Skip to content
This repository was archived by the owner on Sep 8, 2025. It is now read-only.

Commit 0022d0b

Browse files
carvercarver
authored
Merge pull request #1326 from carver/uncaught-handshake-error
Fix unhandled ValueError raised during handshake
2 parents 894068e + 04e6d57 commit 0022d0b

File tree

1 file changed

+23
-3
lines changed

1 file changed

+23
-3
lines changed

p2p/ecies.py

Lines changed: 23 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,14 @@
3434
KEY_LEN = 32
3535

3636

37+
class _InvalidPublicKey(Exception):
38+
"""
39+
A custom exception raised when trying to convert bytes
40+
into an elliptic curve public key.
41+
"""
42+
pass
43+
44+
3745
def generate_privkey() -> datatypes.PrivateKey:
3846
"""Generate a new SECP256K1 private key and return it"""
3947
privkey = ec.generate_private_key(CURVE, default_backend())
@@ -45,8 +53,15 @@ def ecdh_agree(privkey: datatypes.PrivateKey, pubkey: datatypes.PublicKey) -> by
4553
privkey_as_int = int(cast(int, privkey))
4654
ec_privkey = ec.derive_private_key(privkey_as_int, CURVE, default_backend())
4755
pubkey_bytes = b'\x04' + pubkey.to_bytes()
48-
pubkey_nums = ec.EllipticCurvePublicNumbers.from_encoded_point(CURVE, pubkey_bytes)
49-
ec_pubkey = pubkey_nums.public_key(default_backend())
56+
try:
57+
# either of these can raise a ValueError:
58+
pubkey_nums = ec.EllipticCurvePublicNumbers.from_encoded_point(CURVE, pubkey_bytes)
59+
ec_pubkey = pubkey_nums.public_key(default_backend())
60+
except ValueError as exc:
61+
# Not all bytes can be made into valid public keys, see the warning at
62+
# https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ec/
63+
# under EllipticCurvePublicNumbers(x, y)
64+
raise _InvalidPublicKey(str(exc)) from exc
5065
return ec_privkey.exchange(ec.ECDH(), ec_pubkey)
5166

5267

@@ -100,7 +115,12 @@ def decrypt(data: bytes, privkey: datatypes.PrivateKey, shared_mac_data: bytes =
100115

101116
# 1) generate shared-secret = kdf( ecdhAgree(myPrivKey, msg[1:65]) )
102117
shared = data[1:1 + PUBKEY_LEN]
103-
key_material = ecdh_agree(privkey, keys.PublicKey(shared))
118+
try:
119+
key_material = ecdh_agree(privkey, keys.PublicKey(shared))
120+
except _InvalidPublicKey as exc:
121+
raise DecryptionError(
122+
f"Failed to generate shared secret with pubkey {shared}: {exc}"
123+
) from exc
104124
key = kdf(key_material)
105125
key_enc, key_mac = key[:KEY_LEN // 2], key[KEY_LEN // 2:]
106126
key_mac = sha256(key_mac).digest()

0 commit comments

Comments
 (0)