diff options
| -rw-r--r-- | docs/hazmat/primitives/asymmetric/serialization.rst | 82 | ||||
| -rw-r--r-- | src/cryptography/hazmat/primitives/asymmetric/ec.py | 10 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_ec.py | 19 |
3 files changed, 2 insertions, 109 deletions
diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst index 9ca493ab..1456b0dc 100644 --- a/docs/hazmat/primitives/asymmetric/serialization.rst +++ b/docs/hazmat/primitives/asymmetric/serialization.rst @@ -114,88 +114,6 @@ all begin with ``-----BEGIN {format}-----`` and end with ``-----END is not supported by the backend. -PKCS #8 Format -~~~~~~~~~~~~~~ - -PKCS #8 is a serialization format originally standardized by RSA and currently -maintained by the IETF in :rfc:`5208` and :rfc:`5958`. It supports password -based encryption and additional key metadata attributes. These keys are -recognizable because they all begin with ``-----BEGIN PRIVATE KEY-----`` or -with ``-----BEGIN ENCRYPTED PRIVATE KEY-----`` if they have a password. - - -.. function:: load_pem_pkcs8_private_key(data, password, backend) - - .. versionadded:: 0.5 - - Deserialize a private key from PEM encoded data to one of the supported - asymmetric private key types. - - This has been deprecated in favor of :func:`load_pem_private_key`. - - :param bytes data: The PEM encoded key data. - - :param bytes password: The password to use to decrypt the data. Should - be ``None`` if the private key is not encrypted. - - :param backend: A - :class:`~cryptography.hazmat.backends.interfaces.PKCS8SerializationBackend` - provider. - - :returns: A new instance of a private key. - - :raises ValueError: If the PEM data could not be decrypted or if its - structure could not be decoded successfully. - - :raises TypeError: If a ``password`` was given and the private key was - not encrypted. Or if the key was encrypted but no - password was supplied. - - :raises UnsupportedAlgorithm: If the serialized key is of a type that - is not supported by the backend or if the key is encrypted with a - symmetric cipher that is not supported by the backend. - - -Traditional OpenSSL Format -~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The "traditional" PKCS #1 based serialization format used by OpenSSL. It -supports password based symmetric key encryption. Commonly found in OpenSSL -based TLS applications. It is usually found in PEM format with a header that -mentions the type of the serialized key. e.g. ``-----BEGIN RSA PRIVATE -KEY-----`` or ``-----BEGIN DSA PRIVATE KEY-----``. - -.. function:: load_pem_traditional_openssl_private_key(data, password, backend) - - .. versionadded:: 0.5 - - Deserialize a private key from PEM encoded data to one of the supported - asymmetric private key types. - - This has been deprecated in favor of :func:`load_pem_private_key`. - - :param bytes data: The PEM encoded key data. - - :param bytes password: The password to use to decrypt the data. Should - be ``None`` if the private key is not encrypted. - - :param backend: A - :class:`~cryptography.hazmat.backends.interfaces.TraditionalOpenSSLSerializationBackend` - provider. - - :returns: A new instance of a private key. - - :raises ValueError: If the PEM data could not be decrypted or if its - structure could not be decoded successfully. - - :raises TypeError: If a ``password`` was given and the private key was - not encrypted. Or if the key was encrypted but no - password was supplied. - - :raises UnsupportedAlgorithm: If the serialized key is of a type that - is not supported by the backend or if the key is encrypted with a - symmetric cipher that is not supported by the backend. - OpenSSH Public Key ~~~~~~~~~~~~~~~~~~ diff --git a/src/cryptography/hazmat/primitives/asymmetric/ec.py b/src/cryptography/hazmat/primitives/asymmetric/ec.py index 202f1c97..c9124249 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/ec.py +++ b/src/cryptography/hazmat/primitives/asymmetric/ec.py @@ -152,10 +152,7 @@ class EllipticCurvePublicNumbers(object): self._curve = curve def public_key(self, backend): - try: - return backend.load_elliptic_curve_public_numbers(self) - except AttributeError: - return backend.elliptic_curve_public_key_from_numbers(self) + return backend.load_elliptic_curve_public_numbers(self) curve = utils.read_only_property("_curve") x = utils.read_only_property("_x") @@ -191,10 +188,7 @@ class EllipticCurvePrivateNumbers(object): self._public_numbers = public_numbers def private_key(self, backend): - try: - return backend.load_elliptic_curve_private_numbers(self) - except AttributeError: - return backend.elliptic_curve_private_key_from_numbers(self) + return backend.load_elliptic_curve_private_numbers(self) private_value = utils.read_only_property("_private_value") public_numbers = utils.read_only_property("_public_numbers") diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py index 84c447c1..fd7f7ec5 100644 --- a/tests/hazmat/primitives/test_ec.py +++ b/tests/hazmat/primitives/test_ec.py @@ -63,14 +63,6 @@ class DummySignatureAlgorithm(object): algorithm = None -class DeprecatedDummyECBackend(object): - def elliptic_curve_private_key_from_numbers(self, numbers): - return b"private_key" - - def elliptic_curve_public_key_from_numbers(self, numbers): - return b"public_key" - - @pytest.mark.requires_backend_interface(interface=EllipticCurveBackend) def test_skip_curve_unsupported(backend): with pytest.raises(pytest.skip.Exception): @@ -350,17 +342,6 @@ class TestECDSAVectors(object): else: verifier.verify() - def test_deprecated_public_private_key_load(self): - b = DeprecatedDummyECBackend() - pub_numbers = ec.EllipticCurvePublicNumbers( - 2, - 3, - ec.SECT283K1() - ) - numbers = ec.EllipticCurvePrivateNumbers(1, pub_numbers) - assert numbers.private_key(b) == b"private_key" - assert pub_numbers.public_key(b) == b"public_key" - class TestECNumbersEquality(object): def test_public_numbers_eq(self): |