add ec.private_key_from_secret_and_curve (#3225)

* finish https://github.com/pyca/cryptography/pull/1973

* change API & add test

Function will now return an instance of EllipticCurvePrivateKey, as that
is the users' ultimate goal anyway.

* fix test

* improve coverage

* complete coverage

* final fix

* centos fix

* retry

* cleanup asserts

* use openssl_assert

* skip unsupported platforms

* change API name to derive_private_key

* change version added

* improve description of `secret` param

* separate successful and failure test cases

* simplify successful case

* add docs for derive_elliptic_curve_public_point

* add period

1 files changed, 26 insertions, 0 deletions

diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py
index dff2f3e1..523f3f4e 100644
--- a/tests/hazmat/primitives/test_ec.py
+++ b/tests/hazmat/primitives/test_ec.py
@@ -100,6 +100,32 @@ def test_skip_ecdsa_vector(backend):
         _skip_ecdsa_vector(backend, DummyCurve, hashes.SHA256)
 
 
+@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)
+def test_derive_private_key_success(backend):
+    curve = ec.SECP256K1()
+    _skip_curve_unsupported(backend, curve)
+
+    private_numbers = ec.generate_private_key(curve, backend).private_numbers()
+
+    derived_key = ec.derive_private_key(
+        private_numbers.private_value, curve, backend
+    )
+
+    assert private_numbers == derived_key.private_numbers()
+
+
+@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)
+def test_derive_private_key_errors(backend):
+    curve = ec.SECP256K1()
+    _skip_curve_unsupported(backend, curve)
+
+    with pytest.raises(TypeError):
+        ec.derive_private_key('one', curve, backend)
+
+    with pytest.raises(TypeError):
+        ec.derive_private_key(10, 'five', backend)
+
+
 def test_ec_numbers():
     numbers = ec.EllipticCurvePrivateNumbers(
         1,