Skip to content

Commit

Permalink
don't allow for creation of malformed DER files
Browse files Browse the repository at this point in the history 
when ancoding in ASN.1 the public point has to use uncompressed,
compressed or hybrid representation, raw is not allowed
so disallow it in API
  • Loading branch information
@tomato42
tomato42 committed Oct 16, 2019
1 parent 4e7f373 commit 834fecb
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 0 deletions.
4 changes: 4 additions & 0 deletions src/ecdsa/keys.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -226,6 +226,8 @@ def to_pem(self):
return der.topem(self.to_der(), "PUBLIC KEY")

def to_der(self, point_encoding="uncompressed"):
if point_encoding == "raw":
raise ValueError("raw point_encoding not allowed in DER")
point_str = b("\x00") + self.to_string(point_encoding)
return der.encode_sequence(der.encode_sequence(encoded_oid_ecPublicKey,
self.curve.encoded_oid),
Expand Down Expand Up @@ -356,6 +358,8 @@ def to_pem(self):
def to_der(self, point_encoding="uncompressed"):
# SEQ([int(1), octetstring(privkey),cont[0], oid(secp224r1),
# cont[1],bitstring])
if point_encoding == "raw":
raise ValueError("raw encoding not allowed in DER")
encoded_vk = b("\x00") + \
self.get_verifying_key().to_string(point_encoding)
return der.encode_sequence(der.encode_integer(1),
Expand Down
13 changes: 13 additions & 0 deletions src/ecdsa/test_pyecdsa.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -277,6 +277,19 @@ def order(self):
pub2 = VerifyingKey.from_pem(pem)
self.assertTruePubkeysEqual(pub1, pub2)

def test_vk_to_der_with_invalid_point_encoding(self):
sk = SigningKey.generate()
vk = sk.verifying_key

with self.assertRaises(ValueError):
vk.to_der("raw")

def test_sk_to_der_with_invalid_point_encoding(self):
sk = SigningKey.generate()

with self.assertRaises(ValueError):
sk.to_der("raw")

def test_vk_from_der_garbage_after_curve_oid(self):
type_oid_der = encoded_oid_ecPublicKey
curve_oid_der = der.encode_oid(*(1, 2, 840, 10045, 3, 1, 1)) + \
Expand Down

0 comments on commit 834fecb

Please sign in to comment.