fix(ext/crypto): throw DataError for invalid EC key import (#25181)

Fixes https://github.com/denoland/deno/issues/20931

2 files changed, 23 insertions, 1 deletions

diff --git a/ext/crypto/import_key.rs b/ext/crypto/import_key.rs
index 7b06cae99..88265a2cd 100644
--- a/ext/crypto/import_key.rs
+++ b/ext/crypto/import_key.rs
@@ -689,7 +689,8 @@ fn import_key_ec(
 
         let rng = ring::rand::SystemRandom::new();
         // deserialize pkcs8 using ring crate, to VALIDATE public key
-        let _private_key = EcdsaKeyPair::from_pkcs8(signing_alg, &data, &rng)?;
+        let _private_key = EcdsaKeyPair::from_pkcs8(signing_alg, &data, &rng)
+          .map_err(|_| data_error("invalid key"))?;
 
         // 11.
         if named_curve != pk_named_curve {
diff --git a/tests/unit/webcrypto_test.ts b/tests/unit/webcrypto_test.ts
index 58f59edc6..8c06435d0 100644
--- a/tests/unit/webcrypto_test.ts
+++ b/tests/unit/webcrypto_test.ts
@@ -2045,3 +2045,24 @@ Deno.test(async function p521Generate() {
   assert(key.privateKey instanceof CryptoKey);
   assert(key.publicKey instanceof CryptoKey);
 });
+
+Deno.test(async function invalidEcPointDataError() {
+  await assertRejects(async () => {
+    await crypto.subtle
+      .importKey(
+        "pkcs8",
+        // deno-fmt-ignore
+        new Uint8Array([
+          48, 102, 2, 1, 0, 48, 19, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 8, 42, 134,
+          72, 206, 61, 3, 1, 7, 4, 76, 48, 74, 2, 1, 1, 4, 32, 255, 255, 255, 255,
+          0, 0, 0, 0, 255, 255, 255, 255, 255, 255, 255, 255, 188, 230, 250, 173,
+          167, 23, 158, 132, 243, 185, 202, 194, 252, 99, 37, 81, 161, 35, 3, 33, 0,
+          0, 255, 255, 255, 0, 0, 0, 0, 255, 255, 255, 255, 255, 255, 255, 255, 188,
+          230, 250, 173, 167, 23, 158, 132, 243, 185, 202, 194, 252, 99, 37, 81,
+        ]),
+        { name: "ECDSA", namedCurve: "P-256" },
+        true,
+        ["sign"],
+      );
+  }, DOMException);
+});