Tighten up checks for PublicKey.init(keyBytes:)

For historical reasons libsignal's PublicKey.init(_:) allows trailing
data, because the type byte specifies how much of the data is relevant
anyway. init(keyBytes:), however, should not be so lax, since it's
assuming the key data is a Curve25519 public point.

SignalServiceKit/Curve25519/PublicKey.swift

@@ -8,10 +8,14 @@ import LibSignalClient
 
 extension PublicKey {
     public convenience init(keyData: Data) throws {
+        if keyData.count != Constants.keyLengthDJB {
+            throw SignalError.invalidKey("invalid number of public key bytes (expected \(Constants.keyLengthDJB), was \(keyData.count))")
+        }
         try self.init([Constants.keyTypeDJB] + keyData)
     }
 
     public enum Constants {
         public static let keyTypeDJB: UInt8 = 0x05
+        public static let keyLengthDJB: Int = 32
     }
 }

SignalServiceKit/tests/Curve25519/ECKeyPairTest.swift

@@ -9,6 +9,16 @@ import XCTest
 @testable import SignalServiceKit
 
 final class ECKeyPairTest: XCTestCase {
+    func testInvalidPublicSerializationLibsignalExtensions() throws {
+        let keyPair = ECKeyPair.generateKeyPair()
+
+        let serializedPublic = keyPair.publicKey
+        let deserializedPublic = try PublicKey(keyData: serializedPublic)
+        XCTAssertEqual(deserializedPublic, keyPair.identityKeyPair.publicKey)
+        XCTAssertThrowsError(try PublicKey(keyData: serializedPublic.dropFirst()))
+        XCTAssertThrowsError(try PublicKey(keyData: serializedPublic + [0x41]))
+    }
+
     func testEncodeDecode() throws {
         let privateKey = try PrivateKey(Array(repeating: 0, count: 31) + [0x41])
         let keyPair = ECKeyPair(IdentityKeyPair(publicKey: privateKey.publicKey, privateKey: privateKey))