diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-11-23 10:44:37 +0800 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2018-11-22 20:44:37 -0600 |
commit | 6f88e01af8f5d6db7082d155f3faf88dfb48e864 (patch) | |
tree | 42fb14caa9d24a6eca1ae9d07b69a4a502e5c200 /src/cryptography/hazmat/backends/openssl/backend.py | |
parent | 579dfcf48f013dddfd3447e6dc38cfdc0b17145c (diff) | |
download | cryptography-6f88e01af8f5d6db7082d155f3faf88dfb48e864.tar.gz cryptography-6f88e01af8f5d6db7082d155f3faf88dfb48e864.tar.bz2 cryptography-6f88e01af8f5d6db7082d155f3faf88dfb48e864.zip |
X448 support (#4580)
* x448 support
This work was originally authored by derwolfe
* update docs to have a more useful derived key length
* error if key is not a valid length in from_public_bytes
* one more
* switch to using evp_pkey_keygen_gc for x448 keygen
* review feedback
* switch to using evp_pkey_derive
* nit fix
Diffstat (limited to 'src/cryptography/hazmat/backends/openssl/backend.py')
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index d00f6133..f0b09dac 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -55,6 +55,9 @@ from cryptography.hazmat.backends.openssl.rsa import ( from cryptography.hazmat.backends.openssl.x25519 import ( _X25519PrivateKey, _X25519PublicKey ) +from cryptography.hazmat.backends.openssl.x448 import ( + _X448PrivateKey, _X448PublicKey +) from cryptography.hazmat.backends.openssl.x509 import ( _Certificate, _CertificateRevocationList, _CertificateSigningRequest, _RevokedCertificate @@ -2080,6 +2083,32 @@ class Backend(object): def x25519_supported(self): return self._lib.CRYPTOGRAPHY_OPENSSL_110_OR_GREATER + def x448_load_public_bytes(self, data): + if len(data) != 56: + raise ValueError("An X448 public key is 56 bytes long") + + evp_pkey = self._lib.EVP_PKEY_new_raw_public_key( + self._lib.NID_X448, self._ffi.NULL, data, len(data) + ) + self.openssl_assert(evp_pkey != self._ffi.NULL) + evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free) + return _X448PublicKey(self, evp_pkey) + + def x448_load_private_bytes(self, data): + evp_pkey = self._lib.EVP_PKEY_new_raw_private_key( + self._lib.NID_X448, self._ffi.NULL, data, len(data) + ) + self.openssl_assert(evp_pkey != self._ffi.NULL) + evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free) + return _X448PrivateKey(self, evp_pkey) + + def x448_generate_key(self): + evp_pkey = self._evp_pkey_keygen_gc(self._lib.NID_X448) + return _X448PrivateKey(self, evp_pkey) + + def x448_supported(self): + return not self._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 + def derive_scrypt(self, key_material, salt, length, n, r, p): buf = self._ffi.new("unsigned char[]", length) res = self._lib.EVP_PBE_scrypt( |