From 8165db59374c7ce83e3ad34abf883195d1ec7b8b Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 25 Dec 2014 08:34:42 -0800 Subject: Added test cases for NIST P-384 and 521. Fixed handling of key sizes which aren't divisibly by 8 --- src/cryptography/hazmat/primitives/serialization.py | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/cryptography/hazmat/primitives/serialization.py b/src/cryptography/hazmat/primitives/serialization.py index b95ac1cd..dad419fe 100644 --- a/src/cryptography/hazmat/primitives/serialization.py +++ b/src/cryptography/hazmat/primitives/serialization.py @@ -102,16 +102,18 @@ def _load_ssh_ecdsa_public_key(expected_key_type, decoded_data, backend): elif curve_name == b"nistp521": curve = ec.SECP521R1() - if len(data) != 1 + 2 * (curve.key_size // 8): - raise ValueError("Malformed key bytes") - if six.indexbytes(data, 0) != 4: raise NotImplementedError( "Compressed elliptic curve points are not supported" ) - x = _int_from_bytes(data[1:1 + curve.key_size // 8], byteorder='big') - y = _int_from_bytes(data[1 + curve.key_size // 8:], byteorder='big') + # key_size is in bits, and sometimes it's not evenly divisible by 8, so we + # add 7 to round up the number of bytes. + if len(data) != 1 + 2 * ((curve.key_size + 7) // 8): + raise ValueError("Malformed key bytes") + + x = _int_from_bytes(data[1:1 + (curve.key_size + 7) // 8], byteorder='big') + y = _int_from_bytes(data[1 + (curve.key_size + 7) // 8:], byteorder='big') return ec.EllipticCurvePublicNumbers(x, y, curve).public_key(backend) -- cgit v1.2.3