crypto: validate CFRG webcrypto JWK import "d" and "x" are a pair

PR-URL: nodejs#45569 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Backport-PR-URL: nodejs#47336
panva · Mar 31, 2023 · adca91a · adca91a
1 parent b72552c
commit adca91a
Showing 1 changed file with 17 additions and 5 deletions.
diff --git a/lib/internal/crypto/cfrg.js b/lib/internal/crypto/cfrg.js
@@ -301,12 +301,24 @@ async function cfrgImportKey(
         name,
         isPublic ? 'public' : 'private',
         usagesSet);
-      keyObject = createCFRGRawKey(
+
+      const publicKeyObject = createCFRGRawKey(
         name,
-        Buffer.from(
-          isPublic ? keyData.x : keyData.d,
-          'base64'),
-        isPublic);
+        Buffer.from(keyData.x, 'base64'),
+        true);
+
+      if (isPublic) {
+        keyObject = publicKeyObject;
+      } else {
+        keyObject = createCFRGRawKey(
+          name,
+          Buffer.from(keyData.d, 'base64'),
+          false);
+
+        if (!createPublicKey(keyObject).equals(publicKeyObject)) {
+          throw lazyDOMException('Invalid JWK keyData', 'DataError');
+        }
+      }
       break;
     }
     case 'raw': {