[webcrypto] Properly fail-fast when importing RSA key as JWK with bad usages.

content/child/webcrypto/test/rsa_ssa_unittest.cc

Index: content/child/webcrypto/test/rsa_ssa_unittest.cc
diff --git a/content/child/webcrypto/test/rsa_ssa_unittest.cc b/content/child/webcrypto/test/rsa_ssa_unittest.cc
index 81f510126b7862b7a06335ee51d88020ed108a95..31f23c1424f93e963c2fa785c1ef5f5a4a3fe90e 100644
--- a/content/child/webcrypto/test/rsa_ssa_unittest.cc
+++ b/content/child/webcrypto/test/rsa_ssa_unittest.cc
@@ -1200,6 +1200,32 @@ TEST(WebCryptoRsaSsaTest, ImportJwkRsaFailures) {
   }
 }
 
+// Try importing an RSA-SSA key from JWK format, having specified both Sign and
+// Verify usage, and an invalid JWK.
+//
+// The test must fail with a usage error BEFORE attempting to read the JWK data.
+// Although both Sign and Verify are valid usages for RSA-SSA keys, it is
+// invalid to have them both at the same time for one key (since Sign applies to
+// private keys, whereas Verify applies to public keys).
+//
+// If the implementation does not fail fast, this test will crash dereferencing
+// invalid memory.
+TEST(WebCryptoRsaSsaTest, ImportRsaSsaJwkBadUsageFailFast) {
+  CryptoData bad_data(NULL, 128);  // Invalid buffer of length 128.
+
+  blink::WebCryptoKey key;
+  ASSERT_EQ(
+      Status::ErrorCreateKeyBadUsages(),
+      ImportKey(blink::WebCryptoKeyFormatJwk,
+                bad_data,
+                CreateRsaHashedImportAlgorithm(
+                    blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
+                    blink::WebCryptoAlgorithmIdSha256),
+                true,
+                blink::WebCryptoKeyUsageVerify | blink::WebCryptoKeyUsageSign,
+                &key));
+}
+
 }  // namespace
 
 }  // namespace webcrypto