diff options
-rw-r--r-- | CHANGELOG.rst | 4 | ||||
-rw-r--r-- | docs/hazmat/primitives/asymmetric/ec.rst | 5 | ||||
-rw-r--r-- | src/cryptography/hazmat/primitives/asymmetric/ec.py | 9 | ||||
-rw-r--r-- | src/cryptography/utils.py | 1 | ||||
-rw-r--r-- | tests/hazmat/primitives/test_ec.py | 28 |
5 files changed, 34 insertions, 13 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 7780c6ba..1801e04e 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -31,7 +31,9 @@ Changelog * Added :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.from_encoded_point`, which immediately checks if the point is on the curve and supports compressed - points. + points. Deprecated the previous method + :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.from_encoded_point`. + .. _v2-4-2: diff --git a/docs/hazmat/primitives/asymmetric/ec.rst b/docs/hazmat/primitives/asymmetric/ec.rst index 728c5159..168cdfd8 100644 --- a/docs/hazmat/primitives/asymmetric/ec.rst +++ b/docs/hazmat/primitives/asymmetric/ec.rst @@ -206,6 +206,11 @@ Elliptic Curve Signature Algorithms .. versionadded:: 1.1 + .. note:: + + This has been deprecated in favor of + :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.from_encoded_point` + Decodes a byte string as described in `SEC 1 v2.0`_ section 2.3.3 and returns an :class:`EllipticCurvePublicNumbers`. This method only supports uncompressed points. diff --git a/src/cryptography/hazmat/primitives/asymmetric/ec.py b/src/cryptography/hazmat/primitives/asymmetric/ec.py index 6b1de7c5..125235f8 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/ec.py +++ b/src/cryptography/hazmat/primitives/asymmetric/ec.py @@ -5,6 +5,7 @@ from __future__ import absolute_import, division, print_function import abc +import warnings import six @@ -366,6 +367,14 @@ class EllipticCurvePublicNumbers(object): if not isinstance(curve, EllipticCurve): raise TypeError("curve must be an EllipticCurve instance") + warnings.warn( + "Support for unsafe construction of public numbers from " + "encoded data will be removed in a future version. " + "Please use EllipticCurvePublicKey.from_encoded_point", + utils.DeprecatedIn25, + stacklevel=2, + ) + if data.startswith(b'\x04'): # key_size is in bits. Convert to bytes and round up byte_length = (curve.key_size + 7) // 8 diff --git a/src/cryptography/utils.py b/src/cryptography/utils.py index 65a4ee71..cbbae3a7 100644 --- a/src/cryptography/utils.py +++ b/src/cryptography/utils.py @@ -23,6 +23,7 @@ class CryptographyDeprecationWarning(UserWarning): PersistentlyDeprecated = CryptographyDeprecationWarning DeprecatedIn21 = CryptographyDeprecationWarning DeprecatedIn23 = CryptographyDeprecationWarning +DeprecatedIn25 = CryptographyDeprecationWarning def _check_bytes(name, value): diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py index 9a8ddf60..7cf9a09a 100644 --- a/tests/hazmat/primitives/test_ec.py +++ b/tests/hazmat/primitives/test_ec.py @@ -188,9 +188,10 @@ def test_from_encoded_point(): "04233ea3b0027127084cd2cd336a13aeef69c598d8af61369a36454a17c6c22ae" "c3ea2c10a84153862be4ec82940f0543f9ba866af9751a6ee79d38460b35f442e" ) - pn = ec.EllipticCurvePublicNumbers.from_encoded_point( - ec.SECP256R1(), data - ) + with pytest.warns(CryptographyDeprecationWarning): + pn = ec.EllipticCurvePublicNumbers.from_encoded_point( + ec.SECP256R1(), data + ) assert pn.x == int( '233ea3b0027127084cd2cd336a13aeef69c598d8af61369a36454a17c6c22aec', 16 @@ -207,9 +208,10 @@ def test_from_encoded_point_invalid_length(): "c3ea2c10a84153862be4ec82940f0543f9ba866af9751a6ee79d38460" ) with pytest.raises(ValueError): - ec.EllipticCurvePublicNumbers.from_encoded_point( - ec.SECP384R1(), bad_data - ) + with pytest.warns(CryptographyDeprecationWarning): + ec.EllipticCurvePublicNumbers.from_encoded_point( + ec.SECP384R1(), bad_data + ) def test_from_encoded_point_unsupported_point_no_backend(): @@ -218,16 +220,18 @@ def test_from_encoded_point_unsupported_point_no_backend(): "02233ea3b0027127084cd2cd336a13aeef69c598d8af61369a36454a17c6c22a" ) with pytest.raises(ValueError): - ec.EllipticCurvePublicNumbers.from_encoded_point( - ec.SECP256R1(), unsupported_type - ) + with pytest.warns(CryptographyDeprecationWarning): + ec.EllipticCurvePublicNumbers.from_encoded_point( + ec.SECP256R1(), unsupported_type + ) def test_from_encoded_point_not_a_curve(): with pytest.raises(TypeError): - ec.EllipticCurvePublicNumbers.from_encoded_point( - "notacurve", b"\x04data" - ) + with pytest.warns(CryptographyDeprecationWarning): + ec.EllipticCurvePublicNumbers.from_encoded_point( + "notacurve", b"\x04data" + ) def test_ec_public_numbers_repr(): |