Skip to content

Commit cf1e907

Browse files
panvapanva
committed
crypto: validate CFRG webcrypto JWK import "d" and "x" are a pair
PR-URL: nodejs#45569 Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Backport-PR-URL: nodejs#47336
1 parent c62ed73 commit cf1e907

File tree

1 file changed

+17
-5
lines changed

1 file changed

+17
-5
lines changed

lib/internal/crypto/cfrg.js

Lines changed: 17 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -301,12 +301,24 @@ async function cfrgImportKey(
301301
name,
302302
isPublic ? 'public' : 'private',
303303
usagesSet);
304-
keyObject = createCFRGRawKey(
304+
305+
const publicKeyObject = createCFRGRawKey(
305306
name,
306-
Buffer.from(
307-
isPublic ? keyData.x : keyData.d,
308-
'base64'),
309-
isPublic);
307+
Buffer.from(keyData.x, 'base64'),
308+
true);
309+
310+
if (isPublic) {
311+
keyObject = publicKeyObject;
312+
} else {
313+
keyObject = createCFRGRawKey(
314+
name,
315+
Buffer.from(keyData.d, 'base64'),
316+
false);
317+
318+
if (!createPublicKey(keyObject).equals(publicKeyObject)) {
319+
throw lazyDOMException('Invalid JWK keyData', 'DataError');
320+
}
321+
}
310322
break;
311323
}
312324
case 'raw': {

0 commit comments

Comments
 (0)