diff options
| -rw-r--r-- | CHANGELOG.rst | 6 | ||||
| -rw-r--r-- | docs/hazmat/primitives/asymmetric/ec.rst | 18 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/ec.py | 8 | ||||
| -rw-r--r-- | src/cryptography/hazmat/primitives/asymmetric/ec.py | 14 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_ec.py | 9 |
5 files changed, 54 insertions, 1 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 0e7619e5..81aca4e5 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -21,6 +21,12 @@ Changelog :meth:`~cryptography.hazmat.primitives.ciphers.AEADDecryptionContext.finalize_with_tag`. * Fixed an issue preventing ``cryptography`` from compiling against LibreSSL 2.5.x. +* Added + :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.key_size` + and + :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.key_size` + as convenience methods for determining the bit size of a secret scalar for + the curve. * Accessing an unrecognized extension marked critical on an X.509 object will no longer raise an ``UnsupportedExtension`` exception, instead an :class:`~cryptography.x509.UnrecognizedExtension` object will be returned. diff --git a/docs/hazmat/primitives/asymmetric/ec.rst b/docs/hazmat/primitives/asymmetric/ec.rst index 3c595fac..46f2f5ac 100644 --- a/docs/hazmat/primitives/asymmetric/ec.rst +++ b/docs/hazmat/primitives/asymmetric/ec.rst @@ -459,6 +459,15 @@ Key Interfaces :return bytes: Signature. + .. attribute:: key_size + + .. versionadded:: 1.9 + + :type: int + + Size (in bits) of a secret scalar for the curve (as generated by + :func:`generate_private_key`). + .. class:: EllipticCurvePrivateKeyWithSerialization @@ -565,6 +574,15 @@ Key Interfaces :raises cryptography.exceptions.InvalidSignature: If the signature does not validate. + .. attribute:: key_size + + .. versionadded:: 1.9 + + :type: int + + Size (in bits) of a secret scalar for the curve (as generated by + :func:`generate_private_key`). + .. class:: EllipticCurvePublicKeyWithSerialization diff --git a/src/cryptography/hazmat/backends/openssl/ec.py b/src/cryptography/hazmat/backends/openssl/ec.py index 68a35b21..3a81f919 100644 --- a/src/cryptography/hazmat/backends/openssl/ec.py +++ b/src/cryptography/hazmat/backends/openssl/ec.py @@ -135,6 +135,10 @@ class _EllipticCurvePrivateKey(object): curve = utils.read_only_property("_curve") + @property + def key_size(self): + return self.curve.key_size + def signer(self, signature_algorithm): _check_signature_algorithm(signature_algorithm) return _ECDSASignatureContext( @@ -231,6 +235,10 @@ class _EllipticCurvePublicKey(object): curve = utils.read_only_property("_curve") + @property + def key_size(self): + return self.curve.key_size + def verifier(self, signature, signature_algorithm): if not isinstance(signature, bytes): raise TypeError("signature must be bytes.") diff --git a/src/cryptography/hazmat/primitives/asymmetric/ec.py b/src/cryptography/hazmat/primitives/asymmetric/ec.py index a527387b..7931b086 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/ec.py +++ b/src/cryptography/hazmat/primitives/asymmetric/ec.py @@ -22,7 +22,7 @@ class EllipticCurve(object): @abc.abstractproperty def key_size(self): """ - The bit length of the base point of the curve. + Bit size of a secret scalar for the curve. """ @@ -63,6 +63,12 @@ class EllipticCurvePrivateKey(object): """ @abc.abstractproperty + def key_size(self): + """ + Bit size of a secret scalar for the curve. + """ + + @abc.abstractproperty def sign(self, data, signature_algorithm): """ Signs the data @@ -98,6 +104,12 @@ class EllipticCurvePublicKey(object): The EllipticCurve that this key is on. """ + @abc.abstractproperty + def key_size(self): + """ + Bit size of a secret scalar for the curve. + """ + @abc.abstractmethod def public_numbers(self): """ diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py index ad4bbc51..d5db52ab 100644 --- a/tests/hazmat/primitives/test_ec.py +++ b/tests/hazmat/primitives/test_ec.py @@ -277,6 +277,15 @@ def test_ec_private_numbers_hash(): @pytest.mark.requires_backend_interface(interface=EllipticCurveBackend) +def test_ec_key_key_size(backend): + curve = ec.SECP256R1() + _skip_curve_unsupported(backend, curve) + key = ec.generate_private_key(curve, backend) + assert key.key_size == 256 + assert key.public_key().key_size == 256 + + +@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend) class TestECWithNumbers(object): @pytest.mark.parametrize( ("vector", "hash_type"), |