Implementation import/export JWK implementation

examples/import_export/import-export-jwk-aes-key.js

@@ -25,7 +25,7 @@ import { crypto } from "k6/x/webcrypto";
         "AES-CBC",
         true, ["encrypt", "decrypt"]
     );
- 
+
     console.log("imported: " + JSON.stringify(importedKey));
 
     const exportedAgain = await crypto.subtle.exportKey("jwk", importedKey);

go.mod

@@ -5,6 +5,7 @@ go 1.19
 require (
 	github.com/dop251/goja v0.0.0-20231027120936-b396bb4c349d
 	github.com/google/uuid v1.3.1
+	github.com/lestrrat-go/jwx/v2 v2.0.20
 	github.com/stretchr/testify v1.8.4
 	go.k6.io/k6 v0.49.0
 	gopkg.in/guregu/null.v3 v3.3.0
@@ -13,22 +14,30 @@ require (
 require (
 	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
 	github.com/dlclark/regexp2 v1.9.0 // indirect
 	github.com/fatih/color v1.16.0 // indirect
 	github.com/go-logr/logr v1.3.0 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-sourcemap/sourcemap v2.1.4-0.20211119122758-180fcef48034+incompatible // indirect
+	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/pprof v0.0.0-20230728192033-2ba5b33183c6 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
+	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
+	github.com/lestrrat-go/httpcc v1.0.1 // indirect
+	github.com/lestrrat-go/httprc v1.0.4 // indirect
+	github.com/lestrrat-go/iter v1.0.2 // indirect
+	github.com/lestrrat-go/option v1.0.1 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mstoykov/atlas v0.0.0-20220811071828-388f114305dd // indirect
 	github.com/onsi/ginkgo v1.16.5 // indirect
 	github.com/onsi/gomega v1.20.2 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/segmentio/asm v1.2.0 // indirect
 	github.com/serenize/snaker v0.0.0-20201027110005-a7ad2135616e // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/spf13/afero v1.1.2 // indirect
@@ -40,8 +49,9 @@ require (
 	go.opentelemetry.io/otel/sdk v1.21.0 // indirect
 	go.opentelemetry.io/otel/trace v1.21.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.0.0 // indirect
+	golang.org/x/crypto v0.19.0 // indirect
 	golang.org/x/net v0.19.0 // indirect
-	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/sys v0.17.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97 // indirect

go.sum

@@ -8,6 +8,8 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etlyjdBU4sfcs2WYQMs=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
 github.com/dlclark/regexp2 v1.4.1-0.20201116162257-a2a8dda75c91/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc=
 github.com/dlclark/regexp2 v1.7.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
 github.com/dlclark/regexp2 v1.9.0 h1:pTK/l/3qYIKaRXuHnEnIf7Y5NxfRPfpb7dis6/gdlVI=
@@ -31,6 +33,8 @@ github.com/go-sourcemap/sourcemap v2.1.3+incompatible/go.mod h1:F8jJfvm2KbVjc5Nq
 github.com/go-sourcemap/sourcemap v2.1.4-0.20211119122758-180fcef48034+incompatible h1:bopx7t9jyUNX1ebhr0G4gtQWmUOgwQRI0QsYhdYLgkU=
 github.com/go-sourcemap/sourcemap v2.1.4-0.20211119122758-180fcef48034+incompatible/go.mod h1:F8jJfvm2KbVjc5NqelyYJmf/v5J0dwNLS2mL4sNA1Jg=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
+github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
+github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/golang/glog v1.1.2 h1:DVjP2PbBOzHyzA+dn3WhHIq4NdVu3Q+pvivFICf/7fo=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
@@ -68,6 +72,18 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/lestrrat-go/blackmagic v1.0.2 h1:Cg2gVSc9h7sz9NOByczrbUvLopQmXrfFx//N+AkAr5k=
+github.com/lestrrat-go/blackmagic v1.0.2/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU=
+github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE=
+github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E=
+github.com/lestrrat-go/httprc v1.0.4 h1:bAZymwoZQb+Oq8MEbyipag7iSq6YIga8Wj6GOiJGdI8=
+github.com/lestrrat-go/httprc v1.0.4/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo=
+github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI=
+github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4=
+github.com/lestrrat-go/jwx/v2 v2.0.20 h1:sAgXuWS/t8ykxS9Bi2Qtn5Qhpakw1wrcjxChudjolCc=
+github.com/lestrrat-go/jwx/v2 v2.0.20/go.mod h1:UlCSmKqw+agm5BsOBfEAbTvKsEApaGNqHAEUTv5PJC4=
+github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU=
+github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
@@ -94,6 +110,8 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
+github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys=
+github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs=
 github.com/serenize/snaker v0.0.0-20201027110005-a7ad2135616e h1:zWKUYT07mGmVBH+9UgnHXd/ekCK99C8EbDSAt5qsjXE=
 github.com/serenize/snaker v0.0.0-20201027110005-a7ad2135616e/go.mod h1:Yow6lPLSAXx2ifx470yD/nUe22Dv5vBvxK/UK9UUTVs=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
@@ -102,7 +120,9 @@ github.com/spf13/afero v1.1.2 h1:m8/z1t7/fwjysjQRYbP0RD+bUIF/8tJwPdEZsI83ACI=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@@ -130,7 +150,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
+golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -163,8 +184,8 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

webcrypto/aes.go

@@ -6,6 +6,7 @@ import (
 	"crypto/cipher"
 	"crypto/rand"
 	"errors"
+	"fmt"
 
 	"github.com/dop251/goja"
 )
@@ -23,6 +24,12 @@ type AESKeyGenParams struct {
 	Length bitLength `js:"length"`
 }
 
+var _ hasAlg = (*AESKeyGenParams)(nil)
+
+func (akgp AESKeyGenParams) alg() string {
+	return akgp.Name
+}
+
 // newAESKeyGenParams creates a new AESKeyGenParams object, from the
 // normalized algorithm, and the algorithm parameters.
 //
@@ -84,7 +91,7 @@ func (akgp *AESKeyGenParams) GenerateKey(
 	// 5. 6. 7. 8. 9.
 	key := CryptoKey{}
 	key.Type = SecretCryptoKeyType
-	key.Algorithm = AESKeyAlgorithm{
+	key.Algorithm = &AESKeyAlgorithm{
 		Algorithm: akgp.Algorithm,
 		Length:    int64(akgp.Length),
 	}
@@ -114,10 +121,14 @@ type AESKeyAlgorithm struct {
 	Length int64 `js:"length"`
 }
 
+var _ hasAlg = (*AESKeyAlgorithm)(nil)
+
+func (aka AESKeyAlgorithm) alg() string {
+	return aka.Name
+}
+
 // exportAESKey exports an AES key to its raw representation.
-//
-// TODO @oleiade: support JWK format.
-func exportAESKey(key *CryptoKey, format KeyFormat) ([]byte, error) {
+func exportAESKey(key *CryptoKey, format KeyFormat) (interface{}, error) {
 	if !key.Extractable {
 		return nil, NewError(InvalidAccessError, "the key is not extractable")
 	}
@@ -135,8 +146,15 @@ func exportAESKey(key *CryptoKey, format KeyFormat) ([]byte, error) {
 		}
 
 		return handle, nil
+	case JwkKeyFormat:
+		m, err := exportSymmetricJWK(key)
+		if err != nil {
+			return nil, NewError(ImplementationError, err.Error())
+		}
+
+		return m, nil
+
 	default:
-		// FIXME: note that we do not support JWK format, yet.
 		return nil, NewError(NotSupportedError, unsupportedKeyFormatErrorMsg+" "+format)
 	}
 }
@@ -156,8 +174,6 @@ func newAESImportParams(normalized Algorithm) *AESImportParams {
 
 // ImportKey imports an AES key from its raw representation.
 // It implements the KeyImporter interface.
-//
-// TODO @oleiade: support JWK format #37
 func (aip *AESImportParams) ImportKey(
 	format KeyFormat,
 	keyData []byte,
@@ -172,21 +188,31 @@ func (aip *AESImportParams) ImportKey(
 		}
 	}
 
-	switch format {
-	case RawKeyFormat:
-		var (
-			has128Bits = len(keyData) == 16
-			has192Bits = len(keyData) == 24
-			has256Bits = len(keyData) == 32
-		)
-
-		if !has128Bits && !has192Bits && !has256Bits {
-			return nil, NewError(DataError, "invalid key length")
-		}
-	default:
+	// only raw and jwk formats are supported for HMAC
+	if format != RawKeyFormat && format != JwkKeyFormat {
 		return nil, NewError(NotSupportedError, unsupportedKeyFormatErrorMsg+" "+format)
 	}
 
+	// if the key is in JWK format, we need to extract the symmetric key from it
+	if format == JwkKeyFormat {
+		var err error
+		keyData, err = extractSymmetricJWK(keyData)
+		if err != nil {
+			return nil, NewError(DataError, err.Error())
+		}
+	}
+
+	// check the key length
+	var (
+		has128Bits = len(keyData) == 16
+		has192Bits = len(keyData) == 24
+		has256Bits = len(keyData) == 32
+	)
+
+	if !has128Bits && !has192Bits && !has256Bits {
+		return nil, NewError(DataError, fmt.Sprintf("invalid key length %v bytes", len(keyData)))
+	}
+
 	key := &CryptoKey{
 		Algorithm: AESKeyAlgorithm{
 			Algorithm: aip.Algorithm,

webcrypto/algorithm.go

@@ -187,3 +187,9 @@ func isAesAlgorithm(algorithmName string) bool {
 func isHashAlgorithm(algorithmName string) bool {
 	return algorithmName == SHA1 || algorithmName == SHA256 || algorithmName == SHA384 || algorithmName == SHA512
 }
+
+// hasAlg an internal interface that helps us to identify
+// if a given object has an algorithm method.
+type hasAlg interface {
+	alg() string
+}

webcrypto/hash.go

@@ -23,3 +23,9 @@ func getHashFn(name string) (func() hash.Hash, bool) {
 		return nil, false
 	}
 }
+
+// hasHash an internal interface that helps us to identify
+// if a given object has a hash method.
+type hasHash interface {
+	hash() string
+}

webcrypto/hmac.go

@@ -30,6 +30,10 @@ type HMACKeyGenParams struct {
 	Length null.Int `js:"length"`
 }
 
+func (hkgp HMACKeyGenParams) hash() string {
+	return hkgp.Hash.Name
+}
+
 // newHMACKeyGenParams creates a new HMACKeyGenParams object, from the normalized
 // algorithm, and the params parameters passed by the user.
 //
@@ -132,7 +136,7 @@ func (hkgp *HMACKeyGenParams) GenerateKey(
 	key := &CryptoKey{Type: SecretCryptoKeyType, handle: randomKey}
 
 	// 6.
-	algorithm := HMACKeyAlgorithm{}
+	algorithm := &HMACKeyAlgorithm{}
 
 	// 7.
 	algorithm.Name = HMAC
@@ -169,7 +173,11 @@ type HMACKeyAlgorithm struct {
 	Length int64 `js:"length"`
 }
 
-func exportHMACKey(ck *CryptoKey, format KeyFormat) ([]byte, error) {
+func (hka HMACKeyAlgorithm) hash() string {
+	return hka.Hash.Name
+}
+
+func exportHMACKey(ck *CryptoKey, format KeyFormat) (interface{}, error) {
 	// 1.
 	if ck.handle == nil {
 		return nil, NewError(OperationError, "key data is not accessible")
@@ -185,6 +193,13 @@ func exportHMACKey(ck *CryptoKey, format KeyFormat) ([]byte, error) {
 	switch format {
 	case RawKeyFormat:
 		return bits, nil
+	case JwkKeyFormat:
+		m, err := exportSymmetricJWK(ck)
+		if err != nil {
+			return nil, NewError(ImplementationError, err.Error())
+		}
+
+		return m, nil
 	default:
 		// FIXME: note that we do not support JWK format, yet #37.
 		return nil, NewError(NotSupportedError, "unsupported key format "+format)
@@ -219,6 +234,12 @@ type HMACImportParams struct {
 	Length null.Int `js:"length"`
 }
 
+var _ hasHash = (*HMACImportParams)(nil)
+
+func (hip HMACImportParams) hash() string {
+	return hip.Hash.Name
+}
+
 // newHMACImportParams creates a new HMACImportParams object from the given
 // algorithm and params objects.
 func newHMACImportParams(rt *goja.Runtime, normalized Algorithm, params goja.Value) (*HMACImportParams, error) {
@@ -277,14 +298,19 @@ func (hip *HMACImportParams) ImportKey(
 	}
 
 	// 3.
-	var hash KeyAlgorithm
+	if format != RawKeyFormat && format != JwkKeyFormat {
+		return nil, NewError(NotSupportedError, "unsupported key format "+format)
+	}
+
+	hash := KeyAlgorithm{Algorithm{Name: hip.Hash.Name}}
 
 	// 4.
-	switch format {
-	case RawKeyFormat:
-		hash = KeyAlgorithm{Algorithm{Name: hip.Hash.Name}}
-	default:
-		return nil, NewError(NotSupportedError, "unsupported key format "+format)
+	if format == JwkKeyFormat {
+		var err error
+		keyData, err = extractSymmetricJWK(keyData)
+		if err != nil {
+			return nil, NewError(DataError, err.Error())
+		}
 	}
 
 	// 5. 6.