LibWeb: Don't import raw X25519 key of incorrect length

Author: https://github.com/hopafoot 🔰 Commit: ea8538ea49 Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/5582 Reviewed-by: https://github.com/ADKaster ✅ Reviewed-by: https://github.com/awesomekling Reviewed-by: https://github.com/trflynn89
2025-08-28 21:26:22 +00:00 · 2025-07-23 15:22:37 -04:00 · 2025-07-23 15:22:37 -04:00 · ea8538ea49 · 2025-07-26 16:44:27 +00:00
commit ea8538ea49
parent 8569124b87
1 changed files with 5 additions and 0 deletions
--- a/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp
+++ b/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp
@ -7258,6 +7258,11 @@ WebIDL::ExceptionOr<GC::Ref<CryptoKey>> X25519::import_key([[maybe_unused]] Web:
        if (!usages.is_empty())
            return WebIDL::SyntaxError::create(m_realm, "Usages must be empty"_string);

+        // AD-HOC: if the key length is not 32 bytes, then throw a DataError.
+        // See: https://github.com/w3c/webcrypto/issues/409
+        if (32 != key_data.get<ByteBuffer>().size())
+            return WebIDL::DataError::create(m_realm, "X25519 key must be 32 bytes"_string);
+
        // 2. Let algorithm be a new KeyAlgorithm object.
        auto algorithm = KeyAlgorithm::create(m_realm);