diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-06-03 17:11:55 -1000 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2017-06-03 23:11:55 -0400 |
| commit | 1a5d70e876346653b3dfa2a95f188ef0eb92bd7d (patch) | |
| tree | b940ff3a938a91613860dd20bc9e63568b78734b | |
| parent | e6055fbfb2b1b7b00b361615d4c665c6e9fc0b6d (diff) | |
| download | cryptography-1a5d70e876346653b3dfa2a95f188ef0eb92bd7d.tar.gz cryptography-1a5d70e876346653b3dfa2a95f188ef0eb92bd7d.tar.bz2 cryptography-1a5d70e876346653b3dfa2a95f188ef0eb92bd7d.zip | |
deprecate signer/verifier on asymmetric keys (#3663)
* deprecate signer/verifier on asymmetric keys
* review feedback, switch deprecated_call to work around a bug
| -rw-r--r-- | CHANGELOG.rst | 20 | ||||
| -rw-r--r-- | docs/hazmat/primitives/asymmetric/dsa.rst | 91 | ||||
| -rw-r--r-- | docs/hazmat/primitives/asymmetric/ec.rst | 74 | ||||
| -rw-r--r-- | docs/hazmat/primitives/asymmetric/index.rst | 1 | ||||
| -rw-r--r-- | docs/hazmat/primitives/asymmetric/interfaces.rst | 44 | ||||
| -rw-r--r-- | docs/hazmat/primitives/asymmetric/rsa.rst | 91 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/dsa.py | 5 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/ec.py | 5 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/rsa.py | 5 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/utils.py | 12 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_dsa.py | 7 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_ec.py | 6 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_rsa.py | 9 |
13 files changed, 160 insertions, 210 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 484bcf06..22411d1f 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -6,6 +6,19 @@ Changelog .. note:: This version is not yet released and is under active development. +* Deprecated the use of ``signer`` on + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`, + and + :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey` + in favor of ``sign``. +* Deprecated the use of ``verifier`` on + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`, + and + :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey` + in favor of ``verify``. + 1.9 - 2017-05-29 ~~~~~~~~~~~~~~~~ @@ -618,12 +631,9 @@ Changelog :class:`~cryptography.hazmat.primitives.asymmetric.padding.AsymmetricPadding` was moved from ``cryptography.hazmat.primitives.interfaces`` to :mod:`~cryptography.hazmat.primitives.asymmetric.padding`. -* - :class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricSignatureContext` - and - :class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricVerificationContext` +* ``AsymmetricSignatureContext`` and ``AsymmetricVerificationContext`` were moved from ``cryptography.hazmat.primitives.interfaces`` to - :mod:`~cryptography.hazmat.primitives.asymmetric`. + ``cryptography.hazmat.primitives.asymmetric``. * :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameters`, :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParametersWithNumbers`, :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`, diff --git a/docs/hazmat/primitives/asymmetric/dsa.rst b/docs/hazmat/primitives/asymmetric/dsa.rst index d4c25256..13cd0412 100644 --- a/docs/hazmat/primitives/asymmetric/dsa.rst +++ b/docs/hazmat/primitives/asymmetric/dsa.rst @@ -72,15 +72,6 @@ instance. ... key_size=1024, ... backend=default_backend() ... ) - >>> signer = private_key.signer(hashes.SHA256()) - >>> data = b"this is some data I'd like to sign" - >>> signer.update(data) - >>> signature = signer.finalize() - -There is a shortcut to sign sufficiently short messages directly: - -.. doctest:: - >>> data = b"this is some data I'd like to sign" >>> signature = private_key.sign( ... data, @@ -91,6 +82,23 @@ The ``signature`` is a ``bytes`` object, whose contents is DER encoded as described in :rfc:`3279`. This can be decoded using :func:`~cryptography.hazmat.primitives.asymmetric.utils.decode_dss_signature`. +If your data is too large to be passed in a single call, you can hash it +separately and pass that value using +:class:`~cryptography.hazmat.primitives.asymmetric.utils.Prehashed`. + +.. doctest:: + + >>> from cryptography.hazmat.primitives.asymmetric import utils + >>> chosen_hash = hashes.SHA256() + >>> hasher = hashes.Hash(chosen_hash, default_backend()) + >>> hasher.update(b"data & ") + >>> hasher.update(b"more data") + >>> digest = hasher.finalize() + >>> sig = private_key.sign( + ... digest, + ... utils.Prehashed(chosen_hash) + ... ) + Verification ~~~~~~~~~~~~ @@ -106,26 +114,35 @@ You can get a public key object with .. doctest:: >>> public_key = private_key.public_key() - >>> verifier = public_key.verifier(signature, hashes.SHA256()) - >>> verifier.update(data) - >>> verifier.verify() - -There is a shortcut to verify sufficiently short messages directly: - -.. doctest:: - >>> public_key.verify( ... signature, ... data, ... hashes.SHA256() ... ) -``verifier()`` takes the signature in the same format as is returned by -``signer.finalize()``. +``verify()`` takes the signature in the same format as is returned by +``sign()``. ``verify()`` will raise an :class:`~cryptography.exceptions.InvalidSignature` exception if the signature isn't valid. +If your data is too large to be passed in a single call, you can hash it +separately and pass that value using +:class:`~cryptography.hazmat.primitives.asymmetric.utils.Prehashed`. + +.. doctest:: + + >>> chosen_hash = hashes.SHA256() + >>> hasher = hashes.Hash(chosen_hash, default_backend()) + >>> hasher.update(b"data & ") + >>> hasher.update(b"more data") + >>> digest = hasher.finalize() + >>> public_key.verify( + ... sig, + ... digest, + ... utils.Prehashed(chosen_hash) + ... ) + Numbers ~~~~~~~ @@ -275,23 +292,6 @@ Key interfaces The DSAParameters object associated with this private key. - .. method:: signer(algorithm, backend) - - .. versionadded:: 0.4 - - Sign data which can be verified later by others using the public key. - The signature is formatted as DER-encoded bytes, as specified in - :rfc:`3279`. - - :param algorithm: An instance of - :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`. - - :param backend: An instance of - :class:`~cryptography.hazmat.backends.interfaces.DSABackend`. - - :returns: - :class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricSignatureContext` - .. attribute:: key_size :type: int @@ -380,25 +380,6 @@ Key interfaces The DSAParameters object associated with this public key. - .. method:: verifier(signature, algorithm, backend) - - .. versionadded:: 0.4 - - Verify data was signed by the private key associated with this public - key. - - :param bytes signature: The signature to verify. DER encoded as - specified in :rfc:`3279`. - - :param algorithm: An instance of - :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`. - - :param backend: An instance of - :class:`~cryptography.hazmat.backends.interfaces.DSABackend`. - - :returns: - :class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricVerificationContext` - .. method:: public_numbers() Create a diff --git a/docs/hazmat/primitives/asymmetric/ec.rst b/docs/hazmat/primitives/asymmetric/ec.rst index 55146175..113168fa 100644 --- a/docs/hazmat/primitives/asymmetric/ec.rst +++ b/docs/hazmat/primitives/asymmetric/ec.rst @@ -58,15 +58,6 @@ Elliptic Curve Signature Algorithms >>> private_key = ec.generate_private_key( ... ec.SECP384R1(), default_backend() ... ) - >>> signer = private_key.signer(ec.ECDSA(hashes.SHA256())) - >>> signer.update(b"this is some data I'd like") - >>> signer.update(b" to sign") - >>> signature = signer.finalize() - - There is a shortcut to sign sufficiently short messages directly: - - .. doctest:: - >>> data = b"this is some data I'd like to sign" >>> signature = private_key.sign( ... data, @@ -77,20 +68,51 @@ Elliptic Curve Signature Algorithms described in :rfc:`3279`. This can be decoded using :func:`~cryptography.hazmat.primitives.asymmetric.utils.decode_dss_signature`. + If your data is too large to be passed in a single call, you can hash it + separately and pass that value using + :class:`~cryptography.hazmat.primitives.asymmetric.utils.Prehashed`. + + .. doctest:: + + >>> from cryptography.hazmat.primitives.asymmetric import utils + >>> chosen_hash = hashes.SHA256() + >>> hasher = hashes.Hash(chosen_hash, default_backend()) + >>> hasher.update(b"data & ") + >>> hasher.update(b"more data") + >>> digest = hasher.finalize() + >>> sig = private_key.sign( + ... digest, + ... ec.ECDSA(utils.Prehashed(chosen_hash)) + ... ) + Verification requires the public key, the signature itself, the signed data, and knowledge of the hashing algorithm that was used when producing the signature: >>> public_key = private_key.public_key() - >>> verifier = public_key.verifier(signature, ec.ECDSA(hashes.SHA256())) - >>> verifier.update(b"this is some data I'd like") - >>> verifier.update(b" to sign") - >>> verifier.verify() + >>> public_key.verify(signature, data, ec.ECDSA(hashes.SHA256())) If the signature is not valid, an :class:`~cryptography.exceptions.InvalidSignature` exception will be raised. + If your data is too large to be passed in a single call, you can hash it + separately and pass that value using + :class:`~cryptography.hazmat.primitives.asymmetric.utils.Prehashed`. + + .. doctest:: + + >>> chosen_hash = hashes.SHA256() + >>> hasher = hashes.Hash(chosen_hash, default_backend()) + >>> hasher.update(b"data & ") + >>> hasher.update(b"more data") + >>> digest = hasher.finalize() + >>> public_key.verify( + ... sig, + ... digest, + ... ec.ECDSA(utils.Prehashed(chosen_hash)) + ... ) + .. note:: Although in this case the public key was derived from the private one, in a typical setting you will not possess the private key. The @@ -421,18 +443,6 @@ Key Interfaces An elliptic curve private key for use with an algorithm such as `ECDSA`_ or `EdDSA`_. - .. method:: signer(signature_algorithm) - - Sign data which can be verified later by others using the public key. - The signature is formatted as DER-encoded bytes, as specified in - :rfc:`3279`. - - :param signature_algorithm: An instance of - :class:`EllipticCurveSignatureAlgorithm`. - - :returns: - :class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricSignatureContext` - .. method:: exchange(algorithm, peer_public_key) .. versionadded:: 1.1 @@ -526,20 +536,6 @@ Key Interfaces An elliptic curve public key. - .. method:: verifier(signature, signature_algorithm) - - Verify data was signed by the private key associated with this public - key. - - :param bytes signature: The signature to verify. DER encoded as - specified in :rfc:`3279`. - - :param signature_algorithm: An instance of - :class:`EllipticCurveSignatureAlgorithm`. - - :returns: - :class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricVerificationContext` - .. attribute:: curve :type: :class:`EllipticCurve` diff --git a/docs/hazmat/primitives/asymmetric/index.rst b/docs/hazmat/primitives/asymmetric/index.rst index e0080f0e..e14ce0d3 100644 --- a/docs/hazmat/primitives/asymmetric/index.rst +++ b/docs/hazmat/primitives/asymmetric/index.rst @@ -28,7 +28,6 @@ private key is able to decrypt it. rsa dh serialization - interfaces utils diff --git a/docs/hazmat/primitives/asymmetric/interfaces.rst b/docs/hazmat/primitives/asymmetric/interfaces.rst deleted file mode 100644 index a5dbc671..00000000 --- a/docs/hazmat/primitives/asymmetric/interfaces.rst +++ /dev/null @@ -1,44 +0,0 @@ -.. hazmat:: - -.. module:: cryptography.hazmat.primitives.asymmetric - -Signature Interfaces -==================== - -.. class:: AsymmetricSignatureContext - - .. versionadded:: 0.2 - - .. note:: - - :class:`~cryptography.hazmat.primitives.asymmetric.utils.Prehashed` - is not supported by this context. You must use the ``sign`` method - on the private key object. - - .. method:: update(data) - - :param bytes data: The data you want to sign. - - .. method:: finalize() - - :return bytes signature: The signature. - - -.. class:: AsymmetricVerificationContext - - .. versionadded:: 0.2 - - .. note:: - - :class:`~cryptography.hazmat.primitives.asymmetric.utils.Prehashed` - is not supported by this context. You must use the ``verify`` method - on the public key object. - - .. method:: update(data) - - :param bytes data: The data you wish to verify using the signature. - - .. method:: verify() - - :raises cryptography.exceptions.InvalidSignature: If the signature does - not validate. diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst index 6cf0e499..121f156d 100644 --- a/docs/hazmat/primitives/asymmetric/rsa.rst +++ b/docs/hazmat/primitives/asymmetric/rsa.rst @@ -141,22 +141,6 @@ secure hash function and padding: >>> from cryptography.hazmat.primitives import hashes >>> from cryptography.hazmat.primitives.asymmetric import padding - - >>> signer = private_key.signer( - ... padding.PSS( - ... mgf=padding.MGF1(hashes.SHA256()), - ... salt_length=padding.PSS.MAX_LENGTH - ... ), - ... hashes.SHA256() - ... ) - >>> message = b"A message I want to sign" - >>> signer.update(message) - >>> signature = signer.finalize() - -There is a shortcut to sign sufficiently short messages directly: - -.. doctest:: - >>> message = b"A message I want to sign" >>> signature = private_key.sign( ... message, @@ -173,6 +157,27 @@ Valid paddings for signatures are is the recommended choice for any new protocols or applications, ``PKCS1v15`` should only be used to support legacy protocols. +If your data is too large to be passed in a single call, you can hash it +separately and pass that value using +:class:`~cryptography.hazmat.primitives.asymmetric.utils.Prehashed`. + +.. doctest:: + + >>> from cryptography.hazmat.primitives.asymmetric import utils + >>> chosen_hash = hashes.SHA256() + >>> hasher = hashes.Hash(chosen_hash, default_backend()) + >>> hasher.update(b"data & ") + >>> hasher.update(b"more data") + >>> digest = hasher.finalize() + >>> sig = private_key.sign( + ... digest, + ... padding.PSS( + ... mgf=padding.MGF1(hashes.SHA256()), + ... salt_length=padding.PSS.MAX_LENGTH + ... ), + ... utils.Prehashed(chosen_hash) + ... ) + Verification ~~~~~~~~~~~~ @@ -190,32 +195,38 @@ a public key to use in verification using .. doctest:: >>> public_key = private_key.public_key() - >>> verifier = public_key.verifier( + >>> public_key.verify( ... signature, + ... message, ... padding.PSS( ... mgf=padding.MGF1(hashes.SHA256()), ... salt_length=padding.PSS.MAX_LENGTH ... ), ... hashes.SHA256() ... ) - >>> verifier.update(message) - >>> verifier.verify() If the signature does not match, ``verify()`` will raise an :class:`~cryptography.exceptions.InvalidSignature` exception. -There is a shortcut to verify sufficiently short messages directly: +If your data is too large to be passed in a single call, you can hash it +separately and pass that value using +:class:`~cryptography.hazmat.primitives.asymmetric.utils.Prehashed`. .. doctest:: + >>> chosen_hash = hashes.SHA256() + >>> hasher = hashes.Hash(chosen_hash, default_backend()) + >>> hasher.update(b"data & ") + >>> hasher.update(b"more data") + >>> digest = hasher.finalize() >>> public_key.verify( - ... signature, - ... message, + ... sig, + ... digest, ... padding.PSS( ... mgf=padding.MGF1(hashes.SHA256()), ... salt_length=padding.PSS.MAX_LENGTH ... ), - ... hashes.SHA256() + ... utils.Prehashed(chosen_hash) ... ) Encryption @@ -520,22 +531,6 @@ Key interfaces An `RSA`_ private key. - .. method:: signer(padding, algorithm) - - .. versionadded:: 0.3 - - Get signer to sign data which can be verified later by others using - the public key. - - :param padding: An instance of - :class:`~cryptography.hazmat.primitives.asymmetric.padding.AsymmetricPadding`. - - :param algorithm: An instance of - :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`. - - :returns: - :class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricSignatureContext` - .. method:: decrypt(ciphertext, padding) .. versionadded:: 0.4 @@ -634,24 +629,6 @@ Key interfaces An `RSA`_ public key. - .. method:: verifier(signature, padding, algorithm) - - .. versionadded:: 0.3 - - Get verifier to verify data was signed by the private key associated - with this public key. - - :param bytes signature: The signature to verify. - - :param padding: An instance of - :class:`~cryptography.hazmat.primitives.asymmetric.padding.AsymmetricPadding`. - - :param algorithm: An instance of - :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`. - - :returns: - :class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricVerificationContext` - .. method:: encrypt(plaintext, padding) .. versionadded:: 0.4 diff --git a/src/cryptography/hazmat/backends/openssl/dsa.py b/src/cryptography/hazmat/backends/openssl/dsa.py index c2223250..48886e45 100644 --- a/src/cryptography/hazmat/backends/openssl/dsa.py +++ b/src/cryptography/hazmat/backends/openssl/dsa.py @@ -7,7 +7,8 @@ from __future__ import absolute_import, division, print_function from cryptography import utils from cryptography.exceptions import InvalidSignature from cryptography.hazmat.backends.openssl.utils import ( - _calculate_digest_and_algorithm, _check_not_prehashed + _calculate_digest_and_algorithm, _check_not_prehashed, + _warn_sign_verify_deprecated ) from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import ( @@ -121,6 +122,7 @@ class _DSAPrivateKey(object): key_size = utils.read_only_property("_key_size") def signer(self, signature_algorithm): + _warn_sign_verify_deprecated() _check_not_prehashed(signature_algorithm) return _DSASignatureContext(self._backend, self, signature_algorithm) @@ -208,6 +210,7 @@ class _DSAPublicKey(object): key_size = utils.read_only_property("_key_size") def verifier(self, signature, signature_algorithm): + _warn_sign_verify_deprecated() if not isinstance(signature, bytes): raise TypeError("signature must be bytes.") diff --git a/src/cryptography/hazmat/backends/openssl/ec.py b/src/cryptography/hazmat/backends/openssl/ec.py index b70735dc..69da2344 100644 --- a/src/cryptography/hazmat/backends/openssl/ec.py +++ b/src/cryptography/hazmat/backends/openssl/ec.py @@ -9,7 +9,8 @@ from cryptography.exceptions import ( InvalidSignature, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.openssl.utils import ( - _calculate_digest_and_algorithm, _check_not_prehashed + _calculate_digest_and_algorithm, _check_not_prehashed, + _warn_sign_verify_deprecated ) from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import ( @@ -140,6 +141,7 @@ class _EllipticCurvePrivateKey(object): return self.curve.key_size def signer(self, signature_algorithm): + _warn_sign_verify_deprecated() _check_signature_algorithm(signature_algorithm) _check_not_prehashed(signature_algorithm.algorithm) return _ECDSASignatureContext( @@ -241,6 +243,7 @@ class _EllipticCurvePublicKey(object): return self.curve.key_size def verifier(self, signature, signature_algorithm): + _warn_sign_verify_deprecated() if not isinstance(signature, bytes): raise TypeError("signature must be bytes.") diff --git a/src/cryptography/hazmat/backends/openssl/rsa.py b/src/cryptography/hazmat/backends/openssl/rsa.py index fdde4589..839ef147 100644 --- a/src/cryptography/hazmat/backends/openssl/rsa.py +++ b/src/cryptography/hazmat/backends/openssl/rsa.py @@ -11,7 +11,8 @@ from cryptography.exceptions import ( InvalidSignature, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.openssl.utils import ( - _calculate_digest_and_algorithm, _check_not_prehashed + _calculate_digest_and_algorithm, _check_not_prehashed, + _warn_sign_verify_deprecated ) from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.asymmetric import ( @@ -378,6 +379,7 @@ class _RSAPrivateKey(object): key_size = utils.read_only_property("_key_size") def signer(self, padding, algorithm): + _warn_sign_verify_deprecated() _check_not_prehashed(algorithm) return _RSASignatureContext(self._backend, self, padding, algorithm) @@ -472,6 +474,7 @@ class _RSAPublicKey(object): key_size = utils.read_only_property("_key_size") def verifier(self, signature, padding, algorithm): + _warn_sign_verify_deprecated() if not isinstance(signature, bytes): raise TypeError("signature must be bytes.") diff --git a/src/cryptography/hazmat/backends/openssl/utils.py b/src/cryptography/hazmat/backends/openssl/utils.py index f71a62a5..ff1b9745 100644 --- a/src/cryptography/hazmat/backends/openssl/utils.py +++ b/src/cryptography/hazmat/backends/openssl/utils.py @@ -4,6 +4,9 @@ from __future__ import absolute_import, division, print_function +import warnings + +from cryptography import utils from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.asymmetric.utils import Prehashed @@ -31,3 +34,12 @@ def _check_not_prehashed(signature_algorithm): "Prehashed is only supported in the sign and verify methods. " "It cannot be used with signer or verifier." ) + + +def _warn_sign_verify_deprecated(): + warnings.warn( + "signer and verifier have been deprecated. Please use sign " + "and verify instead.", + utils.PersistentlyDeprecated, + stacklevel=2 + ) diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py index 6ea05775..34197772 100644 --- a/tests/hazmat/primitives/test_dsa.py +++ b/tests/hazmat/primitives/test_dsa.py @@ -575,7 +575,10 @@ class TestDSAVerification(object): y=vector['y'] ).public_key(backend) sig = encode_dss_signature(vector['r'], vector['s']) - verifier = public_key.verifier(sig, algorithm()) + verifier = pytest.deprecated_call( + public_key.verifier, sig, algorithm() + ) + verifier.update(vector['msg']) if vector['result'] == "F": with pytest.raises(InvalidSignature): @@ -685,7 +688,7 @@ class TestDSASignature(object): ), x=vector['x'] ).private_key(backend) - signer = private_key.signer(algorithm()) + signer = pytest.deprecated_call(private_key.signer, algorithm()) signer.update(vector['msg']) signature = signer.finalize() assert signature diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py index d9177045..82cf2fae 100644 --- a/tests/hazmat/primitives/test_ec.py +++ b/tests/hazmat/primitives/test_ec.py @@ -351,11 +351,13 @@ class TestECDSAVectors(object): pkey = key.public_key() assert pkey - signer = key.signer(ec.ECDSA(hash_type())) + signer = pytest.deprecated_call(key.signer, ec.ECDSA(hash_type())) signer.update(b"YELLOW SUBMARINE") signature = signer.finalize() - verifier = pkey.verifier(signature, ec.ECDSA(hash_type())) + verifier = pytest.deprecated_call( + pkey.verifier, signature, ec.ECDSA(hash_type()) + ) verifier.update(b"YELLOW SUBMARINE") verifier.verify() diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 7ce2746c..627248fd 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -256,7 +256,11 @@ class TestRSASignature(object): n=private["modulus"] ) ).private_key(backend) - signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1()) + signer = pytest.deprecated_call( + private_key.signer, + padding.PKCS1v15(), + hashes.SHA1() + ) signer.update(binascii.unhexlify(example["message"])) signature = signer.finalize() assert binascii.hexlify(signature) == example["signature"] @@ -583,7 +587,8 @@ class TestRSAVerification(object): e=public["public_exponent"], n=public["modulus"] ).public_key(backend) - verifier = public_key.verifier( + verifier = pytest.deprecated_call( + public_key.verifier, binascii.unhexlify(example["signature"]), padding.PKCS1v15(), hashes.SHA1() |