From dcb9ea5a7f6b77c1c3686e4aa5001d5385b3bb49 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn=20Heissler?= <nosuchaddress@joern.heissler.de>
Date: Sun, 3 Nov 2019 10:30:18 +0100
Subject: Fixed some incorrectly computed EC private key sizes.

Private key is an integer from interval [1, curve_order). The curve
order is denoted by n in SECG or q in some RFCs.
The byte length is therefore ceil(log2(n) / 8).

Double checked by comparing to what openssl generates.
---
 asn1crypto/keys.py | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/asn1crypto/keys.py b/asn1crypto/keys.py
index 05f1313..3c9bf8c 100644
--- a/asn1crypto/keys.py
+++ b/asn1crypto/keys.py
@@ -420,37 +420,38 @@ class NamedCurve(ObjectIdentifier):
         '1.2.840.10045.3.1.6': 30,
         # Order values used to compute these sourced from
         # http://www.secg.org/SEC2-Ver-1.0.pdf
+        # ceil(n.bit_length() / 8)
         '1.2.840.10045.3.1.1': 24,
         '1.2.840.10045.3.1.7': 32,
         '1.3.132.0.1': 21,
         '1.3.132.0.2': 21,
-        '1.3.132.0.3': 26,
-        '1.3.132.0.4': 14,
-        '1.3.132.0.5': 14,
+        '1.3.132.0.3': 30,
+        '1.3.132.0.4': 15,
+        '1.3.132.0.5': 15,
         '1.3.132.0.6': 14,
         '1.3.132.0.7': 14,
-        '1.3.132.0.8': 20,
-        '1.3.132.0.9': 20,
+        '1.3.132.0.8': 21,
+        '1.3.132.0.9': 21,
         '1.3.132.0.10': 32,
         '1.3.132.0.15': 21,
         '1.3.132.0.16': 36,
         '1.3.132.0.17': 36,
         '1.3.132.0.22': 17,
         '1.3.132.0.23': 17,
-        '1.3.132.0.24': 24,
-        '1.3.132.0.25': 24,
+        '1.3.132.0.24': 25,
+        '1.3.132.0.25': 25,
         '1.3.132.0.26': 29,
-        '1.3.132.0.27': 29,
+        '1.3.132.0.27': 30,
         '1.3.132.0.28': 16,
         '1.3.132.0.29': 16,
-        '1.3.132.0.30': 20,
+        '1.3.132.0.30': 21,
         '1.3.132.0.31': 24,
-        '1.3.132.0.32': 28,
+        '1.3.132.0.32': 29,
         '1.3.132.0.33': 28,
         '1.3.132.0.34': 48,
         '1.3.132.0.35': 66,
         '1.3.132.0.36': 51,
-        '1.3.132.0.37': 51,
+        '1.3.132.0.37': 52,
         '1.3.132.0.38': 72,
         '1.3.132.0.39': 72,
     }
-- 
cgit v1.2.3