migrate ARC4 and TripleDES to decrepit (#10286)

7 files changed, 91 insertions, 82 deletions

diff --git a/tests/hazmat/primitives/test_3des.py b/tests/hazmat/primitives/decrepit/test_3des.py
index 007ecfe..f64cbd2 100644
--- a/tests/hazmat/primitives/test_3des.py
+++ b/tests/hazmat/primitives/decrepit/test_3des.py
@@ -12,10 +12,11 @@ import os
 
 import pytest
 
-from cryptography.hazmat.primitives.ciphers import algorithms, modes
+from cryptography.hazmat.decrepit.ciphers import algorithms
+from cryptography.hazmat.primitives.ciphers import modes
 
-from ...utils import load_nist_vectors
-from .utils import generate_encrypt_test
+from ....utils import load_nist_vectors
+from ..utils import generate_encrypt_test
 
 
 @pytest.mark.supported(
diff --git a/tests/hazmat/primitives/decrepit/test_algorithms.py b/tests/hazmat/primitives/decrepit/test_algorithms.py
index c812f17..0dbdac7 100644
--- a/tests/hazmat/primitives/decrepit/test_algorithms.py
+++ b/tests/hazmat/primitives/decrepit/test_algorithms.py
@@ -8,18 +8,83 @@ import os
 
 import pytest
 
+from cryptography.exceptions import _Reasons
 from cryptography.hazmat.decrepit.ciphers.algorithms import (
+    ARC4,
     CAST5,
     IDEA,
     SEED,
     Blowfish,
+    TripleDES,
 )
+from cryptography.hazmat.primitives import ciphers
 from cryptography.hazmat.primitives.ciphers import modes
 
-from ....utils import load_nist_vectors
+from ....utils import load_nist_vectors, raises_unsupported_algorithm
 from ..utils import generate_encrypt_test
 
 
+class TestARC4:
+    @pytest.mark.parametrize(
+        ("key", "keysize"),
+        [
+            (b"0" * 10, 40),
+            (b"0" * 14, 56),
+            (b"0" * 16, 64),
+            (b"0" * 20, 80),
+            (b"0" * 32, 128),
+            (b"0" * 48, 192),
+            (b"0" * 64, 256),
+        ],
+    )
+    def test_key_size(self, key, keysize):
+        cipher = ARC4(binascii.unhexlify(key))
+        assert cipher.key_size == keysize
+
+    def test_invalid_key_size(self):
+        with pytest.raises(ValueError):
+            ARC4(binascii.unhexlify(b"0" * 34))
+
+    def test_invalid_key_type(self):
+        with pytest.raises(TypeError, match="key must be bytes"):
+            ARC4("0" * 10)  # type: ignore[arg-type]
+
+
+def test_invalid_mode_algorithm():
+    with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
+        ciphers.Cipher(
+            ARC4(b"\x00" * 16),
+            modes.GCM(b"\x00" * 12),
+        )
+
+    with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
+        ciphers.Cipher(
+            ARC4(b"\x00" * 16),
+            modes.CBC(b"\x00" * 12),
+        )
+
+    with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
+        ciphers.Cipher(
+            ARC4(b"\x00" * 16),
+            modes.CTR(b"\x00" * 12),
+        )
+
+
+class TestTripleDES:
+    @pytest.mark.parametrize("key", [b"0" * 16, b"0" * 32, b"0" * 48])
+    def test_key_size(self, key):
+        cipher = TripleDES(binascii.unhexlify(key))
+        assert cipher.key_size == 192
+
+    def test_invalid_key_size(self):
+        with pytest.raises(ValueError):
+            TripleDES(binascii.unhexlify(b"0" * 12))
+
+    def test_invalid_key_type(self):
+        with pytest.raises(TypeError, match="key must be bytes"):
+            TripleDES("0" * 16)  # type: ignore[arg-type]
+
+
 class TestBlowfish:
     @pytest.mark.parametrize(
         ("key", "keysize"),
diff --git a/tests/hazmat/primitives/test_arc4.py b/tests/hazmat/primitives/decrepit/test_arc4.py
index b589518..116f4b1 100644
--- a/tests/hazmat/primitives/test_arc4.py
+++ b/tests/hazmat/primitives/decrepit/test_arc4.py
@@ -8,10 +8,10 @@ import os
 
 import pytest
 
-from cryptography.hazmat.primitives.ciphers import algorithms
+from cryptography.hazmat.decrepit.ciphers import algorithms
 
-from ...utils import load_nist_vectors
-from .utils import generate_stream_encryption_test
+from ....utils import load_nist_vectors
+from ..utils import generate_stream_encryption_test
 
 
 @pytest.mark.supported(
diff --git a/tests/hazmat/primitives/test_ciphers.py b/tests/hazmat/primitives/test_ciphers.py
index e096986..5fef25b 100644
--- a/tests/hazmat/primitives/test_ciphers.py
+++ b/tests/hazmat/primitives/test_ciphers.py
@@ -11,21 +11,15 @@ import sys
 import pytest
 
 from cryptography import utils
-from cryptography.exceptions import AlreadyFinalized, _Reasons
+from cryptography.exceptions import AlreadyFinalized
 from cryptography.hazmat.primitives import ciphers
 from cryptography.hazmat.primitives.ciphers import modes
 from cryptography.hazmat.primitives.ciphers.algorithms import (
     AES,
-    ARC4,
     Camellia,
-    TripleDES,
 )
 
-from ...utils import (
-    load_nist_vectors,
-    load_vectors_from_file,
-    raises_unsupported_algorithm,
-)
+from ...utils import load_nist_vectors, load_vectors_from_file
 
 
 def test_deprecated_ciphers_import_with_warning():
@@ -45,6 +39,14 @@ def test_deprecated_ciphers_import_with_warning():
         from cryptography.hazmat.primitives.ciphers.algorithms import (
             SEED,  # noqa: F401
         )
+    with pytest.warns(utils.CryptographyDeprecationWarning):
+        from cryptography.hazmat.primitives.ciphers.algorithms import (
+            ARC4,  # noqa: F401
+        )
+    with pytest.warns(utils.CryptographyDeprecationWarning):
+        from cryptography.hazmat.primitives.ciphers.algorithms import (
+            TripleDES,  # noqa: F401
+        )
 
 
 class TestAES:
@@ -111,67 +113,6 @@ class TestCamellia:
             Camellia("0" * 32)  # type: ignore[arg-type]
 
 
-class TestTripleDES:
-    @pytest.mark.parametrize("key", [b"0" * 16, b"0" * 32, b"0" * 48])
-    def test_key_size(self, key):
-        cipher = TripleDES(binascii.unhexlify(key))
-        assert cipher.key_size == 192
-
-    def test_invalid_key_size(self):
-        with pytest.raises(ValueError):
-            TripleDES(binascii.unhexlify(b"0" * 12))
-
-    def test_invalid_key_type(self):
-        with pytest.raises(TypeError, match="key must be bytes"):
-            TripleDES("0" * 16)  # type: ignore[arg-type]
-
-
-class TestARC4:
-    @pytest.mark.parametrize(
-        ("key", "keysize"),
-        [
-            (b"0" * 10, 40),
-            (b"0" * 14, 56),
-            (b"0" * 16, 64),
-            (b"0" * 20, 80),
-            (b"0" * 32, 128),
-            (b"0" * 48, 192),
-            (b"0" * 64, 256),
-        ],
-    )
-    def test_key_size(self, key, keysize):
-        cipher = ARC4(binascii.unhexlify(key))
-        assert cipher.key_size == keysize
-
-    def test_invalid_key_size(self):
-        with pytest.raises(ValueError):
-            ARC4(binascii.unhexlify(b"0" * 34))
-
-    def test_invalid_key_type(self):
-        with pytest.raises(TypeError, match="key must be bytes"):
-            ARC4("0" * 10)  # type: ignore[arg-type]
-
-
-def test_invalid_mode_algorithm():
-    with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
-        ciphers.Cipher(
-            ARC4(b"\x00" * 16),
-            modes.GCM(b"\x00" * 12),
-        )
-
-    with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
-        ciphers.Cipher(
-            ARC4(b"\x00" * 16),
-            modes.CBC(b"\x00" * 12),
-        )
-
-    with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
-        ciphers.Cipher(
-            ARC4(b"\x00" * 16),
-            modes.CTR(b"\x00" * 12),
-        )
-
-
 @pytest.mark.supported(
     only_if=lambda backend: backend.cipher_supported(
         AES(b"\x00" * 16), modes.ECB()
diff --git a/tests/hazmat/primitives/test_cmac.py b/tests/hazmat/primitives/test_cmac.py
index 18ba898..5e81563 100644
--- a/tests/hazmat/primitives/test_cmac.py
+++ b/tests/hazmat/primitives/test_cmac.py
@@ -12,10 +12,9 @@ from cryptography.exceptions import (
     InvalidSignature,
     _Reasons,
 )
+from cryptography.hazmat.decrepit.ciphers.algorithms import ARC4, TripleDES
 from cryptography.hazmat.primitives.ciphers.algorithms import (
     AES,
-    ARC4,
-    TripleDES,
 )
 from cryptography.hazmat.primitives.cmac import CMAC
 
diff --git a/tests/hazmat/primitives/test_kbkdf.py b/tests/hazmat/primitives/test_kbkdf.py
index 4329e3d..965075d 100644
--- a/tests/hazmat/primitives/test_kbkdf.py
+++ b/tests/hazmat/primitives/test_kbkdf.py
@@ -871,7 +871,7 @@ class TestKBKDFCMAC:
 
         with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
             KBKDFCMAC(
-                algorithms.ARC4,
+                algorithms.ChaCha20,
                 Mode.CounterMode,
                 32,
                 4,
diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py
index b15955f..9e119f0 100644
--- a/tests/hazmat/primitives/utils.py
+++ b/tests/hazmat/primitives/utils.py
@@ -16,6 +16,9 @@ from cryptography.exceptions import (
     InvalidTag,
     NotYetFinalized,
 )
+from cryptography.hazmat.decrepit.ciphers import (
+    algorithms as decrepit_algorithms,
+)
 from cryptography.hazmat.primitives import hashes, hmac, serialization
 from cryptography.hazmat.primitives.asymmetric import rsa
 from cryptography.hazmat.primitives.ciphers import (
@@ -430,15 +433,15 @@ def _kbkdf_cmac_counter_mode_test(backend, prf, ctr_loc, brk_loc, params):
         "cmac_aes128": algorithms.AES,
         "cmac_aes192": algorithms.AES,
         "cmac_aes256": algorithms.AES,
-        "cmac_tdes2": algorithms.TripleDES,
-        "cmac_tdes3": algorithms.TripleDES,
+        "cmac_tdes2": decrepit_algorithms.TripleDES,
+        "cmac_tdes3": decrepit_algorithms.TripleDES,
     }
 
     algorithm = supported_cipher_algorithms.get(prf)
     assert algorithm is not None
 
     # TripleDES is disallowed in FIPS mode.
-    if backend._fips_enabled and algorithm is algorithms.TripleDES:
+    if backend._fips_enabled and algorithm is decrepit_algorithms.TripleDES:
         pytest.skip("TripleDES is not supported in FIPS mode.")
 
     ctrkdf = KBKDFCMAC(