[webcrypto] Update to use the KeyAlgorithm.

content/renderer/webcrypto/shared_crypto_unittest.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/renderer/webcrypto/shared_crypto.h"
 
 #include <algorithm>
 #include <string>
 #include <vector>
 
 #include "base/basictypes.h"
 #include "base/file_util.h"
 #include "base/json/json_reader.h"
 #include "base/json/json_writer.h"
 #include "base/logging.h"
 #include "base/memory/ref_counted.h"
 #include "base/path_service.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/values.h"
 #include "content/public/common/content_paths.h"
 #include "content/public/renderer/content_renderer_client.h"
 #include "content/renderer/renderer_webkitplatformsupport_impl.h"
 #include "content/renderer/webcrypto/crypto_data.h"
 #include "content/renderer/webcrypto/webcrypto_util.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "third_party/WebKit/public/platform/WebArrayBuffer.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+#include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
+#endif
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
 #include "third_party/WebKit/public/platform/WebCryptoKey.h"
 #include "third_party/re2/re2/re2.h"
 
 // The OpenSSL implementation of WebCrypto is less complete, so don't run all of
 // the tests: http://crbug.com/267888
 #if defined(USE_OPENSSL)
 #define MAYBE(test_name) DISABLED_##test_name
 #else
 #define MAYBE(test_name) test_name
 #endif
 
 // Helper macros to verify the value of a Status.
 #define EXPECT_STATUS_ERROR(code) EXPECT_FALSE((code).IsSuccess())
 #define EXPECT_STATUS(expected, code) \
   EXPECT_EQ(expected.ToString(), (code).ToString())
 #define ASSERT_STATUS(expected, code) \
   ASSERT_EQ(expected.ToString(), (code).ToString())
 #define EXPECT_STATUS_SUCCESS(code) EXPECT_STATUS(Status::Success(), code)
 #define ASSERT_STATUS_SUCCESS(code) ASSERT_STATUS(Status::Success(), code)
 
 namespace content {
 
 namespace webcrypto {
 
 namespace {
 
+blink::WebCryptoAlgorithm CreateRsaKeyGenAlgorithm(
+    blink::WebCryptoAlgorithmId algorithm_id,
+    unsigned int modulus_length,
+    const std::vector<uint8>& public_exponent) {
+  DCHECK_EQ(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, algorithm_id);
+  return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
+      algorithm_id,
+      new blink::WebCryptoRsaKeyGenParams(
+          modulus_length,
+          webcrypto::Uint8VectorStart(public_exponent),
+          public_exponent.size()));
+}
+
+blink::WebCryptoAlgorithm CreateRsaHashedKeyGenAlgorithm(
+    blink::WebCryptoAlgorithmId algorithm_id,
+    const blink::WebCryptoAlgorithmId hash_id,
+    unsigned int modulus_length,
+    const std::vector<uint8>& public_exponent) {
+  DCHECK(algorithm_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 ||
+         algorithm_id == blink::WebCryptoAlgorithmIdRsaOaep);
+  DCHECK(IsHashAlgorithm(hash_id));
+  return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
+      algorithm_id,
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+      new blink::WebCryptoRsaHashedKeyGenParams(
+          CreateAlgorithm(hash_id),
+#else
+      new blink::WebCryptoRsaKeyGenParams(
+#endif
+          modulus_length,
+          webcrypto::Uint8VectorStart(public_exponent),
+          public_exponent.size()));
+}
+
+// Creates an AES-CBC algorithm.
+blink::WebCryptoAlgorithm CreateAesCbcAlgorithm(const std::vector<uint8>& iv) {
+  return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
+      blink::WebCryptoAlgorithmIdAesCbc,
+      new blink::WebCryptoAesCbcParams(Uint8VectorStart(iv), iv.size()));
+}
+
+// Creates and AES-GCM algorithm.
+blink::WebCryptoAlgorithm CreateAesGcmAlgorithm(
+    const std::vector<uint8>& iv,
+    const std::vector<uint8>& additional_data,
+    unsigned int tag_length_bits) {
+  return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
+      blink::WebCryptoAlgorithmIdAesGcm,
+      new blink::WebCryptoAesGcmParams(Uint8VectorStart(iv),
+                                       iv.size(),
+                                       true,
+                                       Uint8VectorStart(additional_data),
+                                       additional_data.size(),
+                                       true,
+                                       tag_length_bits));
+}
+
+// Creates an HMAC algorithm whose parameters struct is compatible with key
+// generation. It is an error to call this with a hash_id that is not a SHA*.
+// The key_length_bytes parameter is optional, with zero meaning unspecified.
+blink::WebCryptoAlgorithm CreateHmacKeyGenAlgorithm(
+    blink::WebCryptoAlgorithmId hash_id,
+    unsigned int key_length_bytes) {
+  DCHECK(IsHashAlgorithm(hash_id));
+  // key_length_bytes == 0 means unspecified
+  return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
+      blink::WebCryptoAlgorithmIdHmac,
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+      new blink::WebCryptoHmacKeyGenParams(
+#else
+      new blink::WebCryptoHmacKeyParams(
+#endif
+          CreateAlgorithm(hash_id), (key_length_bytes != 0), key_length_bytes));
+}
+
 // Returns a slightly modified version of the input vector.
 //
 //  - For non-empty inputs a single bit is inverted.
 //  - For empty inputs, a byte is added.
 std::vector<uint8> Corrupted(const std::vector<uint8>& input) {
   std::vector<uint8> corrupted_data(input);
   if (corrupted_data.empty())
     corrupted_data.push_back(0);
   corrupted_data[corrupted_data.size() / 2] ^= 0x01;
   return corrupted_data;
 }
 
 std::vector<uint8> HexStringToBytes(const std::string& hex) {
   std::vector<uint8> bytes;
   base::HexStringToBytes(hex, &bytes);
   return bytes;
 }
 
+void ExpectCryptDataMatches(const CryptoData& expected,
+                            const CryptoData& actual) {
+  EXPECT_EQ(base::HexEncode(expected.bytes(), expected.byte_length()),
+            base::HexEncode(actual.bytes(), actual.byte_length()));
+}
+
 void ExpectArrayBufferMatches(const std::vector<uint8>& expected,
                               const blink::WebArrayBuffer& actual) {
-  EXPECT_EQ(
-      base::HexEncode(webcrypto::Uint8VectorStart(expected), expected.size()),
-      base::HexEncode(actual.data(), actual.byteLength()));

[Ryan Sleevi, 2014/02/25 22:26:26]

Can you avoid making (good-but-unrelated) changes like this in the future?

I would have been happy with ExpectCryptoDataMatches and cleaning up in a
separate CL. It just seems like you did a lot of CryptoData cleanup in this CL
that would have been better if separated from the KeyAlgorithm this CL is
supposed to be about.

Minimally, update the CL description to call this out as well.

[eroman, 2014/02/25 23:26:47]

Removed the CryptoData changes in unittest file.
Also removed an unnecessary CryptoData change in platform_crypto_nss.cc
(BigIntegerToLong).

There is one remaining CryptoData change to the signature of generatersakeypair.
This one is relevant to the changelist, since the parameter names have changed
on the blink side and need to be if-def

+  return ExpectCryptDataMatches(CryptoData(expected), CryptoData(actual));
+}
+
+void ExpectCryptoDataMatchesHex(const std::string& expected_hex,
+                                const CryptoData& actual) {
+  EXPECT_STRCASEEQ(
+      expected_hex.c_str(),
+      base::HexEncode(actual.bytes(), actual.byte_length()).c_str());
 }
 
 void ExpectArrayBufferMatchesHex(const std::string& expected_hex,
                                  const blink::WebArrayBuffer& array_buffer) {
-  EXPECT_STRCASEEQ(
-      expected_hex.c_str(),
-      base::HexEncode(array_buffer.data(), array_buffer.byteLength()).c_str());
+  return ExpectCryptoDataMatchesHex(expected_hex, CryptoData(array_buffer));
 }
 
 void ExpectVectorMatches(const std::vector<uint8>& expected,
                          const std::vector<uint8>& actual) {
-  EXPECT_EQ(
-      base::HexEncode(webcrypto::Uint8VectorStart(expected), expected.size()),
-      base::HexEncode(webcrypto::Uint8VectorStart(actual), actual.size()));
+  return ExpectCryptDataMatches(CryptoData(expected), CryptoData(actual));
 }
 
 std::vector<uint8> MakeJsonVector(const std::string& json_string) {
   return std::vector<uint8>(json_string.begin(), json_string.end());
 }
 
 std::vector<uint8> MakeJsonVector(const base::DictionaryValue& dict) {
   std::string json;
   base::JSONWriter::Write(&dict, &json);
   return MakeJsonVector(json);
@@ skipping 102 matching lines @@
 // dictionary to a good state
 void RestoreJwkOctDictionary(base::DictionaryValue* dict) {
   dict->Clear();
   dict->SetString("kty", "oct");
   dict->SetString("alg", "A128CBC");
   dict->SetString("use", "enc");
   dict->SetBoolean("extractable", false);
   dict->SetString("k", "GADWrMRHwQfoNaXU5fZvTg==");
 }
 
-blink::WebCryptoAlgorithm CreateAesGcmAlgorithm(
-    const std::vector<uint8>& iv,
-    const std::vector<uint8>& additional_data,
-    unsigned int tag_length_bits) {
-  return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
-      blink::WebCryptoAlgorithmIdAesGcm,
-      new blink::WebCryptoAesGcmParams(Uint8VectorStart(iv),
-                                       iv.size(),
-                                       true,
-                                       Uint8VectorStart(additional_data),
-                                       additional_data.size(),
-                                       true,
-                                       tag_length_bits));
-}
-
 // Helper for ImportJwkRsaFailures. Restores the JWK JSON
 // dictionary to a good state
 void RestoreJwkRsaDictionary(base::DictionaryValue* dict) {
   dict->Clear();
   dict->SetString("kty", "RSA");
   dict->SetString("alg", "RSA1_5");
   dict->SetString("use", "enc");
   dict->SetBoolean("extractable", false);
   dict->SetString(
       "n",
       "qLOyhK-OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx-CwgtaTpef87Wdc9GaFEncsDLxk"
       "p0LGxjD1M8jMcvYq6DPEC_JYQumEu3i9v5fAEH1VvbZi9cTg-rmEXLUUjvc5LdOq_5OuHmtm"
       "e7PUJHYW1PW6ENTP0ibeiNOfFvs");
   dict->SetString("e", "AQAB");
 }
 
-blink::WebCryptoAlgorithm CreateRsaAlgorithmWithInnerHash(
+blink::WebCryptoAlgorithm CreateRsaHashedImportAlgorithm(
     blink::WebCryptoAlgorithmId algorithm_id,
     blink::WebCryptoAlgorithmId hash_id) {
   DCHECK(algorithm_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 ||
          algorithm_id == blink::WebCryptoAlgorithmIdRsaOaep);
   DCHECK(IsHashAlgorithm(hash_id));
   return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
-      algorithm_id, new blink::WebCryptoRsaSsaParams(CreateAlgorithm(hash_id)));
+      algorithm_id,
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+      new blink::WebCryptoRsaHashedImportParams(CreateAlgorithm(hash_id)));
+#else
+      // Good enough for the tests.
+      new blink::WebCryptoRsaSsaParams(CreateAlgorithm(hash_id)));
+#endif
 }
 
 // Determines if two ArrayBuffers have identical content.
 bool ArrayBuffersEqual(const blink::WebArrayBuffer& a,
                        const blink::WebArrayBuffer& b) {
   return a.byteLength() == b.byteLength() &&
          memcmp(a.data(), b.data(), a.byteLength()) == 0;
 }
 
 // Given a vector of WebArrayBuffers, determines if there are any copies.
@@ skipping 257 matching lines @@
     base::DictionaryValue* test;
     ASSERT_TRUE(tests->GetDictionary(test_index, &test));
 
     blink::WebCryptoAlgorithm test_hash = GetDigestAlgorithm(test, "hash");
     const std::vector<uint8> test_key = GetBytesFromHexString(test, "key");
     const std::vector<uint8> test_message =
         GetBytesFromHexString(test, "message");
     const std::vector<uint8> test_mac = GetBytesFromHexString(test, "mac");
 
     blink::WebCryptoAlgorithm algorithm =
-        CreateHmacAlgorithmByHashId(test_hash.id());
+        CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac);
+
+    blink::WebCryptoAlgorithm importAlgorithm =
+        CreateHmacImportAlgorithm(test_hash.id());
 
     blink::WebCryptoKey key = ImportSecretKeyFromRaw(
         test_key,
-        algorithm,
+        importAlgorithm,
         blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify);
 
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+    EXPECT_EQ(test_hash.id(), key.algorithm().hmacParams()->hash().id());
+#endif
+
     // Verify exported raw key is identical to the imported data
     blink::WebArrayBuffer raw_key;
     EXPECT_STATUS_SUCCESS(
         ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
     ExpectArrayBufferMatches(test_key, raw_key);
 
     blink::WebArrayBuffer output;
 
     ASSERT_STATUS_SUCCESS(
         Sign(algorithm, key, CryptoData(test_message), &output));
@@ skipping 137 matching lines @@
     std::vector<uint8> test_plain_text =
         GetBytesFromHexString(test, "plain_text");
     std::vector<uint8> test_cipher_text =
         GetBytesFromHexString(test, "cipher_text");
 
     blink::WebCryptoKey key = ImportSecretKeyFromRaw(
         test_key,
         CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
         blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt);
 
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+    EXPECT_EQ(test_key.size() * 8, key.algorithm().aesParams()->lengthBits());
+#endif
+
     // Verify exported raw key is identical to the imported data
     blink::WebArrayBuffer raw_key;
     EXPECT_STATUS_SUCCESS(
         ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
     ExpectArrayBufferMatches(test_key, raw_key);
 
     blink::WebArrayBuffer output;
 
     // Test encryption.
     EXPECT_STATUS(Status::Success(),
@@ skipping 54 matching lines @@
   for (size_t i = 0; i < algorithm.size(); ++i) {
     SCOPED_TRACE(i);
     // Generate a small sample of keys.
     keys.clear();
     for (int j = 0; j < 16; ++j) {
       ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm[i], true, 0, &key));
       EXPECT_TRUE(key.handle());
       EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
       ASSERT_STATUS_SUCCESS(
           ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_bytes));
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+      EXPECT_EQ(key_bytes.byteLength() * 8,
+                key.algorithm().aesParams()->lengthBits());
+#endif
       keys.push_back(key_bytes);
     }
     // Ensure all entries in the key sample set are unique. This is a simplistic
     // estimate of whether the generated keys appear random.
     EXPECT_FALSE(CopiesExist(keys));
   }
 }
 
 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyAesBadLength)) {
   const unsigned short kKeyLen[] = {0, 127, 257};
@@ skipping 18 matching lines @@
   for (int i = 0; i < 16; ++i) {
     blink::WebArrayBuffer key_bytes;
     blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
     blink::WebCryptoAlgorithm algorithm =
         CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 64);
     ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm, true, 0, &key));
     EXPECT_FALSE(key.isNull());
     EXPECT_TRUE(key.handle());
     EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
     EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+    EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,

[Ryan Sleevi, 2014/02/25 22:26:26]

Why are you testing this, rather than algorithm like you do on line 617

Fewer magic constants (eg: line 891) are a good thing?

[eroman, 2014/02/25 23:26:47]

Unless you feel strongly about this will leave as is.

I prefer to use constant wherever possible in test expectations. Using a dynamic
value makes it possible to make two mistakes and end up with a test that still
passes, but not for the reason you were expecting.

Line 891 is different because the test expectations come from a json file (so
can't be expressed as a constant).

+              key.algorithm().hmacParams()->hash().id());
+#endif
 
     blink::WebArrayBuffer raw_key;
     ASSERT_STATUS_SUCCESS(
         ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
     EXPECT_EQ(64U, raw_key.byteLength());
     keys.push_back(raw_key);
   }
   // Ensure all entries in the key sample set are unique. This is a simplistic
   // estimate of whether the generated keys appear random.
   EXPECT_FALSE(CopiesExist(keys));
 }
 
 // If the key length is not provided, then the block size is used.
 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyHmacNoLength)) {
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   blink::WebCryptoAlgorithm algorithm =
       CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 0);
   ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm, true, 0, &key));
   EXPECT_TRUE(key.handle());
   EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
   blink::WebArrayBuffer raw_key;
   ASSERT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
   EXPECT_EQ(64U, raw_key.byteLength());
 
   // The block size for HMAC SHA-512 is larger.
   algorithm = CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha512, 0);
   ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm, true, 0, &key));
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+  EXPECT_EQ(blink::WebCryptoAlgorithmIdSha512,
+            key.algorithm().hmacParams()->hash().id());

[Ryan Sleevi, 2014/02/25 22:26:26]

Ditto

+#endif
   ASSERT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
   EXPECT_EQ(128U, raw_key.byteLength());
 }
 
 TEST_F(SharedCryptoTest, MAYBE(ImportSecretKeyNoAlgorithm)) {
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
 
   // This fails because the algorithm is null.
   EXPECT_STATUS(Status::ErrorMissingAlgorithmImportRawKey(),
                 ImportKey(blink::WebCryptoKeyFormatRaw,
@@ skipping 199 matching lines @@
 }
 
 TEST_F(SharedCryptoTest, MAYBE(ImportJwkInputConsistency)) {
   // The Web Crypto spec says that if a JWK value is present, but is
   // inconsistent with the input value, the operation must fail.
 
   // Consistency rules when JWK value is not present: Inputs should be used.
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   bool extractable = false;
   blink::WebCryptoAlgorithm algorithm =
-      CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha256);
+      CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256);
   blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageVerify;
   base::DictionaryValue dict;
   dict.SetString("kty", "oct");
   dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
   std::vector<uint8> json_vec = MakeJsonVector(dict);
   EXPECT_STATUS_SUCCESS(ImportKeyJwk(
       CryptoData(json_vec), algorithm, extractable, usage_mask, &key));
   EXPECT_TRUE(key.handle());
   EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
   EXPECT_EQ(extractable, key.extractable());
@@ skipping 43 matching lines @@
                              CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
                              extractable,
                              usage_mask,
                              &key));
 
   // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value
   // (HMAC SHA256).
   EXPECT_STATUS(
       Status::ErrorJwkAlgorithmInconsistent(),
       ImportKeyJwk(CryptoData(json_vec),
-                   CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha1),
+                   CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1),
                    extractable,
                    usage_mask,
                    &key));
 
   // Pass: JWK alg valid but input algorithm isNull: use JWK algorithm value.
   EXPECT_STATUS_SUCCESS(ImportKeyJwk(CryptoData(json_vec),
                                      blink::WebCryptoAlgorithm::createNull(),
                                      extractable,
                                      usage_mask,
                                      &key));
   EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id());
 
   // Pass: JWK alg missing but input algorithm specified: use input value
   dict.Remove("alg", NULL);
   EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict(
       dict,
-      CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha256),
+      CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256),
       extractable,
       usage_mask,
       &key));
   EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id());
   dict.SetString("alg", "HS256");
 
   // Fail: Input usage_mask (encrypt) is not a subset of the JWK value
   // (sign|verify)
   EXPECT_STATUS(Status::ErrorJwkUsageInconsistent(),
                 ImportKeyJwk(CryptoData(json_vec),
@@ skipping 18 matching lines @@
 }
 
 TEST_F(SharedCryptoTest, MAYBE(ImportJwkHappy)) {
 
   // This test verifies the happy path of JWK import, including the application
   // of the imported key material.
 
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   bool extractable = false;
   blink::WebCryptoAlgorithm algorithm =
-      CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha256);
+      CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256);
   blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageSign;
 
   // Import a symmetric key JWK and HMAC-SHA256 sign()
   // Uses the first SHA256 test vector from the HMAC sample set above.
 
   base::DictionaryValue dict;
   dict.SetString("kty", "oct");
   dict.SetString("alg", "HS256");
   dict.SetString("use", "sig");
   dict.SetBoolean("extractable", false);
   dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
 
   ASSERT_STATUS_SUCCESS(
       ImportKeyJwkFromDict(dict, algorithm, extractable, usage_mask, &key));
 
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+  EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,

[Ryan Sleevi, 2014/02/25 22:26:26]

ditto

+            key.algorithm().hmacParams()->hash().id());
+#endif
+
   const std::vector<uint8> message_raw = HexStringToBytes(
       "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a"
       "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92"
       "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f"
       "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e");
 
   blink::WebArrayBuffer output;
 
-  ASSERT_STATUS_SUCCESS(Sign(algorithm, key, CryptoData(message_raw), &output));
+  ASSERT_STATUS_SUCCESS(Sign(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac),
+                             key,
+                             CryptoData(message_raw),
+                             &output));
 
   const std::string mac_raw =
       "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b";
 
   ExpectArrayBufferMatchesHex(mac_raw, output);
 
   // TODO(padolph): Import an RSA public key JWK and use it
 }
 
 TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) {
   // Passing case: Import a valid RSA key in SPKI format.
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   ASSERT_STATUS_SUCCESS(
       ImportKey(blink::WebCryptoKeyFormatSpki,
                 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)),
                 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5),
                 true,
                 blink::WebCryptoKeyUsageEncrypt,
                 &key));
   EXPECT_TRUE(key.handle());
   EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type());
   EXPECT_TRUE(key.extractable());
   EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+  EXPECT_EQ(kModulusLength, key.algorithm().rsaParams()->modulusLengthBits());
+  ExpectCryptoDataMatchesHex(
+      "010001", CryptoData(key.algorithm().rsaParams()->publicExponent()));
+#endif
 
   // Failing case: Empty SPKI data
   EXPECT_STATUS(Status::ErrorImportEmptyKeyData(),
                 ImportKey(blink::WebCryptoKeyFormatSpki,
                           CryptoData(std::vector<uint8>()),
                           blink::WebCryptoAlgorithm::createNull(),
                           true,
                           blink::WebCryptoKeyUsageEncrypt,
                           &key));
 
@@ skipping 31 matching lines @@
   // and compare to original data.
   blink::WebArrayBuffer output;
   ASSERT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatSpki, key, &output));
   ExpectArrayBufferMatchesHex(kPublicKeySpkiDerHex, output);
 
   // Failing case: Try to export a previously imported RSA public key in raw
   // format (not allowed for a public key).
   EXPECT_STATUS(Status::ErrorUnexpectedKeyType(),
                 ExportKey(blink::WebCryptoKeyFormatRaw, key, &output));
 
-  // Failing case: Try to export a non-extractable key
+  // Try to export a non-extractable public key - should work, public keys are
+  // always extractable
   ASSERT_STATUS_SUCCESS(
       ImportKey(blink::WebCryptoKeyFormatSpki,
                 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)),
                 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5),
                 false,
                 blink::WebCryptoKeyUsageEncrypt,
                 &key));
   EXPECT_TRUE(key.handle());
-  EXPECT_FALSE(key.extractable());
-  EXPECT_STATUS(Status::ErrorKeyNotExtractable(),
-                ExportKey(blink::WebCryptoKeyFormatSpki, key, &output));
+  EXPECT_TRUE(key.extractable());
+  EXPECT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatSpki, key, &output));
 }
 
 TEST_F(SharedCryptoTest, MAYBE(ImportPkcs8)) {
   // Passing case: Import a valid RSA key in PKCS#8 format.
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
-  ASSERT_STATUS_SUCCESS(
-      ImportKey(blink::WebCryptoKeyFormatPkcs8,
-                CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)),
-                CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5),
-                true,
-                blink::WebCryptoKeyUsageSign,
-                &key));
+  ASSERT_STATUS_SUCCESS(ImportKey(
+      blink::WebCryptoKeyFormatPkcs8,
+      CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)),
+      CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
+                                     blink::WebCryptoAlgorithmIdSha1),
+      true,
+      blink::WebCryptoKeyUsageSign,
+      &key));
   EXPECT_TRUE(key.handle());
   EXPECT_EQ(blink::WebCryptoKeyTypePrivate, key.type());
   EXPECT_TRUE(key.extractable());
   EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages());
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+  EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
+            key.algorithm().rsaHashedParams()->hash().id());
+  EXPECT_EQ(kModulusLength,
+            key.algorithm().rsaHashedParams()->modulusLengthBits());
+  ExpectCryptoDataMatchesHex(
+      "010001",
+      CryptoData(key.algorithm().rsaHashedParams()->publicExponent()));
+#endif
 
   // Failing case: Empty PKCS#8 data
   EXPECT_STATUS(Status::ErrorImportEmptyKeyData(),
                 ImportKey(blink::WebCryptoKeyFormatPkcs8,
                           CryptoData(std::vector<uint8>()),
                           blink::WebCryptoAlgorithm::createNull(),
                           true,
                           blink::WebCryptoKeyUsageSign,
                           &key));
 
@@ skipping 35 matching lines @@
   const unsigned int modulus_length = 256;
   const std::vector<uint8> public_exponent = HexStringToBytes("010001");
   blink::WebCryptoAlgorithm algorithm =
       CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
                                modulus_length,
                                public_exponent);
   bool extractable = false;
   const blink::WebCryptoKeyUsageMask usage_mask = 0;
   blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
   blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
-  EXPECT_STATUS_SUCCESS(GenerateKeyPair(
+  ASSERT_STATUS_SUCCESS(GenerateKeyPair(
       algorithm, extractable, usage_mask, &public_key, &private_key));
   EXPECT_FALSE(public_key.isNull());
   EXPECT_FALSE(private_key.isNull());
   EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type());
   EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type());
   EXPECT_TRUE(public_key.extractable());
   EXPECT_EQ(extractable, private_key.extractable());
   EXPECT_EQ(usage_mask, public_key.usages());
   EXPECT_EQ(usage_mask, private_key.usages());
 
@@ skipping 50 matching lines @@
   EXPECT_FALSE(public_key.isNull());
   EXPECT_FALSE(private_key.isNull());
   EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type());
   EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type());
   EXPECT_TRUE(public_key.extractable());
   EXPECT_EQ(extractable, private_key.extractable());
   EXPECT_EQ(usage_mask, public_key.usages());
   EXPECT_EQ(usage_mask, private_key.usages());
 
   // Successful WebCryptoAlgorithmIdRsaOaep key generation.
-  algorithm = CreateRsaKeyGenAlgorithm(
-      blink::WebCryptoAlgorithmIdRsaOaep, modulus_length, public_exponent);
+  algorithm = CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaOaep,
+                                             blink::WebCryptoAlgorithmIdSha256,
+                                             modulus_length,
+                                             public_exponent);
   EXPECT_STATUS_SUCCESS(GenerateKeyPair(
       algorithm, extractable, usage_mask, &public_key, &private_key));
   EXPECT_FALSE(public_key.isNull());
   EXPECT_FALSE(private_key.isNull());
   EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type());
   EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type());
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+  EXPECT_EQ(modulus_length,
+            public_key.algorithm().rsaHashedParams()->modulusLengthBits());
+  EXPECT_EQ(modulus_length,
+            private_key.algorithm().rsaHashedParams()->modulusLengthBits());
+  EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
+            public_key.algorithm().rsaHashedParams()->hash().id());
+  EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,

[Ryan Sleevi, 2014/02/25 22:26:26]

why not |algorithm| here as well?

+            private_key.algorithm().rsaHashedParams()->hash().id());
+#endif
   EXPECT_TRUE(public_key.extractable());
   EXPECT_EQ(extractable, private_key.extractable());
   EXPECT_EQ(usage_mask, public_key.usages());
   EXPECT_EQ(usage_mask, private_key.usages());
 
   // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation.
   algorithm =
-      CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
-                               modulus_length,
-                               public_exponent);
+      CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
+                                     blink::WebCryptoAlgorithmIdSha1,
+                                     modulus_length,
+                                     public_exponent);
   EXPECT_STATUS_SUCCESS(
       GenerateKeyPair(algorithm, false, usage_mask, &public_key, &private_key));
   EXPECT_FALSE(public_key.isNull());
   EXPECT_FALSE(private_key.isNull());
   EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type());
   EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type());
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+  EXPECT_EQ(modulus_length,
+            public_key.algorithm().rsaHashedParams()->modulusLengthBits());
+  EXPECT_EQ(modulus_length,
+            private_key.algorithm().rsaHashedParams()->modulusLengthBits());
+  EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
+            public_key.algorithm().rsaHashedParams()->hash().id());
+  EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,

[Ryan Sleevi, 2014/02/25 22:26:26]

ditto

+            private_key.algorithm().rsaHashedParams()->hash().id());
+#endif
   // Even though "extractable" was set to false, the public key remains
   // extractable.
   EXPECT_TRUE(public_key.extractable());
   EXPECT_FALSE(private_key.extractable());
   EXPECT_EQ(usage_mask, public_key.usages());
   EXPECT_EQ(usage_mask, private_key.usages());
 
   // Exporting a private key as SPKI format doesn't make sense. However this
   // will first fail because the key is not extractable.
   blink::WebArrayBuffer output;
@@ skipping 177 matching lines @@
   // consider?
 
   // Do a successful decrypt with good data just for confirmation.
   EXPECT_STATUS_SUCCESS(Decrypt(
       algorithm, private_key, CryptoData(encrypted_data), &decrypted_data));
   ExpectArrayBufferMatchesHex(message_hex_str, decrypted_data);
 }
 
 TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) {
   // Import a key pair.
-  blink::WebCryptoAlgorithm algorithm = CreateRsaAlgorithmWithInnerHash(
-      blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
-      blink::WebCryptoAlgorithmIdSha1);
+  blink::WebCryptoKeyUsageMask usage_mask =
+      blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify;
+  blink::WebCryptoAlgorithm importAlgorithm =
+      CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
+                                     blink::WebCryptoAlgorithmIdSha1);
   blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
   blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
-  ImportRsaKeyPair(
-      HexStringToBytes(kPublicKeySpkiDerHex),
-      HexStringToBytes(kPrivateKeyPkcs8DerHex),
-      algorithm,
-      false,
-      blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
-      &public_key,
-      &private_key);
+  ImportRsaKeyPair(HexStringToBytes(kPublicKeySpkiDerHex),
+                   HexStringToBytes(kPrivateKeyPkcs8DerHex),
+                   importAlgorithm,
+                   false,
+                   usage_mask,
+                   &public_key,
+                   &private_key);
+
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+  blink::WebCryptoAlgorithm algorithm =
+      CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5);
+#else
+  blink::WebCryptoAlgorithm algorithm = importAlgorithm;
+#endif
 
   blink::WebArrayBuffer signature;
   bool signature_match;
 
   // Compute a signature.
   const std::vector<uint8> data = HexStringToBytes("010203040506070809");
   ASSERT_STATUS_SUCCESS(
       Sign(algorithm, private_key, CryptoData(data), &signature));
 
   // Ensure truncated signature does not verify by passing one less byte.
@@ skipping 42 matching lines @@
                                 CryptoData(signature),
                                 CryptoData(data),
                                 &signature_match));
 
   // Ensure that signing using a public key, rather than a private key, fails.
   EXPECT_STATUS(Status::ErrorUnexpectedKeyType(),
                 Sign(algorithm, public_key, CryptoData(data), &signature));
 
   // Ensure that signing and verifying with an incompatible algorithm fails.
   algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
+
   EXPECT_STATUS(Status::ErrorUnexpected(),
                 Sign(algorithm, private_key, CryptoData(data), &signature));
   EXPECT_STATUS(Status::ErrorUnexpected(),
                 VerifySignature(algorithm,
                                 public_key,
                                 CryptoData(signature),
                                 CryptoData(data),
                                 &signature_match));
 
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
   // Some crypto libraries (NSS) can automatically select the RSA SSA inner hash
   // based solely on the contents of the input signature data. In the Web Crypto
-  // implementation, the inner hash should be specified uniquely by the input
+  // implementation, the inner hash should be specified uniquely by the key
   // algorithm parameter. To validate this behavior, call Verify with a computed
-  // signature that used one hash type (SHA-1), but pass in an algorithm with a
+  // signature that used one hash type (SHA-1), but pass in a key with a
   // different inner hash type (SHA-256). If the hash type is determined by the
   // signature itself (undesired), the verify will pass, while if the hash type
-  // is specified by the input algorithm (desired), the verify will fail.
+  // is specified by the key algorithm (desired), the verify will fail.
 
   // Compute a signature using SHA-1 as the inner hash.
-  EXPECT_STATUS_SUCCESS(Sign(CreateRsaAlgorithmWithInnerHash(
-                                 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
-                                 blink::WebCryptoAlgorithmIdSha1),
-                             private_key,
-                             CryptoData(data),
-                             &signature));
+  EXPECT_STATUS_SUCCESS(
+      Sign(CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5),
+           private_key,
+           CryptoData(data),
+           &signature));
+
+  blink::WebCryptoKey public_key_256 = blink::WebCryptoKey::createNull();
+  EXPECT_STATUS_SUCCESS(ImportKey(
+      blink::WebCryptoKeyFormatSpki,
+      CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)),
+      CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
+                                     blink::WebCryptoAlgorithmIdSha256),
+      true,
+      usage_mask,
+      &public_key_256));
 
   // Now verify using an algorithm whose inner hash is SHA-256, not SHA-1. The
   // signature should not verify.
   // NOTE: public_key was produced by generateKey, and so its associated
   // algorithm has WebCryptoRsaKeyGenParams and not WebCryptoRsaSsaParams. Thus
   // it has no inner hash to conflict with the input algorithm.
+  EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
+            private_key.algorithm().rsaHashedParams()->hash().id());
+  EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
+            public_key_256.algorithm().rsaHashedParams()->hash().id());
+
   bool is_match;
-  EXPECT_STATUS_SUCCESS(
-      VerifySignature(CreateRsaAlgorithmWithInnerHash(
-                          blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
-                          blink::WebCryptoAlgorithmIdSha256),
-                      public_key,
-                      CryptoData(signature),
-                      CryptoData(data),
-                      &is_match));
+  EXPECT_STATUS_SUCCESS(VerifySignature(
+      CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5),
+      public_key_256,
+      CryptoData(signature),
+      CryptoData(data),
+      &is_match));
   EXPECT_FALSE(is_match);
+#endif
 }
 
 TEST_F(SharedCryptoTest, MAYBE(RsaSignVerifyKnownAnswer)) {
   scoped_ptr<base::ListValue> tests;
   ASSERT_TRUE(ReadJsonTestFileToList("pkcs1v15_sign.json", &tests));
 
   // Import the key pair.
-  blink::WebCryptoAlgorithm algorithm = CreateRsaAlgorithmWithInnerHash(
-      blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
-      blink::WebCryptoAlgorithmIdSha1);
+  blink::WebCryptoAlgorithm importAlgorithm =
+      CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
+                                     blink::WebCryptoAlgorithmIdSha1);
   blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
   blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
   ImportRsaKeyPair(
       HexStringToBytes(kPublicKeySpkiDerHex),
       HexStringToBytes(kPrivateKeyPkcs8DerHex),
-      algorithm,
+      importAlgorithm,
       false,
       blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
       &public_key,
       &private_key);
 
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+  blink::WebCryptoAlgorithm algorithm =
+      CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5);
+#else
+  const blink::WebCryptoAlgorithm& algorithm = importAlgorithm;
+#endif
+
   // Validate the signatures are computed and verified as expected.
   blink::WebArrayBuffer signature;
   for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) {
     SCOPED_TRACE(test_index);
 
     base::DictionaryValue* test;
     ASSERT_TRUE(tests->GetDictionary(test_index, &test));
 
     std::vector<uint8> test_message =
         GetBytesFromHexString(test, "message_hex");
@@ skipping 215 matching lines @@
                                         test_cipher_text,
                                         test_authentication_tag,
                                         &plain_text));
     }
   }
 }
 
 }  // namespace webcrypto
 
 }  // namespace content