From 77e95a016376dfdd08ef44549bd4ecc252fb3bf5 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 25 Sep 2014 12:28:07 -0500 Subject: deprecate backend method names for elliptic curve number loading fixes #1270 --- CHANGELOG.rst | 5 ++++ cryptography/hazmat/backends/interfaces.py | 4 +-- cryptography/hazmat/backends/multibackend.py | 24 ++++++++++++++-- cryptography/hazmat/backends/openssl/backend.py | 18 ++++++++++++ cryptography/hazmat/primitives/asymmetric/ec.py | 4 +-- docs/hazmat/backends/interfaces.rst | 4 +-- tests/hazmat/backends/test_multibackend.py | 36 +++++++++++++++++++---- tests/hazmat/backends/test_openssl.py | 38 ++++++++++++++++++++++++- 8 files changed, 119 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index dfc6d8b0..eb9b4f4e 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -11,6 +11,11 @@ Changelog constructor. The ``salt_length`` should be passed to :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` instead. * Fix compilation on OS X Yosemite. +* Deprecated ``elliptic_curve_private_key_from_numbers`` and + ``elliptic_curve_public_key_from_numbers`` in favor of + ``load_elliptic_curve_private_numbers`` and + ``load_elliptic_curve_public_numbers`` on + :class:`~cryptography.hazmat.backends.interfaces.EllipticCurveBackend`. 0.5.4 - 2014-08-20 ~~~~~~~~~~~~~~~~~~ diff --git a/cryptography/hazmat/backends/interfaces.py b/cryptography/hazmat/backends/interfaces.py index dc720ad3..f471b948 100644 --- a/cryptography/hazmat/backends/interfaces.py +++ b/cryptography/hazmat/backends/interfaces.py @@ -260,13 +260,13 @@ class EllipticCurveBackend(object): """ @abc.abstractmethod - def elliptic_curve_public_key_from_numbers(self, numbers): + def load_elliptic_curve_public_numbers(self, numbers): """ Return an EllipticCurvePublicKey provider using the given numbers. """ @abc.abstractmethod - def elliptic_curve_private_key_from_numbers(self, numbers): + def load_elliptic_curve_private_numbers(self, numbers): """ Return an EllipticCurvePublicKey provider using the given numbers. """ diff --git a/cryptography/hazmat/backends/multibackend.py b/cryptography/hazmat/backends/multibackend.py index 163dd0ee..02b4b6d1 100644 --- a/cryptography/hazmat/backends/multibackend.py +++ b/cryptography/hazmat/backends/multibackend.py @@ -13,6 +13,8 @@ from __future__ import absolute_import, division, print_function +import warnings + from cryptography import utils from cryptography.exceptions import UnsupportedAlgorithm, _Reasons from cryptography.hazmat.backends.interfaces import ( @@ -297,9 +299,18 @@ class MultiBackend(object): ) def elliptic_curve_private_key_from_numbers(self, numbers): + warnings.warn( + "elliptic_curve_private_key_from_numbers is deprecated and will " + "be removed in a future version.", + utils.DeprecatedIn06, + stacklevel=2 + ) + return self.load_elliptic_curve_private_numbers(numbers) + + def load_elliptic_curve_private_numbers(self, numbers): for b in self._filtered_backends(EllipticCurveBackend): try: - return b.elliptic_curve_private_key_from_numbers(numbers) + return b.load_elliptic_curve_private_numbers(numbers) except UnsupportedAlgorithm: continue @@ -309,9 +320,18 @@ class MultiBackend(object): ) def elliptic_curve_public_key_from_numbers(self, numbers): + warnings.warn( + "elliptic_curve_public_key_from_numbers is deprecated and will " + "be removed in a future version.", + utils.DeprecatedIn06, + stacklevel=2 + ) + return self.load_elliptic_curve_public_numbers(numbers) + + def load_elliptic_curve_public_numbers(self, numbers): for b in self._filtered_backends(EllipticCurveBackend): try: - return b.elliptic_curve_public_key_from_numbers(numbers) + return b.load_elliptic_curve_public_numbers(numbers) except UnsupportedAlgorithm: continue diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index 389ef0be..e5d6a391 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -1015,6 +1015,15 @@ class Backend(object): ) def elliptic_curve_private_key_from_numbers(self, numbers): + warnings.warn( + "elliptic_curve_private_key_from_numbers is deprecated and will " + "be removed in a future version.", + utils.DeprecatedIn06, + stacklevel=2 + ) + self.load_elliptic_curve_private_numbers(numbers) + + def load_elliptic_curve_private_numbers(self, numbers): public = numbers.public_numbers curve_nid = self._elliptic_curve_to_nid(public.curve) @@ -1034,6 +1043,15 @@ class Backend(object): numbers.public_numbers.curve) def elliptic_curve_public_key_from_numbers(self, numbers): + warnings.warn( + "elliptic_curve_public_key_from_numbers is deprecated and will be " + "removed in a future version.", + utils.DeprecatedIn06, + stacklevel=2 + ) + return self.load_elliptic_curve_public_numbers(numbers) + + def load_elliptic_curve_public_numbers(self, numbers): curve_nid = self._elliptic_curve_to_nid(numbers.curve) ctx = self._lib.EC_KEY_new_by_curve_name(curve_nid) diff --git a/cryptography/hazmat/primitives/asymmetric/ec.py b/cryptography/hazmat/primitives/asymmetric/ec.py index 98eca276..3893cc2f 100644 --- a/cryptography/hazmat/primitives/asymmetric/ec.py +++ b/cryptography/hazmat/primitives/asymmetric/ec.py @@ -238,7 +238,7 @@ class EllipticCurvePublicNumbers(object): self._curve = curve def public_key(self, backend): - return backend.elliptic_curve_public_key_from_numbers(self) + return backend.load_elliptic_curve_public_numbers(self) @property def curve(self): @@ -268,7 +268,7 @@ class EllipticCurvePrivateNumbers(object): self._public_numbers = public_numbers def private_key(self, backend): - return backend.elliptic_curve_private_key_from_numbers(self) + return backend.load_elliptic_curve_private_numbers(self) @property def private_value(self): diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst index e8e1bac2..3b414339 100644 --- a/docs/hazmat/backends/interfaces.rst +++ b/docs/hazmat/backends/interfaces.rst @@ -558,7 +558,7 @@ A specific ``backend`` may provide one or more of these interfaces. :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurve` provider. - .. method:: elliptic_curve_private_key_from_numbers(numbers) + .. method:: load_elliptic_curve_private_numbers(numbers) :param numbers: An instance of a :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePrivateNumbers` @@ -568,7 +568,7 @@ A specific ``backend`` may provide one or more of these interfaces. :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePrivateKey` provider. - .. method:: elliptic_curve_public_key_from_numbers(numbers) + .. method:: load_elliptic_curve_public_numbers(numbers) :param numbers: An instance of a :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePublicNumbers` diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py index 45c12b34..f3893cd0 100644 --- a/tests/hazmat/backends/test_multibackend.py +++ b/tests/hazmat/backends/test_multibackend.py @@ -13,6 +13,8 @@ from __future__ import absolute_import, division, print_function +import pytest + from cryptography import utils from cryptography.exceptions import ( UnsupportedAlgorithm, _Reasons @@ -191,11 +193,17 @@ class DummyEllipticCurveBackend(object): if not self.elliptic_curve_supported(curve): raise UnsupportedAlgorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE) - def elliptic_curve_private_key_from_numbers(self, numbers): + def load_elliptic_curve_private_numbers(self, numbers): if not self.elliptic_curve_supported(numbers.public_numbers.curve): raise UnsupportedAlgorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE) + def elliptic_curve_private_key_from_numbers(self, numbers): + return None + def elliptic_curve_public_key_from_numbers(self, numbers): + return None + + def load_elliptic_curve_public_numbers(self, numbers): if not self.elliptic_curve_supported(numbers.curve): raise UnsupportedAlgorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE) @@ -463,7 +471,7 @@ class TestMultiBackend(object): backend.generate_elliptic_curve_private_key(ec.SECT283K1()) - backend.elliptic_curve_private_key_from_numbers( + backend.load_elliptic_curve_private_numbers( ec.EllipticCurvePrivateNumbers( 1, ec.EllipticCurvePublicNumbers( @@ -474,7 +482,7 @@ class TestMultiBackend(object): ) ) - backend.elliptic_curve_public_key_from_numbers( + backend.load_elliptic_curve_public_numbers( ec.EllipticCurvePublicNumbers( 2, 3, @@ -493,7 +501,7 @@ class TestMultiBackend(object): backend.generate_elliptic_curve_private_key(ec.SECT163K1()) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE): - backend.elliptic_curve_private_key_from_numbers( + backend.load_elliptic_curve_private_numbers( ec.EllipticCurvePrivateNumbers( 1, ec.EllipticCurvePublicNumbers( @@ -505,7 +513,7 @@ class TestMultiBackend(object): ) with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE): - backend.elliptic_curve_public_key_from_numbers( + backend.load_elliptic_curve_public_numbers( ec.EllipticCurvePublicNumbers( 2, 3, @@ -513,6 +521,24 @@ class TestMultiBackend(object): ) ) + def test_deprecated_elliptic_curve(self): + backend = MultiBackend([ + DummyEllipticCurveBackend([ + ec.SECT283K1 + ]) + ]) + pub_numbers = ec.EllipticCurvePublicNumbers(2, 3, ec.SECT283K1()) + numbers = ec.EllipticCurvePrivateNumbers(1, pub_numbers) + + pytest.deprecated_call( + backend.elliptic_curve_private_key_from_numbers, + numbers + ) + pytest.deprecated_call( + backend.elliptic_curve_public_key_from_numbers, + pub_numbers + ) + def test_pkcs8_serialization_backend(self): backend = MultiBackend([DummyPKCS8SerializationBackend()]) diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 110bbdba..5933b107 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -28,7 +28,7 @@ from cryptography.hazmat.backends.openssl.backend import ( Backend, backend ) from cryptography.hazmat.primitives import hashes, interfaces -from cryptography.hazmat.primitives.asymmetric import dsa, padding, rsa +from cryptography.hazmat.primitives.asymmetric import dsa, ec, padding, rsa from cryptography.hazmat.primitives.ciphers import Cipher from cryptography.hazmat.primitives.ciphers.algorithms import AES from cryptography.hazmat.primitives.ciphers.modes import CBC, CTR @@ -569,3 +569,39 @@ class TestDeprecatedDSABackendMethods(object): b"\x00" * 128, hashes.SHA1() ) + + +@pytest.mark.elliptic +class TestDeprecatedECBackendMethods(object): + def test_elliptic_curve_private_key_from_numbers(self): + d = 5634846038258869671139984276180670841223409490498798721258 + y = 4131560123026307384858369684985976479488628761329758810693 + x = 3402090428547195623222463880060959356423657484435591627791 + curve = ec.SECP192R1() + pub_numbers = ec.EllipticCurvePublicNumbers( + x=x, + y=y, + curve=curve + ) + numbers = ec.EllipticCurvePrivateNumbers( + private_value=d, + public_numbers=pub_numbers + ) + pytest.deprecated_call( + backend.elliptic_curve_private_key_from_numbers, + numbers + ) + + def test_elliptic_curve_public_key_from_numbers(self): + y = 4131560123026307384858369684985976479488628761329758810693 + x = 3402090428547195623222463880060959356423657484435591627791 + curve = ec.SECP192R1() + pub_numbers = ec.EllipticCurvePublicNumbers( + x=x, + y=y, + curve=curve + ) + pytest.deprecated_call( + backend.elliptic_curve_public_key_from_numbers, + pub_numbers + ) -- cgit v1.2.3