbook/jwe.mjs
+8-16 b/‎cookbook/jwe.mjs
+8-16
diff --git a/‎cookbook/jws.mjs
+6-6 b/‎cookbook/jws.mjs
+6-6
diff --git a/‎tap/aes.ts
+16-19 b/‎tap/aes.ts
+16-19
diff --git a/‎tap/aeskw.ts
+9-20 b/‎tap/aeskw.ts
+9-20
diff --git a/‎tap/cookbook.ts
+4-28 b/‎tap/cookbook.ts
+4-28
diff --git a/‎tap/ecdh.ts
+17-12 b/‎tap/ecdh.ts
+17-12
@@ -67,8 +67,7 @@ export default [
   {
     title:
       'https://www.rfc-editor.org/rfc/rfc7520#section-5.3 - Key Wrap using PBES2-AES-KeyWrap with AES-CBC-HMAC-SHA2',
-    electron: false,
-    reproducible: true,
+    deterministic: true,
     input: {
       plaintext:
         '{"keys":[{"kty":"oct","kid":"77c7e2b8-6e13-45cf-8672-617b5b45243a","use":"enc","alg":"A128GCM","k":"XctOhJAkA-pD9Lh7ZgW_2A"},{"kty":"oct","kid":"81b20965-8332-43d9-a468-82160ad91ac8","use":"enc","alg":"A128KW","k":"GZy6sIZ6wl9NJOKB-jnmVQ"},{"kty":"oct","kid":"18ec08e1-bfa9-4d95-b205-2b4dd1d4321d","use":"enc","alg":"A256GCMKW","k":"qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8"}]}',
@@ -123,7 +122,6 @@ export default [
   {
     title:
       'https://www.rfc-editor.org/rfc/rfc7520#section-5.4 - Key Agreement with Key Wrapping using ECDH-ES and AES-KeyWrap with AES-GCM',
-    electron: false,
     input: {
       plaintext:
         'You can trust us to stick with you through thick and thin–to the bitter end. And you can trust us to keep any secret of yours–closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.',
@@ -262,7 +260,7 @@ export default [
   {
     title:
       'https://www.rfc-editor.org/rfc/rfc7520#section-5.6 - Direction Encryption using AES-GCM',
-    reproducible: true,
+    deterministic: true,
     input: {
       plaintext:
         'You can trust us to stick with you through thick and thin–to the bitter end. And you can trust us to keep any secret of yours–closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.',
@@ -311,7 +309,7 @@ export default [
   {
     title:
       'https://www.rfc-editor.org/rfc/rfc7520#section-5.6 - Key Wrap using AES-GCM KeyWrap with AES-CBC-HMAC-SHA2',
-    reproducible: true,
+    deterministic: true,
     input: {
       plaintext:
         'You can trust us to stick with you through thick and thin–to the bitter end. And you can trust us to keep any secret of yours–closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.',
@@ -373,8 +371,7 @@ export default [
   {
     title:
       'https://www.rfc-editor.org/rfc/rfc7520#section-5.8 - Key Wrap using AES-KeyWrap with AES-GCM',
-    electron: false,
-    reproducible: true,
+    deterministic: true,
     input: {
       plaintext:
         'You can trust us to stick with you through thick and thin–to the bitter end. And you can trust us to keep any secret of yours–closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.',
@@ -430,9 +427,7 @@ export default [
   },
   {
     title: 'https://www.rfc-editor.org/rfc/rfc7520#section-5.9 - Compressed Content',
-    webapi: false,
-    electron: false,
-    reproducible: false, // https://github.com/nodejs/node/issues/50138
+    deterministic: false, // https://www.rfc-editor.org/errata/eid7680
     input: {
       plaintext:
         'You can trust us to stick with you through thick and thin–to the bitter end. And you can trust us to keep any secret of yours–closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.',
@@ -493,8 +488,7 @@ export default [
   {
     title:
       'https://www.rfc-editor.org/rfc/rfc7520#section-5.10 - Including Additional Authenticated Data',
-    electron: false,
-    reproducible: true,
+    deterministic: true,
     input: {
       plaintext:
         'You can trust us to stick with you through thick and thin–to the bitter end. And you can trust us to keep any secret of yours–closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.',
@@ -554,8 +548,7 @@ export default [
   {
     title:
       'https://www.rfc-editor.org/rfc/rfc7520#section-5.11 - Protecting Specific Header Fields',
-    electron: false,
-    reproducible: true,
+    deterministic: true,
     input: {
       plaintext:
         'You can trust us to stick with you through thick and thin–to the bitter end. And you can trust us to keep any secret of yours–closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.',
@@ -617,8 +610,7 @@ export default [
   },
   {
     title: 'https://www.rfc-editor.org/rfc/rfc7520#section-5.12 - Protecting Content Only',
-    electron: false,
-    reproducible: true,
+    deterministic: true,
     input: {
       plaintext:
         'You can trust us to stick with you through thick and thin–to the bitter end. And you can trust us to keep any secret of yours–closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.',
 
@@ -1,7 +1,7 @@
 export default [
   {
     title: 'https://www.rfc-editor.org/rfc/rfc7520#section-4.1 - RSA v1.5 Signature',
-    reproducible: true,
+    deterministic: true,
     input: {
       payload:
         "It’s a dangerous business, Frodo, going out your door. You step onto the road, and if you don't keep your feet, there’s no knowing where you might be swept off to.",
@@ -52,7 +52,7 @@ export default [
   },
   {
     title: 'https://www.rfc-editor.org/rfc/rfc8037#appendix-A.4 - Ed25519 Signing',
-    reproducible: true,
+    deterministic: false, // https://github.com/WICG/webcrypto-secure-curves/issues/28
     input: {
       payload: 'Example of Ed25519 signing',
       key: {
@@ -188,7 +188,7 @@ export default [
   },
   {
     title: 'https://www.rfc-editor.org/rfc/rfc7520#section-4.4 - HMAC-SHA2 Integrity Protection',
-    reproducible: true,
+    deterministic: true,
     input: {
       payload:
         "It’s a dangerous business, Frodo, going out your door. You step onto the road, and if you don't keep your feet, there’s no knowing where you might be swept off to.",
@@ -233,7 +233,7 @@ export default [
   },
   {
     title: 'https://www.rfc-editor.org/rfc/rfc7520#section-4.6 - Protecting Specific Header Fields',
-    reproducible: true,
+    deterministic: true,
     input: {
       payload:
         "It’s a dangerous business, Frodo, going out your door. You step onto the road, and if you don't keep your feet, there’s no knowing where you might be swept off to.",
@@ -282,7 +282,7 @@ export default [
   },
   {
     title: 'https://www.rfc-editor.org/rfc/rfc7520#section-4.7 - Protecting Content Only',
-    reproducible: true,
+    deterministic: true,
     input: {
       payload:
         "It’s a dangerous business, Frodo, going out your door. You step onto the road, and if you don't keep your feet, there’s no knowing where you might be swept off to.",
@@ -329,7 +329,7 @@ export default [
   },
   {
     title: 'https://www.rfc-editor.org/rfc/rfc7797#section-4.1 - { "b64": false } JSON only',
-    reproducible: true,
+    deterministic: true,
     input: {
       payload: '$.02',
       key: {
 
@@ -11,23 +11,22 @@ export default (
   const { module, test } = QUnit
   module('aes.ts')
 
-  type Vector = [string, boolean]
-  const algorithms: Vector[] = [
-    ['A128GCM', true],
-    ['A192GCM', !env.isBlink],
-    ['A256GCM', true],
-    ['A128CBC-HS256', true],
-    ['A192CBC-HS384', !env.isBlink],
-    ['A256CBC-HS512', true],
+  const algorithms = [
+    'A128GCM',
+    'A192GCM',
+    'A256GCM',
+    'A128CBC-HS256',
+    'A192CBC-HS384',
+    'A256CBC-HS512',
   ]
 
-  function title(vector: Vector) {
-    const [enc, works] = vector
+  function title(algorithm: string) {
+    const supported = env.supported(algorithm)
     let result = ''
-    if (!works) {
+    if (!supported) {
       result = '[not supported] '
     }
-    result += `${enc}`
+    result += `${algorithm}`
     return result
   }
 
@@ -40,9 +39,7 @@ export default (
     ]
   }
 
-  for (const vector of algorithms) {
-    const [enc, works] = vector
-
+  for (const enc of algorithms) {
     const execute = async (t: typeof QUnit.assert) => {
       for await (const secret of secretsFor(enc)) {
         await roundtrip.jwe(t, lib, keys, 'dir', enc, secret)
@@ -53,11 +50,11 @@ export default (
       await roundtrip.jwt(t, lib, keys, 'dir', enc, await secretsFor(enc)[0])
     }
 
-    if (works) {
-      test(title(vector), execute)
-      test(`${title(vector)} JWT`, jwt)
+    if (env.supported(enc)) {
+      test(title(enc), execute)
+      test(`${title(enc)} JWT`, jwt)
     } else {
-      test(title(vector), async (t) => {
+      test(title(enc), async (t) => {
         await t.rejects(execute(t))
       })
     }
 
@@ -11,23 +11,14 @@ export default (
   const { module, test } = QUnit
   module('aeskw.ts')
 
-  type Vector = [string, boolean]
-  const algorithms: Vector[] = [
-    ['A128KW', !env.isElectron],
-    ['A192KW', !(env.isBlink || env.isElectron)],
-    ['A256KW', !env.isElectron],
-    ['A128GCMKW', true],
-    ['A192GCMKW', !env.isBlink],
-    ['A256GCMKW', true],
-  ]
+  const algorithms = ['A128KW', 'A192KW', 'A256KW', 'A128GCMKW', 'A192GCMKW', 'A256GCMKW']
 
-  function title(vector: Vector) {
-    const [alg, works] = vector
+  function title(algorithm: string, supported = true) {
     let result = ''
-    if (!works) {
+    if (!supported) {
       result = '[not supported] '
     }
-    result += `${alg}`
+    result += `${algorithm}`
     return result
   }
 
@@ -38,9 +29,7 @@ export default (
     ]
   }
 
-  for (const vector of algorithms) {
-    const [alg, works] = vector
-
+  for (const alg of algorithms) {
     const execute = async (t: typeof QUnit.assert) => {
       for await (const secret of secretsFor(alg)) {
         await roundtrip.jwe(t, lib, keys, alg, 'A128GCM', secret)
@@ -51,11 +40,11 @@ export default (
       await roundtrip.jwt(t, lib, keys, alg, 'A128GCM', await secretsFor(alg)[0])
     }
 
-    if (works) {
-      test(title(vector), execute)
-      test(`${title(vector)} JWT`, jwt)
+    if (env.supported(alg)) {
+      test(title(alg), execute)
+      test(`${title(alg)} JWT`, jwt)
     } else {
-      test(title(vector), async (t) => {
+      test(title(alg, false), async (t) => {
         await t.rejects(execute(t))
       })
     }
 
@@ -7,14 +7,6 @@ import jwsVectors from '../cookbook/jws.mjs'
 // @ts-ignore
 import jweVectors from '../cookbook/jwe.mjs'
 
-// https://bugs.webkit.org/show_bug.cgi?id=262499
-// https://github.com/web-platform-tests/wpt/pull/42292
-if (env.isWebKit) {
-  // @ts-ignore
-  const ed25519 = jwsVectors.find((vector) => vector.title.includes('Ed25519'))
-  ed25519.reproducible = false
-}
-
 export default (
   QUnit: QUnit,
   lib: typeof jose,
@@ -42,22 +34,14 @@ export default (
     }
 
     function supported(vector: any) {
-      if (vector.input.alg === 'ES512') {
-        return !env.isDeno
-      }
-      if (vector.input.key?.crv === 'Ed25519') {
-        return !env.isBlink
-      }
-      return true
+      return env.supported(vector.input.alg)
     }
 
     const execute = (vector: any) => async (t: typeof QUnit.assert) => {
-      const reproducible = !!vector.reproducible
-
       const privateKey = await keys.importJWK(vector.input.key, vector.input.alg)
       const publicKey = await keys.importJWK(pubjwk(vector.input.key), vector.input.alg)
 
-      if (reproducible) {
+      if (vector.deterministic) {
         // sign and compare results are the same
         const runs = [[flattened, vector.output.json_flat]]
         if (vector.signing.protected?.b64 !== undefined) {
@@ -148,16 +132,10 @@ export default (
     }
 
     function supported(vector: any) {
-      if (vector.webcrypto === false) {
-        return false
-      }
-      if (env.isElectron && vector.electron === false) {
-        return false
-      }
       if (vector.input.zip) {
         return false
       }
-      return true
+      return env.supported(vector.input.alg) && env.supported(vector.input.enc)
     }
 
     const toJWK = (input: string | jose.JWK) => {
@@ -173,9 +151,7 @@ export default (
     const execute = (vector: any) => async (t: typeof QUnit.assert) => {
       const dir = vector.input.alg === 'dir'
 
-      const reproducible = !!vector.reproducible
-
-      if (reproducible) {
+      if (vector.deterministic) {
         // encrypt and compare results are the same
         for (const [serialization, expectedResult] of [
           [flattened, vector.output.json_flat],
 
@@ -13,26 +13,31 @@ export default (
 
   const kps: Record<string, jose.GenerateKeyPairResult> = {}
 
-  type Vector = [string, boolean] | [string, boolean, jose.GenerateKeyPairOptions]
+  type Vector = [string, jose.GenerateKeyPairOptions]
   const algorithms: Vector[] = [
-    ['ECDH-ES', true],
-    ['ECDH-ES', true, { crv: 'P-384' }],
-    ['ECDH-ES', !env.isDeno, { crv: 'P-521' }],
-    ['ECDH-ES', !env.isBun, { crv: 'X25519' }],
+    ['ECDH-ES', { crv: 'P-256' }],
+    ['ECDH-ES', { crv: 'P-384' }],
+    ['ECDH-ES', { crv: 'P-521' }],
+    ['ECDH-ES', { crv: 'X25519' }],
   ]
 
-  function title(vector: Vector) {
-    const [alg, works, options] = vector
+  function curve(options?: jose.GenerateKeyPairOptions) {
+    return options?.crv || 'P-256'
+  }
+
+  function title(vector: Vector, supported = true) {
+    const [alg, options] = vector
     let result = ''
-    if (!works) {
+    const crv = curve(options)
+    if (!supported) {
       result = '[not supported] '
     }
-    result += `${alg} ${options?.crv || 'P-256'}`
+    result += `${alg} ${crv}`
     return result
   }
 
   for (const vector of algorithms) {
-    const [alg, works, options] = vector
+    const [alg, options] = vector
     const k = options?.crv || alg
 
     const execute = async (t: typeof QUnit.assert) => {
@@ -49,11 +54,11 @@ export default (
       await roundtrip.jwt(t, lib, keys, alg, 'A128GCM', kps[k])
     }
 
-    if (works) {
+    if (env.supported(alg) && env.supported(curve(options))) {
       test(title(vector), execute)
       test(`${title(vector)} JWT`, jwt)
     } else {
-      test(title(vector), async (t) => {
+      test(title(vector, false), async (t) => {
         await t.rejects(execute(t))
       })
     }