diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2014-12-25 08:34:42 -0800 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2014-12-25 08:34:42 -0800 |
| commit | 8165db59374c7ce83e3ad34abf883195d1ec7b8b (patch) | |
| tree | 3f45de576de0d50c131ad98be0cc604bdbf83e12 /src | |
| parent | abc4666addc0b985c95815bf18eb2868f504fc19 (diff) | |
| download | cryptography-8165db59374c7ce83e3ad34abf883195d1ec7b8b.tar.gz cryptography-8165db59374c7ce83e3ad34abf883195d1ec7b8b.tar.bz2 cryptography-8165db59374c7ce83e3ad34abf883195d1ec7b8b.zip | |
Added test cases for NIST P-384 and 521. Fixed handling of key sizes which aren't divisibly by 8
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/hazmat/primitives/serialization.py | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/src/cryptography/hazmat/primitives/serialization.py b/src/cryptography/hazmat/primitives/serialization.py index b95ac1cd..dad419fe 100644 --- a/src/cryptography/hazmat/primitives/serialization.py +++ b/src/cryptography/hazmat/primitives/serialization.py @@ -102,16 +102,18 @@ def _load_ssh_ecdsa_public_key(expected_key_type, decoded_data, backend): elif curve_name == b"nistp521": curve = ec.SECP521R1() - if len(data) != 1 + 2 * (curve.key_size // 8): - raise ValueError("Malformed key bytes") - if six.indexbytes(data, 0) != 4: raise NotImplementedError( "Compressed elliptic curve points are not supported" ) - x = _int_from_bytes(data[1:1 + curve.key_size // 8], byteorder='big') - y = _int_from_bytes(data[1 + curve.key_size // 8:], byteorder='big') + # key_size is in bits, and sometimes it's not evenly divisible by 8, so we + # add 7 to round up the number of bytes. + if len(data) != 1 + 2 * ((curve.key_size + 7) // 8): + raise ValueError("Malformed key bytes") + + x = _int_from_bytes(data[1:1 + (curve.key_size + 7) // 8], byteorder='big') + y = _int_from_bytes(data[1 + (curve.key_size + 7) // 8:], byteorder='big') return ec.EllipticCurvePublicNumbers(x, y, curve).public_key(backend) |