fixes #7179 -- remove deprecated from_encoded_point (#7572)

Author: alex

CHANGELOG.rst

@@ -8,10 +8,18 @@ Changelog
 
 .. note:: This version is not yet released and is under active development.
 
-* Support for OpenSSL 1.1.0 has been removed. Users on older version of
-  OpenSSL will need to upgrade.
+* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.0 has been removed.
+  Users on older version of OpenSSL will need to upgrade.
 * **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL 3.1.x, 3.2.x,
   3.3.0, and 3.3.1. The new minimum LibreSSL version is 3.3.2+.
+* **BACKWARDS INCOMPATIBLE:** Removed the ``encode_point`` and
+  ``from_encoded_point`` methods on
+  :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers`,
+  which had been deprecated for several years.
+  :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.public_bytes`
+  and
+  :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.from_encoded_point`
+  should be used instead.
 
 .. _v38-0-0:
 

src/cryptography/hazmat/primitives/asymmetric/ec.py

@@ -5,7 +5,6 @@
 
 import abc
 import typing
-import warnings
 
 from cryptography import utils
 from cryptography.hazmat._oid import ObjectIdentifier
@@ -363,50 +362,6 @@ def public_key(self, backend: typing.Any = None) -> EllipticCurvePublicKey:
 
         return ossl.load_elliptic_curve_public_numbers(self)
 
-    def encode_point(self) -> bytes:
-        warnings.warn(
-            "encode_point has been deprecated on EllipticCurvePublicNumbers"
-            " and will be removed in a future version. Please use "
-            "EllipticCurvePublicKey.public_bytes to obtain both "
-            "compressed and uncompressed point encoding.",
-            utils.PersistentlyDeprecated2019,
-            stacklevel=2,
-        )
-        # key_size is in bits. Convert to bytes and round up
-        byte_length = (self.curve.key_size + 7) // 8
-        return (
-            b"\x04"
-            + utils.int_to_bytes(self.x, byte_length)
-            + utils.int_to_bytes(self.y, byte_length)
-        )
-
-    @classmethod
-    def from_encoded_point(
-        cls, curve: EllipticCurve, data: bytes
-    ) -> "EllipticCurvePublicNumbers":
-        if not isinstance(curve, EllipticCurve):
-            raise TypeError("curve must be an EllipticCurve instance")
-
-        warnings.warn(
-            "Support for unsafe construction of public numbers from "
-            "encoded data will be removed in a future version. "
-            "Please use EllipticCurvePublicKey.from_encoded_point",
-            utils.PersistentlyDeprecated2019,
-            stacklevel=2,
-        )
-
-        if data.startswith(b"\x04"):
-            # key_size is in bits. Convert to bytes and round up
-            byte_length = (curve.key_size + 7) // 8
-            if len(data) == 2 * byte_length + 1:
-                x = int.from_bytes(data[1 : byte_length + 1], "big")
-                y = int.from_bytes(data[byte_length + 1 :], "big")
-                return cls(x, y, curve)
-            else:
-                raise ValueError("Invalid elliptic curve point data length")
-        else:
-            raise ValueError("Unsupported elliptic curve point type")
-
     @property
     def curve(self) -> EllipticCurve:
         return self._curve

src/cryptography/utils.py

@@ -21,7 +21,6 @@ class CryptographyDeprecationWarning(UserWarning):
 # Several APIs were deprecated with no specific end-of-life date because of the
 # ubiquity of their use. They should not be removed until we agree on when that
 # cycle ends.
-PersistentlyDeprecated2019 = CryptographyDeprecationWarning
 DeprecatedIn35 = CryptographyDeprecationWarning
 DeprecatedIn36 = CryptographyDeprecationWarning
 DeprecatedIn37 = CryptographyDeprecationWarning

tests/hazmat/primitives/test_ec.py

@@ -12,14 +12,13 @@
 
 import pytest
 
-from cryptography import exceptions, utils, x509
+from cryptography import exceptions, x509
 from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import ec
 from cryptography.hazmat.primitives.asymmetric.utils import (
     Prehashed,
     encode_dss_signature,
 )
-from cryptography.utils import CryptographyDeprecationWarning
 
 from .fixtures_ec import EC_KEY_SECP384R1
 from .utils import skip_fips_traditional_openssl
@@ -171,73 +170,6 @@ def test_invalid_private_numbers_public_numbers():
         ec.EllipticCurvePrivateNumbers(1, None)  # type: ignore[arg-type]
 
 
-def test_encode_point():
-    # secp256r1 point
-    x = int(
-        "233ea3b0027127084cd2cd336a13aeef69c598d8af61369a36454a17c6c22aec", 16
-    )
-    y = int(
-        "3ea2c10a84153862be4ec82940f0543f9ba866af9751a6ee79d38460b35f442e", 16
-    )
-    pn = ec.EllipticCurvePublicNumbers(x, y, ec.SECP256R1())
-    with pytest.warns(utils.PersistentlyDeprecated2019):
-        data = pn.encode_point()
-    assert data == binascii.unhexlify(
-        "04233ea3b0027127084cd2cd336a13aeef69c598d8af61369a36454a17c6c22ae"
-        "c3ea2c10a84153862be4ec82940f0543f9ba866af9751a6ee79d38460b35f442e"
-    )
-
-
-def test_from_encoded_point():
-    # secp256r1 point
-    data = binascii.unhexlify(
-        "04233ea3b0027127084cd2cd336a13aeef69c598d8af61369a36454a17c6c22ae"
-        "c3ea2c10a84153862be4ec82940f0543f9ba866af9751a6ee79d38460b35f442e"
-    )
-    with pytest.warns(CryptographyDeprecationWarning):
-        pn = ec.EllipticCurvePublicNumbers.from_encoded_point(
-            ec.SECP256R1(), data
-        )
-    assert pn.x == int(
-        "233ea3b0027127084cd2cd336a13aeef69c598d8af61369a36454a17c6c22aec", 16
-    )
-    assert pn.y == int(
-        "3ea2c10a84153862be4ec82940f0543f9ba866af9751a6ee79d38460b35f442e", 16
-    )
-
-
-def test_from_encoded_point_invalid_length():
-    bad_data = binascii.unhexlify(
-        "04233ea3b0027127084cd2cd336a13aeef69c598d8af61369a36454a17c6c22ae"
-        "c3ea2c10a84153862be4ec82940f0543f9ba866af9751a6ee79d38460"
-    )
-    with pytest.raises(ValueError):
-        with pytest.warns(CryptographyDeprecationWarning):
-            ec.EllipticCurvePublicNumbers.from_encoded_point(
-                ec.SECP384R1(), bad_data
-            )
-
-
-def test_from_encoded_point_unsupported_point_no_backend():
-    # set to point type 2.
-    unsupported_type = binascii.unhexlify(
-        "02233ea3b0027127084cd2cd336a13aeef69c598d8af61369a36454a17c6c22a"
-    )
-    with pytest.raises(ValueError):
-        with pytest.warns(CryptographyDeprecationWarning):
-            ec.EllipticCurvePublicNumbers.from_encoded_point(
-                ec.SECP256R1(), unsupported_type
-            )
-
-
-def test_from_encoded_point_not_a_curve():
-    with pytest.raises(TypeError):
-        with pytest.warns(CryptographyDeprecationWarning):
-            ec.EllipticCurvePublicNumbers.from_encoded_point(
-                "notacurve", b"\x04data"  # type: ignore[arg-type]
-            )
-
-
 def test_ec_public_numbers_repr():
     pn = ec.EllipticCurvePublicNumbers(2, 3, ec.SECP256R1())
     assert repr(pn) == "<EllipticCurvePublicNumbers(curve=secp256r1, x=2, y=3>"