diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-07-12 22:19:21 +0530 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2018-07-12 12:49:20 -0400 |
| commit | 0fba4e28de2d0b5b8a262f512b65e487ded0c6e1 (patch) | |
| tree | be394af373887f0d616892263178c04aec789914 | |
| parent | e74a263112847bf856c12128ce45f8d3ac2d116a (diff) | |
| download | cryptography-0fba4e28de2d0b5b8a262f512b65e487ded0c6e1.tar.gz cryptography-0fba4e28de2d0b5b8a262f512b65e487ded0c6e1.tar.bz2 cryptography-0fba4e28de2d0b5b8a262f512b65e487ded0c6e1.zip | |
raise valueerror for null x25519 derived keys (#4332)
* raise valueerror for null x25519 derived keys
OpenSSL errors when it hits this edge case and a null shared key is bad
anyway so let's raise an error
* empty commit
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/x25519.py | 6 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_x25519.py | 17 |
2 files changed, 22 insertions, 1 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/x25519.py b/src/cryptography/hazmat/backends/openssl/x25519.py index 5599c2fd..983ece6a 100644 --- a/src/cryptography/hazmat/backends/openssl/x25519.py +++ b/src/cryptography/hazmat/backends/openssl/x25519.py @@ -71,5 +71,9 @@ class _X25519PrivateKey(object): self._backend.openssl_assert(keylen[0] > 0) buf = self._backend._ffi.new("unsigned char[]", keylen[0]) res = self._backend._lib.EVP_PKEY_derive(ctx, buf, keylen) - self._backend.openssl_assert(res == 1) + if res != 1: + raise ValueError( + "Null shared key derived from public/private pair." + ) + return self._backend._ffi.buffer(buf, keylen[0])[:] diff --git a/tests/hazmat/primitives/test_x25519.py b/tests/hazmat/primitives/test_x25519.py index 22a0ae66..381be201 100644 --- a/tests/hazmat/primitives/test_x25519.py +++ b/tests/hazmat/primitives/test_x25519.py @@ -76,6 +76,23 @@ class TestX25519Exchange(object): assert computed_shared_key == shared_key + def test_null_shared_key_raises_error(self, backend): + """ + The vector used here is taken from wycheproof's x25519 test vectors + """ + public = binascii.unhexlify( + "5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f1157" + ) + private = binascii.unhexlify( + "78f1e8edf14481b389448dac8f59c70b038e7cf92ef2c7eff57a72466e115296" + ) + private_key = X25519PrivateKey._from_private_bytes( + private + ) + public_key = X25519PublicKey.from_public_bytes(public) + with pytest.raises(ValueError): + private_key.exchange(public_key) + # These vectors are also from RFC 7748 # https://tools.ietf.org/html/rfc7748#section-6.1 @pytest.mark.parametrize( |