diff options
| -rw-r--r-- | src/cryptography/hazmat/primitives/asymmetric/x25519.py | 4 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_x25519.py | 7 |
2 files changed, 11 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/primitives/asymmetric/x25519.py b/src/cryptography/hazmat/primitives/asymmetric/x25519.py index e0329f9d..f4bdf3db 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/x25519.py +++ b/src/cryptography/hazmat/primitives/asymmetric/x25519.py @@ -21,6 +21,10 @@ class X25519PublicKey(object): "X25519 is not supported by this version of OpenSSL.", _Reasons.UNSUPPORTED_EXCHANGE_ALGORITHM ) + + if len(data) != 32: + raise ValueError("An X25519 public key is 32 bytes long") + return backend.x25519_load_public_bytes(data) @abc.abstractmethod diff --git a/tests/hazmat/primitives/test_x25519.py b/tests/hazmat/primitives/test_x25519.py index 381be201..0f83eb6e 100644 --- a/tests/hazmat/primitives/test_x25519.py +++ b/tests/hazmat/primitives/test_x25519.py @@ -135,3 +135,10 @@ class TestX25519Exchange(object): key = X25519PrivateKey.generate() with pytest.raises(TypeError): key.exchange(object()) + + def test_invalid_length_from_public_bytes(self, backend): + with pytest.raises(ValueError): + X25519PublicKey.from_public_bytes(b"a" * 31) + + with pytest.raises(ValueError): + X25519PublicKey.from_public_bytes(b"a" * 33) |