From c816735f0e9250328e4a697c8dfb23f0aa1e584b Mon Sep 17 00:00:00 2001
From: Ofek Lev <ofekmeister@gmail.com>
Date: Fri, 11 Nov 2016 10:54:00 -0500
Subject: add ec.private_key_from_secret_and_curve (#3225)

* finish https://github.com/pyca/cryptography/pull/1973

* change API & add test

Function will now return an instance of EllipticCurvePrivateKey, as that
is the users' ultimate goal anyway.

* fix test

* improve coverage

* complete coverage

* final fix

* centos fix

* retry

* cleanup asserts

* use openssl_assert

* skip unsupported platforms

* change API name to derive_private_key

* change version added

* improve description of `secret` param

* separate successful and failure test cases

* simplify successful case

* add docs for derive_elliptic_curve_public_point

* add period
---
 tests/hazmat/backends/test_multibackend.py | 16 ++++++++++++++++
 tests/hazmat/primitives/test_ec.py         | 26 ++++++++++++++++++++++++++
 2 files changed, 42 insertions(+)

(limited to 'tests/hazmat')

diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py
index 1cd87336..319edf7d 100644
--- a/tests/hazmat/backends/test_multibackend.py
+++ b/tests/hazmat/backends/test_multibackend.py
@@ -27,6 +27,12 @@ class DummyBackend(object):
     pass
 
 
+@utils.register_interface(ec.EllipticCurve)
+class DummyCurve(object):
+    name = "dummy-curve"
+    key_size = 1
+
+
 @utils.register_interface(CipherBackend)
 class DummyCipherBackend(object):
     def __init__(self, supported_ciphers):
@@ -179,6 +185,10 @@ class DummyEllipticCurveBackend(object):
             self.elliptic_curve_supported(curve)
         )
 
+    def derive_elliptic_curve_public_point(self, private_value, curve):
+        if not self.elliptic_curve_supported(curve):
+            raise UnsupportedAlgorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE)
+
 
 @utils.register_interface(PEMSerializationBackend)
 class DummyPEMSerializationBackend(object):
@@ -501,6 +511,12 @@ class TestMultiBackend(object):
             ec.ECDH(), ec.SECT163K1()
         )
 
+        with pytest.raises(UnsupportedAlgorithm):
+            backend.derive_elliptic_curve_public_point(123, DummyCurve())
+
+        assert backend.derive_elliptic_curve_public_point(
+            123, ec.SECT283K1()) is None
+
     def test_pem_serialization_backend(self):
         backend = MultiBackend([DummyPEMSerializationBackend()])
 
diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py
index dff2f3e1..523f3f4e 100644
--- a/tests/hazmat/primitives/test_ec.py
+++ b/tests/hazmat/primitives/test_ec.py
@@ -100,6 +100,32 @@ def test_skip_ecdsa_vector(backend):
         _skip_ecdsa_vector(backend, DummyCurve, hashes.SHA256)
 
 
+@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)
+def test_derive_private_key_success(backend):
+    curve = ec.SECP256K1()
+    _skip_curve_unsupported(backend, curve)
+
+    private_numbers = ec.generate_private_key(curve, backend).private_numbers()
+
+    derived_key = ec.derive_private_key(
+        private_numbers.private_value, curve, backend
+    )
+
+    assert private_numbers == derived_key.private_numbers()
+
+
+@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)
+def test_derive_private_key_errors(backend):
+    curve = ec.SECP256K1()
+    _skip_curve_unsupported(backend, curve)
+
+    with pytest.raises(TypeError):
+        ec.derive_private_key('one', curve, backend)
+
+    with pytest.raises(TypeError):
+        ec.derive_private_key(10, 'five', backend)
+
+
 def test_ec_numbers():
     numbers = ec.EllipticCurvePrivateNumbers(
         1,
-- 
cgit v1.2.3