From ea8538ea49df457a759fe27a36c94fa5b312d5f5 Mon Sep 17 00:00:00 2001
From: Abhinav <abhinav@mail.numberless.tech>
Date: Wed, 23 Jul 2025 15:22:37 -0400
Subject: [PATCH] LibWeb: Don't import raw X25519 key of incorrect length

---
 Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp b/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp
index e72a32dd0cb..1e5d1ec2ae0 100644
--- a/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp
+++ b/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp
@@ -7258,6 +7258,11 @@ WebIDL::ExceptionOr<GC::Ref<CryptoKey>> X25519::import_key([[maybe_unused]] Web:
         if (!usages.is_empty())
             return WebIDL::SyntaxError::create(m_realm, "Usages must be empty"_string);
 
+        // AD-HOC: if the key length is not 32 bytes, then throw a DataError.
+        // See: https://github.com/w3c/webcrypto/issues/409
+        if (32 != key_data.get<ByteBuffer>().size())
+            return WebIDL::DataError::create(m_realm, "X25519 key must be 32 bytes"_string);
+
         // 2. Let algorithm be a new KeyAlgorithm object.
         auto algorithm = KeyAlgorithm::create(m_realm);