[webcrypto] JWK: Updated import(ext, key_ops) and added export of symmetric keys

content/renderer/webcrypto/shared_crypto_unittest.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/renderer/webcrypto/shared_crypto.h"
 
 #include <algorithm>
 #include <string>
 #include <vector>
 
 #include "base/basictypes.h"
 #include "base/file_util.h"
 #include "base/json/json_reader.h"
 #include "base/json/json_writer.h"
 #include "base/logging.h"
 #include "base/memory/ref_counted.h"
 #include "base/path_service.h"
 #include "base/strings/string_number_conversions.h"
-#include "base/values.h"
 #include "content/public/common/content_paths.h"
 #include "content/public/renderer/content_renderer_client.h"
 #include "content/renderer/renderer_webkitplatformsupport_impl.h"
 #include "content/renderer/webcrypto/crypto_data.h"
 #include "content/renderer/webcrypto/webcrypto_util.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "third_party/WebKit/public/platform/WebArrayBuffer.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"
 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
@@ skipping 243 matching lines @@
   return blink::WebCryptoAlgorithm::createNull();
 }
 
 // Helper for ImportJwkFailures and ImportJwkOctFailures. Restores the JWK JSON
 // dictionary to a good state
 void RestoreJwkOctDictionary(base::DictionaryValue* dict) {
   dict->Clear();
   dict->SetString("kty", "oct");
   dict->SetString("alg", "A128CBC");
   dict->SetString("use", "enc");
-  dict->SetBoolean("extractable", false);
+  dict->SetBoolean("ext", false);
   dict->SetString("k", "GADWrMRHwQfoNaXU5fZvTg==");
 }
 
 // Helper for ImportJwkRsaFailures. Restores the JWK JSON
 // dictionary to a good state
 void RestoreJwkRsaDictionary(base::DictionaryValue* dict) {
   dict->Clear();
   dict->SetString("kty", "RSA");
   dict->SetString("alg", "RSA1_5");
   dict->SetString("use", "enc");
-  dict->SetBoolean("extractable", false);
+  dict->SetBoolean("ext", false);
   dict->SetString(
       "n",
       "qLOyhK-OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx-CwgtaTpef87Wdc9GaFEncsDLxk"
       "p0LGxjD1M8jMcvYq6DPEC_JYQumEu3i9v5fAEH1VvbZi9cTg-rmEXLUUjvc5LdOq_5OuHmtm"
       "e7PUJHYW1PW6ENTP0ibeiNOfFvs");
   dict->SetString("e", "AQAB");
 }
 
 blink::WebCryptoAlgorithm CreateRsaHashedImportAlgorithm(
     blink::WebCryptoAlgorithmId algorithm_id,
@@ skipping 222 matching lines @@
                             bool extractable,
                             blink::WebCryptoKeyUsageMask usage_mask,
                             blink::WebCryptoKey* key) {
   return ImportKeyJwk(CryptoData(MakeJsonVector(dict)),
                       algorithm,
                       extractable,
                       usage_mask,
                       key);
 }
 
+// Parses an ArrayBuffer of JSON into a dictionary.
+scoped_ptr<base::DictionaryValue> GetJwkDictionary(
+    const blink::WebArrayBuffer& json) {
+  base::StringPiece json_string(reinterpret_cast<const char*>(json.data()),
+                                json.byteLength());
+  base::Value* value = base::JSONReader::Read(json_string);

[eroman, 2014/03/04 02:55:14]

Read() can return NULL on failure.

At a minimum EXPECT_TRUE() on it (the testing for NULL should be explicit
somewhere)

[padolph, 2014/03/05 03:08:51]

Done.

+  base::DictionaryValue* dict_value = NULL;
+  value->GetAsDictionary(&dict_value);
+  return scoped_ptr<base::DictionaryValue>(dict_value);
+}
+
+bool CaseInsensitiveStringCompare(const std::string& a, const std::string& b) {

[eroman, 2014/03/04 02:55:14]

I am surprised this flavor doesn't already exist in base.

I suggested instead using:
  LowerCaseEqualsASCII()

However you will have to call c_str() on one of the inputs.

[padolph, 2014/03/05 03:08:51]

Done.

+  return std::equal(
+      a.begin(), a.end(), b.begin(), base::CaseInsensitiveCompareASCII<char>());
+}
+
+// Verifies that the JSON in the input ArrayBuffer contains the provided
+// expected values. Exact matches are required on the fields examined.
+::testing::AssertionResult VerifySymmetricJwk(
+    const blink::WebArrayBuffer& json,
+    const std::string& alg_expected,
+    const std::string& k_expected_hex,
+    blink::WebCryptoKeyUsageMask use_mask_expected) {
+
+  scoped_ptr<base::DictionaryValue> dict = GetJwkDictionary(json);
+  if (!dict.get() || dict->empty())
+    return ::testing::AssertionFailure() << "JSON parsing failed";
+
+  // ---- kty
+  std::string value_string;
+  if (!dict->GetString("kty", &value_string))
+    return ::testing::AssertionFailure() << "Missing 'kty'";
+  if (value_string != "oct")
+    return ::testing::AssertionFailure()
+           << "Expected 'kty' to be 'oct' but found " << value_string;
+
+  // ---- alg
+  if (!dict->GetString("alg", &value_string))
+    return ::testing::AssertionFailure() << "Missing 'alg'";
+  if (value_string != alg_expected)
+    return ::testing::AssertionFailure() << "Expected 'alg' to be "
+                                         << alg_expected << " but found "
+                                         << value_string;
+
+  // ---- k
+  if (!dict->GetString("k", &value_string))
+    return ::testing::AssertionFailure() << "Missing 'k'";
+  std::string k_value;
+  if (!webcrypto::Base64DecodeUrlSafe(value_string, &k_value))
+    return ::testing::AssertionFailure() << "Base64DecodeUrlSafe(k) failed";
+  if (!CaseInsensitiveStringCompare(
+          k_expected_hex, base::HexEncode(k_value.data(), k_value.size()))) {
+    return ::testing::AssertionFailure() << "Expected 'k' to be "
+                                         << k_expected_hex
+                                         << " but found something different";
+  }
+  // ---- ext
+  // always expect ext == true in this case
+  bool ext_value;
+  if (!dict->GetBoolean("ext", &ext_value))
+    return ::testing::AssertionFailure() << "Missing 'ext'";
+  if (!ext_value)
+    return ::testing::AssertionFailure()
+           << "Expected 'ext' to be true but found false";
+
+  // ---- key_ops
+  base::ListValue* key_ops;
+  if (!dict->GetList("key_ops", &key_ops))
+    return ::testing::AssertionFailure() << "Missing 'key_ops'";
+  blink::WebCryptoKeyUsageMask key_ops_mask = 0;
+  Status status = GetUsagesFromJwkKeyOps(key_ops, &key_ops_mask);
+  if (status.IsError())
+    return ::testing::AssertionFailure() << "Failure extracting 'key_ops'";
+  if (key_ops_mask != use_mask_expected)
+    return ::testing::AssertionFailure()
+           << "Expected 'key_ops' mask to be " << use_mask_expected
+           << " but found " << key_ops_mask << " (" << value_string << ")";
+
+  return ::testing::AssertionSuccess();
+}
+
 }  // namespace
 
 TEST_F(SharedCryptoTest, StatusToString) {
   EXPECT_EQ("Success", Status::Success().ToString());
   EXPECT_EQ("", Status::Error().ToString());
   EXPECT_EQ("The requested operation is unsupported",
             Status::ErrorUnsupported().ToString());
   EXPECT_EQ("The required JWK property \"kty\" was missing",
             Status::ErrorJwkPropertyMissing("kty").ToString());
   EXPECT_EQ("The JWK property \"kty\" must be a string",
@@ skipping 19 matching lines @@
     blink::WebArrayBuffer output;
     ASSERT_STATUS_SUCCESS(
         Digest(test_algorithm, CryptoData(test_input), &output));
     ExpectArrayBufferMatches(test_output, output);
   }
 }
 
 TEST_F(SharedCryptoTest, HMACSampleSets) {
   scoped_ptr<base::ListValue> tests;
   ASSERT_TRUE(ReadJsonTestFileToList("hmac.json", &tests));
-
+  // TODO(padolph): Missing known answer tests for HMAC SHA224, SHA384, and
+  // SHA512.
   for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) {
     SCOPED_TRACE(test_index);
     base::DictionaryValue* test;
     ASSERT_TRUE(tests->GetDictionary(test_index, &test));
 
     blink::WebCryptoAlgorithm test_hash = GetDigestAlgorithm(test, "hash");
     const std::vector<uint8> test_key = GetBytesFromHexString(test, "key");
     const std::vector<uint8> test_message =
         GetBytesFromHexString(test, "message");
     const std::vector<uint8> test_mac = GetBytesFromHexString(test, "mac");
@@ skipping 325 matching lines @@
   // This fails because the algorithm is null.
   EXPECT_STATUS(Status::ErrorMissingAlgorithmImportRawKey(),
                 ImportKey(blink::WebCryptoKeyFormatRaw,
                           CryptoData(HexStringToBytes("00000000000000000000")),
                           blink::WebCryptoAlgorithm::createNull(),
                           true,
                           blink::WebCryptoKeyUsageEncrypt,
                           &key));
 }
 
+TEST_F(SharedCryptoTest, ImportJwkKeyUsage) {

[eroman, 2014/03/04 02:55:14]

I haven't read through this in detail yet (will do it when reviewing next
update).

However my initial reaction is, whether much of this can be moved to a .json
file like the other test data, and do the bulk of the tests as roundtrip
import/export tests.

Basically I am thinking:

[
  jwk_input: { ext: 0, alg: ... },
  jwk_output: { ext: false, ... }
]

Expressing the JWK input in the .json file is easy, since it takes JSON. After
reading the Value it would have to be serialized to a string and then that is
used for the input and output comparison.

[padolph, 2014/03/05 03:08:51]

I'm not sure I agree, for the following reasons:

- Round tripping could mask certain errors. This test is about how import JWK
works with varied input, specifically usage. Running through export hits a lot
of other code paths that may influence the result.

- Comparing stringified JSON is problematic. Minor formatting differences or
ordering often gets in the way. This test wants to examine the resultant
WebCrypto Key after an import, not its JWK exported representation.

+  blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+  base::DictionaryValue dict;
+  dict.SetString("kty", "oct");
+  dict.SetBoolean("ext", false);
+  dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg==");
+  const blink::WebCryptoAlgorithm aes_cbc_algorithm =
+      webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
+  const blink::WebCryptoAlgorithm hmac_algorithm =
+      webcrypto::CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256);
+  const blink::WebCryptoAlgorithm aes_kw_algorithm =
+      webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
+
+  // Test null usage.
+  base::ListValue* key_ops = new base::ListValue;
+  // Note: the following call makes dict assume ownership of key_ops.
+  dict.Set("key_ops", key_ops);
+  EXPECT_STATUS_SUCCESS(
+      ImportKeyJwkFromDict(dict, aes_cbc_algorithm, false, 0, &key));
+  EXPECT_EQ(0, key.usages());
+
+  // Test each key_ops value translates to the correct Web Crypto value.
+  struct TestCase {
+    const char* jwk_key_op;
+    const char* jwk_alg;
+    const blink::WebCryptoAlgorithm algorithm;
+    const blink::WebCryptoKeyUsage usage;
+  };
+  // TODO(padolph): Add 'deriveBits' key_ops value once it is supported.
+  const TestCase test_case[] = {
+      {"encrypt", "A128CBC", aes_cbc_algorithm,
+       blink::WebCryptoKeyUsageEncrypt},
+      {"decrypt", "A128CBC", aes_cbc_algorithm,
+       blink::WebCryptoKeyUsageDecrypt},
+      {"sign", "HS256", hmac_algorithm, blink::WebCryptoKeyUsageSign},
+      {"verify", "HS256", hmac_algorithm, blink::WebCryptoKeyUsageVerify},
+      {"wrapKey", "A128KW", aes_kw_algorithm, blink::WebCryptoKeyUsageWrapKey},
+      {"unwrapKey", "A128KW", aes_kw_algorithm,
+       blink::WebCryptoKeyUsageUnwrapKey},
+      {"deriveKey", "HS256", hmac_algorithm,
+       blink::WebCryptoKeyUsageDeriveKey}};
+  for (size_t i = 0; i < ARRAYSIZE_UNSAFE(test_case); ++i) {
+    dict.SetString("alg", test_case[i].jwk_alg);
+    key_ops->Clear();
+    key_ops->AppendString(test_case[i].jwk_key_op);
+    EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict(
+        dict, test_case[i].algorithm, false, test_case[i].usage, &key));
+    EXPECT_EQ(test_case[i].usage, key.usages());
+  }
+
+  // Test discrete multiple usages.
+  dict.SetString("alg", "A128CBC");
+  key_ops->Clear();
+  key_ops->AppendString("encrypt");
+  key_ops->AppendString("decrypt");
+  EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict(
+      dict,
+      aes_cbc_algorithm,
+      false,
+      blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt,
+      &key));
+  EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt,
+            key.usages());
+
+  // Test constrained key usage (input usage is a subset of JWK usage).
+  key_ops->Clear();
+  key_ops->AppendString("encrypt");
+  key_ops->AppendString("decrypt");
+  EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict(
+      dict, aes_cbc_algorithm, false, blink::WebCryptoKeyUsageDecrypt, &key));
+  EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt, key.usages());
+
+  // Test failure if input usage is NOT a strict subset of the JWK usage.
+  key_ops->Clear();
+  key_ops->AppendString("encrypt");
+  EXPECT_STATUS(Status::ErrorJwkKeyopsInconsistent(),
+                ImportKeyJwkFromDict(dict,
+                                     aes_cbc_algorithm,
+                                     false,
+                                     blink::WebCryptoKeyUsageEncrypt |
+                                         blink::WebCryptoKeyUsageDecrypt,
+                                     &key));
+
+  // Test 'use' inconsistent with 'key_ops'.
+  dict.SetString("alg", "HS256");
+  dict.SetString("use", "sig");
+  key_ops->AppendString("sign");
+  key_ops->AppendString("verify");
+  key_ops->AppendString("encrypt");
+  EXPECT_STATUS(Status::ErrorJwkUseAndKeyopsInconsistent(),
+                ImportKeyJwkFromDict(dict,
+                                     hmac_algorithm,
+                                     false,
+                                     blink::WebCryptoKeyUsageSign |
+                                         blink::WebCryptoKeyUsageVerify,
+                                     &key));
+
+  // Test JWK composite 'sig' use
+  dict.Remove("key_ops", NULL);
+  dict.SetString("use", "sig");
+  EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict(
+      dict,
+      hmac_algorithm,
+      false,
+      blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
+      &key));
+  EXPECT_EQ(blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
+            key.usages());
+
+  // Test JWK composite use 'enc' usage
+  dict.SetString("alg", "A128CBC");
+  dict.SetString("use", "enc");
+  EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict(
+      dict,
+      aes_cbc_algorithm,
+      false,
+      blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt |
+          blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey |
+          blink::WebCryptoKeyUsageDeriveKey,
+      &key));
+  EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt |
+                blink::WebCryptoKeyUsageWrapKey |
+                blink::WebCryptoKeyUsageUnwrapKey |
+                blink::WebCryptoKeyUsageDeriveKey,
+            key.usages());
+}
+
 TEST_F(SharedCryptoTest, ImportJwkFailures) {
 
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   blink::WebCryptoAlgorithm algorithm =
       CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
   blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt;
 
   // Baseline pass: each test below breaks a single item, so we start with a
   // passing case to make sure each failure is caused by the isolated break.
   // Each breaking subtest below resets the dictionary to this passing case when
@@ skipping 49 matching lines @@
   RestoreJwkOctDictionary(&dict);
 
   // Fail on kty wrong type.
   dict.SetDouble("kty", 0.1);
   EXPECT_STATUS(Status::ErrorJwkPropertyWrongType("kty", "string"),
                 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
   RestoreJwkOctDictionary(&dict);
 
   // Fail on invalid use.
   dict.SetString("use", "foo");
-  EXPECT_STATUS(Status::ErrorJwkUnrecognizedUsage(),
+  EXPECT_STATUS(Status::ErrorJwkUnrecognizedUse(),
                 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
   RestoreJwkOctDictionary(&dict);
 
   // Fail on invalid use (wrong type).
   dict.SetBoolean("use", true);
   EXPECT_STATUS(Status::ErrorJwkPropertyWrongType("use", "string"),
                 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
   RestoreJwkOctDictionary(&dict);
 
   // Fail on invalid extractable (wrong type).
-  dict.SetInteger("extractable", 0);
-  EXPECT_STATUS(Status::ErrorJwkPropertyWrongType("extractable", "boolean"),
+  dict.SetInteger("ext", 0);
+  EXPECT_STATUS(Status::ErrorJwkPropertyWrongType("ext", "boolean"),
+                ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
+  RestoreJwkOctDictionary(&dict);
+
+  // Fail on invalid key_ops (wrong type).
+  dict.SetBoolean("key_ops", true);
+  EXPECT_STATUS(Status::ErrorJwkPropertyWrongType("key_ops", "list"),
+                ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
+  RestoreJwkOctDictionary(&dict);
+
+  // Fail on invalid key_ops (wrong element value).
+  base::ListValue* key_ops = new base::ListValue;
+  // Note: the following call makes dict assume ownership of key_ops.
+  dict.Set("key_ops", key_ops);
+  key_ops->AppendString("foo");
+  EXPECT_STATUS(Status::ErrorJwkUnrecognizedKeyop(),
                 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
   RestoreJwkOctDictionary(&dict);
 }
 
 TEST_F(SharedCryptoTest, ImportJwkOctFailures) {
 
   base::DictionaryValue dict;
   RestoreJwkOctDictionary(&dict);
   blink::WebCryptoAlgorithm algorithm =
       CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
@@ skipping 124 matching lines @@
   EXPECT_EQ(blink::WebCryptoKeyUsageVerify, key.usages());
   key = blink::WebCryptoKey::createNull();
 
   // Consistency rules when JWK value exists: Fail if inconsistency is found.
 
   // Pass: All input values are consistent with the JWK values.
   dict.Clear();
   dict.SetString("kty", "oct");
   dict.SetString("alg", "HS256");
   dict.SetString("use", "sig");
-  dict.SetBoolean("extractable", false);
+  dict.SetBoolean("ext", false);
   dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
   json_vec = MakeJsonVector(dict);
   EXPECT_STATUS_SUCCESS(ImportKeyJwk(
       CryptoData(json_vec), algorithm, extractable, usage_mask, &key));
 
   // Extractable cases:
   // 1. input=T, JWK=F ==> fail (inconsistent)
   // 4. input=F, JWK=F ==> pass, result extractable is F
   // 2. input=T, JWK=T ==> pass, result extractable is T
   // 3. input=F, JWK=T ==> pass, result extractable is F
   EXPECT_STATUS(
-      Status::ErrorJwkExtractableInconsistent(),
+      Status::ErrorJwkExtInconsistent(),
       ImportKeyJwk(CryptoData(json_vec), algorithm, true, usage_mask, &key));
   EXPECT_STATUS_SUCCESS(
       ImportKeyJwk(CryptoData(json_vec), algorithm, false, usage_mask, &key));
   EXPECT_FALSE(key.extractable());
-  dict.SetBoolean("extractable", true);
+  dict.SetBoolean("ext", true);
   EXPECT_STATUS_SUCCESS(
       ImportKeyJwkFromDict(dict, algorithm, true, usage_mask, &key));
   EXPECT_TRUE(key.extractable());
   EXPECT_STATUS_SUCCESS(
       ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
   EXPECT_FALSE(key.extractable());
-  dict.SetBoolean("extractable", true);  // restore previous value
+  dict.SetBoolean("ext", true);  // restore previous value
 
   // Fail: Input algorithm (AES-CBC) is inconsistent with JWK value
   // (HMAC SHA256).
   EXPECT_STATUS(Status::ErrorJwkAlgorithmInconsistent(),
                 ImportKeyJwk(CryptoData(json_vec),
                              CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
                              extractable,
                              usage_mask,
                              &key));
 
@@ skipping 21 matching lines @@
       dict,
       CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256),
       extractable,
       usage_mask,
       &key));
   EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id());
   dict.SetString("alg", "HS256");
 
   // Fail: Input usage_mask (encrypt) is not a subset of the JWK value
   // (sign|verify)
-  EXPECT_STATUS(Status::ErrorJwkUsageInconsistent(),
+  EXPECT_STATUS(Status::ErrorJwkUseInconsistent(),
                 ImportKeyJwk(CryptoData(json_vec),
                              algorithm,
                              extractable,
                              blink::WebCryptoKeyUsageEncrypt,
                              &key));
 
   // Fail: Input usage_mask (encrypt|sign|verify) is not a subset of the JWK
   // value (sign|verify)
   usage_mask = blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageSign |
                blink::WebCryptoKeyUsageVerify;
   EXPECT_STATUS(
-      Status::ErrorJwkUsageInconsistent(),
+      Status::ErrorJwkUseInconsistent(),
       ImportKeyJwk(
           CryptoData(json_vec), algorithm, extractable, usage_mask, &key));
 
   // TODO(padolph): kty vs alg consistency tests: Depending on the kty value,
   // only certain alg values are permitted. For example, when kty = "RSA" alg
   // must be of the RSA family, or when kty = "oct" alg must be symmetric
   // algorithm.
+
+  // TODO(padolph): key_ops consistency tests
 }
 
 TEST_F(SharedCryptoTest, MAYBE(ImportJwkHappy)) {
 
   // This test verifies the happy path of JWK import, including the application
   // of the imported key material.
 
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   bool extractable = false;
   blink::WebCryptoAlgorithm algorithm =
       CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256);
   blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageSign;
 
   // Import a symmetric key JWK and HMAC-SHA256 sign()
   // Uses the first SHA256 test vector from the HMAC sample set above.
 
   base::DictionaryValue dict;
   dict.SetString("kty", "oct");
   dict.SetString("alg", "HS256");
   dict.SetString("use", "sig");
-  dict.SetBoolean("extractable", false);
+  dict.SetBoolean("ext", false);
   dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
 
   ASSERT_STATUS_SUCCESS(
       ImportKeyJwkFromDict(dict, algorithm, extractable, usage_mask, &key));
 
   EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
             key.algorithm().hmacParams()->hash().id());
 
   const std::vector<uint8> message_raw = HexStringToBytes(
       "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a"
       "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92"
       "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f"
       "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e");
 
   blink::WebArrayBuffer output;
 
   ASSERT_STATUS_SUCCESS(Sign(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac),
                              key,
                              CryptoData(message_raw),
                              &output));
 
   const std::string mac_raw =
       "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b";
 
   ExpectArrayBufferMatchesHex(mac_raw, output);
 
   // TODO(padolph): Import an RSA public key JWK and use it
 }
 
+TEST_F(SharedCryptoTest, MAYBE(ImportExportJwkSymmetricKey)) {
+  // Raw keys are generated by openssl:
+  // % openssl rand -hex <key length bytes>
+  // TODO(padolph): Move this data to external file?
+  const char* const key_hex_128("3f1e7cd4f6f8543f6b1e16002e688623");
+  const char* const key_hex_192(
+      "ed91f916dc034eba68a0f9e7f34ddd48b98bd2848109e243");
+  const char* const key_hex_256(
+      "bd08286b81a74783fd1ccf46b7e05af84ee25ae021210074159e0c4d9d907692");
+  const char* const key_hex_384(
+      "a22c5441c8b185602283d64c7221de1d0951e706bfc09539435ec0e0ed614e1d406623f2"
+      "b31d31819fec30993380dd82");
+  const char* const key_hex_512(
+      "5834f639000d4cf82de124fbfd26fb88d463e99f839a76ba41ac88967c80a3f61e1239a4"
+      "52e573dba0750e988152988576efd75b8d0229b7aca2ada2afd392ee");
+  const blink::WebCryptoAlgorithm aes_cbc_alg =
+      webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
+  const blink::WebCryptoAlgorithm aes_gcm_alg =
+      webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm);
+  const blink::WebCryptoAlgorithm aes_kw_alg =
+      webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
+  const blink::WebCryptoAlgorithm hmac_sha_256_alg =
+      webcrypto::CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256);
+  const blink::WebCryptoAlgorithm hmac_sha_384_alg =
+      webcrypto::CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha384);
+  const blink::WebCryptoAlgorithm hmac_sha_512_alg =
+      webcrypto::CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha512);
+
+  struct TestCase {
+    const char* const key_hex;
+    const blink::WebCryptoAlgorithm algorithm;
+    const blink::WebCryptoKeyUsageMask usage;
+    const char* const jwk_alg;
+  };
+
+  // TODO(padolph): Test AES-CTR JWK export, once AES-CTR import works.
+  const TestCase kTests[] = {
+      // AES-CBC 128
+      {key_hex_128, aes_cbc_alg,
+       blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt,
+       "A128CBC"},
+      // AES-CBC 192
+      {key_hex_192, aes_cbc_alg, blink::WebCryptoKeyUsageEncrypt, "A192CBC"},
+      // AES-CBC 256
+      {key_hex_256, aes_cbc_alg, blink::WebCryptoKeyUsageDecrypt, "A256CBC"},
+      // AES-GCM 128
+      {key_hex_128, aes_gcm_alg,
+       blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt,
+       "A128GCM"},
+      // AES-CGM 192
+      {key_hex_192, aes_gcm_alg, blink::WebCryptoKeyUsageEncrypt, "A192GCM"},
+      // AES-GCM 256
+      {key_hex_256, aes_gcm_alg, blink::WebCryptoKeyUsageDecrypt, "A256GCM"},
+      // AES-KW 128
+      {key_hex_128, aes_kw_alg,
+       blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey,
+       "A128KW"},
+      // AES-KW 192
+      {key_hex_192, aes_kw_alg,
+       blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey,
+       "A192KW"},
+      // AES-KW 256
+      {key_hex_256, aes_kw_alg,
+       blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey,
+       "A256KW"},
+      // HMAC SHA-256
+      {key_hex_256, hmac_sha_256_alg,
+       blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify, "HS256"},
+      // HMAC SHA-384
+      {key_hex_384, hmac_sha_384_alg, blink::WebCryptoKeyUsageSign, "HS384"},
+      // HMAC SHA-512
+      {key_hex_512, hmac_sha_512_alg, blink::WebCryptoKeyUsageVerify, "HS512"},
+      // Large usage value
+      {key_hex_256, aes_cbc_alg,
+       blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt |
+           blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey,
+       "A256CBC"},
+      // Zero usage value
+      {key_hex_512, hmac_sha_512_alg, 0, "HS512"}, };
+
+  // Round-trip import/export each key.
+
+  blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+  blink::WebArrayBuffer json;
+  for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(kTests);
+       ++test_index) {
+    SCOPED_TRACE(test_index);
+    const TestCase& test = kTests[test_index];
+
+    // Import a raw key.
+    key = ImportSecretKeyFromRaw(
+        HexStringToBytes(test.key_hex), test.algorithm, test.usage);
+
+    // Export the key in JWK format and validate.
+    ASSERT_STATUS_SUCCESS(ExportKeyJwk(key, &json));
+    EXPECT_TRUE(
+        VerifySymmetricJwk(json, test.jwk_alg, test.key_hex, test.usage));
+
+    // Import the JWK-formatted key.
+    ASSERT_STATUS_SUCCESS(
+        ImportKeyJwk(CryptoData(json), test.algorithm, true, test.usage, &key));
+    EXPECT_TRUE(key.handle());
+    EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
+    EXPECT_EQ(test.algorithm.id(), key.algorithm().id());
+    EXPECT_EQ(true, key.extractable());
+    EXPECT_EQ(test.usage, key.usages());
+
+    // Export the key in raw format and compare to the original.
+    blink::WebArrayBuffer key_raw_out;
+    ASSERT_STATUS_SUCCESS(
+        ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out));
+    ExpectArrayBufferMatchesHex(test.key_hex, key_raw_out);
+  }
+
+  // HMAC SHA-1 and SHA-224 are not allowed by the JWK(JWA) spec.

[eroman, 2014/03/04 02:55:14]

But they are allowed by webcrypto (see spec updates)

[padolph, 2014/03/05 03:08:51]

My mistake. Fixed.

+  key = ImportSecretKeyFromRaw(
+      HexStringToBytes(key_hex_512),
+      CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1),
+      blink::WebCryptoKeyUsageVerify);
+  EXPECT_STATUS(ExportKeyJwk(key, &json),
+                Status::ErrorJwkUnsupportedHmacHash());
+  key = ImportSecretKeyFromRaw(
+      HexStringToBytes(key_hex_512),
+      CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha224),
+      blink::WebCryptoKeyUsageVerify);
+  EXPECT_STATUS(ExportKeyJwk(key, &json),
+                Status::ErrorJwkUnsupportedHmacHash());
+}
+
 TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) {
   // Passing case: Import a valid RSA key in SPKI format.
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   ASSERT_STATUS_SUCCESS(
       ImportKey(blink::WebCryptoKeyFormatSpki,
                 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)),
                 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5),
                 true,
                 blink::WebCryptoKeyUsageEncrypt,
                 &key));
@@ skipping 970 matching lines @@
                                         test_cipher_text,
                                         test_authentication_tag,
                                         &plain_text));
     }
   }
 }
 
 }  // namespace webcrypto
 
 }  // namespace content