Change the error message in WebCrypto when using a key that has BOTH

third_party/WebKit/Source/modules/crypto/CryptoKey.cpp

Index: third_party/WebKit/Source/modules/crypto/CryptoKey.cpp
diff --git a/third_party/WebKit/Source/modules/crypto/CryptoKey.cpp b/third_party/WebKit/Source/modules/crypto/CryptoKey.cpp
index b6a000942c8853e3e541bf855c5d05b3e9bb0548..c838d1e6810b9a4b6e73a9be4b5022173824830f 100644
--- a/third_party/WebKit/Source/modules/crypto/CryptoKey.cpp
+++ b/third_party/WebKit/Source/modules/crypto/CryptoKey.cpp
@@ -178,16 +178,30 @@ Vector<String> CryptoKey::usages() const
 
 bool CryptoKey::canBeUsedForAlgorithm(const WebCryptoAlgorithm& algorithm, WebCryptoKeyUsage usage, CryptoResult* result) const
 {
-    if (!(m_key.usages() & usage)) {
-        result->completeWithError(WebCryptoErrorTypeInvalidAccess, "key.usages does not permit this operation");
-        return false;
-    }
+    // This order of tests on keys is done throughout the WebCrypto spec when
+    // testing if a key can be used for an algorithm.
+    //
+    // For instance here are the steps as written for encrypt():
+    //
+    // https://w3c.github.io/webcrypto/Overview.html#dfn-SubtleCrypto-method-encrypt
+    //
+    // (8) If the name member of normalizedAlgorithm is not equal to the name
+    //     attribute of the [[algorithm]] internal slot of key then throw an
+    //     InvalidAccessError.
+    //
+    // (9) If the [[usages]] internal slot of key does not contain an entry
+    //     that is "encrypt", then throw an InvalidAccessError.
 
     if (m_key.algorithm().id() != algorithm.id()) {
         result->completeWithError(WebCryptoErrorTypeInvalidAccess, "key.algorithm does not match that of operation");
         return false;
     }
 
+    if (!(m_key.usages() & usage)) {
+        result->completeWithError(WebCryptoErrorTypeInvalidAccess, "key.usages does not permit this operation");
+        return false;
+    }
+
     return true;
 }