[webcrypto] JWK: Updated import(ext, key_ops) and added export of symmetric keys

content/child/webcrypto/shared_crypto_unittest.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/child/webcrypto/shared_crypto.h"
 
 #include <algorithm>
 #include <string>
 #include <vector>
 
 #include "base/basictypes.h"
 #include "base/file_util.h"
 #include "base/json/json_reader.h"
 #include "base/json/json_writer.h"
 #include "base/logging.h"
 #include "base/memory/ref_counted.h"
 #include "base/path_service.h"
 #include "base/strings/string_number_conversions.h"
-#include "base/values.h"
+#include "base/strings/string_util.h"
 #include "content/child/webcrypto/crypto_data.h"
 #include "content/child/webcrypto/webcrypto_util.h"
 #include "content/public/common/content_paths.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "third_party/WebKit/public/platform/WebArrayBuffer.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
 #include "third_party/WebKit/public/platform/WebCryptoKey.h"
 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
 #include "third_party/re2/re2/re2.h"
@@ skipping 14 matching lines @@
   ASSERT_EQ(expected.ToString(), (code).ToString())
 #define EXPECT_STATUS_SUCCESS(code) EXPECT_STATUS(Status::Success(), code)
 #define ASSERT_STATUS_SUCCESS(code) ASSERT_STATUS(Status::Success(), code)
 
 namespace content {
 
 namespace webcrypto {
 
 namespace {
 
+// TODO(eroman): For Linux builds using system NSS, AES-GCM support is a
+// runtime dependency. Test it by trying to import a key.
+// TODO(padolph): Consider caching the result of the import key test.
+bool SupportsAesGcm() {
+  std::vector<uint8> key_raw(16, 0);
+
+  blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+  Status status = ImportKey(blink::WebCryptoKeyFormatRaw,
+                            CryptoData(key_raw),
+                            CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm),
+                            true,
+                            blink::WebCryptoKeyUsageEncrypt,
+                            &key);
+
+  if (status.IsError())
+    EXPECT_STATUS(Status::ErrorUnsupported(), status);
+  return status.IsSuccess();
+}
+
 blink::WebCryptoAlgorithm CreateRsaKeyGenAlgorithm(
     blink::WebCryptoAlgorithmId algorithm_id,
     unsigned int modulus_length,
     const std::vector<uint8>& public_exponent) {
   DCHECK_EQ(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, algorithm_id);
   return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
       algorithm_id,
       new blink::WebCryptoRsaKeyGenParams(
           modulus_length,
           webcrypto::Uint8VectorStart(public_exponent),
@@ skipping 22 matching lines @@
   return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
       blink::WebCryptoAlgorithmIdAesCbc,
       new blink::WebCryptoAesCbcParams(Uint8VectorStart(iv), iv.size()));
 }
 
 // Creates and AES-GCM algorithm.
 blink::WebCryptoAlgorithm CreateAesGcmAlgorithm(
     const std::vector<uint8>& iv,
     const std::vector<uint8>& additional_data,
     unsigned int tag_length_bits) {
+  EXPECT_TRUE(SupportsAesGcm());
   return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
       blink::WebCryptoAlgorithmIdAesGcm,
       new blink::WebCryptoAesGcmParams(Uint8VectorStart(iv),
                                        iv.size(),
                                        true,
                                        Uint8VectorStart(additional_data),
                                        additional_data.size(),
                                        true,
                                        tag_length_bits));
 }
@@ skipping 166 matching lines @@
   return blink::WebCryptoAlgorithm::createNull();
 }
 
 // Helper for ImportJwkFailures and ImportJwkOctFailures. Restores the JWK JSON
 // dictionary to a good state
 void RestoreJwkOctDictionary(base::DictionaryValue* dict) {
   dict->Clear();
   dict->SetString("kty", "oct");
   dict->SetString("alg", "A128CBC");
   dict->SetString("use", "enc");
-  dict->SetBoolean("extractable", false);
+  dict->SetBoolean("ext", false);
   dict->SetString("k", "GADWrMRHwQfoNaXU5fZvTg==");
 }
 
 // Helper for ImportJwkRsaFailures. Restores the JWK JSON
 // dictionary to a good state
 void RestoreJwkRsaDictionary(base::DictionaryValue* dict) {
   dict->Clear();
   dict->SetString("kty", "RSA");
   dict->SetString("alg", "RSA1_5");
   dict->SetString("use", "enc");
-  dict->SetBoolean("extractable", false);
+  dict->SetBoolean("ext", false);
   dict->SetString(
       "n",
       "qLOyhK-OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx-CwgtaTpef87Wdc9GaFEncsDLxk"
       "p0LGxjD1M8jMcvYq6DPEC_JYQumEu3i9v5fAEH1VvbZi9cTg-rmEXLUUjvc5LdOq_5OuHmtm"
       "e7PUJHYW1PW6ENTP0ibeiNOfFvs");
   dict->SetString("e", "AQAB");
 }
 
 blink::WebCryptoAlgorithm CreateRsaHashedImportAlgorithm(
     blink::WebCryptoAlgorithmId algorithm_id,
@@ skipping 32 matching lines @@
 }
 
 blink::WebCryptoAlgorithm CreateAesCbcKeyGenAlgorithm(
     unsigned short key_length_bits) {
   return CreateAesKeyGenAlgorithm(blink::WebCryptoAlgorithmIdAesCbc,
                                   key_length_bits);
 }
 
 blink::WebCryptoAlgorithm CreateAesGcmKeyGenAlgorithm(
     unsigned short key_length_bits) {
+  EXPECT_TRUE(SupportsAesGcm());
   return CreateAesKeyGenAlgorithm(blink::WebCryptoAlgorithmIdAesGcm,
                                   key_length_bits);
 }
 
 blink::WebCryptoAlgorithm CreateAesKwKeyGenAlgorithm(
     unsigned short key_length_bits) {
   return CreateAesKeyGenAlgorithm(blink::WebCryptoAlgorithmIdAesKw,
                                   key_length_bits);
 }
 
@@ skipping 87 matching lines @@
                                   usage_mask,
                                   private_key));
   EXPECT_FALSE(private_key->isNull());
   EXPECT_TRUE(private_key->handle());
   EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key->type());
   EXPECT_EQ(algorithm.id(), private_key->algorithm().id());
   EXPECT_EQ(extractable, extractable);
   EXPECT_EQ(usage_mask, private_key->usages());
 }
 
-// TODO(eroman): For Linux builds using system NSS, AES-GCM support is a
-// runtime dependency. Test it by trying to import a key.
-bool SupportsAesGcm() {
-  std::vector<uint8> key_raw(16, 0);
-
-  blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
-  Status status = ImportKey(blink::WebCryptoKeyFormatRaw,
-                            CryptoData(key_raw),
-                            CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm),
-                            true,
-                            blink::WebCryptoKeyUsageEncrypt,
-                            &key);
-
-  if (status.IsError())
-    EXPECT_EQ(Status::ErrorUnsupported().ToString(), status.ToString());
-  return status.IsSuccess();
-}
-
 Status AesGcmEncrypt(const blink::WebCryptoKey& key,
                      const std::vector<uint8>& iv,
                      const std::vector<uint8>& additional_data,
                      unsigned int tag_length_bits,
                      const std::vector<uint8>& plain_text,
                      std::vector<uint8>* cipher_text,
                      std::vector<uint8>* authentication_tag) {
+  EXPECT_TRUE(SupportsAesGcm());
   blink::WebCryptoAlgorithm algorithm =
       CreateAesGcmAlgorithm(iv, additional_data, tag_length_bits);
 
   blink::WebArrayBuffer output;
   Status status = Encrypt(algorithm, key, CryptoData(plain_text), &output);
   if (status.IsError())
     return status;
 
   if (output.byteLength() * 8 < tag_length_bits) {
     EXPECT_TRUE(false);
@@ skipping 11 matching lines @@
   return Status::Success();
 }
 
 Status AesGcmDecrypt(const blink::WebCryptoKey& key,
                      const std::vector<uint8>& iv,
                      const std::vector<uint8>& additional_data,
                      unsigned int tag_length_bits,
                      const std::vector<uint8>& cipher_text,
                      const std::vector<uint8>& authentication_tag,
                      blink::WebArrayBuffer* plain_text) {
+  EXPECT_TRUE(SupportsAesGcm());
   blink::WebCryptoAlgorithm algorithm =
       CreateAesGcmAlgorithm(iv, additional_data, tag_length_bits);
 
   // Join cipher text and authentication tag.
   std::vector<uint8> cipher_text_with_tag;
   cipher_text_with_tag.reserve(cipher_text.size() + authentication_tag.size());
   cipher_text_with_tag.insert(
       cipher_text_with_tag.end(), cipher_text.begin(), cipher_text.end());
   cipher_text_with_tag.insert(cipher_text_with_tag.end(),
                               authentication_tag.begin(),
                               authentication_tag.end());
 
   return Decrypt(algorithm, key, CryptoData(cipher_text_with_tag), plain_text);
 }
 
 Status ImportKeyJwkFromDict(const base::DictionaryValue& dict,
                             const blink::WebCryptoAlgorithm& algorithm,
                             bool extractable,
                             blink::WebCryptoKeyUsageMask usage_mask,
                             blink::WebCryptoKey* key) {
   return ImportKeyJwk(CryptoData(MakeJsonVector(dict)),
                       algorithm,
                       extractable,
                       usage_mask,
                       key);
 }
 
+// Parses an ArrayBuffer of JSON into a dictionary.
+scoped_ptr<base::DictionaryValue> GetJwkDictionary(
+    const blink::WebArrayBuffer& json) {
+  base::StringPiece json_string(reinterpret_cast<const char*>(json.data()),
+                                json.byteLength());
+  base::Value* value = base::JSONReader::Read(json_string);
+  EXPECT_TRUE(value);
+  base::DictionaryValue* dict_value = NULL;
+  value->GetAsDictionary(&dict_value);
+  return scoped_ptr<base::DictionaryValue>(dict_value);
+}
+
+// Verifies that the JSON in the input ArrayBuffer contains the provided
+// expected values. Exact matches are required on the fields examined.
+::testing::AssertionResult VerifySymmetricJwk(
+    const blink::WebArrayBuffer& json,
+    const std::string& alg_expected,
+    const std::string& k_expected_hex,
+    blink::WebCryptoKeyUsageMask use_mask_expected) {
+
+  scoped_ptr<base::DictionaryValue> dict = GetJwkDictionary(json);
+  if (!dict.get() || dict->empty())
+    return ::testing::AssertionFailure() << "JSON parsing failed";
+
+  // ---- kty
+  std::string value_string;
+  if (!dict->GetString("kty", &value_string))
+    return ::testing::AssertionFailure() << "Missing 'kty'";
+  if (value_string != "oct")
+    return ::testing::AssertionFailure()
+           << "Expected 'kty' to be 'oct' but found " << value_string;
+
+  // ---- alg
+  if (!dict->GetString("alg", &value_string))
+    return ::testing::AssertionFailure() << "Missing 'alg'";
+  if (value_string != alg_expected)
+    return ::testing::AssertionFailure() << "Expected 'alg' to be "
+                                         << alg_expected << " but found "
+                                         << value_string;
+
+  // ---- k
+  if (!dict->GetString("k", &value_string))
+    return ::testing::AssertionFailure() << "Missing 'k'";
+  std::string k_value;
+  if (!webcrypto::Base64DecodeUrlSafe(value_string, &k_value))
+    return ::testing::AssertionFailure() << "Base64DecodeUrlSafe(k) failed";
+  if (!LowerCaseEqualsASCII(base::HexEncode(k_value.data(), k_value.size()),
+                            k_expected_hex.c_str())) {
+    return ::testing::AssertionFailure() << "Expected 'k' to be "
+                                         << k_expected_hex
+                                         << " but found something different";
+  }
+  // ---- ext
+  // always expect ext == true in this case
+  bool ext_value;
+  if (!dict->GetBoolean("ext", &ext_value))
+    return ::testing::AssertionFailure() << "Missing 'ext'";
+  if (!ext_value)
+    return ::testing::AssertionFailure()
+           << "Expected 'ext' to be true but found false";
+
+  // ---- key_ops
+  base::ListValue* key_ops;
+  if (!dict->GetList("key_ops", &key_ops))
+    return ::testing::AssertionFailure() << "Missing 'key_ops'";
+  blink::WebCryptoKeyUsageMask key_ops_mask = 0;
+  Status status = GetWebCryptoUsagesFromJwkKeyOps(key_ops, &key_ops_mask);
+  if (status.IsError())
+    return ::testing::AssertionFailure() << "Failure extracting 'key_ops'";
+  if (key_ops_mask != use_mask_expected)
+    return ::testing::AssertionFailure()
+           << "Expected 'key_ops' mask to be " << use_mask_expected
+           << " but found " << key_ops_mask << " (" << value_string << ")";
+
+  return ::testing::AssertionSuccess();
+}
+
 }  // namespace
 
+TEST_F(SharedCryptoTest, CheckAesGcm) {
+  if (!SupportsAesGcm()) {
+    LOG(WARNING) << "AES GCM not supported on this platform, so some tests "
+                    "will be skipped. Consider upgrading local NSS libraries";
+    return;
+  }
+}
+
 TEST_F(SharedCryptoTest, StatusToString) {
   EXPECT_EQ("Success", Status::Success().ToString());
   EXPECT_EQ("", Status::Error().ToString());
   EXPECT_EQ("The requested operation is unsupported",
             Status::ErrorUnsupported().ToString());
   EXPECT_EQ("The required JWK property \"kty\" was missing",
             Status::ErrorJwkPropertyMissing("kty").ToString());
   EXPECT_EQ("The JWK property \"kty\" must be a string",
             Status::ErrorJwkPropertyWrongType("kty", "string").ToString());
   EXPECT_EQ("The JWK property \"n\" could not be base64 decoded",
@@ skipping 17 matching lines @@
     blink::WebArrayBuffer output;
     ASSERT_STATUS_SUCCESS(
         Digest(test_algorithm, CryptoData(test_input), &output));
     EXPECT_TRUE(ArrayBufferMatches(test_output, output));
   }
 }
 
 TEST_F(SharedCryptoTest, HMACSampleSets) {
   scoped_ptr<base::ListValue> tests;
   ASSERT_TRUE(ReadJsonTestFileToList("hmac.json", &tests));
-
+  // TODO(padolph): Missing known answer tests for HMAC SHA384, and SHA512.
   for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) {
     SCOPED_TRACE(test_index);
     base::DictionaryValue* test;
     ASSERT_TRUE(tests->GetDictionary(test_index, &test));
 
     blink::WebCryptoAlgorithm test_hash = GetDigestAlgorithm(test, "hash");
     const std::vector<uint8> test_key = GetBytesFromHexString(test, "key");
     const std::vector<uint8> test_message =
         GetBytesFromHexString(test, "message");
     const std::vector<uint8> test_mac = GetBytesFromHexString(test, "mac");
@@ skipping 221 matching lines @@
   }
 }
 
 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyAes)) {
   // Check key generation for each of AES-CBC, AES-GCM, and AES-KW, and for each
   // allowed key length.
   std::vector<blink::WebCryptoAlgorithm> algorithm;
   const unsigned short kKeyLength[] = {128, 192, 256};
   for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLength); ++i) {
     algorithm.push_back(CreateAesCbcKeyGenAlgorithm(kKeyLength[i]));
-    algorithm.push_back(CreateAesGcmKeyGenAlgorithm(kKeyLength[i]));
     algorithm.push_back(CreateAesKwKeyGenAlgorithm(kKeyLength[i]));
+    if (SupportsAesGcm())
+      algorithm.push_back(CreateAesGcmKeyGenAlgorithm(kKeyLength[i]));
   }
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   std::vector<blink::WebArrayBuffer> keys;
   blink::WebArrayBuffer key_bytes;
   for (size_t i = 0; i < algorithm.size(); ++i) {
     SCOPED_TRACE(i);
     // Generate a small sample of keys.
     keys.clear();
     for (int j = 0; j < 16; ++j) {
       ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm[i], true, 0, &key));
@@ skipping 14 matching lines @@
 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyAesBadLength)) {
   const unsigned short kKeyLen[] = {0, 127, 257};
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLen); ++i) {
     SCOPED_TRACE(i);
     EXPECT_STATUS(Status::ErrorGenerateKeyLength(),
                   GenerateSecretKey(
                       CreateAesCbcKeyGenAlgorithm(kKeyLen[i]), true, 0, &key));
     EXPECT_STATUS(Status::ErrorGenerateKeyLength(),
                   GenerateSecretKey(
-                      CreateAesGcmKeyGenAlgorithm(kKeyLen[i]), true, 0, &key));
-    EXPECT_STATUS(Status::ErrorGenerateKeyLength(),
-                  GenerateSecretKey(
                       CreateAesKwKeyGenAlgorithm(kKeyLen[i]), true, 0, &key));
+    if (SupportsAesGcm()) {
+      EXPECT_STATUS(
+          Status::ErrorGenerateKeyLength(),
+          GenerateSecretKey(
+              CreateAesGcmKeyGenAlgorithm(kKeyLen[i]), true, 0, &key));
+    }
   }
 }
 
 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyHmac)) {
   // Generate a small sample of HMAC keys.
   std::vector<blink::WebArrayBuffer> keys;
   for (int i = 0; i < 16; ++i) {
     blink::WebArrayBuffer key_bytes;
     blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
     blink::WebCryptoAlgorithm algorithm =
@@ skipping 44 matching lines @@
   // This fails because the algorithm is null.
   EXPECT_STATUS(Status::ErrorMissingAlgorithmImportRawKey(),
                 ImportKey(blink::WebCryptoKeyFormatRaw,
                           CryptoData(HexStringToBytes("00000000000000000000")),
                           blink::WebCryptoAlgorithm::createNull(),
                           true,
                           blink::WebCryptoKeyUsageEncrypt,
                           &key));
 }
 
+TEST_F(SharedCryptoTest, ImportJwkKeyUsage) {
+  blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+  base::DictionaryValue dict;
+  dict.SetString("kty", "oct");
+  dict.SetBoolean("ext", false);
+  dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg==");
+  const blink::WebCryptoAlgorithm aes_cbc_algorithm =
+      webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
+  const blink::WebCryptoAlgorithm hmac_algorithm =
+      webcrypto::CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256);
+  const blink::WebCryptoAlgorithm aes_kw_algorithm =
+      webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
+
+  // Test null usage.
+  base::ListValue* key_ops = new base::ListValue;
+  // Note: the following call makes dict assume ownership of key_ops.
+  dict.Set("key_ops", key_ops);
+  EXPECT_STATUS_SUCCESS(
+      ImportKeyJwkFromDict(dict, aes_cbc_algorithm, false, 0, &key));
+  EXPECT_EQ(0, key.usages());
+
+  // Test each key_ops value translates to the correct Web Crypto value.
+  struct TestCase {
+    const char* jwk_key_op;
+    const char* jwk_alg;
+    const blink::WebCryptoAlgorithm algorithm;
+    const blink::WebCryptoKeyUsage usage;
+  };
+  // TODO(padolph): Add 'deriveBits' key_ops value once it is supported.
+  const TestCase test_case[] = {
+      {"encrypt", "A128CBC", aes_cbc_algorithm,
+       blink::WebCryptoKeyUsageEncrypt},
+      {"decrypt", "A128CBC", aes_cbc_algorithm,
+       blink::WebCryptoKeyUsageDecrypt},
+      {"sign", "HS256", hmac_algorithm, blink::WebCryptoKeyUsageSign},
+      {"verify", "HS256", hmac_algorithm, blink::WebCryptoKeyUsageVerify},
+      {"wrapKey", "A128KW", aes_kw_algorithm, blink::WebCryptoKeyUsageWrapKey},
+      {"unwrapKey", "A128KW", aes_kw_algorithm,
+       blink::WebCryptoKeyUsageUnwrapKey},
+      {"deriveKey", "HS256", hmac_algorithm,
+       blink::WebCryptoKeyUsageDeriveKey}};
+  for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(test_case);
+       ++test_index) {
+    SCOPED_TRACE(test_index);
+    dict.SetString("alg", test_case[test_index].jwk_alg);
+    key_ops->Clear();
+    key_ops->AppendString(test_case[test_index].jwk_key_op);
+    EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict(dict,
+                                               test_case[test_index].algorithm,
+                                               false,
+                                               test_case[test_index].usage,
+                                               &key));
+    EXPECT_EQ(test_case[test_index].usage, key.usages());
+  }
+
+  // Test discrete multiple usages.
+  dict.SetString("alg", "A128CBC");
+  key_ops->Clear();
+  key_ops->AppendString("encrypt");
+  key_ops->AppendString("decrypt");
+  EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict(
+      dict,
+      aes_cbc_algorithm,
+      false,
+      blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt,
+      &key));
+  EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt,
+            key.usages());
+
+  // Test constrained key usage (input usage is a subset of JWK usage).
+  key_ops->Clear();
+  key_ops->AppendString("encrypt");
+  key_ops->AppendString("decrypt");
+  EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict(
+      dict, aes_cbc_algorithm, false, blink::WebCryptoKeyUsageDecrypt, &key));
+  EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt, key.usages());
+
+  // Test failure if input usage is NOT a strict subset of the JWK usage.
+  key_ops->Clear();
+  key_ops->AppendString("encrypt");
+  EXPECT_STATUS(Status::ErrorJwkKeyopsInconsistent(),
+                ImportKeyJwkFromDict(dict,
+                                     aes_cbc_algorithm,
+                                     false,
+                                     blink::WebCryptoKeyUsageEncrypt |
+                                         blink::WebCryptoKeyUsageDecrypt,
+                                     &key));
+
+  // Test 'use' inconsistent with 'key_ops'.
+  dict.SetString("alg", "HS256");
+  dict.SetString("use", "sig");
+  key_ops->AppendString("sign");
+  key_ops->AppendString("verify");
+  key_ops->AppendString("encrypt");
+  EXPECT_STATUS(Status::ErrorJwkUseAndKeyopsInconsistent(),
+                ImportKeyJwkFromDict(dict,
+                                     hmac_algorithm,
+                                     false,
+                                     blink::WebCryptoKeyUsageSign |
+                                         blink::WebCryptoKeyUsageVerify,
+                                     &key));
+
+  // Test JWK composite 'sig' use
+  dict.Remove("key_ops", NULL);
+  dict.SetString("use", "sig");
+  EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict(
+      dict,
+      hmac_algorithm,
+      false,
+      blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
+      &key));
+  EXPECT_EQ(blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
+            key.usages());
+
+  // Test JWK composite use 'enc' usage
+  dict.SetString("alg", "A128CBC");
+  dict.SetString("use", "enc");
+  EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict(
+      dict,
+      aes_cbc_algorithm,
+      false,
+      blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt |
+          blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey |
+          blink::WebCryptoKeyUsageDeriveKey,
+      &key));
+  EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt |
+                blink::WebCryptoKeyUsageWrapKey |
+                blink::WebCryptoKeyUsageUnwrapKey |
+                blink::WebCryptoKeyUsageDeriveKey,
+            key.usages());
+}
+
 TEST_F(SharedCryptoTest, ImportJwkFailures) {
-
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   blink::WebCryptoAlgorithm algorithm =
       CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
   blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt;
 
   // Baseline pass: each test below breaks a single item, so we start with a
   // passing case to make sure each failure is caused by the isolated break.
   // Each breaking subtest below resets the dictionary to this passing case when
   // complete.
   base::DictionaryValue dict;
@@ skipping 47 matching lines @@
   RestoreJwkOctDictionary(&dict);
 
   // Fail on kty wrong type.
   dict.SetDouble("kty", 0.1);
   EXPECT_STATUS(Status::ErrorJwkPropertyWrongType("kty", "string"),
                 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
   RestoreJwkOctDictionary(&dict);
 
   // Fail on invalid use.
   dict.SetString("use", "foo");
-  EXPECT_STATUS(Status::ErrorJwkUnrecognizedUsage(),
+  EXPECT_STATUS(Status::ErrorJwkUnrecognizedUse(),
                 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
   RestoreJwkOctDictionary(&dict);
 
   // Fail on invalid use (wrong type).
   dict.SetBoolean("use", true);
   EXPECT_STATUS(Status::ErrorJwkPropertyWrongType("use", "string"),
                 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
   RestoreJwkOctDictionary(&dict);
 
   // Fail on invalid extractable (wrong type).
-  dict.SetInteger("extractable", 0);
-  EXPECT_STATUS(Status::ErrorJwkPropertyWrongType("extractable", "boolean"),
+  dict.SetInteger("ext", 0);
+  EXPECT_STATUS(Status::ErrorJwkPropertyWrongType("ext", "boolean"),
+                ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
+  RestoreJwkOctDictionary(&dict);
+
+  // Fail on invalid key_ops (wrong type).
+  dict.SetBoolean("key_ops", true);
+  EXPECT_STATUS(Status::ErrorJwkPropertyWrongType("key_ops", "list"),
+                ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
+  RestoreJwkOctDictionary(&dict);
+
+  // Fail on invalid key_ops (wrong element value).
+  base::ListValue* key_ops = new base::ListValue;
+  // Note: the following call makes dict assume ownership of key_ops.
+  dict.Set("key_ops", key_ops);
+  key_ops->AppendString("foo");
+  EXPECT_STATUS(Status::ErrorJwkUnrecognizedKeyop(),
                 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
   RestoreJwkOctDictionary(&dict);
 }
 
 TEST_F(SharedCryptoTest, ImportJwkOctFailures) {
-
   base::DictionaryValue dict;
   RestoreJwkOctDictionary(&dict);
   blink::WebCryptoAlgorithm algorithm =
       CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
   blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt;
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
 
   // Baseline pass.
   EXPECT_STATUS_SUCCESS(
       ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
@@ skipping 31 matching lines @@
 
   // Fail on k actual length (192 bits) inconsistent with the embedded JWK alg
   // value (128) for an AES key.
   dict.SetString("k", "dGhpcyAgaXMgIDI0ICBieXRlcyBsb25n");
   EXPECT_STATUS(Status::ErrorJwkIncorrectKeyLength(),
                 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
   RestoreJwkOctDictionary(&dict);
 }
 
 TEST_F(SharedCryptoTest, MAYBE(ImportJwkRsaFailures)) {
-
   base::DictionaryValue dict;
   RestoreJwkRsaDictionary(&dict);
   blink::WebCryptoAlgorithm algorithm =
       CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
   blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt;
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
 
   // An RSA public key JWK _must_ have an "n" (modulus) and an "e" (exponent)
   // entry, while an RSA private key must have those plus at least a "d"
   // (private exponent) entry.
   // See http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-18,
   // section 6.3.
 
   // Baseline pass.
   EXPECT_STATUS_SUCCESS(
       ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
   EXPECT_EQ(algorithm.id(), key.algorithm().id());
   EXPECT_FALSE(key.extractable());
   EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());
   EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type());
 
   // The following are specific failure cases for when kty = "RSA".
 
   // Fail if either "n" or "e" is not present or malformed.
   const std::string kKtyParmName[] = {"n", "e"};
   for (size_t idx = 0; idx < ARRAYSIZE_UNSAFE(kKtyParmName); ++idx) {
-
     // Fail on missing parameter.
     dict.Remove(kKtyParmName[idx], NULL);
     EXPECT_STATUS_ERROR(
         ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
     RestoreJwkRsaDictionary(&dict);
 
     // Fail on bad b64 parameter encoding.
     dict.SetString(kKtyParmName[idx], "Qk3f0DsytU8lfza2au #$% Htaw2xpop9yTuH0");
     EXPECT_STATUS_ERROR(
         ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
@@ skipping 39 matching lines @@
   EXPECT_EQ(blink::WebCryptoKeyUsageVerify, key.usages());
   key = blink::WebCryptoKey::createNull();
 
   // Consistency rules when JWK value exists: Fail if inconsistency is found.
 
   // Pass: All input values are consistent with the JWK values.
   dict.Clear();
   dict.SetString("kty", "oct");
   dict.SetString("alg", "HS256");
   dict.SetString("use", "sig");
-  dict.SetBoolean("extractable", false);
+  dict.SetBoolean("ext", false);
   dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
   json_vec = MakeJsonVector(dict);
   EXPECT_STATUS_SUCCESS(ImportKeyJwk(
       CryptoData(json_vec), algorithm, extractable, usage_mask, &key));
 
   // Extractable cases:
   // 1. input=T, JWK=F ==> fail (inconsistent)
   // 4. input=F, JWK=F ==> pass, result extractable is F
   // 2. input=T, JWK=T ==> pass, result extractable is T
   // 3. input=F, JWK=T ==> pass, result extractable is F
   EXPECT_STATUS(
-      Status::ErrorJwkExtractableInconsistent(),
+      Status::ErrorJwkExtInconsistent(),
       ImportKeyJwk(CryptoData(json_vec), algorithm, true, usage_mask, &key));
   EXPECT_STATUS_SUCCESS(
       ImportKeyJwk(CryptoData(json_vec), algorithm, false, usage_mask, &key));
   EXPECT_FALSE(key.extractable());
-  dict.SetBoolean("extractable", true);
+  dict.SetBoolean("ext", true);
   EXPECT_STATUS_SUCCESS(
       ImportKeyJwkFromDict(dict, algorithm, true, usage_mask, &key));
   EXPECT_TRUE(key.extractable());
   EXPECT_STATUS_SUCCESS(
       ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
   EXPECT_FALSE(key.extractable());
-  dict.SetBoolean("extractable", true);  // restore previous value
+  dict.SetBoolean("ext", true);  // restore previous value
 
   // Fail: Input algorithm (AES-CBC) is inconsistent with JWK value
   // (HMAC SHA256).
   EXPECT_STATUS(Status::ErrorJwkAlgorithmInconsistent(),
                 ImportKeyJwk(CryptoData(json_vec),
                              CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
                              extractable,
                              usage_mask,
                              &key));
 
@@ skipping 21 matching lines @@
       dict,
       CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256),
       extractable,
       usage_mask,
       &key));
   EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id());
   dict.SetString("alg", "HS256");
 
   // Fail: Input usage_mask (encrypt) is not a subset of the JWK value
   // (sign|verify)
-  EXPECT_STATUS(Status::ErrorJwkUsageInconsistent(),
+  EXPECT_STATUS(Status::ErrorJwkUseInconsistent(),
                 ImportKeyJwk(CryptoData(json_vec),
                              algorithm,
                              extractable,
                              blink::WebCryptoKeyUsageEncrypt,
                              &key));
 
   // Fail: Input usage_mask (encrypt|sign|verify) is not a subset of the JWK
   // value (sign|verify)
   usage_mask = blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageSign |
                blink::WebCryptoKeyUsageVerify;
   EXPECT_STATUS(
-      Status::ErrorJwkUsageInconsistent(),
+      Status::ErrorJwkUseInconsistent(),
       ImportKeyJwk(
           CryptoData(json_vec), algorithm, extractable, usage_mask, &key));
 
   // TODO(padolph): kty vs alg consistency tests: Depending on the kty value,
   // only certain alg values are permitted. For example, when kty = "RSA" alg
   // must be of the RSA family, or when kty = "oct" alg must be symmetric
   // algorithm.
+
+  // TODO(padolph): key_ops consistency tests
 }
 
 TEST_F(SharedCryptoTest, MAYBE(ImportJwkHappy)) {
-
   // This test verifies the happy path of JWK import, including the application
   // of the imported key material.
 
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   bool extractable = false;
   blink::WebCryptoAlgorithm algorithm =
       CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256);
   blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageSign;
 
   // Import a symmetric key JWK and HMAC-SHA256 sign()
   // Uses the first SHA256 test vector from the HMAC sample set above.
 
   base::DictionaryValue dict;
   dict.SetString("kty", "oct");
   dict.SetString("alg", "HS256");
   dict.SetString("use", "sig");
-  dict.SetBoolean("extractable", false);
+  dict.SetBoolean("ext", false);
   dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
 
   ASSERT_STATUS_SUCCESS(
       ImportKeyJwkFromDict(dict, algorithm, extractable, usage_mask, &key));
 
   EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
             key.algorithm().hmacParams()->hash().id());
 
   const std::vector<uint8> message_raw = HexStringToBytes(
       "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a"
       "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92"
       "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f"
       "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e");
 
   blink::WebArrayBuffer output;
 
   ASSERT_STATUS_SUCCESS(Sign(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac),
                              key,
                              CryptoData(message_raw),
                              &output));
 
   const std::string mac_raw =
       "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b";
 
   ExpectArrayBufferMatchesHex(mac_raw, output);
 
   // TODO(padolph): Import an RSA public key JWK and use it
 }
 
+TEST_F(SharedCryptoTest, MAYBE(ImportExportJwkSymmetricKey)) {
+  // Raw keys are generated by openssl:
+  // % openssl rand -hex <key length bytes>
+  const char* const key_hex_128 = "3f1e7cd4f6f8543f6b1e16002e688623";
+  const char* const key_hex_192 =
+      "ed91f916dc034eba68a0f9e7f34ddd48b98bd2848109e243";
+  const char* const key_hex_256 =
+      "bd08286b81a74783fd1ccf46b7e05af84ee25ae021210074159e0c4d9d907692";
+  const char* const key_hex_384 =
+      "a22c5441c8b185602283d64c7221de1d0951e706bfc09539435ec0e0ed614e1d406623f2"
+      "b31d31819fec30993380dd82";
+  const char* const key_hex_512 =
+      "5834f639000d4cf82de124fbfd26fb88d463e99f839a76ba41ac88967c80a3f61e1239a4"
+      "52e573dba0750e988152988576efd75b8d0229b7aca2ada2afd392ee";
+  const blink::WebCryptoAlgorithm aes_cbc_alg =
+      webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
+  const blink::WebCryptoAlgorithm aes_gcm_alg =
+      webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm);
+  const blink::WebCryptoAlgorithm aes_kw_alg =
+      webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
+  const blink::WebCryptoAlgorithm hmac_sha_1_alg =
+      webcrypto::CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1);
+  const blink::WebCryptoAlgorithm hmac_sha_256_alg =
+      webcrypto::CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256);
+  const blink::WebCryptoAlgorithm hmac_sha_384_alg =
+      webcrypto::CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha384);
+  const blink::WebCryptoAlgorithm hmac_sha_512_alg =
+      webcrypto::CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha512);
+
+  struct TestCase {
+    const char* const key_hex;
+    const blink::WebCryptoAlgorithm algorithm;
+    const blink::WebCryptoKeyUsageMask usage;
+    const char* const jwk_alg;
+  };
+
+  // TODO(padolph): Test AES-CTR JWK export, once AES-CTR import works.
+  const TestCase kTests[] = {
+      // AES-CBC 128
+      {key_hex_128, aes_cbc_alg,
+       blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt,
+       "A128CBC"},
+      // AES-CBC 192
+      {key_hex_192, aes_cbc_alg, blink::WebCryptoKeyUsageEncrypt, "A192CBC"},
+      // AES-CBC 256
+      {key_hex_256, aes_cbc_alg, blink::WebCryptoKeyUsageDecrypt, "A256CBC"},
+      // AES-GCM 128
+      {key_hex_128, aes_gcm_alg,
+       blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt,
+       "A128GCM"},
+      // AES-CGM 192
+      {key_hex_192, aes_gcm_alg, blink::WebCryptoKeyUsageEncrypt, "A192GCM"},
+      // AES-GCM 256
+      {key_hex_256, aes_gcm_alg, blink::WebCryptoKeyUsageDecrypt, "A256GCM"},
+      // AES-KW 128
+      {key_hex_128, aes_kw_alg,
+       blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey,
+       "A128KW"},
+      // AES-KW 192
+      {key_hex_192, aes_kw_alg,
+       blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey,
+       "A192KW"},
+      // AES-KW 256
+      {key_hex_256, aes_kw_alg,
+       blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey,
+       "A256KW"},
+      // HMAC SHA-1
+      {key_hex_256, hmac_sha_1_alg,
+       blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify, "HS1"},
+      // HMAC SHA-384
+      {key_hex_384, hmac_sha_384_alg, blink::WebCryptoKeyUsageSign, "HS384"},
+      // HMAC SHA-512
+      {key_hex_512, hmac_sha_512_alg, blink::WebCryptoKeyUsageVerify, "HS512"},
+      // Large usage value
+      {key_hex_256, aes_cbc_alg,
+       blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt |
+           blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey,
+       "A256CBC"},
+      // Zero usage value
+      {key_hex_512, hmac_sha_512_alg, 0, "HS512"}, };
+
+  // Round-trip import/export each key.
+
+  blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+  blink::WebArrayBuffer json;
+  for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(kTests);
+       ++test_index) {
+    SCOPED_TRACE(test_index);
+    const TestCase& test = kTests[test_index];
+
+    // Skip AES-GCM tests where not supported.
+    if (test.algorithm.id() == blink::WebCryptoAlgorithmIdAesGcm &&
+        !SupportsAesGcm()) {
+      continue;
+    }
+
+    // Import a raw key.
+    key = ImportSecretKeyFromRaw(
+        HexStringToBytes(test.key_hex), test.algorithm, test.usage);
+
+    // Export the key in JWK format and validate.
+    ASSERT_STATUS_SUCCESS(ExportKeyJwk(key, &json));
+    EXPECT_TRUE(
+        VerifySymmetricJwk(json, test.jwk_alg, test.key_hex, test.usage));
+
+    // Import the JWK-formatted key.
+    ASSERT_STATUS_SUCCESS(
+        ImportKeyJwk(CryptoData(json), test.algorithm, true, test.usage, &key));
+    EXPECT_TRUE(key.handle());
+    EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
+    EXPECT_EQ(test.algorithm.id(), key.algorithm().id());
+    EXPECT_EQ(true, key.extractable());
+    EXPECT_EQ(test.usage, key.usages());
+
+    // Export the key in raw format and compare to the original.
+    blink::WebArrayBuffer key_raw_out;
+    ASSERT_STATUS_SUCCESS(
+        ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out));
+    ExpectArrayBufferMatchesHex(test.key_hex, key_raw_out);
+  }
+}
+
 TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) {
   // Passing case: Import a valid RSA key in SPKI format.
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   ASSERT_STATUS_SUCCESS(
       ImportKey(blink::WebCryptoKeyFormatSpki,
                 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)),
                 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5),
                 true,
                 blink::WebCryptoKeyUsageEncrypt,
                 &key));
@@ skipping 1179 matching lines @@
                           wrapping_algorithm,
                           key_algorithm,
                           true,
                           blink::WebCryptoKeyUsageSign,
                           &unwrapped_key));
 }
 
 }  // namespace webcrypto
 
 }  // namespace content