crypto: add TurboSHAKE and KangarooTwelve Web Cryptography algorithms

[panva]

Adds RFC 9861 - KangarooTwelve and TurboSHAKE digest algorithm to Web Cryptography API per WICG/webcrypto-modern-algos#41 using adapted OpenSSL's keccak1600 implementation, to be replaced when OpenSSL supports them natively at which point we'd also make them available in stable node:crypto.

Refs: https://wicg.github.io/webcrypto-modern-algos/#kangarootwelve
Refs: https://wicg.github.io/webcrypto-modern-algos/#turboshake
Refs: https://www.rfc-editor.org/rfc/rfc9861.html
Refs: https://redirect.github.com/openssl/openssl/issues/30304

The tests for the implementation use both test vectors from the RFC as well as ones generated using PyCryptodome

[nodejs-github-bot]

Review requested:

• @nodejs/crypto
• @nodejs/gyp
• @nodejs/web-standards

[anonrig]

This will fix an undefined behavior.

Suggested change

	if (offset == 0) return val;
	if (offset <= 0) return val;

[anonrig]

or the following:

[panva]

The offset values come from the static rhotates table which only contains values 0–62, so this can never happen in practice.

[anonrig]

Suggested change

	if (offset == 0) return val;
	return (val << offset) | (val >> (64 - offset));
	offset &= 63; // reduce to [0, 63]
	if (offset == 0) return val;
	return (val << offset) | (val >> (64 - offset));
	}

[panva]

Same, the offsets are fixed values in the range of 0..62

[anonrig]

You need to have an assert somewhere making sure that src has size at least 8.

[panva]

These helpers are only called on the internal 200-byte Keccak state and fixed-size padding buffers. Same pattern as OpenSSL's keccak1600.c they're adapted from.

[codecov]

Codecov Report

❌ Patch coverage is 85.71429% with 62 lines in your changes missing coverage. Please review.
✅ Project coverage is 89.64%. Comparing base (ae228c1) to head (95d3e32).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
src/crypto/crypto_turboshake.cc	83.42%	33 Missing and 25 partials ⚠️
src/crypto/crypto_turboshake.h	33.33%	4 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #62183      +/-   ##
==========================================
- Coverage   89.65%   89.64%   -0.01%     
==========================================
  Files         676      678       +2     
  Lines      206546   206984     +438     
  Branches    39558    39632      +74     
==========================================
+ Hits       185179   185553     +374     
- Misses      13485    13516      +31     
- Partials     7882     7915      +33     

Files with missing lines	Coverage Δ
lib/internal/crypto/hash.js	99.00% <100.00%> (+0.06%)	⬆️
lib/internal/crypto/util.js	95.50% <100.00%> (+0.06%)	⬆️
lib/internal/crypto/webidl.js	98.41% <100.00%> (+0.08%)	⬆️
src/node_crypto.cc	81.81% <ø> (ø)
src/crypto/crypto_turboshake.h	33.33% <33.33%> (ø)
src/crypto/crypto_turboshake.cc	83.42% <83.42%> (ø)

... and 32 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/71678/