Refactor WebCrypto code

content/child/webcrypto/shared_crypto_unittest.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "content/child/webcrypto/shared_crypto.h"
-
 #include <algorithm>
 #include <string>
 #include <vector>
 
 #include "base/basictypes.h"
 #include "base/file_util.h"
 #include "base/json/json_reader.h"
 #include "base/json/json_writer.h"
 #include "base/logging.h"
 #include "base/memory/ref_counted.h"
 #include "base/path_service.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
+#include "content/child/webcrypto/algorithm_dispatch.h"
 #include "content/child/webcrypto/crypto_data.h"
 #include "content/child/webcrypto/status.h"
 #include "content/child/webcrypto/webcrypto_util.h"
 #include "content/public/common/content_paths.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
 #include "third_party/WebKit/public/platform/WebCryptoKey.h"
 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
 #include "third_party/re2/re2/re2.h"
 
 #if !defined(USE_OPENSSL)
 #include <nss.h>
 #include <pk11pub.h>
 
+#include "crypto/nss_util.h"
 #include "crypto/scoped_nss_types.h"
 #endif
 
 // The OpenSSL implementation of WebCrypto is less complete, so don't run all of
 // the tests: http://crbug.com/267888
 #if defined(USE_OPENSSL)
 #define MAYBE(test_name) DISABLED_##test_name
 #else
 #define MAYBE(test_name) test_name
 #endif
@@ skipping 69 matching lines @@
 
   if (status.IsError())
     EXPECT_EQ(blink::WebCryptoErrorTypeNotSupported, status.error_type());
   return status.IsSuccess();
 }
 
 bool SupportsRsaOaep() {
 #if defined(USE_OPENSSL)
   return false;
 #else
+  crypto::EnsureNSSInit();
   // TODO(eroman): Exclude version test for OS_CHROMEOS
 #if defined(USE_NSS)
   if (!NSS_VersionCheck("3.16.2"))
     return false;
 #endif
   crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot());
   return !!PK11_DoesMechanism(slot.get(), CKM_RSA_PKCS_OAEP);
 #endif
 }
 
 bool SupportsRsaKeyImport() {
 // TODO(eroman): Exclude version test for OS_CHROMEOS
 #if defined(USE_NSS)
+  crypto::EnsureNSSInit();
   if (!NSS_VersionCheck("3.16.2")) {
     LOG(WARNING) << "RSA key import is not supported by this version of NSS. "
                     "Skipping some tests";
     return false;
   }
 #endif
   return true;
 }
 
 blink::WebCryptoAlgorithm CreateRsaHashedKeyGenAlgorithm(
@@ skipping 290 matching lines @@
     "584b8e22fdde1e5a2e3bd8aa5ba8d8584194eb2190acf832b847f13a3d24"
     "a79f4d";
 // The modulus and exponent (in hex) of kPublicKeySpkiDerHex
 const char* const kPublicKeyModulusHex =
     "A56E4A0E701017589A5187DC7EA841D156F2EC0E36AD52A44DFEB1E61F7AD991D8C51056"
     "FFEDB162B4C0F283A12A88A394DFF526AB7291CBB307CEABFCE0B1DFD5CD9508096D5B2B"
     "8B6DF5D671EF6377C0921CB23C270A70E2598E6FF89D19F105ACC2D3F0CB35F29280E138"
     "6B6F64C4EF22E1E1F20D0CE8CFFB2249BD9A2137";
 const char* const kPublicKeyExponentHex = "010001";
 
+// TODO(eroman): Remove unnecessary test fixture.
 class SharedCryptoTest : public testing::Test {
- protected:
-  virtual void SetUp() OVERRIDE { Init(); }
 };
 
 blink::WebCryptoKey ImportSecretKeyFromRaw(
     const std::vector<uint8>& key_raw,
     const blink::WebCryptoAlgorithm& algorithm,
     blink::WebCryptoKeyUsageMask usage) {
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   bool extractable = true;
   EXPECT_EQ(Status::Success(),
             ImportKey(blink::WebCryptoKeyFormatRaw,
@@ skipping 422 matching lines @@
 
     std::vector<uint8> output;
 
     ASSERT_EQ(Status::Success(),
               Sign(algorithm, key, CryptoData(test_message), &output));
 
     EXPECT_BYTES_EQ(test_mac, output);
 
     bool signature_match = false;
     EXPECT_EQ(Status::Success(),
-              VerifySignature(algorithm,
-                              key,
-                              CryptoData(output),
-                              CryptoData(test_message),
-                              &signature_match));
+              Verify(algorithm,
+                     key,
+                     CryptoData(output),
+                     CryptoData(test_message),
+                     &signature_match));
     EXPECT_TRUE(signature_match);
 
     // Ensure truncated signature does not verify by passing one less byte.
-    EXPECT_EQ(
-        Status::Success(),
-        VerifySignature(algorithm,
-                        key,
-                        CryptoData(Uint8VectorStart(output), output.size() - 1),
-                        CryptoData(test_message),
-                        &signature_match));
+    EXPECT_EQ(Status::Success(),
+              Verify(algorithm,
+                     key,
+                     CryptoData(Uint8VectorStart(output), output.size() - 1),
+                     CryptoData(test_message),
+                     &signature_match));
     EXPECT_FALSE(signature_match);
 
     // Ensure truncated signature does not verify by passing no bytes.
     EXPECT_EQ(Status::Success(),
-              VerifySignature(algorithm,
-                              key,
-                              CryptoData(),
-                              CryptoData(test_message),
-                              &signature_match));
+              Verify(algorithm,
+                     key,
+                     CryptoData(),
+                     CryptoData(test_message),
+                     &signature_match));
     EXPECT_FALSE(signature_match);
 
     // Ensure extra long signature does not cause issues and fails.
     const unsigned char kLongSignature[1024] = {0};
-    EXPECT_EQ(
-        Status::Success(),
-        VerifySignature(algorithm,
-                        key,
-                        CryptoData(kLongSignature, sizeof(kLongSignature)),
-                        CryptoData(test_message),
-                        &signature_match));
+    EXPECT_EQ(Status::Success(),
+              Verify(algorithm,
+                     key,
+                     CryptoData(kLongSignature, sizeof(kLongSignature)),
+                     CryptoData(test_message),
+                     &signature_match));
     EXPECT_FALSE(signature_match);
   }
 }
 
 TEST_F(SharedCryptoTest, AesCbcFailures) {
   const std::string key_hex = "2b7e151628aed2a6abf7158809cf4f3c";
   blink::WebCryptoKey key = ImportSecretKeyFromRaw(
       HexStringToBytes(key_hex),
       CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
       blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt);
@@ skipping 64 matching lines @@
               ImportKey(blink::WebCryptoKeyFormatRaw,
                         CryptoData(key_raw),
                         CreateAesCbcAlgorithm(iv),
                         true,
                         blink::WebCryptoKeyUsageEncrypt,
                         &key));
   }
 
   // Fail exporting the key in SPKI and PKCS#8 formats (not allowed for secret
   // keys).
-  EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
+  EXPECT_EQ(Status::ErrorUnsupportedExportKeyFormat(),
             ExportKey(blink::WebCryptoKeyFormatSpki, key, &output));
-  EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
+  EXPECT_EQ(Status::ErrorUnsupportedExportKeyFormat(),
             ExportKey(blink::WebCryptoKeyFormatPkcs8, key, &output));
 }
 
+TEST_F(SharedCryptoTest, ImportAesCbcSpkiFailure) {
+  blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+  ASSERT_EQ(Status::ErrorUnsupportedImportKeyFormat(),
+            ImportKey(blink::WebCryptoKeyFormatSpki,
+                      CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)),
+                      CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
+                      true,
+                      blink::WebCryptoKeyUsageEncrypt,
+                      &key));
+}
+
 TEST_F(SharedCryptoTest, MAYBE(AesCbcSampleSets)) {
   scoped_ptr<base::ListValue> tests;
   ASSERT_TRUE(ReadJsonTestFileToList("aes_cbc.json", &tests));
 
   for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) {
     SCOPED_TRACE(test_index);
     base::DictionaryValue* test;
     ASSERT_TRUE(tests->GetDictionary(test_index, &test));
 
     std::vector<uint8> test_key = GetBytesFromHexString(test, "key");
@@ skipping 332 matching lines @@
   // Fail on invalid JSON.
   const std::vector<uint8> bad_json_vec = MakeJsonVector(
       "{"
       "\"kty\"         : \"oct\","
       "\"alg\"         : \"HS256\","
       "\"use\"         : ");
   EXPECT_EQ(Status::ErrorJwkNotDictionary(),
             ImportKeyJwk(
                 CryptoData(bad_json_vec), algorithm, false, usage_mask, &key));
 
-  // Fail on JWK alg present but unrecognized.
+  // Fail on JWK alg present but incorrect (expecting A128CBC).
   dict.SetString("alg", "A127CBC");
-  EXPECT_EQ(Status::ErrorJwkUnrecognizedAlgorithm(),
+  EXPECT_EQ(Status::ErrorJwkAlgorithmInconsistent(),
             ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
   RestoreJwkOctDictionary(&dict);
 
   // Fail on invalid kty.
   dict.SetString("kty", "foo");
-  EXPECT_EQ(Status::ErrorJwkUnrecognizedKty(),
+  EXPECT_EQ(Status::ErrorJwkUnexpectedKty("oct"),
             ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
   RestoreJwkOctDictionary(&dict);
 
   // Fail on missing kty.
   dict.Remove("kty", NULL);
   EXPECT_EQ(Status::ErrorJwkPropertyMissing("kty"),
             ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
   RestoreJwkOctDictionary(&dict);
 
   // Fail on kty wrong type.
@@ skipping 338 matching lines @@
   EXPECT_EQ(Status::Success(),
             ImportKeyJwkFromDict(dict, algorithm, true, usage_mask, &key));
   EXPECT_TRUE(key.extractable());
   EXPECT_EQ(Status::Success(),
             ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
   EXPECT_FALSE(key.extractable());
   dict.SetBoolean("ext", true);  // restore previous value
 
   // Fail: Input algorithm (AES-CBC) is inconsistent with JWK value
   // (HMAC SHA256).
-  EXPECT_EQ(Status::ErrorJwkAlgorithmInconsistent(),
+  dict.Clear();
+  dict.SetString("kty", "oct");
+  dict.SetString("alg", "HS256");
+  dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
+  EXPECT_EQ(
+      Status::ErrorJwkAlgorithmInconsistent(),
+      ImportKeyJwkFromDict(dict,
+                           CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
+                           extractable,
+                           blink::WebCryptoKeyUsageEncrypt,
+                           &key));
+  // Fail: Input usage (encrypt) is inconsistent with JWK value (use=sig).
+  EXPECT_EQ(Status::ErrorJwkUseInconsistent(),
             ImportKeyJwk(CryptoData(json_vec),
                          CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
                          extractable,
                          blink::WebCryptoKeyUsageEncrypt,
                          &key));
 
   // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value
   // (HMAC SHA256).
   EXPECT_EQ(
       Status::ErrorJwkAlgorithmInconsistent(),
@@ skipping 282 matching lines @@
   EXPECT_EQ(
       Status::DataError(),
       ImportKey(blink::WebCryptoKeyFormatSpki,
                 CryptoData(HexStringToBytes("618333c4cb")),
                 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5),
                 true,
                 blink::WebCryptoKeyUsageVerify,
                 &key));
 
   // Failing case: Import RSA key but provide an inconsistent input algorithm.
-  EXPECT_EQ(Status::DataError(),
+  EXPECT_EQ(Status::ErrorUnsupportedImportKeyFormat(),
             ImportKey(blink::WebCryptoKeyFormatSpki,
                       CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)),
                       CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
                       true,
                       blink::WebCryptoKeyUsageEncrypt,
                       &key));
 
   // Passing case: Export a previously imported RSA public key in SPKI format
   // and compare to original data.
   std::vector<uint8> output;
   ASSERT_EQ(Status::Success(),
             ExportKey(blink::WebCryptoKeyFormatSpki, key, &output));
   EXPECT_BYTES_EQ_HEX(kPublicKeySpkiDerHex, output);
 
   // Failing case: Try to export a previously imported RSA public key in raw
   // format (not allowed for a public key).
-  EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
+  EXPECT_EQ(Status::ErrorUnsupportedExportKeyFormat(),
             ExportKey(blink::WebCryptoKeyFormatRaw, key, &output));
 
   // Failing case: Try to export a non-extractable key
   ASSERT_EQ(Status::Success(),
             ImportKey(blink::WebCryptoKeyFormatSpki,
                       CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)),
                       CreateRsaHashedImportAlgorithm(
                           blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
                           blink::WebCryptoAlgorithmIdSha256),
                       false,
@@ skipping 62 matching lines @@
                 CryptoData(HexStringToBytes("618333c4cb")),
                 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5),
                 true,
                 blink::WebCryptoKeyUsageSign,
                 &key));
 
   // Failing case: Import RSA key but provide an inconsistent input algorithm
   // and usage. Several issues here:
   //   * AES-CBC doesn't support PKCS8 key format
   //   * AES-CBC doesn't support "sign" usage
-  EXPECT_EQ(Status::ErrorCreateKeyBadUsages(),
+  EXPECT_EQ(Status::ErrorUnsupportedImportKeyFormat(),
             ImportKey(blink::WebCryptoKeyFormatPkcs8,
                       CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)),
                       CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
                       true,
                       blink::WebCryptoKeyUsageSign,
                       &key));
 }
 
 // Tests JWK import and export by doing a roundtrip key conversion and ensuring
 // it was lossless:
@@ skipping 539 matching lines @@
 
   std::vector<uint8> signature;
   bool signature_match;
 
   // Compute a signature.
   const std::vector<uint8> data = HexStringToBytes("010203040506070809");
   ASSERT_EQ(Status::Success(),
             Sign(algorithm, private_key, CryptoData(data), &signature));
 
   // Ensure truncated signature does not verify by passing one less byte.
-  EXPECT_EQ(Status::Success(),
-            VerifySignature(
-                algorithm,
-                public_key,
-                CryptoData(Uint8VectorStart(signature), signature.size() - 1),
-                CryptoData(data),
-                &signature_match));
+  EXPECT_EQ(
+      Status::Success(),
+      Verify(algorithm,
+             public_key,
+             CryptoData(Uint8VectorStart(signature), signature.size() - 1),
+             CryptoData(data),
+             &signature_match));
   EXPECT_FALSE(signature_match);
 
   // Ensure truncated signature does not verify by passing no bytes.
   EXPECT_EQ(Status::Success(),
-            VerifySignature(algorithm,
-                            public_key,
-                            CryptoData(),
-                            CryptoData(data),
-                            &signature_match));
+            Verify(algorithm,
+                   public_key,
+                   CryptoData(),
+                   CryptoData(data),
+                   &signature_match));
   EXPECT_FALSE(signature_match);
 
   // Ensure corrupted signature does not verify.
   std::vector<uint8> corrupt_sig = signature;
   corrupt_sig[corrupt_sig.size() / 2] ^= 0x1;
   EXPECT_EQ(Status::Success(),
-            VerifySignature(algorithm,
-                            public_key,
-                            CryptoData(corrupt_sig),
-                            CryptoData(data),
-                            &signature_match));
+            Verify(algorithm,
+                   public_key,
+                   CryptoData(corrupt_sig),
+                   CryptoData(data),
+                   &signature_match));
   EXPECT_FALSE(signature_match);
 
   // Ensure signatures that are greater than the modulus size fail.
   const unsigned int long_message_size_bytes = 1024;
   DCHECK_GT(long_message_size_bytes, kModulusLengthBits / 8);
   const unsigned char kLongSignature[long_message_size_bytes] = {0};
   EXPECT_EQ(Status::Success(),
-            VerifySignature(algorithm,
-                            public_key,
-                            CryptoData(kLongSignature, sizeof(kLongSignature)),
-                            CryptoData(data),
-                            &signature_match));
+            Verify(algorithm,
+                   public_key,
+                   CryptoData(kLongSignature, sizeof(kLongSignature)),
+                   CryptoData(data),
+                   &signature_match));
   EXPECT_FALSE(signature_match);
 
   // Ensure that signing and verifying with an incompatible algorithm fails.
   algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaOaep);
 
   EXPECT_EQ(Status::ErrorUnexpected(),
             Sign(algorithm, private_key, CryptoData(data), &signature));
   EXPECT_EQ(Status::ErrorUnexpected(),
-            VerifySignature(algorithm,
-                            public_key,
-                            CryptoData(signature),
-                            CryptoData(data),
-                            &signature_match));
+            Verify(algorithm,
+                   public_key,
+                   CryptoData(signature),
+                   CryptoData(data),
+                   &signature_match));
 
   // Some crypto libraries (NSS) can automatically select the RSA SSA inner hash
   // based solely on the contents of the input signature data. In the Web Crypto
   // implementation, the inner hash should be specified uniquely by the key
   // algorithm parameter. To validate this behavior, call Verify with a computed
   // signature that used one hash type (SHA-1), but pass in a key with a
   // different inner hash type (SHA-256). If the hash type is determined by the
   // signature itself (undesired), the verify will pass, while if the hash type
   // is specified by the key algorithm (desired), the verify will fail.
 
@@ skipping 20 matching lines @@
   // NOTE: public_key was produced by generateKey, and so its associated
   // algorithm has WebCryptoRsaKeyGenParams and not WebCryptoRsaSsaParams. Thus
   // it has no inner hash to conflict with the input algorithm.
   EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
             private_key.algorithm().rsaHashedParams()->hash().id());
   EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
             public_key_256.algorithm().rsaHashedParams()->hash().id());
 
   bool is_match;
   EXPECT_EQ(Status::Success(),
-            VerifySignature(
-                CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5),
-                public_key_256,
-                CryptoData(signature),
-                CryptoData(data),
-                &is_match));
+            Verify(CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5),
+                   public_key_256,
+                   CryptoData(signature),
+                   CryptoData(data),
+                   &is_match));
   EXPECT_FALSE(is_match);
 }
 
 TEST_F(SharedCryptoTest, MAYBE(RsaSignVerifyKnownAnswer)) {
   if (!SupportsRsaKeyImport())
     return;
 
   scoped_ptr<base::ListValue> tests;
   ASSERT_TRUE(ReadJsonTestFileToList("pkcs1v15_sign.json", &tests));
 
@@ skipping 30 matching lines @@
         GetBytesFromHexString(test, "signature_hex");
 
     signature.clear();
     ASSERT_EQ(
         Status::Success(),
         Sign(algorithm, private_key, CryptoData(test_message), &signature));
     EXPECT_BYTES_EQ(test_signature, signature);
 
     bool is_match = false;
     ASSERT_EQ(Status::Success(),
-              VerifySignature(algorithm,
-                              public_key,
-                              CryptoData(test_signature),
-                              CryptoData(test_message),
-                              &is_match));
+              Verify(algorithm,
+                     public_key,
+                     CryptoData(test_signature),
+                     CryptoData(test_message),
+                     &is_match));
     EXPECT_TRUE(is_match);
   }
 }
 
 TEST_F(SharedCryptoTest, MAYBE(AesKwKeyImport)) {
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   blink::WebCryptoAlgorithm algorithm =
       CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
 
   // Import a 128-bit Key Encryption Key (KEK)
@@ skipping 213 matching lines @@
   ASSERT_EQ(Status::Success(),
             Sign(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac),
                  key,
                  CryptoData(test_message),
                  &signature));
 
   EXPECT_GT(signature.size(), 0u);
 
   bool verify_result;
   ASSERT_EQ(Status::Success(),
-            VerifySignature(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac),
-                            key,
-                            CryptoData(signature),
-                            CryptoData(test_message),
-                            &verify_result));
+            Verify(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac),
+                   key,
+                   CryptoData(signature),
+                   CryptoData(test_message),
+                   &verify_result));
 }
 
 TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyWrapUnwrapErrors)) {
   scoped_ptr<base::ListValue> tests;
   ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests));
   base::DictionaryValue* test;
   // Use 256 bits of data with a 256-bit KEK
   ASSERT_TRUE(tests->GetDictionary(3, &test));
   const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek");
   const std::vector<uint8> test_key = GetBytesFromHexString(test, "key");
@@ skipping 322 matching lines @@
                           wrapping_key,
                           CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw),
                           CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
                           true,
                           blink::WebCryptoKeyUsageEncrypt,
                           &unwrapped_key));
 }
 
 class SharedCryptoRsaOaepTest : public ::testing::Test {
  public:
-  SharedCryptoRsaOaepTest() { Init(); }
-
   scoped_ptr<base::DictionaryValue> CreatePublicKeyJwkDict() {
     scoped_ptr<base::DictionaryValue> jwk(new base::DictionaryValue());
     jwk->SetString("kty", "RSA");
     jwk->SetString("n",
                    Base64EncodeUrlSafe(HexStringToBytes(kPublicKeyModulusHex)));
     jwk->SetString(
         "e", Base64EncodeUrlSafe(HexStringToBytes(kPublicKeyExponentHex)));
     return jwk.Pass();
   }
 };
@@ skipping 81 matching lines @@
   if (!SupportsRsaOaep()) {
     LOG(WARNING) << "RSA-OAEP support not present; skipping.";
     return;
   }
 
   scoped_ptr<base::DictionaryValue> jwk(CreatePublicKeyJwkDict());
   jwk->SetString("kty", "oct");
   jwk->SetString("alg", "RSA-OAEP");
 
   blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
-  ASSERT_EQ(Status::ErrorJwkPropertyMissing("k"),
+  ASSERT_EQ(Status::ErrorJwkUnexpectedKty("RSA"),
             ImportKeyJwkFromDict(*jwk.get(),
                                  CreateRsaHashedImportAlgorithm(
                                      blink::WebCryptoAlgorithmIdRsaOaep,
                                      blink::WebCryptoAlgorithmIdSha1),
                                  true,
                                  blink::WebCryptoKeyUsageEncrypt,
                                  &public_key));
 }
 
 TEST_F(SharedCryptoRsaOaepTest, ExportPublicJwk) {
@@ skipping 852 matching lines @@
   EXPECT_EQ(public_key_spki, unwrapped_public_key_spki);
   EXPECT_EQ(private_key_pkcs8, unwrapped_private_key_pkcs8);
 
   EXPECT_NE(public_key_spki, wrapped_public_key);
   EXPECT_NE(private_key_pkcs8, wrapped_private_key);
 }
 
 }  // namespace webcrypto
 
 }  // namespace content