[refactor] Split up a large (5k lines) unit-test into multiple files.

content/child/webcrypto/test/hmac_unittest.cc

+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/logging.h"
+#include "base/stl_util.h"
+#include "content/child/webcrypto/algorithm_dispatch.h"
+#include "content/child/webcrypto/crypto_data.h"
+#include "content/child/webcrypto/status.h"
+#include "content/child/webcrypto/test/test_helpers.h"
+#include "content/child/webcrypto/webcrypto_util.h"
+#include "testing/gtest/include/gtest/gtest.h"
+#include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
+#include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
+
+namespace content {
+
+namespace webcrypto {
+
+namespace {
+
+// Creates an HMAC algorithm whose parameters struct is compatible with key
+// generation. It is an error to call this with a hash_id that is not a SHA*.
+// The key_length_bits parameter is optional, with zero meaning unspecified.
+blink::WebCryptoAlgorithm CreateHmacKeyGenAlgorithm(
+    blink::WebCryptoAlgorithmId hash_id,
+    unsigned int key_length_bits) {
+  DCHECK(blink::WebCryptoAlgorithm::isHash(hash_id));
+  // key_length_bytes == 0 means unspecified
+  return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
+      blink::WebCryptoAlgorithmIdHmac,
+      new blink::WebCryptoHmacKeyGenParams(
+          CreateAlgorithm(hash_id), (key_length_bits != 0), key_length_bits));
+}
+
+TEST(WebCryptoHmacTest, HMACSampleSets) {
+  scoped_ptr<base::ListValue> tests;
+  ASSERT_TRUE(ReadJsonTestFileToList("hmac.json", &tests));
+  // TODO(padolph): Missing known answer tests for HMAC SHA384, and SHA512.
+  for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) {
+    SCOPED_TRACE(test_index);
+    base::DictionaryValue* test;
+    ASSERT_TRUE(tests->GetDictionary(test_index, &test));
+
+    blink::WebCryptoAlgorithm test_hash = GetDigestAlgorithm(test, "hash");
+    const std::vector<uint8_t> test_key = GetBytesFromHexString(test, "key");
+    const std::vector<uint8_t> test_message =
+        GetBytesFromHexString(test, "message");
+    const std::vector<uint8_t> test_mac = GetBytesFromHexString(test, "mac");
+
+    blink::WebCryptoAlgorithm algorithm =
+        CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac);
+
+    blink::WebCryptoAlgorithm import_algorithm =
+        CreateHmacImportAlgorithm(test_hash.id());
+
+    blink::WebCryptoKey key = ImportSecretKeyFromRaw(
+        test_key,
+        import_algorithm,
+        blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify);
+
+    EXPECT_EQ(test_hash.id(), key.algorithm().hmacParams()->hash().id());
+    EXPECT_EQ(test_key.size() * 8, key.algorithm().hmacParams()->lengthBits());
+
+    // Verify exported raw key is identical to the imported data
+    std::vector<uint8_t> raw_key;
+    EXPECT_EQ(Status::Success(),
+              ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
+    EXPECT_BYTES_EQ(test_key, raw_key);
+
+    std::vector<uint8_t> output;
+
+    ASSERT_EQ(Status::Success(),
+              Sign(algorithm, key, CryptoData(test_message), &output));
+
+    EXPECT_BYTES_EQ(test_mac, output);
+
+    bool signature_match = false;
+    EXPECT_EQ(Status::Success(),
+              Verify(algorithm,
+                     key,
+                     CryptoData(output),
+                     CryptoData(test_message),
+                     &signature_match));
+    EXPECT_TRUE(signature_match);
+
+    // Ensure truncated signature does not verify by passing one less byte.
+    EXPECT_EQ(Status::Success(),
+              Verify(algorithm,
+                     key,
+                     CryptoData(vector_as_array(&output), output.size() - 1),
+                     CryptoData(test_message),
+                     &signature_match));
+    EXPECT_FALSE(signature_match);
+
+    // Ensure truncated signature does not verify by passing no bytes.
+    EXPECT_EQ(Status::Success(),
+              Verify(algorithm,
+                     key,
+                     CryptoData(),
+                     CryptoData(test_message),
+                     &signature_match));
+    EXPECT_FALSE(signature_match);
+
+    // Ensure extra long signature does not cause issues and fails.
+    const unsigned char kLongSignature[1024] = {0};
+    EXPECT_EQ(Status::Success(),
+              Verify(algorithm,
+                     key,
+                     CryptoData(kLongSignature, sizeof(kLongSignature)),
+                     CryptoData(test_message),
+                     &signature_match));
+    EXPECT_FALSE(signature_match);
+  }
+}
+
+TEST(WebCryptoHmacTest, GenerateKeyIsRandom) {
+  // Generate a small sample of HMAC keys.
+  std::vector<std::vector<uint8_t> > keys;
+  for (int i = 0; i < 16; ++i) {
+    std::vector<uint8_t> key_bytes;
+    blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+    blink::WebCryptoAlgorithm algorithm =
+        CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 512);
+    ASSERT_EQ(Status::Success(), GenerateSecretKey(algorithm, true, 0, &key));
+    EXPECT_FALSE(key.isNull());
+    EXPECT_TRUE(key.handle());
+    EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
+    EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());
+    EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
+              key.algorithm().hmacParams()->hash().id());
+    EXPECT_EQ(512u, key.algorithm().hmacParams()->lengthBits());
+
+    std::vector<uint8_t> raw_key;
+    ASSERT_EQ(Status::Success(),
+              ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
+    EXPECT_EQ(64U, raw_key.size());
+    keys.push_back(raw_key);
+  }
+  // Ensure all entries in the key sample set are unique. This is a simplistic
+  // estimate of whether the generated keys appear random.
+  EXPECT_FALSE(CopiesExist(keys));
+}
+
+// If the key length is not provided, then the block size is used.
+TEST(WebCryptoHmacTest, GenerateKeyNoLengthSha1) {
+  blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+  blink::WebCryptoAlgorithm algorithm =
+      CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 0);
+  ASSERT_EQ(Status::Success(), GenerateSecretKey(algorithm, true, 0, &key));
+  EXPECT_TRUE(key.handle());
+  EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
+  EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());
+  EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
+            key.algorithm().hmacParams()->hash().id());
+  EXPECT_EQ(512u, key.algorithm().hmacParams()->lengthBits());
+  std::vector<uint8_t> raw_key;
+  ASSERT_EQ(Status::Success(),
+            ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
+  EXPECT_EQ(64U, raw_key.size());
+}
+
+// If the key length is not provided, then the block size is used.
+TEST(WebCryptoHmacTest, GenerateKeyNoLengthSha512) {
+  blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+  blink::WebCryptoAlgorithm algorithm =
+      CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha512, 0);
+  ASSERT_EQ(Status::Success(), GenerateSecretKey(algorithm, true, 0, &key));
+  EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());
+  EXPECT_EQ(blink::WebCryptoAlgorithmIdSha512,
+            key.algorithm().hmacParams()->hash().id());
+  EXPECT_EQ(1024u, key.algorithm().hmacParams()->lengthBits());
+  std::vector<uint8_t> raw_key;
+  ASSERT_EQ(Status::Success(),
+            ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
+  EXPECT_EQ(128U, raw_key.size());
+}
+
+TEST(WebCryptoHmacTest, ImportKeyJwkKeyOpsSignVerify) {
+  blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+  base::DictionaryValue dict;
+  dict.SetString("kty", "oct");
+  dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg==");
+  base::ListValue* key_ops = new base::ListValue;
+  dict.Set("key_ops", key_ops);  // Takes ownership.
+
+  key_ops->AppendString("sign");
+
+  EXPECT_EQ(Status::Success(),
+            ImportKeyJwkFromDict(
+                dict,
+                CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256),
+                false,
+                blink::WebCryptoKeyUsageSign,
+                &key));
+
+  EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages());
+
+  key_ops->AppendString("verify");
+
+  EXPECT_EQ(Status::Success(),
+            ImportKeyJwkFromDict(
+                dict,
+                CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256),
+                false,
+                blink::WebCryptoKeyUsageVerify,
+                &key));
+
+  EXPECT_EQ(blink::WebCryptoKeyUsageVerify, key.usages());
+}
+
+// Test 'use' inconsistent with 'key_ops'.
+TEST(WebCryptoHmacTest, ImportKeyJwkUseInconsisteWithKeyOps) {
+  blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+  base::DictionaryValue dict;
+  dict.SetString("kty", "oct");
+  dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg==");
+  base::ListValue* key_ops = new base::ListValue;
+  dict.Set("key_ops", key_ops);  // Takes ownership.
+
+  dict.SetString("alg", "HS256");
+  dict.SetString("use", "sig");
+  key_ops->AppendString("sign");
+  key_ops->AppendString("verify");
+  key_ops->AppendString("encrypt");
+  EXPECT_EQ(Status::ErrorJwkUseAndKeyopsInconsistent(),
+            ImportKeyJwkFromDict(
+                dict,
+                CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256),
+                false,
+                blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
+                &key));
+}
+
+// Test JWK composite 'sig' use
+TEST(WebCryptoHmacTest, ImportKeyJwkUseSig) {
+  blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+  base::DictionaryValue dict;
+  dict.SetString("kty", "oct");
+  dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg==");
+
+  dict.SetString("use", "sig");
+  EXPECT_EQ(Status::Success(),
+            ImportKeyJwkFromDict(
+                dict,
+                CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256),
+                false,
+                blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
+                &key));
+
+  EXPECT_EQ(blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
+            key.usages());
+}
+
+TEST(WebCryptoHmacTest, ImportJwkInputConsistency) {
+  // The Web Crypto spec says that if a JWK value is present, but is
+  // inconsistent with the input value, the operation must fail.
+
+  // Consistency rules when JWK value is not present: Inputs should be used.
+  blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+  bool extractable = false;
+  blink::WebCryptoAlgorithm algorithm =
+      CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256);
+  blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageVerify;
+  base::DictionaryValue dict;
+  dict.SetString("kty", "oct");
+  dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
+  std::vector<uint8_t> json_vec = MakeJsonVector(dict);
+  EXPECT_EQ(Status::Success(),
+            ImportKey(blink::WebCryptoKeyFormatJwk,
+                      CryptoData(json_vec),
+                      algorithm,
+                      extractable,
+                      usage_mask,
+                      &key));
+  EXPECT_TRUE(key.handle());
+  EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
+  EXPECT_EQ(extractable, key.extractable());
+  EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());
+  EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
+            key.algorithm().hmacParams()->hash().id());
+  EXPECT_EQ(320u, key.algorithm().hmacParams()->lengthBits());
+  EXPECT_EQ(blink::WebCryptoKeyUsageVerify, key.usages());
+  key = blink::WebCryptoKey::createNull();
+
+  // Consistency rules when JWK value exists: Fail if inconsistency is found.
+
+  // Pass: All input values are consistent with the JWK values.
+  dict.Clear();
+  dict.SetString("kty", "oct");
+  dict.SetString("alg", "HS256");
+  dict.SetString("use", "sig");
+  dict.SetBoolean("ext", false);
+  dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
+  json_vec = MakeJsonVector(dict);
+  EXPECT_EQ(Status::Success(),
+            ImportKey(blink::WebCryptoKeyFormatJwk,
+                      CryptoData(json_vec),
+                      algorithm,
+                      extractable,
+                      usage_mask,
+                      &key));
+
+  // Extractable cases:
+  // 1. input=T, JWK=F ==> fail (inconsistent)
+  // 4. input=F, JWK=F ==> pass, result extractable is F
+  // 2. input=T, JWK=T ==> pass, result extractable is T
+  // 3. input=F, JWK=T ==> pass, result extractable is F
+  EXPECT_EQ(Status::ErrorJwkExtInconsistent(),
+            ImportKey(blink::WebCryptoKeyFormatJwk,
+                      CryptoData(json_vec),
+                      algorithm,
+                      true,
+                      usage_mask,
+                      &key));
+  EXPECT_EQ(Status::Success(),
+            ImportKey(blink::WebCryptoKeyFormatJwk,
+                      CryptoData(json_vec),
+                      algorithm,
+                      false,
+                      usage_mask,
+                      &key));
+  EXPECT_FALSE(key.extractable());
+  dict.SetBoolean("ext", true);
+  EXPECT_EQ(Status::Success(),
+            ImportKeyJwkFromDict(dict, algorithm, true, usage_mask, &key));
+  EXPECT_TRUE(key.extractable());
+  EXPECT_EQ(Status::Success(),
+            ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
+  EXPECT_FALSE(key.extractable());
+  dict.SetBoolean("ext", true);  // restore previous value
+
+  // Fail: Input algorithm (AES-CBC) is inconsistent with JWK value
+  // (HMAC SHA256).
+  dict.Clear();
+  dict.SetString("kty", "oct");
+  dict.SetString("alg", "HS256");
+  dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
+  EXPECT_EQ(
+      Status::ErrorJwkAlgorithmInconsistent(),
+      ImportKeyJwkFromDict(dict,
+                           CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
+                           extractable,
+                           blink::WebCryptoKeyUsageEncrypt,
+                           &key));
+  // Fail: Input usage (encrypt) is inconsistent with JWK value (use=sig).
+  EXPECT_EQ(Status::ErrorJwkUseInconsistent(),
+            ImportKey(blink::WebCryptoKeyFormatJwk,
+                      CryptoData(json_vec),
+                      CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
+                      extractable,
+                      blink::WebCryptoKeyUsageEncrypt,
+                      &key));
+
+  // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value
+  // (HMAC SHA256).
+  EXPECT_EQ(
+      Status::ErrorJwkAlgorithmInconsistent(),
+      ImportKey(blink::WebCryptoKeyFormatJwk,
+                CryptoData(json_vec),
+                CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1),
+                extractable,
+                usage_mask,
+                &key));
+
+  // Pass: JWK alg missing but input algorithm specified: use input value
+  dict.Remove("alg", NULL);
+  EXPECT_EQ(Status::Success(),
+            ImportKeyJwkFromDict(
+                dict,
+                CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256),
+                extractable,
+                usage_mask,
+                &key));
+  EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id());
+  dict.SetString("alg", "HS256");
+
+  // Fail: Input usage_mask (encrypt) is not a subset of the JWK value
+  // (sign|verify). Moreover "encrypt" is not a valid usage for HMAC.
+  EXPECT_EQ(Status::ErrorCreateKeyBadUsages(),
+            ImportKey(blink::WebCryptoKeyFormatJwk,
+                      CryptoData(json_vec),
+                      algorithm,
+                      extractable,
+                      blink::WebCryptoKeyUsageEncrypt,
+                      &key));
+
+  // Fail: Input usage_mask (encrypt|sign|verify) is not a subset of the JWK
+  // value (sign|verify). Moreover "encrypt" is not a valid usage for HMAC.
+  usage_mask = blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageSign |
+               blink::WebCryptoKeyUsageVerify;
+  EXPECT_EQ(Status::ErrorCreateKeyBadUsages(),
+            ImportKey(blink::WebCryptoKeyFormatJwk,
+                      CryptoData(json_vec),
+                      algorithm,
+                      extractable,
+                      usage_mask,
+                      &key));
+
+  // TODO(padolph): kty vs alg consistency tests: Depending on the kty value,
+  // only certain alg values are permitted. For example, when kty = "RSA" alg
+  // must be of the RSA family, or when kty = "oct" alg must be symmetric
+  // algorithm.
+
+  // TODO(padolph): key_ops consistency tests
+}
+
+TEST(WebCryptoHmacTest, ImportJwkHappy) {
+  // This test verifies the happy path of JWK import, including the application
+  // of the imported key material.
+
+  blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+  bool extractable = false;
+  blink::WebCryptoAlgorithm algorithm =
+      CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256);
+  blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageSign;
+
+  // Import a symmetric key JWK and HMAC-SHA256 sign()
+  // Uses the first SHA256 test vector from the HMAC sample set above.
+
+  base::DictionaryValue dict;
+  dict.SetString("kty", "oct");
+  dict.SetString("alg", "HS256");
+  dict.SetString("use", "sig");
+  dict.SetBoolean("ext", false);
+  dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
+
+  ASSERT_EQ(
+      Status::Success(),
+      ImportKeyJwkFromDict(dict, algorithm, extractable, usage_mask, &key));
+
+  EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
+            key.algorithm().hmacParams()->hash().id());
+
+  const std::vector<uint8_t> message_raw = HexStringToBytes(
+      "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a"
+      "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92"
+      "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f"
+      "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e");
+
+  std::vector<uint8_t> output;
+
+  ASSERT_EQ(Status::Success(),
+            Sign(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac),
+                 key,
+                 CryptoData(message_raw),
+                 &output));
+
+  const std::string mac_raw =
+      "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b";
+
+  EXPECT_BYTES_EQ_HEX(mac_raw, output);
+
+  // TODO(padolph): Import an RSA public key JWK and use it
+}
+
+TEST(WebCryptoHmacTest, ImportExportJwk) {
+  // HMAC SHA-1
+  ImportExportJwkSymmetricKey(
+      256,
+      CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1),
+      blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
+      "HS1");
+
+  // HMAC SHA-384
+  ImportExportJwkSymmetricKey(
+      384,
+      CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha384),
+      blink::WebCryptoKeyUsageSign,
+      "HS384");
+
+  // HMAC SHA-512
+  ImportExportJwkSymmetricKey(
+      512,
+      CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha512),
+      blink::WebCryptoKeyUsageVerify,
+      "HS512");
+
+  // Zero usage value
+  ImportExportJwkSymmetricKey(
+      512,
+      CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha512),
+      0,
+      "HS512");
+}
+
+TEST(WebCryptoHmacTest, ExportJwkEmptyKey) {
+  const blink::WebCryptoAlgorithm import_algorithm =
+      CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1);
+
+  blink::WebCryptoKeyUsageMask usages = blink::WebCryptoKeyUsageSign;
+  blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+
+  // Import a zero-byte HMAC key.
+  const char key_data_hex[] = "";
+  key = ImportSecretKeyFromRaw(
+      HexStringToBytes(key_data_hex), import_algorithm, usages);
+  EXPECT_EQ(0u, key.algorithm().hmacParams()->lengthBits());
+
+  // Export the key in JWK format and validate.
+  std::vector<uint8_t> json;
+  ASSERT_EQ(Status::Success(),
+            ExportKey(blink::WebCryptoKeyFormatJwk, key, &json));
+  EXPECT_TRUE(VerifySecretJwk(json, "HS1", key_data_hex, usages));
+
+  // Now try re-importing the JWK key.
+  key = blink::WebCryptoKey::createNull();
+  EXPECT_EQ(Status::Success(),
+            ImportKey(blink::WebCryptoKeyFormatJwk,
+                      CryptoData(json),
+                      import_algorithm,
+                      true,
+                      usages,
+                      &key));
+
+  EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
+  EXPECT_EQ(0u, key.algorithm().hmacParams()->lengthBits());
+
+  std::vector<uint8_t> exported_key_data;
+  EXPECT_EQ(Status::Success(),
+            ExportKey(blink::WebCryptoKeyFormatRaw, key, &exported_key_data));
+
+  EXPECT_EQ(0u, exported_key_data.size());
+}
+
+}  // namespace
+
+}  // namespace webcrypto
+
+}  // namespace content