[webcrypto] Update to use the KeyAlgorithm.

content/renderer/webcrypto/shared_crypto_unittest.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/renderer/webcrypto/shared_crypto.h"
 
 #include <algorithm>
 #include <string>
 #include <vector>
 
 #include "base/basictypes.h"
 #include "base/file_util.h"
 #include "base/json/json_reader.h"
 #include "base/json/json_writer.h"
 #include "base/logging.h"
 #include "base/memory/ref_counted.h"
 #include "base/path_service.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/values.h"
 #include "content/public/common/content_paths.h"
 #include "content/public/renderer/content_renderer_client.h"
 #include "content/renderer/renderer_webkitplatformsupport_impl.h"
 #include "content/renderer/webcrypto/crypto_data.h"
 #include "content/renderer/webcrypto/webcrypto_util.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "third_party/WebKit/public/platform/WebArrayBuffer.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+#include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
+#endif
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
 #include "third_party/WebKit/public/platform/WebCryptoKey.h"
 #include "third_party/re2/re2/re2.h"
 
 // The OpenSSL implementation of WebCrypto is less complete, so don't run all of
 // the tests: http://crbug.com/267888
 #if defined(USE_OPENSSL)
 #define MAYBE(test_name) DISABLED_##test_name
 #else
 #define MAYBE(test_name) test_name
 #endif
 
 // Helper macros to verify the value of a Status.
 #define EXPECT_STATUS_ERROR(code) EXPECT_FALSE((code).IsSuccess())
 #define EXPECT_STATUS(expected, code) \
   EXPECT_EQ(expected.ToString(), (code).ToString())
 #define ASSERT_STATUS(expected, code) \
   ASSERT_EQ(expected.ToString(), (code).ToString())
 #define EXPECT_STATUS_SUCCESS(code) EXPECT_STATUS(Status::Success(), code)
 #define ASSERT_STATUS_SUCCESS(code) ASSERT_STATUS(Status::Success(), code)
 
 namespace content {
 
 namespace webcrypto {
 
 namespace {
 
+blink::WebCryptoAlgorithm CreateRsaKeyGenAlgorithm(
+    blink::WebCryptoAlgorithmId algorithm_id,
+    unsigned int modulus_length,
+    const std::vector<uint8>& public_exponent) {
+  DCHECK_EQ(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, algorithm_id);
+  return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
+      algorithm_id,
+      new blink::WebCryptoRsaKeyGenParams(
+          modulus_length,
+          webcrypto::Uint8VectorStart(public_exponent),
+          public_exponent.size()));
+}
+
+blink::WebCryptoAlgorithm CreateRsaHashedKeyGenAlgorithm(
+    blink::WebCryptoAlgorithmId algorithm_id,
+    const blink::WebCryptoAlgorithmId hash_id,
+    unsigned int modulus_length,
+    const std::vector<uint8>& public_exponent) {
+  DCHECK(algorithm_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 ||
+         algorithm_id == blink::WebCryptoAlgorithmIdRsaOaep);
+  DCHECK(IsHashAlgorithm(hash_id));
+  return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
+      algorithm_id,
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+      new blink::WebCryptoRsaHashedKeyGenParams(
+          CreateAlgorithm(hash_id),
+#else
+      new blink::WebCryptoRsaKeyGenParams(
+#endif
+          modulus_length,
+          webcrypto::Uint8VectorStart(public_exponent),
+          public_exponent.size()));
+}
+
+// Creates an AES-CBC algorithm.
+blink::WebCryptoAlgorithm CreateAesCbcAlgorithm(const std::vector<uint8>& iv) {
+  return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
+      blink::WebCryptoAlgorithmIdAesCbc,
+      new blink::WebCryptoAesCbcParams(Uint8VectorStart(iv), iv.size()));
+}
+
+// Creates and AES-GCM algorithm.
+blink::WebCryptoAlgorithm CreateAesGcmAlgorithm(
+    const std::vector<uint8>& iv,
+    const std::vector<uint8>& additional_data,
+    unsigned int tag_length_bits) {
+  return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
+      blink::WebCryptoAlgorithmIdAesGcm,
+      new blink::WebCryptoAesGcmParams(Uint8VectorStart(iv),
+                                       iv.size(),
+                                       true,
+                                       Uint8VectorStart(additional_data),
+                                       additional_data.size(),
+                                       true,
+                                       tag_length_bits));
+}
+
+// Creates an HMAC algorithm whose parameters struct is compatible with key
+// generation. It is an error to call this with a hash_id that is not a SHA*.
+// The key_length_bytes parameter is optional, with zero meaning unspecified.
+blink::WebCryptoAlgorithm CreateHmacKeyGenAlgorithm(
+    blink::WebCryptoAlgorithmId hash_id,
+    unsigned int key_length_bytes) {
+  DCHECK(IsHashAlgorithm(hash_id));
+  // key_length_bytes == 0 means unspecified
+  return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
+      blink::WebCryptoAlgorithmIdHmac,
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+      new blink::WebCryptoHmacKeyGenParams(
+#else
+      new blink::WebCryptoHmacKeyParams(
+#endif
+          CreateAlgorithm(hash_id), (key_length_bytes != 0), key_length_bytes));
+}
+
 // Returns a slightly modified version of the input vector.
 //
 //  - For non-empty inputs a single bit is inverted.
 //  - For empty inputs, a byte is added.
 std::vector<uint8> Corrupted(const std::vector<uint8>& input) {
   std::vector<uint8> corrupted_data(input);
   if (corrupted_data.empty())
     corrupted_data.push_back(0);
   corrupted_data[corrupted_data.size() / 2] ^= 0x01;
   return corrupted_data;
 }
 
 std::vector<uint8> HexStringToBytes(const std::string& hex) {
   std::vector<uint8> bytes;
   base::HexStringToBytes(hex, &bytes);
   return bytes;
 }
 
 void ExpectArrayBufferMatches(const std::vector<uint8>& expected,
                               const blink::WebArrayBuffer& actual) {
   EXPECT_EQ(
       base::HexEncode(webcrypto::Uint8VectorStart(expected), expected.size()),
       base::HexEncode(actual.data(), actual.byteLength()));
 }
 
+void ExpectCryptoDataMatchesHex(const std::string& expected_hex,
+                                const CryptoData& actual) {
+  EXPECT_STRCASEEQ(
+      expected_hex.c_str(),
+      base::HexEncode(actual.bytes(), actual.byte_length()).c_str());
+}
+
 void ExpectArrayBufferMatchesHex(const std::string& expected_hex,
                                  const blink::WebArrayBuffer& array_buffer) {
-  EXPECT_STRCASEEQ(
-      expected_hex.c_str(),
-      base::HexEncode(array_buffer.data(), array_buffer.byteLength()).c_str());
+  return ExpectCryptoDataMatchesHex(expected_hex, CryptoData(array_buffer));
 }
 
 void ExpectVectorMatches(const std::vector<uint8>& expected,
                          const std::vector<uint8>& actual) {
   EXPECT_EQ(
       base::HexEncode(webcrypto::Uint8VectorStart(expected), expected.size()),
       base::HexEncode(webcrypto::Uint8VectorStart(actual), actual.size()));
 }
 
 std::vector<uint8> MakeJsonVector(const std::string& json_string) {
@@ skipping 109 matching lines @@
 // dictionary to a good state
 void RestoreJwkOctDictionary(base::DictionaryValue* dict) {
   dict->Clear();
   dict->SetString("kty", "oct");
   dict->SetString("alg", "A128CBC");
   dict->SetString("use", "enc");
   dict->SetBoolean("extractable", false);
   dict->SetString("k", "GADWrMRHwQfoNaXU5fZvTg==");
 }
 
-blink::WebCryptoAlgorithm CreateAesGcmAlgorithm(
-    const std::vector<uint8>& iv,
-    const std::vector<uint8>& additional_data,
-    unsigned int tag_length_bits) {
-  return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
-      blink::WebCryptoAlgorithmIdAesGcm,
-      new blink::WebCryptoAesGcmParams(Uint8VectorStart(iv),
-                                       iv.size(),
-                                       true,
-                                       Uint8VectorStart(additional_data),
-                                       additional_data.size(),
-                                       true,
-                                       tag_length_bits));
-}
-
 // Helper for ImportJwkRsaFailures. Restores the JWK JSON
 // dictionary to a good state
 void RestoreJwkRsaDictionary(base::DictionaryValue* dict) {
   dict->Clear();
   dict->SetString("kty", "RSA");
   dict->SetString("alg", "RSA1_5");
   dict->SetString("use", "enc");
   dict->SetBoolean("extractable", false);
   dict->SetString(
       "n",
       "qLOyhK-OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx-CwgtaTpef87Wdc9GaFEncsDLxk"
       "p0LGxjD1M8jMcvYq6DPEC_JYQumEu3i9v5fAEH1VvbZi9cTg-rmEXLUUjvc5LdOq_5OuHmtm"
       "e7PUJHYW1PW6ENTP0ibeiNOfFvs");
   dict->SetString("e", "AQAB");
 }
 
-blink::WebCryptoAlgorithm CreateRsaAlgorithmWithInnerHash(
+blink::WebCryptoAlgorithm CreateRsaHashedImportAlgorithm(
     blink::WebCryptoAlgorithmId algorithm_id,
     blink::WebCryptoAlgorithmId hash_id) {
   DCHECK(algorithm_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 ||
          algorithm_id == blink::WebCryptoAlgorithmIdRsaOaep);
   DCHECK(IsHashAlgorithm(hash_id));
   return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
-      algorithm_id, new blink::WebCryptoRsaSsaParams(CreateAlgorithm(hash_id)));
+      algorithm_id,
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+      new blink::WebCryptoRsaHashedImportParams(CreateAlgorithm(hash_id)));
+#else
+      // Good enough for the tests.
+      new blink::WebCryptoRsaSsaParams(CreateAlgorithm(hash_id)));
+#endif
 }
 
 // Determines if two ArrayBuffers have identical content.
 bool ArrayBuffersEqual(const blink::WebArrayBuffer& a,
                        const blink::WebArrayBuffer& b) {
   return a.byteLength() == b.byteLength() &&
          memcmp(a.data(), b.data(), a.byteLength()) == 0;
 }
 
 // Given a vector of WebArrayBuffers, determines if there are any copies.
@@ skipping 257 matching lines @@
     base::DictionaryValue* test;
     ASSERT_TRUE(tests->GetDictionary(test_index, &test));
 
     blink::WebCryptoAlgorithm test_hash = GetDigestAlgorithm(test, "hash");
     const std::vector<uint8> test_key = GetBytesFromHexString(test, "key");
     const std::vector<uint8> test_message =
         GetBytesFromHexString(test, "message");
     const std::vector<uint8> test_mac = GetBytesFromHexString(test, "mac");
 
     blink::WebCryptoAlgorithm algorithm =
-        CreateHmacAlgorithmByHashId(test_hash.id());
+        CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac);
+
+    blink::WebCryptoAlgorithm importAlgorithm =
+        CreateHmacImportAlgorithm(test_hash.id());
 
     blink::WebCryptoKey key = ImportSecretKeyFromRaw(
         test_key,
-        algorithm,
+        importAlgorithm,
         blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify);
 
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+    EXPECT_EQ(test_hash.id(), key.algorithm().hmacParams()->hash().id());
+#endif
+
     // Verify exported raw key is identical to the imported data
     blink::WebArrayBuffer raw_key;
     EXPECT_STATUS_SUCCESS(
         ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
     ExpectArrayBufferMatches(test_key, raw_key);
 
     blink::WebArrayBuffer output;
 
     ASSERT_STATUS_SUCCESS(
         Sign(algorithm, key, CryptoData(test_message), &output));
@@ skipping 137 matching lines @@
     std::vector<uint8> test_plain_text =
         GetBytesFromHexString(test, "plain_text");
     std::vector<uint8> test_cipher_text =
         GetBytesFromHexString(test, "cipher_text");
 
     blink::WebCryptoKey key = ImportSecretKeyFromRaw(
         test_key,
         CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
         blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt);
 
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+    EXPECT_EQ(test_key.size() * 8, key.algorithm().aesParams()->lengthBits());
+#endif
+
     // Verify exported raw key is identical to the imported data
     blink::WebArrayBuffer raw_key;
     EXPECT_STATUS_SUCCESS(
         ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
     ExpectArrayBufferMatches(test_key, raw_key);
 
     blink::WebArrayBuffer output;
 
     // Test encryption.
     EXPECT_STATUS(Status::Success(),
@@ skipping 54 matching lines @@
   for (size_t i = 0; i < algorithm.size(); ++i) {
     SCOPED_TRACE(i);
     // Generate a small sample of keys.
     keys.clear();
     for (int j = 0; j < 16; ++j) {
       ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm[i], true, 0, &key));
       EXPECT_TRUE(key.handle());
       EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
       ASSERT_STATUS_SUCCESS(
           ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_bytes));
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+      EXPECT_EQ(key_bytes.byteLength() * 8,
+                key.algorithm().aesParams()->lengthBits());
+#endif
       keys.push_back(key_bytes);
     }
     // Ensure all entries in the key sample set are unique. This is a simplistic
     // estimate of whether the generated keys appear random.
     EXPECT_FALSE(CopiesExist(keys));
   }
 }
 
 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyAesBadLength)) {
   const unsigned short kKeyLen[] = {0, 127, 257};
@@ skipping 18 matching lines @@
   for (int i = 0; i < 16; ++i) {
     blink::WebArrayBuffer key_bytes;
     blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
     blink::WebCryptoAlgorithm algorithm =
         CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 64);
     ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm, true, 0, &key));
     EXPECT_FALSE(key.isNull());
     EXPECT_TRUE(key.handle());
     EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
     EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+    EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
+              key.algorithm().hmacParams()->hash().id());
+#endif
 
     blink::WebArrayBuffer raw_key;
     ASSERT_STATUS_SUCCESS(
         ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
     EXPECT_EQ(64U, raw_key.byteLength());
     keys.push_back(raw_key);
   }
   // Ensure all entries in the key sample set are unique. This is a simplistic
   // estimate of whether the generated keys appear random.
   EXPECT_FALSE(CopiesExist(keys));
 }
 
 // If the key length is not provided, then the block size is used.
 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyHmacNoLength)) {
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   blink::WebCryptoAlgorithm algorithm =
       CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 0);
   ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm, true, 0, &key));
   EXPECT_TRUE(key.handle());
   EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
   blink::WebArrayBuffer raw_key;
   ASSERT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
   EXPECT_EQ(64U, raw_key.byteLength());
 
   // The block size for HMAC SHA-512 is larger.
   algorithm = CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha512, 0);
   ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm, true, 0, &key));
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+  EXPECT_EQ(blink::WebCryptoAlgorithmIdSha512,
+            key.algorithm().hmacParams()->hash().id());
+#endif
   ASSERT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
   EXPECT_EQ(128U, raw_key.byteLength());
 }
 
 TEST_F(SharedCryptoTest, MAYBE(ImportSecretKeyNoAlgorithm)) {
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
 
   // This fails because the algorithm is null.
   EXPECT_STATUS(Status::ErrorMissingAlgorithmImportRawKey(),
                 ImportKey(blink::WebCryptoKeyFormatRaw,
@@ skipping 199 matching lines @@
 }
 
 TEST_F(SharedCryptoTest, MAYBE(ImportJwkInputConsistency)) {
   // The Web Crypto spec says that if a JWK value is present, but is
   // inconsistent with the input value, the operation must fail.
 
   // Consistency rules when JWK value is not present: Inputs should be used.
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   bool extractable = false;
   blink::WebCryptoAlgorithm algorithm =
-      CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha256);
+      CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256);
   blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageVerify;
   base::DictionaryValue dict;
   dict.SetString("kty", "oct");
   dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
   std::vector<uint8> json_vec = MakeJsonVector(dict);
   EXPECT_STATUS_SUCCESS(ImportKeyJwk(
       CryptoData(json_vec), algorithm, extractable, usage_mask, &key));
   EXPECT_TRUE(key.handle());
   EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
   EXPECT_EQ(extractable, key.extractable());
@@ skipping 43 matching lines @@
                              CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
                              extractable,
                              usage_mask,
                              &key));
 
   // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value
   // (HMAC SHA256).
   EXPECT_STATUS(
       Status::ErrorJwkAlgorithmInconsistent(),
       ImportKeyJwk(CryptoData(json_vec),
-                   CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha1),
+                   CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1),
                    extractable,
                    usage_mask,
                    &key));
 
   // Pass: JWK alg valid but input algorithm isNull: use JWK algorithm value.
   EXPECT_STATUS_SUCCESS(ImportKeyJwk(CryptoData(json_vec),
                                      blink::WebCryptoAlgorithm::createNull(),
                                      extractable,
                                      usage_mask,
                                      &key));
   EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id());
 
   // Pass: JWK alg missing but input algorithm specified: use input value
   dict.Remove("alg", NULL);
   EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict(
       dict,
-      CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha256),
+      CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256),
       extractable,
       usage_mask,
       &key));
   EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id());
   dict.SetString("alg", "HS256");
 
   // Fail: Input usage_mask (encrypt) is not a subset of the JWK value
   // (sign|verify)
   EXPECT_STATUS(Status::ErrorJwkUsageInconsistent(),
                 ImportKeyJwk(CryptoData(json_vec),
@@ skipping 18 matching lines @@
 }
 
 TEST_F(SharedCryptoTest, MAYBE(ImportJwkHappy)) {
 
   // This test verifies the happy path of JWK import, including the application
   // of the imported key material.
 
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   bool extractable = false;
   blink::WebCryptoAlgorithm algorithm =
-      CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha256);
+      CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256);
   blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageSign;
 
   // Import a symmetric key JWK and HMAC-SHA256 sign()
   // Uses the first SHA256 test vector from the HMAC sample set above.
 
   base::DictionaryValue dict;
   dict.SetString("kty", "oct");
   dict.SetString("alg", "HS256");
   dict.SetString("use", "sig");
   dict.SetBoolean("extractable", false);
   dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
 
   ASSERT_STATUS_SUCCESS(
       ImportKeyJwkFromDict(dict, algorithm, extractable, usage_mask, &key));
 
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+  EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
+            key.algorithm().hmacParams()->hash().id());
+#endif
+
   const std::vector<uint8> message_raw = HexStringToBytes(
       "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a"
       "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92"
       "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f"
       "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e");
 
   blink::WebArrayBuffer output;
 
-  ASSERT_STATUS_SUCCESS(Sign(algorithm, key, CryptoData(message_raw), &output));
+  ASSERT_STATUS_SUCCESS(Sign(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac),
+                             key,
+                             CryptoData(message_raw),
+                             &output));
 
   const std::string mac_raw =
       "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b";
 
   ExpectArrayBufferMatchesHex(mac_raw, output);
 
   // TODO(padolph): Import an RSA public key JWK and use it
 }
 
 TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) {
   // Passing case: Import a valid RSA key in SPKI format.
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   ASSERT_STATUS_SUCCESS(
       ImportKey(blink::WebCryptoKeyFormatSpki,
                 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)),
                 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5),
                 true,
                 blink::WebCryptoKeyUsageEncrypt,
                 &key));
   EXPECT_TRUE(key.handle());
   EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type());
   EXPECT_TRUE(key.extractable());
   EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+  EXPECT_EQ(kModulusLength, key.algorithm().rsaParams()->modulusLengthBits());
+  ExpectCryptoDataMatchesHex(
+      "010001", CryptoData(key.algorithm().rsaParams()->publicExponent()));
+#endif
 
   // Failing case: Empty SPKI data
   EXPECT_STATUS(Status::ErrorImportEmptyKeyData(),
                 ImportKey(blink::WebCryptoKeyFormatSpki,
                           CryptoData(std::vector<uint8>()),
                           blink::WebCryptoAlgorithm::createNull(),
                           true,
                           blink::WebCryptoKeyUsageEncrypt,
                           &key));
 
@@ skipping 48 matching lines @@
                 &key));
   EXPECT_TRUE(key.handle());
   EXPECT_FALSE(key.extractable());
   EXPECT_STATUS(Status::ErrorKeyNotExtractable(),
                 ExportKey(blink::WebCryptoKeyFormatSpki, key, &output));
 }
 
 TEST_F(SharedCryptoTest, MAYBE(ImportPkcs8)) {
   // Passing case: Import a valid RSA key in PKCS#8 format.
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
-  ASSERT_STATUS_SUCCESS(
-      ImportKey(blink::WebCryptoKeyFormatPkcs8,
-                CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)),
-                CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5),
-                true,
-                blink::WebCryptoKeyUsageSign,
-                &key));
+  ASSERT_STATUS_SUCCESS(ImportKey(
+      blink::WebCryptoKeyFormatPkcs8,
+      CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)),
+      CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
+                                     blink::WebCryptoAlgorithmIdSha1),
+      true,
+      blink::WebCryptoKeyUsageSign,
+      &key));
   EXPECT_TRUE(key.handle());
   EXPECT_EQ(blink::WebCryptoKeyTypePrivate, key.type());
   EXPECT_TRUE(key.extractable());
   EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages());
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+  EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
+            key.algorithm().rsaHashedParams()->hash().id());
+  EXPECT_EQ(kModulusLength,
+            key.algorithm().rsaHashedParams()->modulusLengthBits());
+  ExpectCryptoDataMatchesHex(
+      "010001",
+      CryptoData(key.algorithm().rsaHashedParams()->publicExponent()));
+#endif
 
   // Failing case: Empty PKCS#8 data
   EXPECT_STATUS(Status::ErrorImportEmptyKeyData(),
                 ImportKey(blink::WebCryptoKeyFormatPkcs8,
                           CryptoData(std::vector<uint8>()),
                           blink::WebCryptoAlgorithm::createNull(),
                           true,
                           blink::WebCryptoKeyUsageSign,
                           &key));
 
@@ skipping 35 matching lines @@
   const unsigned int modulus_length = 256;
   const std::vector<uint8> public_exponent = HexStringToBytes("010001");
   blink::WebCryptoAlgorithm algorithm =
       CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
                                modulus_length,
                                public_exponent);
   bool extractable = false;
   const blink::WebCryptoKeyUsageMask usage_mask = 0;
   blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
   blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
-  EXPECT_STATUS_SUCCESS(GenerateKeyPair(
+  ASSERT_STATUS_SUCCESS(GenerateKeyPair(
       algorithm, extractable, usage_mask, &public_key, &private_key));
   EXPECT_FALSE(public_key.isNull());
   EXPECT_FALSE(private_key.isNull());
   EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type());
   EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type());
   EXPECT_TRUE(public_key.extractable());
   EXPECT_EQ(extractable, private_key.extractable());
   EXPECT_EQ(usage_mask, public_key.usages());
   EXPECT_EQ(usage_mask, private_key.usages());
 
@@ skipping 50 matching lines @@
   EXPECT_FALSE(public_key.isNull());
   EXPECT_FALSE(private_key.isNull());
   EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type());
   EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type());
   EXPECT_TRUE(public_key.extractable());
   EXPECT_EQ(extractable, private_key.extractable());
   EXPECT_EQ(usage_mask, public_key.usages());
   EXPECT_EQ(usage_mask, private_key.usages());
 
   // Successful WebCryptoAlgorithmIdRsaOaep key generation.
-  algorithm = CreateRsaKeyGenAlgorithm(
-      blink::WebCryptoAlgorithmIdRsaOaep, modulus_length, public_exponent);
+  algorithm = CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaOaep,
+                                             blink::WebCryptoAlgorithmIdSha256,
+                                             modulus_length,
+                                             public_exponent);
   EXPECT_STATUS_SUCCESS(GenerateKeyPair(
       algorithm, extractable, usage_mask, &public_key, &private_key));
   EXPECT_FALSE(public_key.isNull());
   EXPECT_FALSE(private_key.isNull());
   EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type());
   EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type());
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+  EXPECT_EQ(modulus_length,
+            public_key.algorithm().rsaHashedParams()->modulusLengthBits());
+  EXPECT_EQ(modulus_length,
+            private_key.algorithm().rsaHashedParams()->modulusLengthBits());
+  EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
+            public_key.algorithm().rsaHashedParams()->hash().id());
+  EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
+            private_key.algorithm().rsaHashedParams()->hash().id());
+#endif
   EXPECT_TRUE(public_key.extractable());
   EXPECT_EQ(extractable, private_key.extractable());
   EXPECT_EQ(usage_mask, public_key.usages());
   EXPECT_EQ(usage_mask, private_key.usages());
 
   // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation.
   algorithm =
-      CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
-                               modulus_length,
-                               public_exponent);
+      CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
+                                     blink::WebCryptoAlgorithmIdSha1,
+                                     modulus_length,
+                                     public_exponent);
   EXPECT_STATUS_SUCCESS(
       GenerateKeyPair(algorithm, false, usage_mask, &public_key, &private_key));
   EXPECT_FALSE(public_key.isNull());
   EXPECT_FALSE(private_key.isNull());
   EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type());
   EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type());
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+  EXPECT_EQ(modulus_length,
+            public_key.algorithm().rsaHashedParams()->modulusLengthBits());
+  EXPECT_EQ(modulus_length,
+            private_key.algorithm().rsaHashedParams()->modulusLengthBits());
+  EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
+            public_key.algorithm().rsaHashedParams()->hash().id());
+  EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
+            private_key.algorithm().rsaHashedParams()->hash().id());
+#endif
   // Even though "extractable" was set to false, the public key remains
   // extractable.
   EXPECT_TRUE(public_key.extractable());
   EXPECT_FALSE(private_key.extractable());
   EXPECT_EQ(usage_mask, public_key.usages());
   EXPECT_EQ(usage_mask, private_key.usages());
 
   // Exporting a private key as SPKI format doesn't make sense. However this
   // will first fail because the key is not extractable.
   blink::WebArrayBuffer output;
@@ skipping 177 matching lines @@
   // consider?
 
   // Do a successful decrypt with good data just for confirmation.
   EXPECT_STATUS_SUCCESS(Decrypt(
       algorithm, private_key, CryptoData(encrypted_data), &decrypted_data));
   ExpectArrayBufferMatchesHex(message_hex_str, decrypted_data);
 }
 
 TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) {
   // Import a key pair.
-  blink::WebCryptoAlgorithm algorithm = CreateRsaAlgorithmWithInnerHash(
-      blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
-      blink::WebCryptoAlgorithmIdSha1);
+  blink::WebCryptoKeyUsageMask usage_mask =
+      blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify;
+  blink::WebCryptoAlgorithm importAlgorithm =
+      CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
+                                     blink::WebCryptoAlgorithmIdSha1);
   blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
   blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
-  ImportRsaKeyPair(
-      HexStringToBytes(kPublicKeySpkiDerHex),
-      HexStringToBytes(kPrivateKeyPkcs8DerHex),
-      algorithm,
-      false,
-      blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
-      &public_key,
-      &private_key);
+  ImportRsaKeyPair(HexStringToBytes(kPublicKeySpkiDerHex),
+                   HexStringToBytes(kPrivateKeyPkcs8DerHex),
+                   importAlgorithm,
+                   false,
+                   usage_mask,
+                   &public_key,
+                   &private_key);
+
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+  blink::WebCryptoAlgorithm algorithm =
+      CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5);
+#else
+  blink::WebCryptoAlgorithm algorithm = importAlgorithm;
+#endif
 
   blink::WebArrayBuffer signature;
   bool signature_match;
 
   // Compute a signature.
   const std::vector<uint8> data = HexStringToBytes("010203040506070809");
   ASSERT_STATUS_SUCCESS(
       Sign(algorithm, private_key, CryptoData(data), &signature));
 
   // Ensure truncated signature does not verify by passing one less byte.
@@ skipping 42 matching lines @@
                                 CryptoData(signature),
                                 CryptoData(data),
                                 &signature_match));
 
   // Ensure that signing using a public key, rather than a private key, fails.
   EXPECT_STATUS(Status::ErrorUnexpectedKeyType(),
                 Sign(algorithm, public_key, CryptoData(data), &signature));
 
   // Ensure that signing and verifying with an incompatible algorithm fails.
   algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
+
   EXPECT_STATUS(Status::ErrorUnexpected(),
                 Sign(algorithm, private_key, CryptoData(data), &signature));
   EXPECT_STATUS(Status::ErrorUnexpected(),
                 VerifySignature(algorithm,
                                 public_key,
                                 CryptoData(signature),
                                 CryptoData(data),
                                 &signature_match));
 
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
   // Some crypto libraries (NSS) can automatically select the RSA SSA inner hash
   // based solely on the contents of the input signature data. In the Web Crypto
-  // implementation, the inner hash should be specified uniquely by the input
+  // implementation, the inner hash should be specified uniquely by the key
   // algorithm parameter. To validate this behavior, call Verify with a computed
-  // signature that used one hash type (SHA-1), but pass in an algorithm with a
+  // signature that used one hash type (SHA-1), but pass in a key with a
   // different inner hash type (SHA-256). If the hash type is determined by the
   // signature itself (undesired), the verify will pass, while if the hash type
-  // is specified by the input algorithm (desired), the verify will fail.
+  // is specified by the key algorithm (desired), the verify will fail.
 
   // Compute a signature using SHA-1 as the inner hash.
-  EXPECT_STATUS_SUCCESS(Sign(CreateRsaAlgorithmWithInnerHash(
-                                 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
-                                 blink::WebCryptoAlgorithmIdSha1),
-                             private_key,
-                             CryptoData(data),
-                             &signature));
+  EXPECT_STATUS_SUCCESS(
+      Sign(CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5),
+           private_key,
+           CryptoData(data),
+           &signature));
+
+  blink::WebCryptoKey public_key_256 = blink::WebCryptoKey::createNull();
+  EXPECT_STATUS_SUCCESS(ImportKey(
+      blink::WebCryptoKeyFormatSpki,
+      CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)),
+      CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
+                                     blink::WebCryptoAlgorithmIdSha256),
+      true,
+      usage_mask,
+      &public_key_256));
 
   // Now verify using an algorithm whose inner hash is SHA-256, not SHA-1. The
   // signature should not verify.
   // NOTE: public_key was produced by generateKey, and so its associated
   // algorithm has WebCryptoRsaKeyGenParams and not WebCryptoRsaSsaParams. Thus
   // it has no inner hash to conflict with the input algorithm.
+  EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
+            private_key.algorithm().rsaHashedParams()->hash().id());
+  EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
+            public_key_256.algorithm().rsaHashedParams()->hash().id());
+
   bool is_match;
-  EXPECT_STATUS_SUCCESS(
-      VerifySignature(CreateRsaAlgorithmWithInnerHash(
-                          blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
-                          blink::WebCryptoAlgorithmIdSha256),
-                      public_key,
-                      CryptoData(signature),
-                      CryptoData(data),
-                      &is_match));
+  EXPECT_STATUS_SUCCESS(VerifySignature(
+      CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5),
+      public_key_256,
+      CryptoData(signature),
+      CryptoData(data),
+      &is_match));
   EXPECT_FALSE(is_match);
+#endif
 }
 
 TEST_F(SharedCryptoTest, MAYBE(RsaSignVerifyKnownAnswer)) {
   scoped_ptr<base::ListValue> tests;
   ASSERT_TRUE(ReadJsonTestFileToList("pkcs1v15_sign.json", &tests));
 
   // Import the key pair.
-  blink::WebCryptoAlgorithm algorithm = CreateRsaAlgorithmWithInnerHash(
-      blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
-      blink::WebCryptoAlgorithmIdSha1);
+  blink::WebCryptoAlgorithm importAlgorithm =
+      CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
+                                     blink::WebCryptoAlgorithmIdSha1);
   blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
   blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
   ImportRsaKeyPair(
       HexStringToBytes(kPublicKeySpkiDerHex),
       HexStringToBytes(kPrivateKeyPkcs8DerHex),
-      algorithm,
+      importAlgorithm,
       false,
       blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
       &public_key,
       &private_key);
 
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM
+  blink::WebCryptoAlgorithm algorithm =
+      CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5);
+#else
+  const blink::WebCryptoAlgorithm& algorithm = importAlgorithm;
+#endif
+
   // Validate the signatures are computed and verified as expected.
   blink::WebArrayBuffer signature;
   for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) {
     SCOPED_TRACE(test_index);
 
     base::DictionaryValue* test;
     ASSERT_TRUE(tests->GetDictionary(test_index, &test));
 
     std::vector<uint8> test_message =
         GetBytesFromHexString(test, "message_hex");
@@ skipping 215 matching lines @@
                                         test_cipher_text,
                                         test_authentication_tag,
                                         &plain_text));
     }
   }
 }
 
 }  // namespace webcrypto
 
 }  // namespace content