[webcrypto] Add error messages for failed operations.

content/renderer/webcrypto/webcrypto_impl_unittest.cc

-// Copyright 2013 The Chromium Authors. All rights reserved.
+// Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/renderer/webcrypto/webcrypto_impl.h"
 
 #include <algorithm>
 #include <string>
 #include <vector>
 
 #include "base/basictypes.h"
@@ skipping 11 matching lines @@
 #include "third_party/WebKit/public/platform/WebCryptoKey.h"
 
 // The OpenSSL implementation of WebCrypto is less complete, so don't run all of
 // the tests: http://crbug.com/267888
 #if defined(USE_OPENSSL)
 #define MAYBE(test_name) DISABLED_##test_name
 #else
 #define MAYBE(test_name) test_name
 #endif
 
+// Helper macros to verify the value of a Status.
+#define EXPECT_STATUS_ERROR(code) EXPECT_FALSE((code).IsSuccess())
+#define EXPECT_STATUS(expected, code) \
+    EXPECT_EQ(expected.ToString(), (code).ToString())
+#define ASSERT_STATUS(expected, code) \
+    ASSERT_EQ(expected.ToString(), (code).ToString())
+#define EXPECT_STATUS_SUCCESS(code) EXPECT_STATUS(Status::Success(), code)
+#define ASSERT_STATUS_SUCCESS(code) ASSERT_STATUS(Status::Success(), code)
+
 namespace content {
 
+using webcrypto::Status;
+
 namespace {
 
 // Returns a slightly modified version of the input vector.
 //
 //  - For non-empty inputs a single bit is inverted.
 //  - For empty inputs, a byte is added.
 std::vector<uint8> Corrupted(const std::vector<uint8>& input) {
   std::vector<uint8> corrupted_data(input);
   if (corrupted_data.empty())
     corrupted_data.push_back(0);
@@ skipping 168 matching lines @@
 class WebCryptoImplTest : public testing::Test {
  protected:
   blink::WebCryptoKey ImportSecretKeyFromRawHexString(
       const std::string& key_hex,
       const blink::WebCryptoAlgorithm& algorithm,
       blink::WebCryptoKeyUsageMask usage) {
     std::vector<uint8> key_raw = HexStringToBytes(key_hex);
 
     blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
     bool extractable = true;
-    EXPECT_TRUE(crypto_.ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
-                                          webcrypto::Uint8VectorStart(key_raw),
-                                          key_raw.size(),
-                                          algorithm,
-                                          extractable,
-                                          usage,
-                                          &key));
+    EXPECT_STATUS_SUCCESS(
+        crypto_.ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
+                                  webcrypto::Uint8VectorStart(key_raw),
+                                  key_raw.size(),
+                                  algorithm,
+                                  extractable,
+                                  usage,
+                                  &key));
 
     EXPECT_FALSE(key.isNull());
     EXPECT_TRUE(key.handle());
     EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
     EXPECT_EQ(algorithm.id(), key.algorithm().id());
     EXPECT_EQ(extractable, key.extractable());
     EXPECT_EQ(usage, key.usages());
     return key;
   }
 
   void ImportRsaKeyPair(
       const std::string& spki_der_hex,
       const std::string& pkcs8_der_hex,
       const blink::WebCryptoAlgorithm& algorithm,
       bool extractable,
       blink::WebCryptoKeyUsageMask usage_mask,
       blink::WebCryptoKey* public_key,
       blink::WebCryptoKey* private_key) {
-    EXPECT_TRUE(ImportKeyInternal(
+    EXPECT_STATUS_SUCCESS(ImportKeyInternal(
         blink::WebCryptoKeyFormatSpki,
         HexStringToBytes(spki_der_hex),
         algorithm,
         true,
         usage_mask,
         public_key));
     EXPECT_FALSE(public_key->isNull());
     EXPECT_TRUE(public_key->handle());
     EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key->type());
     EXPECT_EQ(algorithm.id(), public_key->algorithm().id());
     EXPECT_EQ(extractable, extractable);
     EXPECT_EQ(usage_mask, public_key->usages());
 
-    EXPECT_TRUE(ImportKeyInternal(
+    EXPECT_STATUS_SUCCESS(ImportKeyInternal(
         blink::WebCryptoKeyFormatPkcs8,
         HexStringToBytes(pkcs8_der_hex),
         algorithm,
         extractable,
         usage_mask,
         private_key));
     EXPECT_FALSE(private_key->isNull());
     EXPECT_TRUE(private_key->handle());
     EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key->type());
     EXPECT_EQ(algorithm.id(), private_key->algorithm().id());
     EXPECT_EQ(extractable, extractable);
     EXPECT_EQ(usage_mask, private_key->usages());
   }
 
   // TODO(eroman): For Linux builds using system NSS, AES-GCM support is a
   // runtime dependency. Test it by trying to import a key.
   bool SupportsAesGcm() {
     std::vector<uint8> key_raw(16, 0);
 
     blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
-    return crypto_.ImportKeyInternal(
+    Status status = crypto_.ImportKeyInternal(
         blink::WebCryptoKeyFormatRaw,
         webcrypto::Uint8VectorStart(key_raw),
         key_raw.size(),
         webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm),
         true,
         blink::WebCryptoKeyUsageEncrypt,
         &key);
+
+    if (status.IsError()) {
+      EXPECT_EQ(Status::ErrorUnsupported().ToString(), status.ToString());
+    }
+    return status.IsSuccess();
+
   }
 
-  bool AesGcmEncrypt(const blink::WebCryptoKey& key,
-                     const std::vector<uint8>& iv,
-                     const std::vector<uint8>& additional_data,
-                     unsigned tag_length_bits,
-                     const std::vector<uint8>& plain_text,
-                     std::vector<uint8>* cipher_text,
-                     std::vector<uint8>* authentication_tag) {
+  Status AesGcmEncrypt(const blink::WebCryptoKey& key,
+                       const std::vector<uint8>& iv,
+                       const std::vector<uint8>& additional_data,
+                       unsigned tag_length_bits,
+                       const std::vector<uint8>& plain_text,
+                       std::vector<uint8>* cipher_text,
+                       std::vector<uint8>* authentication_tag) {
     blink::WebCryptoAlgorithm algorithm = CreateAesGcmAlgorithm(
         iv, additional_data, tag_length_bits);
 
     blink::WebArrayBuffer output;
-    if (!EncryptInternal(algorithm, key, plain_text, &output))
-      return false;
+    Status status = EncryptInternal(algorithm, key, plain_text, &output);
+    if (status.IsError()) {
+      return status;
+    }
 
     if (output.byteLength() * 8 < tag_length_bits) {
       EXPECT_TRUE(false);
-      return false;
+      return Status::Error();
     }
 
     // The encryption result is cipher text with authentication tag appended.
     cipher_text->assign(
         static_cast<uint8*>(output.data()),
         static_cast<uint8*>(output.data()) +
             (output.byteLength() - tag_length_bits / 8));
     authentication_tag->assign(
         static_cast<uint8*>(output.data()) + cipher_text->size(),
         static_cast<uint8*>(output.data()) + output.byteLength());
 
-    return true;
+    return Status::Success();
   }
 
-  bool AesGcmDecrypt(const blink::WebCryptoKey& key,
-                     const std::vector<uint8>& iv,
-                     const std::vector<uint8>& additional_data,
-                     unsigned tag_length_bits,
-                     const std::vector<uint8>& cipher_text,
-                     const std::vector<uint8>& authentication_tag,
-                     blink::WebArrayBuffer* plain_text) {
+  Status AesGcmDecrypt(const blink::WebCryptoKey& key,
+                       const std::vector<uint8>& iv,
+                       const std::vector<uint8>& additional_data,
+                       unsigned tag_length_bits,
+                       const std::vector<uint8>& cipher_text,
+                       const std::vector<uint8>& authentication_tag,
+                       blink::WebArrayBuffer* plain_text) {
     blink::WebCryptoAlgorithm algorithm = CreateAesGcmAlgorithm(
         iv, additional_data, tag_length_bits);
 
     // Join cipher text and authentication tag.
     std::vector<uint8> cipher_text_with_tag;
     cipher_text_with_tag.reserve(
         cipher_text.size() + authentication_tag.size());
     cipher_text_with_tag.insert(
         cipher_text_with_tag.end(), cipher_text.begin(), cipher_text.end());
     cipher_text_with_tag.insert(
         cipher_text_with_tag.end(), authentication_tag.begin(),
         authentication_tag.end());
 
     return DecryptInternal(algorithm, key, cipher_text_with_tag, plain_text);
   }
 
   // Forwarding methods to gain access to protected methods of
   // WebCryptoImpl.
 
-  bool DigestInternal(
+  Status DigestInternal(
       const blink::WebCryptoAlgorithm& algorithm,
       const std::vector<uint8>& data,
       blink::WebArrayBuffer* buffer) {
     return crypto_.DigestInternal(
         algorithm, webcrypto::Uint8VectorStart(data), data.size(), buffer);
   }
 
-  bool GenerateKeyInternal(
+  Status GenerateKeyInternal(
       const blink::WebCryptoAlgorithm& algorithm,
       blink::WebCryptoKey* key) {
     bool extractable = true;
     blink::WebCryptoKeyUsageMask usage_mask = 0;
-    return crypto_.GenerateKeyInternal(algorithm, extractable, usage_mask, key);
+    return crypto_.GenerateKeyInternal(
+        algorithm, extractable, usage_mask, key);
   }
 
-  bool GenerateKeyPairInternal(
+  Status GenerateKeyPairInternal(
       const blink::WebCryptoAlgorithm& algorithm,
       bool extractable,
       blink::WebCryptoKeyUsageMask usage_mask,
       blink::WebCryptoKey* public_key,
       blink::WebCryptoKey* private_key) {
     return crypto_.GenerateKeyPairInternal(
         algorithm, extractable, usage_mask, public_key, private_key);
   }
 
-  bool ImportKeyInternal(
+  Status ImportKeyInternal(
       blink::WebCryptoKeyFormat format,
       const std::vector<uint8>& key_data,
       const blink::WebCryptoAlgorithm& algorithm,
       bool extractable,
       blink::WebCryptoKeyUsageMask usage_mask,
       blink::WebCryptoKey* key) {
     return crypto_.ImportKeyInternal(format,
                                      webcrypto::Uint8VectorStart(key_data),
                                      key_data.size(),
                                      algorithm,
                                      extractable,
                                      usage_mask,
                                      key);
   }
 
-  bool ExportKeyInternal(
+  Status ExportKeyInternal(
       blink::WebCryptoKeyFormat format,
       const blink::WebCryptoKey& key,
       blink::WebArrayBuffer* buffer) {
     return crypto_.ExportKeyInternal(format, key, buffer);
   }
 
-  bool SignInternal(
+  Status SignInternal(
       const blink::WebCryptoAlgorithm& algorithm,
       const blink::WebCryptoKey& key,
       const std::vector<uint8>& data,
       blink::WebArrayBuffer* buffer) {
     return crypto_.SignInternal(
         algorithm, key, webcrypto::Uint8VectorStart(data), data.size(), buffer);
   }
 
-  bool VerifySignatureInternal(
+  Status VerifySignatureInternal(
       const blink::WebCryptoAlgorithm& algorithm,
       const blink::WebCryptoKey& key,
       const unsigned char* signature,
       unsigned signature_size,
       const std::vector<uint8>& data,
       bool* signature_match) {
     return crypto_.VerifySignatureInternal(algorithm,
                                            key,
                                            signature,
                                            signature_size,
                                            webcrypto::Uint8VectorStart(data),
                                            data.size(),
                                            signature_match);
   }
 
-  bool VerifySignatureInternal(
+  Status VerifySignatureInternal(
       const blink::WebCryptoAlgorithm& algorithm,
       const blink::WebCryptoKey& key,
       const std::vector<uint8>& signature,
       const std::vector<uint8>& data,
       bool* signature_match) {
     return crypto_.VerifySignatureInternal(
         algorithm,
         key,
         webcrypto::Uint8VectorStart(signature),
         signature.size(),
         webcrypto::Uint8VectorStart(data),
         data.size(),
         signature_match);
   }
 
-  bool EncryptInternal(
+  Status EncryptInternal(
       const blink::WebCryptoAlgorithm& algorithm,
       const blink::WebCryptoKey& key,
       const unsigned char* data,
       unsigned data_size,
       blink::WebArrayBuffer* buffer) {
     return crypto_.EncryptInternal(algorithm, key, data, data_size, buffer);
   }
 
-  bool EncryptInternal(
+  Status EncryptInternal(
       const blink::WebCryptoAlgorithm& algorithm,
       const blink::WebCryptoKey& key,
       const std::vector<uint8>& data,
       blink::WebArrayBuffer* buffer) {
     return crypto_.EncryptInternal(
         algorithm, key, webcrypto::Uint8VectorStart(data), data.size(), buffer);
   }
 
-  bool DecryptInternal(
+  Status DecryptInternal(
       const blink::WebCryptoAlgorithm& algorithm,
       const blink::WebCryptoKey& key,
       const unsigned char* data,
       unsigned data_size,
       blink::WebArrayBuffer* buffer) {
     return crypto_.DecryptInternal(algorithm, key, data, data_size, buffer);
   }
 
-  bool DecryptInternal(
+  Status DecryptInternal(
       const blink::WebCryptoAlgorithm& algorithm,
       const blink::WebCryptoKey& key,
       const std::vector<uint8>& data,
       blink::WebArrayBuffer* buffer) {
     return crypto_.DecryptInternal(
         algorithm, key, webcrypto::Uint8VectorStart(data), data.size(), buffer);
   }
 
-  bool ImportKeyJwk(
+  Status ImportKeyJwk(
       const std::vector<uint8>& key_data,
       const blink::WebCryptoAlgorithm& algorithm,
       bool extractable,
       blink::WebCryptoKeyUsageMask usage_mask,
       blink::WebCryptoKey* key) {
     return crypto_.ImportKeyJwk(webcrypto::Uint8VectorStart(key_data),
                                 key_data.size(),
                                 algorithm,
                                 extractable,
                                 usage_mask,
                                 key);
   }
 
  private:
   WebCryptoImpl crypto_;
 };
 
+TEST_F(WebCryptoImplTest, StatusToString) {
+  EXPECT_EQ("Success", Status::Success().ToString());
+  EXPECT_EQ("", Status::Error().ToString());
+  EXPECT_EQ("The requested operation is unsupported",
+            Status::ErrorUnsupported().ToString());
+}
+
 TEST_F(WebCryptoImplTest, DigestSampleSets) {
   // The results are stored here in hex format for readability.
   //
   // TODO(bryaneyler): Eventually, all these sample test sets should be replaced
   // with the sets here: http://csrc.nist.gov/groups/STM/cavp/index.html#03
   //
   // Results were generated using the command sha{1,224,256,384,512}sum.
   struct TestCase {
     blink::WebCryptoAlgorithmId algorithm;
     const std::string hex_input;
@@ skipping 57 matching lines @@
   for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(kTests);
        ++test_index) {
     SCOPED_TRACE(test_index);
     const TestCase& test = kTests[test_index];
 
     blink::WebCryptoAlgorithm algorithm =
         webcrypto::CreateAlgorithm(test.algorithm);
     std::vector<uint8> input = HexStringToBytes(test.hex_input);
 
     blink::WebArrayBuffer output;
-    ASSERT_TRUE(DigestInternal(algorithm, input, &output));
+    ASSERT_STATUS_SUCCESS(DigestInternal(algorithm, input, &output));
     ExpectArrayBufferMatchesHex(test.hex_result, output);
   }
 }
 
 TEST_F(WebCryptoImplTest, HMACSampleSets) {
   struct TestCase {
     blink::WebCryptoAlgorithmId algorithm;
     const char* key;
     const char* message;
     const char* mac;
@@ skipping 130 matching lines @@
     const TestCase& test = kTests[test_index];
 
     blink::WebCryptoAlgorithm algorithm =
         webcrypto::CreateHmacAlgorithmByHashId(test.algorithm);
 
     blink::WebCryptoKey key = ImportSecretKeyFromRawHexString(
         test.key, algorithm, blink::WebCryptoKeyUsageSign);
 
     // Verify exported raw key is identical to the imported data
     blink::WebArrayBuffer raw_key;
-    EXPECT_TRUE(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key));
+    EXPECT_STATUS_SUCCESS(
+        ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key));
     ExpectArrayBufferMatchesHex(test.key, raw_key);
 
     std::vector<uint8> message_raw = HexStringToBytes(test.message);
 
     blink::WebArrayBuffer output;
 
-    ASSERT_TRUE(SignInternal(algorithm, key, message_raw, &output));
+    ASSERT_STATUS_SUCCESS(SignInternal(algorithm, key, message_raw, &output));
 
     ExpectArrayBufferMatchesHex(test.mac, output);
 
     bool signature_match = false;
-    EXPECT_TRUE(VerifySignatureInternal(
+    EXPECT_STATUS_SUCCESS(VerifySignatureInternal(
         algorithm,
         key,
         static_cast<const unsigned char*>(output.data()),
         output.byteLength(),
         message_raw,
         &signature_match));
     EXPECT_TRUE(signature_match);
 
     // Ensure truncated signature does not verify by passing one less byte.
-    EXPECT_TRUE(VerifySignatureInternal(
+    EXPECT_STATUS_SUCCESS(VerifySignatureInternal(
         algorithm,
         key,
         static_cast<const unsigned char*>(output.data()),
         output.byteLength() - 1,
         message_raw,
         &signature_match));
     EXPECT_FALSE(signature_match);
 
     // Ensure extra long signature does not cause issues and fails.
     const unsigned char kLongSignature[1024] = { 0 };
-    EXPECT_TRUE(VerifySignatureInternal(
+    EXPECT_STATUS_SUCCESS(VerifySignatureInternal(
         algorithm,
         key,
         kLongSignature,
         sizeof(kLongSignature),
         message_raw,
         &signature_match));
     EXPECT_FALSE(signature_match);
   }
 }
 
 TEST_F(WebCryptoImplTest, AesCbcFailures) {
   const std::string key_hex = "2b7e151628aed2a6abf7158809cf4f3c";
   blink::WebCryptoKey key = ImportSecretKeyFromRawHexString(
       key_hex,
       webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
       blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt);
 
   // Verify exported raw key is identical to the imported data
   blink::WebArrayBuffer raw_key;
-  EXPECT_TRUE(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key));
+  EXPECT_STATUS_SUCCESS(
+      ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key));
   ExpectArrayBufferMatchesHex(key_hex, raw_key);
 
   blink::WebArrayBuffer output;
 
   // Use an invalid |iv| (fewer than 16 bytes)
   {
     std::vector<uint8> input(32);
     std::vector<uint8> iv;
-    EXPECT_FALSE(EncryptInternal(
+    EXPECT_STATUS(Status::ErrorIncorrectSizedIv(), EncryptInternal(
         webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output));
-    EXPECT_FALSE(DecryptInternal(
+    EXPECT_STATUS(Status::ErrorIncorrectSizedIv(), DecryptInternal(
         webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output));
   }
 
   // Use an invalid |iv| (more than 16 bytes)
   {
     std::vector<uint8> input(32);
     std::vector<uint8> iv(17);
-    EXPECT_FALSE(EncryptInternal(
+    EXPECT_STATUS(Status::ErrorIncorrectSizedIv(), EncryptInternal(
         webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output));
-    EXPECT_FALSE(DecryptInternal(
+    EXPECT_STATUS(Status::ErrorIncorrectSizedIv(), DecryptInternal(
         webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output));
   }
 
   // Give an input that is too large (would cause integer overflow when
   // narrowing to an int).
   {
     std::vector<uint8> iv(16);
 
     // Pretend the input is large. Don't pass data pointer as NULL in case that
     // is special cased; the implementation shouldn't actually dereference the
     // data.
     const unsigned char* input = &iv[0];
     unsigned input_len = INT_MAX - 3;
 
-    EXPECT_FALSE(EncryptInternal(
+    EXPECT_STATUS(Status::ErrorDataTooBig(), EncryptInternal(
         webcrypto::CreateAesCbcAlgorithm(iv), key, input, input_len, &output));
-    EXPECT_FALSE(DecryptInternal(
+    EXPECT_STATUS(Status::ErrorDataTooBig(), DecryptInternal(
         webcrypto::CreateAesCbcAlgorithm(iv), key, input, input_len, &output));
   }
 
   // Fail importing the key (too few bytes specified)
   {
     std::vector<uint8> key_raw(1);
     std::vector<uint8> iv(16);
 
     blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
-    EXPECT_FALSE(ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
-                                   key_raw,
-                                   webcrypto::CreateAesCbcAlgorithm(iv),
-                                   true,
-                                   blink::WebCryptoKeyUsageEncrypt,
-                                   &key));
+    EXPECT_STATUS(
+        Status::Error(),
+        ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
+                          key_raw,
+                          webcrypto::CreateAesCbcAlgorithm(iv),
+                          true,
+                          blink::WebCryptoKeyUsageEncrypt,
+                          &key));
   }
 
   // Fail exporting the key in SPKI and PKCS#8 formats (not allowed for secret
   // keys).
-  EXPECT_FALSE(ExportKeyInternal(blink::WebCryptoKeyFormatSpki, key, &output));
-  EXPECT_FALSE(ExportKeyInternal(blink::WebCryptoKeyFormatPkcs8, key, &output));
+  EXPECT_STATUS(Status::ErrorUnexpectedKeyType(),
+      ExportKeyInternal(blink::WebCryptoKeyFormatSpki, key, &output));
+  EXPECT_STATUS(Status::ErrorUnsupported(),
+      ExportKeyInternal(blink::WebCryptoKeyFormatPkcs8, key, &output));
 }
 
 TEST_F(WebCryptoImplTest, MAYBE(AesCbcSampleSets)) {
   struct TestCase {
     const char* key;
     const char* iv;
     const char* plain_text;
     const char* cipher_text;
   };
 
@@ skipping 71 matching lines @@
     SCOPED_TRACE(index);
     const TestCase& test = kTests[index];
 
     blink::WebCryptoKey key = ImportSecretKeyFromRawHexString(
         test.key,
         webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
         blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt);
 
     // Verify exported raw key is identical to the imported data
     blink::WebArrayBuffer raw_key;
-    EXPECT_TRUE(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key));
+    EXPECT_STATUS_SUCCESS(ExportKeyInternal(
+        blink::WebCryptoKeyFormatRaw, key, &raw_key));
     ExpectArrayBufferMatchesHex(test.key, raw_key);
 
     std::vector<uint8> plain_text = HexStringToBytes(test.plain_text);
     std::vector<uint8> iv = HexStringToBytes(test.iv);
 
     blink::WebArrayBuffer output;
 
     // Test encryption.
-    EXPECT_TRUE(EncryptInternal(webcrypto::CreateAesCbcAlgorithm(iv),
-                                key,
-                                plain_text,
-                                &output));
+    EXPECT_STATUS(
+        Status::Success(),
+        EncryptInternal(webcrypto::CreateAesCbcAlgorithm(iv),
+                        key,
+                        plain_text,
+                        &output));
     ExpectArrayBufferMatchesHex(test.cipher_text, output);
 
     // Test decryption.
     std::vector<uint8> cipher_text = HexStringToBytes(test.cipher_text);
-    EXPECT_TRUE(DecryptInternal(webcrypto::CreateAesCbcAlgorithm(iv),
-                                key,
-                                cipher_text,
-                                &output));
+    EXPECT_STATUS(
+        Status::Success(),
+        DecryptInternal(webcrypto::CreateAesCbcAlgorithm(iv),
+                        key,
+                        cipher_text,
+                        &output));
     ExpectArrayBufferMatchesHex(test.plain_text, output);
 
     const unsigned kAesCbcBlockSize = 16;
 
     // Decrypt with a padding error by stripping the last block. This also ends
     // up testing decryption over empty cipher text.
     if (cipher_text.size() >= kAesCbcBlockSize) {
-      EXPECT_FALSE(DecryptInternal(webcrypto::CreateAesCbcAlgorithm(iv),
-                                   key,
-                                   &cipher_text[0],
-                                   cipher_text.size() - kAesCbcBlockSize,
-                                   &output));
+      EXPECT_STATUS(
+          Status::Error(),
+          DecryptInternal(webcrypto::CreateAesCbcAlgorithm(iv),
+                          key,
+                          &cipher_text[0],
+                          cipher_text.size() - kAesCbcBlockSize,
+                          &output));
     }
 
     // Decrypt cipher text which is not a multiple of block size by stripping
     // a few bytes off the cipher text.
     if (cipher_text.size() > 3) {
-      EXPECT_FALSE(DecryptInternal(webcrypto::CreateAesCbcAlgorithm(iv),
-                                   key,
-                                   &cipher_text[0],
-                                   cipher_text.size() - 3,
-                                   &output));
+      EXPECT_STATUS(
+          Status::Error(),
+          DecryptInternal(webcrypto::CreateAesCbcAlgorithm(iv),
+                          key,
+                          &cipher_text[0],
+                          cipher_text.size() - 3,
+                          &output));
     }
   }
 }
 
 TEST_F(WebCryptoImplTest, MAYBE(GenerateKeyAes)) {
   // Check key generation for each of AES-CBC, AES-GCM, and AES-KW, and for each
   // allowed key length.
   std::vector<blink::WebCryptoAlgorithm> algorithm;
   const unsigned short kKeyLength[] = {128, 192, 256};
   for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLength); ++i) {
     algorithm.push_back(CreateAesCbcKeyGenAlgorithm(kKeyLength[i]));
     algorithm.push_back(CreateAesGcmKeyGenAlgorithm(kKeyLength[i]));
     algorithm.push_back(CreateAesKwKeyGenAlgorithm(kKeyLength[i]));
   }
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   std::vector<blink::WebArrayBuffer> keys;
   blink::WebArrayBuffer key_bytes;
   for (size_t i = 0; i < algorithm.size(); ++i) {
     SCOPED_TRACE(i);
     // Generate a small sample of keys.
     keys.clear();
     for (int j = 0; j < 16; ++j) {
-      ASSERT_TRUE(GenerateKeyInternal(algorithm[i], &key));
+      ASSERT_STATUS_SUCCESS(GenerateKeyInternal(algorithm[i], &key));
       EXPECT_TRUE(key.handle());
       EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
-      ASSERT_TRUE(
+      ASSERT_STATUS_SUCCESS(
           ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &key_bytes));
       keys.push_back(key_bytes);
     }
     // Ensure all entries in the key sample set are unique. This is a simplistic
     // estimate of whether the generated keys appear random.
     EXPECT_FALSE(CopiesExist(keys));
   }
 }
 
 TEST_F(WebCryptoImplTest, MAYBE(GenerateKeyAesBadLength)) {
   const unsigned short kKeyLen[] = {0, 127, 257};
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLen); ++i) {
     SCOPED_TRACE(i);
-    EXPECT_FALSE(GenerateKeyInternal(
+    EXPECT_STATUS(Status::ErrorKeyLength(), GenerateKeyInternal(
         CreateAesCbcKeyGenAlgorithm(kKeyLen[i]), &key));
-    EXPECT_FALSE(GenerateKeyInternal(
+    EXPECT_STATUS(Status::ErrorKeyLength(), GenerateKeyInternal(
         CreateAesGcmKeyGenAlgorithm(kKeyLen[i]), &key));
-    EXPECT_FALSE(GenerateKeyInternal(
+    EXPECT_STATUS(Status::ErrorKeyLength(), GenerateKeyInternal(
         CreateAesKwKeyGenAlgorithm(kKeyLen[i]), &key));
   }
 }
 
 TEST_F(WebCryptoImplTest, MAYBE(GenerateKeyHmac)) {
   // Generate a small sample of HMAC keys.
   std::vector<blink::WebArrayBuffer> keys;
   for (int i = 0; i < 16; ++i) {
     blink::WebArrayBuffer key_bytes;
     blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
     blink::WebCryptoAlgorithm algorithm = webcrypto::CreateHmacKeyGenAlgorithm(
         blink::WebCryptoAlgorithmIdSha1, 64);
-    ASSERT_TRUE(GenerateKeyInternal(algorithm, &key));
+    ASSERT_STATUS_SUCCESS(GenerateKeyInternal(algorithm, &key));
     EXPECT_FALSE(key.isNull());
     EXPECT_TRUE(key.handle());
     EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
     EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());
 
     blink::WebArrayBuffer raw_key;
-    ASSERT_TRUE(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key));
+    ASSERT_STATUS_SUCCESS(
+        ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key));
     EXPECT_EQ(64U, raw_key.byteLength());
     keys.push_back(raw_key);
   }
   // Ensure all entries in the key sample set are unique. This is a simplistic
   // estimate of whether the generated keys appear random.
   EXPECT_FALSE(CopiesExist(keys));
 }
 
 // If the key length is not provided, then the block size is used.
 TEST_F(WebCryptoImplTest, MAYBE(GenerateKeyHmacNoLength)) {
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   blink::WebCryptoAlgorithm algorithm =
       webcrypto::CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 0);
-  ASSERT_TRUE(GenerateKeyInternal(algorithm, &key));
+  ASSERT_STATUS_SUCCESS(GenerateKeyInternal(algorithm, &key));
   EXPECT_TRUE(key.handle());
   EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
   blink::WebArrayBuffer raw_key;
-  ASSERT_TRUE(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key));
+  ASSERT_STATUS_SUCCESS(
+      ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key));
   EXPECT_EQ(64U, raw_key.byteLength());
 
   // The block size for HMAC SHA-512 is larger.
   algorithm = webcrypto::CreateHmacKeyGenAlgorithm(
       blink::WebCryptoAlgorithmIdSha512, 0);
-  ASSERT_TRUE(GenerateKeyInternal(algorithm, &key));
-  ASSERT_TRUE(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key));
+  ASSERT_STATUS_SUCCESS(GenerateKeyInternal(algorithm, &key));
+  ASSERT_STATUS_SUCCESS(
+      ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key));
   EXPECT_EQ(128U, raw_key.byteLength());
 }
 
 TEST_F(WebCryptoImplTest, MAYBE(ImportSecretKeyNoAlgorithm)) {
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
 
   // This fails because the algorithm is null.
-  EXPECT_FALSE(ImportKeyInternal(
+  EXPECT_STATUS(Status::ErrorMissingAlgorithmRawKey(), ImportKeyInternal(
       blink::WebCryptoKeyFormatRaw,
       HexStringToBytes("00000000000000000000"),
       blink::WebCryptoAlgorithm::createNull(),
       true,
       blink::WebCryptoKeyUsageEncrypt,
       &key));
 }
 
 
 TEST_F(WebCryptoImplTest, ImportJwkFailures) {
 
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   blink::WebCryptoAlgorithm algorithm =
       webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
   blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt;
 
   // Baseline pass: each test below breaks a single item, so we start with a
   // passing case to make sure each failure is caused by the isolated break.
   // Each breaking subtest below resets the dictionary to this passing case when
   // complete.
   base::DictionaryValue dict;
   RestoreJwkOctDictionary(&dict);
-  EXPECT_TRUE(ImportKeyJwk(
+  EXPECT_STATUS_SUCCESS(ImportKeyJwk(
       MakeJsonVector(dict), algorithm, false, usage_mask, &key));
 
   // Fail on empty JSON.
-  EXPECT_FALSE(ImportKeyJwk(
+  EXPECT_STATUS(Status::ErrorEmptyKeyData(), ImportKeyJwk(
       MakeJsonVector(""), algorithm, false, usage_mask, &key));
 
   // Fail on invalid JSON.
   const std::vector<uint8> bad_json_vec = MakeJsonVector(
       "{"
         "\"kty\"         : \"oct\","
         "\"alg\"         : \"HS256\","
         "\"use\"         : "
   );
-  EXPECT_FALSE(ImportKeyJwk(bad_json_vec, algorithm, false, usage_mask, &key));
+  EXPECT_STATUS(Status::ErrorJwkNotDictionary(),
+      ImportKeyJwk(bad_json_vec, algorithm, false, usage_mask, &key));
 
   // Fail on JWK alg present but unrecognized.
   dict.SetString("alg", "A127CBC");
-  EXPECT_FALSE(ImportKeyJwk(
+  EXPECT_STATUS(Status::ErrorJwkUnrecognizedAlgorithm(), ImportKeyJwk(
       MakeJsonVector(dict), algorithm, false, usage_mask, &key));
   RestoreJwkOctDictionary(&dict);
 
   // Fail on both JWK and input algorithm missing.
   dict.Remove("alg", NULL);
-  EXPECT_FALSE(ImportKeyJwk(MakeJsonVector(dict),
-                            blink::WebCryptoAlgorithm::createNull(),
-                            false,
-                            usage_mask,
-                            &key));
+  EXPECT_STATUS(
+      Status::ErrorJwkAlgorithmMissing(),
+      ImportKeyJwk(MakeJsonVector(dict),
+                   blink::WebCryptoAlgorithm::createNull(),
+                   false,
+                   usage_mask,
+                   &key));
   RestoreJwkOctDictionary(&dict);
 
   // Fail on invalid kty.
   dict.SetString("kty", "foo");
-  EXPECT_FALSE(ImportKeyJwk(
+  EXPECT_STATUS(Status::ErrorJwkUnrecognizedKty(), ImportKeyJwk(
       MakeJsonVector(dict), algorithm, false, usage_mask, &key));
   RestoreJwkOctDictionary(&dict);
 
   // Fail on missing kty.
   dict.Remove("kty", NULL);
-  EXPECT_FALSE(ImportKeyJwk(
+  EXPECT_STATUS(Status::ErrorJwkMissingKty(), ImportKeyJwk(
       MakeJsonVector(dict), algorithm, false, usage_mask, &key));
   RestoreJwkOctDictionary(&dict);
 
   // Fail on invalid use.
   dict.SetString("use", "foo");
-  EXPECT_FALSE(ImportKeyJwk(
+  EXPECT_STATUS(Status::ErrorJwkUnrecognizedUsage(), ImportKeyJwk(
       MakeJsonVector(dict), algorithm, false, usage_mask, &key));
   RestoreJwkOctDictionary(&dict);
 }
 
 TEST_F(WebCryptoImplTest, ImportJwkOctFailures) {
 
   base::DictionaryValue dict;
   RestoreJwkOctDictionary(&dict);
   blink::WebCryptoAlgorithm algorithm =
       webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
   blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt;
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
 
   // Baseline pass.
-  EXPECT_TRUE(ImportKeyJwk(
+  EXPECT_STATUS_SUCCESS(ImportKeyJwk(
       MakeJsonVector(dict), algorithm, false, usage_mask, &key));
   EXPECT_EQ(algorithm.id(), key.algorithm().id());
   EXPECT_FALSE(key.extractable());
   EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());
   EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
 
   // The following are specific failure cases for when kty = "oct".
 
   // Fail on missing k.
   dict.Remove("k", NULL);
-  EXPECT_FALSE(ImportKeyJwk(
+  EXPECT_STATUS(Status::ErrorJwkDecodeK(), ImportKeyJwk(
       MakeJsonVector(dict), algorithm, false, usage_mask, &key));
   RestoreJwkOctDictionary(&dict);
 
   // Fail on bad b64 encoding for k.
   dict.SetString("k", "Qk3f0DsytU8lfza2au #$% Htaw2xpop9GYyTuH0p5GghxTI=");
-  EXPECT_FALSE(ImportKeyJwk(
+  EXPECT_STATUS(Status::ErrorJwkDecodeK(), ImportKeyJwk(
       MakeJsonVector(dict), algorithm, false, usage_mask, &key));
   RestoreJwkOctDictionary(&dict);
 
   // Fail on empty k.
   dict.SetString("k", "");
-  EXPECT_FALSE(ImportKeyJwk(
+  EXPECT_STATUS(Status::ErrorJwkDecodeK(), ImportKeyJwk(
       MakeJsonVector(dict), algorithm, false, usage_mask, &key));
   RestoreJwkOctDictionary(&dict);
 
   // Fail on k actual length (120 bits) inconsistent with the embedded JWK alg
   // value (128) for an AES key.
   dict.SetString("k", "AVj42h0Y5aqGtE3yluKL");
-  EXPECT_FALSE(ImportKeyJwk(
+  // TODO(eroman): This is failing for a different reason than the test
+  //               expects.
+  EXPECT_STATUS(Status::Error(), ImportKeyJwk(
       MakeJsonVector(dict), algorithm, false, usage_mask, &key));
   RestoreJwkOctDictionary(&dict);
 }
 
 TEST_F(WebCryptoImplTest, MAYBE(ImportJwkRsaFailures)) {
 
   base::DictionaryValue dict;
   RestoreJwkRsaDictionary(&dict);
   blink::WebCryptoAlgorithm algorithm =
       webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
   blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt;
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
 
   // An RSA public key JWK _must_ have an "n" (modulus) and an "e" (exponent)
   // entry, while an RSA private key must have those plus at least a "d"
   // (private exponent) entry.
   // See http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-18,
   // section 6.3.
 
   // Baseline pass.
-  EXPECT_TRUE(ImportKeyJwk(
+  EXPECT_STATUS_SUCCESS(ImportKeyJwk(
       MakeJsonVector(dict), algorithm, false, usage_mask, &key));
   EXPECT_EQ(algorithm.id(), key.algorithm().id());
   EXPECT_FALSE(key.extractable());
   EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());
   EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type());
 
   // The following are specific failure cases for when kty = "RSA".
 
   // Fail if either "n" or "e" is not present or malformed.
   const std::string kKtyParmName[] = {"n", "e"};
   for (size_t idx = 0; idx < ARRAYSIZE_UNSAFE(kKtyParmName); ++idx) {
 
     // Fail on missing parameter.
     dict.Remove(kKtyParmName[idx], NULL);
-    EXPECT_FALSE(ImportKeyJwk(
+    EXPECT_STATUS_ERROR(ImportKeyJwk(
         MakeJsonVector(dict), algorithm, false, usage_mask, &key));
     RestoreJwkRsaDictionary(&dict);
 
     // Fail on bad b64 parameter encoding.
     dict.SetString(kKtyParmName[idx], "Qk3f0DsytU8lfza2au #$% Htaw2xpop9yTuH0");
-    EXPECT_FALSE(ImportKeyJwk(
+    EXPECT_STATUS_ERROR(ImportKeyJwk(
         MakeJsonVector(dict), algorithm, false, usage_mask, &key));
     RestoreJwkRsaDictionary(&dict);
 
     // Fail on empty parameter.
     dict.SetString(kKtyParmName[idx], "");
-    EXPECT_FALSE(ImportKeyJwk(
+    EXPECT_STATUS_ERROR(ImportKeyJwk(
         MakeJsonVector(dict), algorithm, false, usage_mask, &key));
     RestoreJwkRsaDictionary(&dict);
   }
 
   // Fail if "d" parameter is present, implying the JWK is a private key, which
   // is not supported.
   dict.SetString("d", "Qk3f0Dsyt");
-  EXPECT_FALSE(ImportKeyJwk(
+  EXPECT_STATUS(Status::ErrorJwkRsaPrivateKeyUnsupported(), ImportKeyJwk(
       MakeJsonVector(dict), algorithm, false, usage_mask, &key));
   RestoreJwkRsaDictionary(&dict);
 }
 
 TEST_F(WebCryptoImplTest, MAYBE(ImportJwkInputConsistency)) {
   // The Web Crypto spec says that if a JWK value is present, but is
   // inconsistent with the input value, the operation must fail.
 
   // Consistency rules when JWK value is not present: Inputs should be used.
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   bool extractable = false;
   blink::WebCryptoAlgorithm algorithm =
       webcrypto::CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha256);
   blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageVerify;
   base::DictionaryValue dict;
   dict.SetString("kty", "oct");
   dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
   std::vector<uint8> json_vec = MakeJsonVector(dict);
-  EXPECT_TRUE(ImportKeyJwk(json_vec, algorithm, extractable, usage_mask, &key));
+  EXPECT_STATUS_SUCCESS(ImportKeyJwk(
+      json_vec, algorithm, extractable, usage_mask, &key));
   EXPECT_TRUE(key.handle());
   EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
   EXPECT_EQ(extractable, key.extractable());
   EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());
   EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
             key.algorithm().hmacParams()->hash().id());
   EXPECT_EQ(blink::WebCryptoKeyUsageVerify, key.usages());
   key = blink::WebCryptoKey::createNull();
 
   // Consistency rules when JWK value exists: Fail if inconsistency is found.
 
   // Pass: All input values are consistent with the JWK values.
   dict.Clear();
   dict.SetString("kty", "oct");
   dict.SetString("alg", "HS256");
   dict.SetString("use", "sig");
   dict.SetBoolean("extractable", false);
   dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
   json_vec = MakeJsonVector(dict);
-  EXPECT_TRUE(ImportKeyJwk(json_vec, algorithm, extractable, usage_mask, &key));
+  EXPECT_STATUS_SUCCESS(
+      ImportKeyJwk(json_vec, algorithm, extractable, usage_mask, &key));
 
   // Extractable cases:
   // 1. input=T, JWK=F ==> fail (inconsistent)
   // 4. input=F, JWK=F ==> pass, result extractable is F
   // 2. input=T, JWK=T ==> pass, result extractable is T
   // 3. input=F, JWK=T ==> pass, result extractable is F
-  EXPECT_FALSE(ImportKeyJwk(json_vec, algorithm, true, usage_mask, &key));
-  EXPECT_TRUE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key));
+  EXPECT_STATUS(Status::ErrorJwkExtractableInconsistent(),
+      ImportKeyJwk(json_vec, algorithm, true, usage_mask, &key));
+  EXPECT_STATUS_SUCCESS(
+      ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key));
   EXPECT_FALSE(key.extractable());
   dict.SetBoolean("extractable", true);
-  EXPECT_TRUE(
+  EXPECT_STATUS_SUCCESS(
       ImportKeyJwk(MakeJsonVector(dict), algorithm, true, usage_mask, &key));
   EXPECT_TRUE(key.extractable());
-  EXPECT_TRUE(
+  EXPECT_STATUS_SUCCESS(
       ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key));
   EXPECT_FALSE(key.extractable());
   dict.SetBoolean("extractable", true);  // restore previous value
 
   // Fail: Input algorithm (AES-CBC) is inconsistent with JWK value
   // (HMAC SHA256).
-  EXPECT_FALSE(ImportKeyJwk(
+  EXPECT_STATUS(Status::ErrorJwkAlgorithmInconsistent(), ImportKeyJwk(
       json_vec,
       webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
       extractable,
       usage_mask,
       &key));
 
   // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value
   // (HMAC SHA256).
-  EXPECT_FALSE(ImportKeyJwk(
+  EXPECT_STATUS(Status::ErrorJwkAlgorithmInconsistent(), ImportKeyJwk(
       json_vec,
       webcrypto::CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha1),
       extractable,
       usage_mask,
       &key));
 
   // Pass: JWK alg valid but input algorithm isNull: use JWK algorithm value.
-  EXPECT_TRUE(ImportKeyJwk(json_vec,
-                           blink::WebCryptoAlgorithm::createNull(),
-                           extractable,
-                           usage_mask,
-                           &key));
+  EXPECT_STATUS_SUCCESS(ImportKeyJwk(json_vec,
+                        blink::WebCryptoAlgorithm::createNull(),
+                        extractable,
+                        usage_mask,
+                        &key));
   EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id());
 
   // Pass: JWK alg missing but input algorithm specified: use input value
   dict.Remove("alg", NULL);
-  EXPECT_TRUE(ImportKeyJwk(
+  EXPECT_STATUS_SUCCESS(ImportKeyJwk(
       MakeJsonVector(dict),
       webcrypto::CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha256),
       extractable,
       usage_mask,
       &key));
   EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id());
   dict.SetString("alg", "HS256");
 
   // Fail: Input usage_mask (encrypt) is not a subset of the JWK value
   // (sign|verify)
-  EXPECT_FALSE(ImportKeyJwk(
+  EXPECT_STATUS(Status::ErrorJwkUsageInconsistent(), ImportKeyJwk(
       json_vec, algorithm, extractable, blink::WebCryptoKeyUsageEncrypt, &key));
 
   // Fail: Input usage_mask (encrypt|sign|verify) is not a subset of the JWK
   // value (sign|verify)
   usage_mask = blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageSign |
                blink::WebCryptoKeyUsageVerify;
-  EXPECT_FALSE(
+  EXPECT_STATUS(
+      Status::ErrorJwkUsageInconsistent(),
       ImportKeyJwk(json_vec, algorithm, extractable, usage_mask, &key));
-  usage_mask = blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify;
 
   // TODO(padolph): kty vs alg consistency tests: Depending on the kty value,
   // only certain alg values are permitted. For example, when kty = "RSA" alg
   // must be of the RSA family, or when kty = "oct" alg must be symmetric
   // algorithm.
 }
 
 TEST_F(WebCryptoImplTest, MAYBE(ImportJwkHappy)) {
 
   // This test verifies the happy path of JWK import, including the application
   // of the imported key material.
 
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   bool extractable = false;
   blink::WebCryptoAlgorithm algorithm =
       webcrypto::CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha256);
   blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageSign;
 
   // Import a symmetric key JWK and HMAC-SHA256 sign()
   // Uses the first SHA256 test vector from the HMAC sample set above.
 
   base::DictionaryValue dict;
   dict.SetString("kty", "oct");
   dict.SetString("alg", "HS256");
   dict.SetString("use", "sig");
   dict.SetBoolean("extractable", false);
   dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
   std::vector<uint8> json_vec = MakeJsonVector(dict);
 
-  ASSERT_TRUE(ImportKeyJwk(json_vec, algorithm, extractable, usage_mask, &key));
+  ASSERT_STATUS_SUCCESS(ImportKeyJwk(
+      json_vec, algorithm, extractable, usage_mask, &key));
 
   const std::vector<uint8> message_raw = HexStringToBytes(
       "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a"
       "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92"
       "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f"
       "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e");
 
   blink::WebArrayBuffer output;
 
-  ASSERT_TRUE(SignInternal(algorithm, key, message_raw, &output));
+  ASSERT_STATUS_SUCCESS(SignInternal(algorithm, key, message_raw, &output));
 
   const std::string mac_raw =
       "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b";
 
   ExpectArrayBufferMatchesHex(mac_raw, output);
 
   // TODO(padolph): Import an RSA public key JWK and use it
 }
 
 TEST_F(WebCryptoImplTest, MAYBE(ImportExportSpki)) {
   // Passing case: Import a valid RSA key in SPKI format.
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
-  ASSERT_TRUE(ImportKeyInternal(
+  ASSERT_STATUS_SUCCESS(ImportKeyInternal(
       blink::WebCryptoKeyFormatSpki,
       HexStringToBytes(kPublicKeySpkiDerHex),
       webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5),
       true,
       blink::WebCryptoKeyUsageEncrypt,
       &key));
   EXPECT_TRUE(key.handle());
   EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type());
   EXPECT_TRUE(key.extractable());
   EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());
 
   // Failing case: Empty SPKI data
-  EXPECT_FALSE(ImportKeyInternal(
+  EXPECT_STATUS(Status::ErrorEmptyKeyData(), ImportKeyInternal(
       blink::WebCryptoKeyFormatSpki,
       std::vector<uint8>(),
       blink::WebCryptoAlgorithm::createNull(),
       true,
       blink::WebCryptoKeyUsageEncrypt,
       &key));
 
   // Failing case: Import RSA key with NULL input algorithm. This is not
   // allowed because the SPKI ASN.1 format for RSA keys is not specific enough
   // to map to a Web Crypto algorithm.
-  EXPECT_FALSE(ImportKeyInternal(
+  EXPECT_STATUS(Status::Error(), ImportKeyInternal(
       blink::WebCryptoKeyFormatSpki,
       HexStringToBytes(kPublicKeySpkiDerHex),
       blink::WebCryptoAlgorithm::createNull(),
       true,
       blink::WebCryptoKeyUsageEncrypt,
       &key));
 
   // Failing case: Bad DER encoding.
-  EXPECT_FALSE(ImportKeyInternal(
+  EXPECT_STATUS(Status::Error(), ImportKeyInternal(
       blink::WebCryptoKeyFormatSpki,
       HexStringToBytes("618333c4cb"),
       webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5),
       true,
       blink::WebCryptoKeyUsageEncrypt,
       &key));
 
   // Failing case: Import RSA key but provide an inconsistent input algorithm.
-  EXPECT_FALSE(ImportKeyInternal(
+  EXPECT_STATUS(Status::Error(), ImportKeyInternal(
       blink::WebCryptoKeyFormatSpki,
       HexStringToBytes(kPublicKeySpkiDerHex),
       webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
       true,
       blink::WebCryptoKeyUsageEncrypt,
       &key));
 
   // Passing case: Export a previously imported RSA public key in SPKI format
   // and compare to original data.
   blink::WebArrayBuffer output;
-  ASSERT_TRUE(ExportKeyInternal(blink::WebCryptoKeyFormatSpki, key, &output));
+  ASSERT_STATUS_SUCCESS(
+      ExportKeyInternal(blink::WebCryptoKeyFormatSpki, key, &output));
   ExpectArrayBufferMatchesHex(kPublicKeySpkiDerHex, output);
 
   // Failing case: Try to export a previously imported RSA public key in raw
   // format (not allowed for a public key).
-  EXPECT_FALSE(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &output));
+  EXPECT_STATUS(Status::ErrorUnexpectedKeyType(),
+      ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &output));
 
   // Failing case: Try to export a non-extractable key
-  ASSERT_TRUE(ImportKeyInternal(
+  ASSERT_STATUS_SUCCESS(ImportKeyInternal(
       blink::WebCryptoKeyFormatSpki,
       HexStringToBytes(kPublicKeySpkiDerHex),
       webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5),
       false,
       blink::WebCryptoKeyUsageEncrypt,
       &key));
   EXPECT_TRUE(key.handle());
   EXPECT_FALSE(key.extractable());
-  EXPECT_FALSE(ExportKeyInternal(blink::WebCryptoKeyFormatSpki, key, &output));
+  EXPECT_STATUS(Status::ErrorKeyNotExtractable(),
+      ExportKeyInternal(blink::WebCryptoKeyFormatSpki, key, &output));
 }
 
 TEST_F(WebCryptoImplTest, MAYBE(ImportPkcs8)) {
   // Passing case: Import a valid RSA key in PKCS#8 format.
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
-  ASSERT_TRUE(ImportKeyInternal(
+  ASSERT_STATUS_SUCCESS(ImportKeyInternal(
       blink::WebCryptoKeyFormatPkcs8,
       HexStringToBytes(kPrivateKeyPkcs8DerHex),
       webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5),
       true,
       blink::WebCryptoKeyUsageSign,
       &key));
   EXPECT_TRUE(key.handle());
   EXPECT_EQ(blink::WebCryptoKeyTypePrivate, key.type());
   EXPECT_TRUE(key.extractable());
   EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages());
 
   // Failing case: Empty PKCS#8 data
-  EXPECT_FALSE(ImportKeyInternal(
+  EXPECT_STATUS(Status::ErrorEmptyKeyData(), ImportKeyInternal(
       blink::WebCryptoKeyFormatPkcs8,
       std::vector<uint8>(),
       blink::WebCryptoAlgorithm::createNull(),
       true,
       blink::WebCryptoKeyUsageSign,
       &key));
 
   // Failing case: Import RSA key with NULL input algorithm. This is not
   // allowed because the PKCS#8 ASN.1 format for RSA keys is not specific enough
   // to map to a Web Crypto algorithm.
-  EXPECT_FALSE(ImportKeyInternal(
+  EXPECT_STATUS(Status::Error(), ImportKeyInternal(
       blink::WebCryptoKeyFormatPkcs8,
       HexStringToBytes(kPrivateKeyPkcs8DerHex),
       blink::WebCryptoAlgorithm::createNull(),
       true,
       blink::WebCryptoKeyUsageSign,
       &key));
 
   // Failing case: Bad DER encoding.
-  EXPECT_FALSE(ImportKeyInternal(
+  EXPECT_STATUS(Status::Error(), ImportKeyInternal(
       blink::WebCryptoKeyFormatPkcs8,
       HexStringToBytes("618333c4cb"),
       webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5),
       true,
       blink::WebCryptoKeyUsageSign,
       &key));
 
   // Failing case: Import RSA key but provide an inconsistent input algorithm.
-  EXPECT_FALSE(ImportKeyInternal(
+  EXPECT_STATUS(Status::Error(), ImportKeyInternal(
       blink::WebCryptoKeyFormatPkcs8,
       HexStringToBytes(kPrivateKeyPkcs8DerHex),
       webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
       true,
       blink::WebCryptoKeyUsageSign,
       &key));
 }
 
 TEST_F(WebCryptoImplTest, MAYBE(GenerateKeyPairRsa)) {
   // Note: using unrealistic short key lengths here to avoid bogging down tests.
 
   // Successful WebCryptoAlgorithmIdRsaEsPkcs1v1_5 key generation.
   const unsigned modulus_length = 256;
   const std::vector<uint8> public_exponent = HexStringToBytes("010001");
   blink::WebCryptoAlgorithm algorithm = webcrypto::CreateRsaKeyGenAlgorithm(
       blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
       modulus_length,
       public_exponent);
   bool extractable = false;
   const blink::WebCryptoKeyUsageMask usage_mask = 0;
   blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
   blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
-  EXPECT_TRUE(GenerateKeyPairInternal(
+  EXPECT_STATUS_SUCCESS(GenerateKeyPairInternal(
       algorithm, extractable, usage_mask, &public_key, &private_key));
   EXPECT_FALSE(public_key.isNull());
   EXPECT_FALSE(private_key.isNull());
   EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type());
   EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type());
   EXPECT_EQ(true, public_key.extractable());
   EXPECT_EQ(extractable, private_key.extractable());
   EXPECT_EQ(usage_mask, public_key.usages());
   EXPECT_EQ(usage_mask, private_key.usages());
 
   // Fail with bad modulus.
   algorithm = webcrypto::CreateRsaKeyGenAlgorithm(
       blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 0, public_exponent);
-  EXPECT_FALSE(GenerateKeyPairInternal(
+  EXPECT_STATUS(Status::ErrorEmptyModulus(), GenerateKeyPairInternal(
       algorithm, extractable, usage_mask, &public_key, &private_key));
 
   // Fail with bad exponent: larger than unsigned long.
   unsigned exponent_length = sizeof(unsigned long) + 1;  // NOLINT
   const std::vector<uint8> long_exponent(exponent_length, 0x01);
   algorithm = webcrypto::CreateRsaKeyGenAlgorithm(
       blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
       modulus_length,
       long_exponent);
-  EXPECT_FALSE(GenerateKeyPairInternal(
+  EXPECT_STATUS(Status::ErrorPublicExponent(), GenerateKeyPairInternal(
       algorithm, extractable, usage_mask, &public_key, &private_key));
 
   // Fail with bad exponent: empty.
   const std::vector<uint8> empty_exponent;
   algorithm = webcrypto::CreateRsaKeyGenAlgorithm(
       blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
       modulus_length,
       empty_exponent);
-  EXPECT_FALSE(GenerateKeyPairInternal(
+  EXPECT_STATUS(Status::ErrorPublicExponent(), GenerateKeyPairInternal(
       algorithm, extractable, usage_mask, &public_key, &private_key));
 
   // Fail with bad exponent: all zeros.
   std::vector<uint8> exponent_with_leading_zeros(15, 0x00);
   algorithm = webcrypto::CreateRsaKeyGenAlgorithm(
       blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
       modulus_length,
       exponent_with_leading_zeros);
-  EXPECT_FALSE(GenerateKeyPairInternal(
+  EXPECT_STATUS(Status::ErrorPublicExponent(), GenerateKeyPairInternal(
       algorithm, extractable, usage_mask, &public_key, &private_key));
 
   // Key generation success using exponent with leading zeros.
   exponent_with_leading_zeros.insert(exponent_with_leading_zeros.end(),
                                      public_exponent.begin(),
                                      public_exponent.end());
   algorithm = webcrypto::CreateRsaKeyGenAlgorithm(
       blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
       modulus_length,
       exponent_with_leading_zeros);
-  EXPECT_TRUE(GenerateKeyPairInternal(
+  EXPECT_STATUS_SUCCESS(GenerateKeyPairInternal(
       algorithm, extractable, usage_mask, &public_key, &private_key));
   EXPECT_FALSE(public_key.isNull());
   EXPECT_FALSE(private_key.isNull());
   EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type());
   EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type());
   EXPECT_EQ(true, public_key.extractable());
   EXPECT_EQ(extractable, private_key.extractable());
   EXPECT_EQ(usage_mask, public_key.usages());
   EXPECT_EQ(usage_mask, private_key.usages());
 
   // Successful WebCryptoAlgorithmIdRsaOaep key generation.
   algorithm = webcrypto::CreateRsaKeyGenAlgorithm(
       blink::WebCryptoAlgorithmIdRsaOaep, modulus_length, public_exponent);
-  EXPECT_TRUE(GenerateKeyPairInternal(
+  EXPECT_STATUS_SUCCESS(GenerateKeyPairInternal(
       algorithm, extractable, usage_mask, &public_key, &private_key));
   EXPECT_FALSE(public_key.isNull());
   EXPECT_FALSE(private_key.isNull());
   EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type());
   EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type());
   EXPECT_EQ(true, public_key.extractable());
   EXPECT_EQ(extractable, private_key.extractable());
   EXPECT_EQ(usage_mask, public_key.usages());
   EXPECT_EQ(usage_mask, private_key.usages());
 
   // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation.
   algorithm = webcrypto::CreateRsaKeyGenAlgorithm(
       blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
       modulus_length,
       public_exponent);
-  EXPECT_TRUE(GenerateKeyPairInternal(
+  EXPECT_STATUS_SUCCESS(GenerateKeyPairInternal(
       algorithm, extractable, usage_mask, &public_key, &private_key));
   EXPECT_FALSE(public_key.isNull());
   EXPECT_FALSE(private_key.isNull());
   EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type());
   EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type());
   EXPECT_EQ(true, public_key.extractable());
   EXPECT_EQ(extractable, private_key.extractable());
   EXPECT_EQ(usage_mask, public_key.usages());
   EXPECT_EQ(usage_mask, private_key.usages());
 
   // Fail SPKI export of private key. This is an ExportKey test, but do it here
   // since it is expensive to generate an RSA key pair and we already have a
   // private key here.
   blink::WebArrayBuffer output;
-  EXPECT_FALSE(
-      ExportKeyInternal(blink::WebCryptoKeyFormatSpki, private_key, &output));
+  // TODO(eroman): This test is failing for a different reason than expected by
+  //               the test.
+  EXPECT_STATUS(Status::ErrorKeyNotExtractable(), ExportKeyInternal(
+      blink::WebCryptoKeyFormatSpki, private_key, &output));
 }
 
 TEST_F(WebCryptoImplTest, MAYBE(RsaEsRoundTrip)) {
   // Import a key pair.
   blink::WebCryptoAlgorithm algorithm =
       webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
   blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
   blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
   ImportRsaKeyPair(
       kPublicKeySpkiDerHex,
@@ skipping 19 matching lines @@
       webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
   const char* const kTestDataHex[] = {
       "ff",
       "0102030405060708090a0b0c0d0e0f",
       max_data_hex
   };
   blink::WebArrayBuffer encrypted_data;
   blink::WebArrayBuffer decrypted_data;
   for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTestDataHex); ++i) {
     SCOPED_TRACE(i);
-    ASSERT_TRUE(EncryptInternal(
+    EXPECT_STATUS_SUCCESS(EncryptInternal(
         algorithm,
         public_key,
         HexStringToBytes(kTestDataHex[i]),
         &encrypted_data));
-    EXPECT_EQ(kModulusLength/8, encrypted_data.byteLength());
-    ASSERT_TRUE(DecryptInternal(
+    EXPECT_EQ(kModulusLength / 8, encrypted_data.byteLength());
+    ASSERT_STATUS_SUCCESS(DecryptInternal(
         algorithm,
         private_key,
         reinterpret_cast<const unsigned char*>(encrypted_data.data()),
         encrypted_data.byteLength(),
         &decrypted_data));
     ExpectArrayBufferMatchesHex(kTestDataHex[i], decrypted_data);
   }
 }
 
 TEST_F(WebCryptoImplTest, MAYBE(RsaEsKnownAnswer)) {
@@ skipping 72 matching lines @@
       rsa_pkcs8_der_hex,
       algorithm,
       false,
       blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt,
       &public_key,
       &private_key);
 
   // Decrypt the known-good ciphertext with the private key. As a check we must
   // get the known original cleartext.
   blink::WebArrayBuffer decrypted_data;
-  ASSERT_TRUE(DecryptInternal(
+  ASSERT_STATUS_SUCCESS(DecryptInternal(
       algorithm,
       private_key,
       HexStringToBytes(ciphertext_hex),
       &decrypted_data));
   EXPECT_FALSE(decrypted_data.isNull());
   ExpectArrayBufferMatchesHex(cleartext_hex, decrypted_data);
 
   // Encrypt this decrypted data with the public key.
   blink::WebArrayBuffer encrypted_data;
-  ASSERT_TRUE(EncryptInternal(
+  ASSERT_STATUS_SUCCESS(EncryptInternal(
       algorithm,
       public_key,
       reinterpret_cast<const unsigned char*>(decrypted_data.data()),
       decrypted_data.byteLength(),
       &encrypted_data));
   EXPECT_EQ(128u, encrypted_data.byteLength());
 
   // Finally, decrypt the newly encrypted result with the private key, and
   // compare to the known original cleartext.
   decrypted_data.reset();
-  ASSERT_TRUE(DecryptInternal(
+  ASSERT_STATUS_SUCCESS(DecryptInternal(
       algorithm,
       private_key,
       reinterpret_cast<const unsigned char*>(encrypted_data.data()),
       encrypted_data.byteLength(),
       &decrypted_data));
   EXPECT_FALSE(decrypted_data.isNull());
   ExpectArrayBufferMatchesHex(cleartext_hex, decrypted_data);
 }
 
 TEST_F(WebCryptoImplTest, MAYBE(RsaEsFailures)) {
   // Import a key pair.
   blink::WebCryptoAlgorithm algorithm =
       webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
   blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
   blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
   ImportRsaKeyPair(
       kPublicKeySpkiDerHex,
       kPrivateKeyPkcs8DerHex,
       algorithm,
       false,
       blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt,
       &public_key,
       &private_key);
 
   // Fail encrypt with a private key.
   blink::WebArrayBuffer encrypted_data;
   const std::string message_hex_str("0102030405060708090a0b0c0d0e0f");
   const std::vector<uint8> message_hex(HexStringToBytes(message_hex_str));
-  EXPECT_FALSE(
+  EXPECT_STATUS(Status::ErrorUnexpectedKeyType(),
       EncryptInternal(algorithm, private_key, message_hex, &encrypted_data));
 
   // Fail encrypt with empty message.
-  EXPECT_FALSE(EncryptInternal(
+  EXPECT_STATUS(Status::ErrorEmptyData(), EncryptInternal(
       algorithm, public_key, std::vector<uint8>(), &encrypted_data));
 
   // Fail encrypt with message too large. RSAES can operate on messages up to
   // length of k - 11 bytes, where k is the octet length of the RSA modulus.
   const unsigned kMaxMsgSizeBytes = kModulusLength / 8 - 11;
-  EXPECT_FALSE(EncryptInternal(algorithm,
-                               public_key,
-                               std::vector<uint8>(kMaxMsgSizeBytes + 1, '0'),
-                               &encrypted_data));
+  EXPECT_STATUS(
+      Status::ErrorDataTooBig(),
+      EncryptInternal(algorithm,
+                      public_key,
+                      std::vector<uint8>(kMaxMsgSizeBytes + 1, '0'),
+                      &encrypted_data));
 
   // Generate encrypted data.
-  EXPECT_TRUE(
+  EXPECT_STATUS(Status::Success(),
       EncryptInternal(algorithm, public_key, message_hex, &encrypted_data));
 
   // Fail decrypt with a public key.
   blink::WebArrayBuffer decrypted_data;
-  EXPECT_FALSE(DecryptInternal(
+  EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), DecryptInternal(
       algorithm,
       public_key,
       reinterpret_cast<const unsigned char*>(encrypted_data.data()),
       encrypted_data.byteLength(),
       &decrypted_data));
 
   // Corrupt encrypted data; ensure decrypt fails because padding was disrupted.
   std::vector<uint8> corrupted_data(
       static_cast<uint8*>(encrypted_data.data()),
       static_cast<uint8*>(encrypted_data.data()) + encrypted_data.byteLength());
   corrupted_data[corrupted_data.size() / 2] ^= 0x01;
-  EXPECT_FALSE(
+ EXPECT_STATUS(Status::Error(),
       DecryptInternal(algorithm, private_key, corrupted_data, &decrypted_data));
 
   // TODO(padolph): Are there other specific data corruption scenarios to
   // consider?
 
   // Do a successful decrypt with good data just for confirmation.
-  EXPECT_TRUE(DecryptInternal(
+  EXPECT_STATUS_SUCCESS(DecryptInternal(
       algorithm,
       private_key,
       reinterpret_cast<const unsigned char*>(encrypted_data.data()),
       encrypted_data.byteLength(),
       &decrypted_data));
   ExpectArrayBufferMatchesHex(message_hex_str, decrypted_data);
 }
 
 TEST_F(WebCryptoImplTest, MAYBE(RsaSsaSignVerifyFailures)) {
   // Import a key pair.
   blink::WebCryptoAlgorithm algorithm = CreateRsaAlgorithmWithInnerHash(
       blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
       blink::WebCryptoAlgorithmIdSha1);
   blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
   blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
   ImportRsaKeyPair(
       kPublicKeySpkiDerHex,
       kPrivateKeyPkcs8DerHex,
       algorithm,
       false,
       blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
       &public_key,
       &private_key);
 
   blink::WebArrayBuffer signature;
   bool signature_match;
 
   // Compute a signature.
   const std::vector<uint8> data = HexStringToBytes("010203040506070809");
-  ASSERT_TRUE(SignInternal(algorithm, private_key, data, &signature));
+  ASSERT_STATUS_SUCCESS(SignInternal(algorithm, private_key, data, &signature));
 
   // Ensure truncated signature does not verify by passing one less byte.
-  EXPECT_TRUE(VerifySignatureInternal(
+  EXPECT_STATUS_SUCCESS(VerifySignatureInternal(
       algorithm,
       public_key,
       static_cast<const unsigned char*>(signature.data()),
       signature.byteLength() - 1,
       data,
       &signature_match));
   EXPECT_FALSE(signature_match);
 
   // Ensure corrupted signature does not verify.
   std::vector<uint8> corrupt_sig(
       static_cast<uint8*>(signature.data()),
       static_cast<uint8*>(signature.data()) + signature.byteLength());
   corrupt_sig[corrupt_sig.size() / 2] ^= 0x1;
-  EXPECT_TRUE(VerifySignatureInternal(
+  EXPECT_STATUS_SUCCESS(VerifySignatureInternal(
       algorithm,
       public_key,
       webcrypto::Uint8VectorStart(corrupt_sig),
       corrupt_sig.size(),
       data,
       &signature_match));
   EXPECT_FALSE(signature_match);
 
   // Ensure signatures that are greater than the modulus size fail.
   const unsigned long_message_size_bytes = 1024;
   DCHECK_GT(long_message_size_bytes, kModulusLength/8);
   const unsigned char kLongSignature[long_message_size_bytes] = { 0 };
-  EXPECT_TRUE(VerifySignatureInternal(
+  EXPECT_STATUS_SUCCESS(VerifySignatureInternal(
       algorithm,
       public_key,
       kLongSignature,
       sizeof(kLongSignature),
       data,
       &signature_match));
   EXPECT_FALSE(signature_match);
 
   // Ensure that verifying using a private key, rather than a public key, fails.
-  EXPECT_FALSE(VerifySignatureInternal(
+  EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), VerifySignatureInternal(
       algorithm,
       private_key,
       static_cast<const unsigned char*>(signature.data()),
       signature.byteLength(),
       data,
       &signature_match));
 
   // Ensure that signing using a public key, rather than a private key, fails.
-  EXPECT_FALSE(SignInternal(algorithm, public_key, data, &signature));
+  EXPECT_STATUS(Status::ErrorUnexpectedKeyType(),
+      SignInternal(algorithm, public_key, data, &signature));
 
   // Ensure that signing and verifying with an incompatible algorithm fails.
   algorithm =
       webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
-  EXPECT_FALSE(SignInternal(algorithm, private_key, data, &signature));
-  EXPECT_FALSE(VerifySignatureInternal(
+  EXPECT_STATUS(Status::ErrorUnsupported(),
+      SignInternal(algorithm, private_key, data, &signature));
+  EXPECT_STATUS(Status::ErrorUnsupported(), VerifySignatureInternal(
       algorithm,
       public_key,
       static_cast<const unsigned char*>(signature.data()),
       signature.byteLength(),
       data,
       &signature_match));
 
   // Some crypto libraries (NSS) can automatically select the RSA SSA inner hash
   // based solely on the contents of the input signature data. In the Web Crypto
   // implementation, the inner hash should be specified uniquely by the input
   // algorithm parameter. To validate this behavior, call Verify with a computed
   // signature that used one hash type (SHA-1), but pass in an algorithm with a
   // different inner hash type (SHA-256). If the hash type is determined by the
   // signature itself (undesired), the verify will pass, while if the hash type
   // is specified by the input algorithm (desired), the verify will fail.
 
   // Compute a signature using SHA-1 as the inner hash.
-  EXPECT_TRUE(SignInternal(CreateRsaAlgorithmWithInnerHash(
+  EXPECT_STATUS_SUCCESS(SignInternal(CreateRsaAlgorithmWithInnerHash(
                                blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
                                blink::WebCryptoAlgorithmIdSha1),
                            private_key,
                            data,
                            &signature));
 
   // Now verify using an algorithm whose inner hash is SHA-256, not SHA-1. The
   // signature should not verify.
   // NOTE: public_key was produced by generateKey, and so its associated
   // algorithm has WebCryptoRsaKeyGenParams and not WebCryptoRsaSsaParams. Thus
   // it has no inner hash to conflict with the input algorithm.
   bool is_match;
-  EXPECT_TRUE(VerifySignatureInternal(
+  EXPECT_STATUS_SUCCESS(VerifySignatureInternal(
       CreateRsaAlgorithmWithInnerHash(
           blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
           blink::WebCryptoAlgorithmIdSha256),
       public_key,
       static_cast<const unsigned char*>(signature.data()),
       signature.byteLength(),
       data,
       &is_match));
   EXPECT_FALSE(is_match);
 }
@@ skipping 212 matching lines @@
       &private_key);
 
   // Validate the signatures are computed and verified as expected.
   blink::WebArrayBuffer signature;
   for (size_t idx = 0; idx < ARRAYSIZE_UNSAFE(kTests); ++idx) {
     SCOPED_TRACE(idx);
     const TestCase& test = kTests[idx];
     const std::vector<uint8> message = HexStringToBytes(test.message_hex);
 
     signature.reset();
-    ASSERT_TRUE(SignInternal(algorithm, private_key, message, &signature));
+    ASSERT_STATUS_SUCCESS(
+        SignInternal(algorithm, private_key, message, &signature));
     ExpectArrayBufferMatchesHex(test.signature_hex, signature);
 
     bool is_match = false;
-    ASSERT_TRUE(VerifySignatureInternal(
+    ASSERT_STATUS_SUCCESS(VerifySignatureInternal(
         algorithm,
         public_key,
         HexStringToBytes(test.signature_hex),
         message,
         &is_match));
     EXPECT_TRUE(is_match);
   }
 }
 
 TEST_F(WebCryptoImplTest, MAYBE(AesKwKeyImport)) {
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   blink::WebCryptoAlgorithm algorithm =
       webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
 
   // Import a 128-bit Key Encryption Key (KEK)
   std::string key_raw_hex_in = "025a8cf3f08b4f6c5f33bbc76a471939";
-  ASSERT_TRUE(ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
-                                HexStringToBytes(key_raw_hex_in),
-                                algorithm,
-                                true,
-                                blink::WebCryptoKeyUsageWrapKey,
-                                &key));
+  ASSERT_STATUS_SUCCESS(ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
+                                          HexStringToBytes(key_raw_hex_in),
+                                          algorithm,
+                                          true,
+                                          blink::WebCryptoKeyUsageWrapKey,
+                                          &key));
   blink::WebArrayBuffer key_raw_out;
-  EXPECT_TRUE(ExportKeyInternal(blink::WebCryptoKeyFormatRaw,
-                                key,
-                                &key_raw_out));
+  EXPECT_STATUS_SUCCESS(ExportKeyInternal(blink::WebCryptoKeyFormatRaw,
+                        key,
+                        &key_raw_out));
   ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out);
 
   // Import a 192-bit KEK
   key_raw_hex_in = "c0192c6466b2370decbb62b2cfef4384544ffeb4d2fbc103";
-  ASSERT_TRUE(ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
-                                HexStringToBytes(key_raw_hex_in),
-                                algorithm,
-                                true,
-                                blink::WebCryptoKeyUsageWrapKey,
-                                &key));
-  EXPECT_TRUE(ExportKeyInternal(blink::WebCryptoKeyFormatRaw,
-                                key,
-                                &key_raw_out));
+  ASSERT_STATUS_SUCCESS(ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
+                                          HexStringToBytes(key_raw_hex_in),
+                                          algorithm,
+                                          true,
+                                          blink::WebCryptoKeyUsageWrapKey,
+                                          &key));
+  EXPECT_STATUS_SUCCESS(ExportKeyInternal(blink::WebCryptoKeyFormatRaw,
+                                          key,
+                                          &key_raw_out));
   ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out);
 
   // Import a 256-bit Key Encryption Key (KEK)
   key_raw_hex_in =
       "e11fe66380d90fa9ebefb74e0478e78f95664d0c67ca20ce4a0b5842863ac46f";
-  ASSERT_TRUE(ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
-                                HexStringToBytes(key_raw_hex_in),
-                                algorithm,
-                                true,
-                                blink::WebCryptoKeyUsageWrapKey,
-                                &key));
-  EXPECT_TRUE(ExportKeyInternal(blink::WebCryptoKeyFormatRaw,
-                                key,
-                                &key_raw_out));
+  ASSERT_STATUS_SUCCESS(ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
+                                          HexStringToBytes(key_raw_hex_in),
+                                          algorithm,
+                                          true,
+                                          blink::WebCryptoKeyUsageWrapKey,
+                                          &key));
+  EXPECT_STATUS_SUCCESS(ExportKeyInternal(blink::WebCryptoKeyFormatRaw,
+                                          key,
+                                          &key_raw_out));
   ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out);
 
   // Fail import of 0 length key
-  EXPECT_FALSE(ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
-                                 HexStringToBytes(""),
-                                 algorithm,
-                                 true,
-                                 blink::WebCryptoKeyUsageWrapKey,
-                                 &key));
+  EXPECT_STATUS(Status::Error(),
+      ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
+                        HexStringToBytes(""),
+                        algorithm,
+                        true,
+                        blink::WebCryptoKeyUsageWrapKey,
+                        &key));
 
   // Fail import of 124-bit KEK
   key_raw_hex_in = "3e4566a2bdaa10cb68134fa66c15ddb";
-  EXPECT_FALSE(ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
-                                 HexStringToBytes(key_raw_hex_in),
-                                 algorithm,
-                                 true,
-                                 blink::WebCryptoKeyUsageWrapKey,
-                                 &key));
+  EXPECT_STATUS(Status::Error(),
+      ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
+                        HexStringToBytes(key_raw_hex_in),
+                        algorithm,
+                        true,
+                        blink::WebCryptoKeyUsageWrapKey,
+                        &key));
 
   // Fail import of 200-bit KEK
   key_raw_hex_in = "0a1d88608a5ad9fec64f1ada269ebab4baa2feeb8d95638c0e";
-  EXPECT_FALSE(ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
-                                 HexStringToBytes(key_raw_hex_in),
-                                 algorithm,
-                                 true,
-                                 blink::WebCryptoKeyUsageWrapKey,
-                                 &key));
+  EXPECT_STATUS(Status::Error(),
+        ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
+                          HexStringToBytes(key_raw_hex_in),
+                          algorithm,
+                          true,
+                          blink::WebCryptoKeyUsageWrapKey,
+                          &key));
 
   // Fail import of 260-bit KEK
   key_raw_hex_in =
       "72d4e475ff34215416c9ad9c8281247a4d730c5f275ac23f376e73e3bce8d7d5a";
-  EXPECT_FALSE(ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
-                                 HexStringToBytes(key_raw_hex_in),
-                                 algorithm,
-                                 true,
-                                 blink::WebCryptoKeyUsageWrapKey,
-                                 &key));
+  EXPECT_STATUS(Status::Error(),
+      ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
+                        HexStringToBytes(key_raw_hex_in),
+                        algorithm,
+                        true,
+                        blink::WebCryptoKeyUsageWrapKey,
+                        &key));
 }
 
 // TODO(eroman):
 //   * Test decryption when the tag length exceeds input size
 //   * Test decryption with empty input
 //   * Test decryption with tag length of 0.
 TEST_F(WebCryptoImplTest, MAYBE(AesGcmSampleSets)) {
   // Some Linux test runners may not have a new enough version of NSS.
   if (!SupportsAesGcm()) {
     LOG(WARNING) << "AES GCM not supported, skipping tests";
@@ skipping 101 matching lines @@
     SCOPED_TRACE(index);
     const TestCase& test = kTests[index];
 
     blink::WebCryptoKey key = ImportSecretKeyFromRawHexString(
         test.key,
         webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm),
         blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt);
 
     // Verify exported raw key is identical to the imported data
     blink::WebArrayBuffer raw_key;
-    EXPECT_TRUE(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key));
+    EXPECT_STATUS_SUCCESS(ExportKeyInternal(
+        blink::WebCryptoKeyFormatRaw, key, &raw_key));
     ExpectArrayBufferMatchesHex(test.key, raw_key);
 
     const std::vector<uint8> test_iv = HexStringToBytes(test.iv);
     const std::vector<uint8> test_additional_data =
         HexStringToBytes(test.additional_data);
     const std::vector<uint8> test_plain_text =
         HexStringToBytes(test.plain_text);
     const std::vector<uint8> test_authentication_tag =
         HexStringToBytes(test.authentication_tag);
     const unsigned test_tag_size_bits = test_authentication_tag.size() * 8;
     const std::vector<uint8> test_cipher_text =
         HexStringToBytes(test.cipher_text);
 
     // Test encryption.
     std::vector<uint8> cipher_text;
     std::vector<uint8> authentication_tag;
-    EXPECT_TRUE(AesGcmEncrypt(key, test_iv, test_additional_data,
-                              test_tag_size_bits, test_plain_text,
-                              &cipher_text, &authentication_tag));
+    EXPECT_STATUS_SUCCESS(AesGcmEncrypt(key, test_iv, test_additional_data,
+                                        test_tag_size_bits, test_plain_text,
+                                        &cipher_text, &authentication_tag));
 
     ExpectVectorMatchesHex(test.cipher_text, cipher_text);
     ExpectVectorMatchesHex(test.authentication_tag, authentication_tag);
 
     // Test decryption.
     blink::WebArrayBuffer plain_text;
-    EXPECT_TRUE(AesGcmDecrypt(key, test_iv, test_additional_data,
-                              test_tag_size_bits, test_cipher_text,
-                              test_authentication_tag, &plain_text));
+    EXPECT_STATUS_SUCCESS(AesGcmDecrypt(key, test_iv, test_additional_data,
+                                        test_tag_size_bits, test_cipher_text,
+                                        test_authentication_tag, &plain_text));
     ExpectArrayBufferMatchesHex(test.plain_text, plain_text);
 
     // Decryption should fail if any of the inputs are tampered with.
-    EXPECT_FALSE(AesGcmDecrypt(key, Corrupted(test_iv), test_additional_data,
-                               test_tag_size_bits, test_cipher_text,
-                               test_authentication_tag, &plain_text));
-    EXPECT_FALSE(AesGcmDecrypt(key, test_iv, Corrupted(test_additional_data),
-                               test_tag_size_bits, test_cipher_text,
-                               test_authentication_tag, &plain_text));
-    EXPECT_FALSE(AesGcmDecrypt(key, test_iv, test_additional_data,
-                               test_tag_size_bits, Corrupted(test_cipher_text),
-                               test_authentication_tag, &plain_text));
-    EXPECT_FALSE(AesGcmDecrypt(key, test_iv, test_additional_data,
-                               test_tag_size_bits, test_cipher_text,
-                               Corrupted(test_authentication_tag),
-                               &plain_text));
+    EXPECT_STATUS(Status::Error(),
+        AesGcmDecrypt(key, Corrupted(test_iv), test_additional_data,
+                      test_tag_size_bits, test_cipher_text,
+                      test_authentication_tag, &plain_text));
+    EXPECT_STATUS(Status::Error(),
+        AesGcmDecrypt(key, test_iv, Corrupted(test_additional_data),
+                      test_tag_size_bits, test_cipher_text,
+                      test_authentication_tag, &plain_text));
+    EXPECT_STATUS(Status::Error(),
+        AesGcmDecrypt(key, test_iv, test_additional_data,
+                      test_tag_size_bits, Corrupted(test_cipher_text),
+                      test_authentication_tag, &plain_text));
+    EXPECT_STATUS(Status::Error(),
+        AesGcmDecrypt(key, test_iv, test_additional_data,
+                      test_tag_size_bits, test_cipher_text,
+                      Corrupted(test_authentication_tag),
+                      &plain_text));
 
     // Try different incorrect tag lengths
     uint8 kAlternateTagLengths[] = {8, 96, 120, 128, 160, 255};
     for (size_t tag_i = 0; tag_i < arraysize(kAlternateTagLengths); ++tag_i) {
       unsigned wrong_tag_size_bits = kAlternateTagLengths[tag_i];
       if (test_tag_size_bits == wrong_tag_size_bits)
         continue;
-      EXPECT_FALSE(AesGcmDecrypt(key, test_iv, test_additional_data,
-                                 wrong_tag_size_bits, test_cipher_text,
-                                 test_authentication_tag, &plain_text));
+      EXPECT_STATUS_ERROR(AesGcmDecrypt(key, test_iv, test_additional_data,
+                                        wrong_tag_size_bits, test_cipher_text,
+                                        test_authentication_tag, &plain_text));
     }
   }
 }
 
 }  // namespace content