diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-02-05 15:44:08 -0600 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-02-05 15:44:08 -0600 |
| commit | c91f2392f9cd5b63e1d0440ce851db768944964a (patch) | |
| tree | b21a3eab441b72ef3b1f1fe5545a8895c9c32702 /docs/hazmat | |
| parent | 27864789563c90edb42772a9af1602be87029abc (diff) | |
| parent | f970eaa676eb0cd89cdb2389f03d365899812822 (diff) | |
| download | cryptography-c91f2392f9cd5b63e1d0440ce851db768944964a.tar.gz cryptography-c91f2392f9cd5b63e1d0440ce851db768944964a.tar.bz2 cryptography-c91f2392f9cd5b63e1d0440ce851db768944964a.zip | |
Merge branch 'master' into urandom-engine
* master:
PKCS #1 RSA test vector loader
Removed pointless anchor
Docs need virtualenv as well
Everything about bash is the worst
Some reST markup nonsense
Fix for OS X
More clearly describe the behavior of constant_time.bytes_eq
Run the doc tests under OS X
Made OpenSSL's derive_pbkdf2_hmac raise the right exception
Document which backends implement which itnerfaces. Fixes #538
pep8
Fixed a typo in the docs
Make the default backend be a multi-backend
Conflicts:
tests/hazmat/backends/test_openssl.py
Diffstat (limited to 'docs/hazmat')
| -rw-r--r-- | docs/hazmat/backends/interfaces.rst | 21 | ||||
| -rw-r--r-- | docs/hazmat/backends/multibackend.rst | 4 | ||||
| -rw-r--r-- | docs/hazmat/bindings/commoncrypto.rst | 2 | ||||
| -rw-r--r-- | docs/hazmat/primitives/constant-time.rst | 13 |
4 files changed, 31 insertions, 9 deletions
diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst index 49e4c88c..5131ca12 100644 --- a/docs/hazmat/backends/interfaces.rst +++ b/docs/hazmat/backends/interfaces.rst @@ -19,6 +19,11 @@ A specific ``backend`` may provide one or more of these interfaces. A backend which provides methods for using ciphers for encryption and decryption. + The following backends implement this interface: + + * :doc:`/hazmat/backends/openssl` + * :doc:`/hazmat/backends/commoncrypto` + .. method:: cipher_supported(cipher, mode) Check if a ``cipher`` and ``mode`` combination is supported by @@ -76,6 +81,11 @@ A specific ``backend`` may provide one or more of these interfaces. A backend with methods for using cryptographic hash functions. + The following backends implement this interface: + + * :doc:`/hazmat/backends/openssl` + * :doc:`/hazmat/backends/commoncrypto` + .. method:: hash_supported(algorithm) Check if the specified ``algorithm`` is supported by this backend. @@ -107,6 +117,11 @@ A specific ``backend`` may provide one or more of these interfaces. A backend with methods for using cryptographic hash functions as message authentication codes. + The following backends implement this interface: + + * :doc:`/hazmat/backends/openssl` + * :doc:`/hazmat/backends/commoncrypto` + .. method:: hmac_supported(algorithm) Check if the specified ``algorithm`` is supported by this backend. @@ -139,6 +154,11 @@ A specific ``backend`` may provide one or more of these interfaces. A backend with methods for using PBKDF2 using HMAC as a PRF. + The following backends implement this interface: + + * :doc:`/hazmat/backends/openssl` + * :doc:`/hazmat/backends/commoncrypto` + .. method:: pbkdf2_hmac_supported(algorithm) Check if the specified ``algorithm`` is supported by this backend. @@ -171,4 +191,3 @@ A specific ``backend`` may provide one or more of these interfaces. the derived key. This is typically a password. :return bytes: Derived key. - diff --git a/docs/hazmat/backends/multibackend.rst b/docs/hazmat/backends/multibackend.rst index 63177bef..95538ac8 100644 --- a/docs/hazmat/backends/multibackend.rst +++ b/docs/hazmat/backends/multibackend.rst @@ -18,10 +18,10 @@ MultiBackend >>> from cryptography.hazmat.primitives import hashes >>> backend1.hash_supported(hashes.SHA256()) False - >>> backend2.hash_supported(hashes.SHA1()) + >>> backend2.hash_supported(hashes.SHA256()) True >>> multi_backend = MultiBackend([backend1, backend2]) - >>> multi_backend.hash_supported(hashes.SHA1()) + >>> multi_backend.hash_supported(hashes.SHA256()) True :param backends: A ``list`` of backend objects. Backends are checked for diff --git a/docs/hazmat/bindings/commoncrypto.rst b/docs/hazmat/bindings/commoncrypto.rst index c4f614c2..50dbe69a 100644 --- a/docs/hazmat/bindings/commoncrypto.rst +++ b/docs/hazmat/bindings/commoncrypto.rst @@ -27,4 +27,4 @@ Mac OS X. .. _`CFFI`: https://cffi.readthedocs.org/ -.. _`CommonCrypto`: https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man3/Common%20Crypto.3cc.html#//apple_ref/doc/man/3cc/CommonCrypto +.. _`CommonCrypto`: https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man3/Common%20Crypto.3cc.html diff --git a/docs/hazmat/primitives/constant-time.rst b/docs/hazmat/primitives/constant-time.rst index 632e7c68..c6fcb3a3 100644 --- a/docs/hazmat/primitives/constant-time.rst +++ b/docs/hazmat/primitives/constant-time.rst @@ -19,8 +19,10 @@ about the timing attacks on KeyCzar and Java's ``MessageDigest.isEqual()``. .. function:: bytes_eq(a, b) - Compare ``a`` and ``b`` to one another in constant time if they are of the - same length. + Compares ``a`` and ``b`` with one another. If ``a`` and ``b`` have + different lengths, this returns ``False`` immediately. Otherwise it + compares them in a way that takes the same amount of time, regardless of + how many characters are the same between the two. .. doctest:: @@ -30,9 +32,10 @@ about the timing attacks on KeyCzar and Java's ``MessageDigest.isEqual()``. >>> constant_time.bytes_eq(b"foo", b"bar") False - :param a bytes: The left-hand side. - :param b bytes: The right-hand side. - :returns boolean: True if ``a`` has the same bytes as ``b``. + :param bytes a: The left-hand side. + :param bytes b: The right-hand side. + :returns bool: ``True`` if ``a`` has the same bytes as ``b``, otherwise + ``False``. .. _`Coda Hale's blog post`: http://codahale.com/a-lesson-in-timing-attacks/ |