X448 support (#4580)

* x448 support This work was originally authored by derwolfe * update docs to have a more useful derived key length * error if key is not a valid length in from_public_bytes * one more * switch to using evp_pkey_keygen_gc for x448 keygen * review feedback * switch to using evp_pkey_derive * nit fix
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2018-11-23 10:44:37 +0800
committer: Alex Gaynor <alex.gaynor@gmail.com> 2018-11-22 20:44:37 -0600
commit: 6f88e01af8f5d6db7082d155f3faf88dfb48e864 (patch)
tree: 42fb14caa9d24a6eca1ae9d07b69a4a502e5c200 /src/cryptography/hazmat/backends/openssl/backend.py
parent: 579dfcf48f013dddfd3447e6dc38cfdc0b17145c (diff)
download: cryptography-6f88e01af8f5d6db7082d155f3faf88dfb48e864.tar.gz
cryptography-6f88e01af8f5d6db7082d155f3faf88dfb48e864.tar.bz2
cryptography-6f88e01af8f5d6db7082d155f3faf88dfb48e864.zip
1 files changed, 29 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index d00f6133..f0b09dac 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -55,6 +55,9 @@ from cryptography.hazmat.backends.openssl.rsa import (
 from cryptography.hazmat.backends.openssl.x25519 import (
     _X25519PrivateKey, _X25519PublicKey
 )
+from cryptography.hazmat.backends.openssl.x448 import (
+    _X448PrivateKey, _X448PublicKey
+)
 from cryptography.hazmat.backends.openssl.x509 import (
     _Certificate, _CertificateRevocationList,
     _CertificateSigningRequest, _RevokedCertificate
@@ -2080,6 +2083,32 @@ class Backend(object):
     def x25519_supported(self):
         return self._lib.CRYPTOGRAPHY_OPENSSL_110_OR_GREATER
 
+    def x448_load_public_bytes(self, data):
+        if len(data) != 56:
+            raise ValueError("An X448 public key is 56 bytes long")
+
+        evp_pkey = self._lib.EVP_PKEY_new_raw_public_key(
+            self._lib.NID_X448, self._ffi.NULL, data, len(data)
+        )
+        self.openssl_assert(evp_pkey != self._ffi.NULL)
+        evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free)
+        return _X448PublicKey(self, evp_pkey)
+
+    def x448_load_private_bytes(self, data):
+        evp_pkey = self._lib.EVP_PKEY_new_raw_private_key(
+            self._lib.NID_X448, self._ffi.NULL, data, len(data)
+        )
+        self.openssl_assert(evp_pkey != self._ffi.NULL)
+        evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free)
+        return _X448PrivateKey(self, evp_pkey)
+
+    def x448_generate_key(self):
+        evp_pkey = self._evp_pkey_keygen_gc(self._lib.NID_X448)
+        return _X448PrivateKey(self, evp_pkey)
+
+    def x448_supported(self):
+        return not self._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
+
     def derive_scrypt(self, key_material, salt, length, n, r, p):
         buf = self._ffi.new("unsigned char[]", length)
         res = self._lib.EVP_PBE_scrypt(
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2018-11-23 10:44:37 +0800
committer	Alex Gaynor <alex.gaynor@gmail.com>	2018-11-22 20:44:37 -0600
commit	6f88e01af8f5d6db7082d155f3faf88dfb48e864 (patch)
tree	42fb14caa9d24a6eca1ae9d07b69a4a502e5c200 /src/cryptography/hazmat/backends/openssl/backend.py
parent	579dfcf48f013dddfd3447e6dc38cfdc0b17145c (diff)
download	cryptography-6f88e01af8f5d6db7082d155f3faf88dfb48e864.tar.gz cryptography-6f88e01af8f5d6db7082d155f3faf88dfb48e864.tar.bz2 cryptography-6f88e01af8f5d6db7082d155f3faf88dfb48e864.zip