WebCrypto: Check that the key can be used for given operation.

LayoutTests/crypto/normalize-algorithm.html

Index: LayoutTests/crypto/normalize-algorithm.html
diff --git a/LayoutTests/crypto/normalize-algorithm.html b/LayoutTests/crypto/normalize-algorithm.html
index 4d6b18c944ac225c75015561aaff6808bc1c03a7..897d80df4091b7a41d6250dfe3a892e8451f2620 100644
--- a/LayoutTests/crypto/normalize-algorithm.html
+++ b/LayoutTests/crypto/normalize-algorithm.html
@@ -12,11 +12,15 @@ description("Tests algorithm normalization.");
 
 jsTestIsAsync = true;
 
+// FIXME: Rename this to crypto-operation.html, since it tests the basic
+//        construction of CryptoOperations.
+
 // -------------------------------
 // Helpers to return a normalized algorithm identifier.
 // -------------------------------
 
-key = null;
+aesCbcKey = null;
+hmacSha1Key = null;
 
 function normalizeDigest(algorithmIdentifier)
 {
@@ -25,12 +29,12 @@ function normalizeDigest(algorithmIdentifier)
 
 function normalizeEncrypt(algorithmIdentifier)
 {
-    return crypto.subtle.encrypt(algorithmIdentifier, key).algorithm;
+    return crypto.subtle.encrypt(algorithmIdentifier, aesCbcKey).algorithm;
 }
 
 function normalizeSign(algorithmIdentifier)
 {
-    return crypto.subtle.sign(algorithmIdentifier, key).algorithm;
+    return crypto.subtle.sign(algorithmIdentifier, hmacSha1Key).algorithm;
 }
 
 function runTests()
@@ -133,13 +137,45 @@ function runTests()
     shouldBe("algorithm.hash.name", "'SHA-1'");
 
     shouldThrow("normalizeEncrypt(validHmacSha1)"); // Not defined for encrypt()
+
+    // -------------------------------
+    // Try using a key for an unsupported operation.
+    // -------------------------------
+    algorithmIdentifier = { name: "aes-cbc", iv: originalIv };
+    shouldThrow("crypto.subtle.encrypt(algorithmIdentifier, aesCbcKeyNoEncrypt)");
+
+    // -------------------------------
+    // Try using an HMAC-SHA1 key for encrypting AES-CBC
+    // -------------------------------
+    algorithmIdentifier = { name: "aes-cbc", iv: originalIv };
+    shouldThrow("crypto.subtle.encrypt(algorithmIdentifier, hmacSha1Key)");
+
+    // -------------------------------
+    // Try using an HMAC-SHA1 key for signing HMAC-SHA256
+    // -------------------------------
+    algorithmIdentifier = {name: 'hmac', hash: {name: 'sha-256'}};
+    shouldThrow("crypto.subtle.sign(algorithmIdentifier, hmacSha1Key)");
 }
 
-function keyImported(newKey)
+function importAesCbcKey(keyUsages)
 {
-    key = newKey;
-    runTests();
-    finishJSTest();
+    var keyFormat = "spki";
+    var data = new Uint8Array([]);
+    var algorithm = {name: "aes-cbc"};
+    var extractable = false;
+
+    return crypto.subtle.importKey(keyFormat, data, algorithm, extractable, keyUsages);
+}
+
+function importHmacSha1Key()
+{
+    var keyFormat = "spki";
+    var data = new Uint8Array([]);
+    var algorithm = {name: 'hmac', hash: {name: 'sha-1'}};
+    var extractable = false;
+    var keyUsages = ['encrypt', 'decrypt', 'sign', 'verify'];
+
+    return crypto.subtle.importKey(keyFormat, data, algorithm, extractable, keyUsages);
 }
 
 function failedKeyImport(value)
@@ -148,14 +184,18 @@ function failedKeyImport(value)
     finishJSTest();
 }
 
-// This is a bogus key import, however the mock constructs something usable.
-keyFormat = "spki";
-data = new Uint8Array([]);
-algorithm = {name: "aes-cbc"};
-extractable = false;
-keyUsages = [];
+// Import two keys before starting the tests: one for AES-CBC, and one for
+// HMAC SHA1.
+Promise.every(importAesCbcKey(['encrypt', 'decrypt', 'sign', 'verify']), importAesCbcKey(['decrypt', 'sign', 'verify']), importHmacSha1Key()).then(function(keys)
+{
+    aesCbcKey = keys[0];
+    aesCbcKeyNoEncrypt = keys[1];
+    hmacSha1Key = keys[2];
+
+    runTests();
+    finishJSTest();
 
-crypto.subtle.importKey(keyFormat, data, algorithm, extractable, keyUsages).then(keyImported, failedKeyImport);
+}, failedKeyImport);
 
 </script>