5 files changed, 69 insertions, 9 deletions

diff --git a/docs/development/custom-vectors/cast5.rst b/docs/development/custom-vectors/cast5.rst
index 09b3bdb1..f5400270 100644
--- a/docs/development/custom-vectors/cast5.rst
+++ b/docs/development/custom-vectors/cast5.rst
@@ -1,10 +1,11 @@
 CAST5 Vector Creation
 =====================
 
-This page documents the code that was used to generate the CAST5 CBC, CFB, and
-OFB test vectors as well as the code used to verify them against another
-implementation. For CAST5 the vectors were generated using OpenSSL and verified
-with Go.
+This page documents the code that was used to generate the CAST5 CBC, CFB, OFB,
+and CTR test vectors as well as the code used to verify them against another
+implementation. For CAST5 the CBC, CFB, and OFB vectors were generated using
+OpenSSL and the CTR vectors were generated using Apple's CommonCrypto. All the
+generated vectors were verified with Go.
 
 Creation
 --------
diff --git a/docs/development/custom-vectors/cast5/generate_cast5.py b/docs/development/custom-vectors/cast5/generate_cast5.py
index c3f579e7..32ef3b43 100644
--- a/docs/development/custom-vectors/cast5/generate_cast5.py
+++ b/docs/development/custom-vectors/cast5/generate_cast5.py
@@ -1,6 +1,6 @@
 import binascii
 
-from cryptography.hazmat.backends.openssl.backend import backend
+from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives.ciphers import base, algorithms, modes
 
 
@@ -8,7 +8,7 @@ def encrypt(mode, key, iv, plaintext):
     cipher = base.Cipher(
         algorithms.CAST5(binascii.unhexlify(key)),
         mode(binascii.unhexlify(iv)),
-        backend
+        default_backend()
     )
     encryptor = cipher.encryptor()
     ct = encryptor.update(binascii.unhexlify(plaintext))
@@ -57,3 +57,5 @@ ofb_path = "tests/hazmat/primitives/vectors/ciphers/AES/OFB/OFBMMT128.rsp"
 write_file(build_vectors(modes.OFB, ofb_path), "cast5-ofb.txt")
 cfb_path = "tests/hazmat/primitives/vectors/ciphers/AES/CFB/CFB128MMT128.rsp"
 write_file(build_vectors(modes.CFB, cfb_path), "cast5-cfb.txt")
+ctr_path = "tests/hazmat/primitives/vectors/ciphers/AES/CTR/aes-128-ctr.txt"
+write_file(build_vectors(modes.CTR, ctr_path), "cast5-ctr.txt")
diff --git a/docs/development/custom-vectors/cast5/verify_cast5.go b/docs/development/custom-vectors/cast5/verify_cast5.go
index 49e1023d..f735d989 100644
--- a/docs/development/custom-vectors/cast5/verify_cast5.go
+++ b/docs/development/custom-vectors/cast5/verify_cast5.go
@@ -91,6 +91,26 @@ func (o cfbVerifier) validate(count string, key, iv, plaintext, expected_ciphert
 	}
 }
 
+type ctrVerifier struct{}
+
+func (o ctrVerifier) validate(count string, key, iv, plaintext, expected_ciphertext []byte) {
+	block, err := cast5.NewCipher(key)
+	if err != nil {
+		panic(err)
+	}
+
+	ciphertext := make([]byte, len(plaintext))
+	stream := cipher.NewCTR(block, iv)
+	stream.XORKeyStream(ciphertext, plaintext)
+
+	if !bytes.Equal(ciphertext, expected_ciphertext) {
+		panic(fmt.Errorf("vector mismatch @ COUNT = %s:\n  %s != %s\n",
+			count,
+			hex.EncodeToString(expected_ciphertext),
+			hex.EncodeToString(ciphertext)))
+	}
+}
+
 func validateVectors(verifier VectorVerifier, filename string) {
 	vectors, err := os.Open(filename)
 	if err != nil {
@@ -138,4 +158,7 @@ func main() {
 	validateVectors(cbcVerifier{},
 		"tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-cbc.txt")
 	fmt.Println("CBC OK.")
+	validateVectors(ctrVerifier{},
+		"tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-ctr.txt")
+	fmt.Println("CTR OK.")
 }
diff --git a/docs/development/submitting-patches.rst b/docs/development/submitting-patches.rst
index 5dca3f79..1797b9c1 100644
--- a/docs/development/submitting-patches.rst
+++ b/docs/development/submitting-patches.rst
@@ -15,7 +15,10 @@ follow the directions on the :doc:`security page </security>`.
 Code
 ----
 
-When in doubt, refer to :pep:`8` for Python code.
+When in doubt, refer to :pep:`8` for Python code. You can check if your code
+meets our automated requirements by running ``flake8`` against it. If you've
+installed the development requirements this will automatically use our
+configuration. You can also run the ``tox`` job with ``tox -e pep8``.
 
 `Write comments as complete sentences.`_
 
diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
index 8b3a6460..1d768179 100644
--- a/docs/development/test-vectors.rst
+++ b/docs/development/test-vectors.rst
@@ -13,8 +13,18 @@ Sources
 Asymmetric Ciphers
 ~~~~~~~~~~~~~~~~~~
 
-* RSA PKCS1 from the RSA FTP site (ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/
+* RSA PKCS #1 from the RSA FTP site (ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/
   and ftp://ftp.rsa.com/pub/rsalabs/tmp/).
+* RSA FIPS 186-2 and PKCS1 v1.5 vulnerability test vectors from `NIST CAVP`_.
+* DSA test vectors from `FIPS 186-2`_ and `FIPS 186-3`_.
+* OpenSSL PEM RSA serialization vectors from the `OpenSSL example key`_ and
+  `GnuTLS key parsing tests`_.
+* OpenSSL PEM DSA serialization vectors from the `GnuTLS example keys`_.
+* PKCS #8 PEM serialization vectors from
+
+  * GnuTLS: `encpkcs8.pem`_, `enc2pkcs8.pem`_, `unencpkcs8.pem`_,
+    `pkcs12_s2k_pem.c`_.
+  * `Botan's ECC private keys`_.
 
 Hashes
 ~~~~~~
@@ -38,6 +48,7 @@ Key Derivation Functions
 
 * HKDF (SHA1, SHA256) from :rfc:`5869`.
 * PBKDF2 (HMAC-SHA1) from :rfc:`6070`.
+* scrypt from the `draft RFC`_.
 
 Recipes
 ~~~~~~~
@@ -47,7 +58,8 @@ Recipes
 Symmetric Ciphers
 ~~~~~~~~~~~~~~~~~
 
-* AES (CBC, CFB, CTR, ECB, GCM, OFB) from `NIST CAVP`_.
+* AES (CBC, CFB, ECB, GCM, OFB) from `NIST CAVP`_.
+* AES CTR from :rfc:`3686`.
 * 3DES (CBC, CFB, ECB, OFB) from `NIST CAVP`_.
 * ARC4 from :rfc:`6229`.
 * Blowfish (CBC, CFB, ECB, OFB) from `Bruce Schneier's vectors`_.
@@ -60,6 +72,13 @@ Symmetric Ciphers
 * IDEA (CBC, CFB, OFB) generated by this project.
   See: :doc:`/development/custom-vectors/idea`
 
+Two Factor Authentication
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* HOTP from :rfc:`4226`
+* TOTP from :rfc:`6238` (Note that an `errata`_ for the test vectors in RFC
+  6238 exists)
+
 Creating Test Vectors
 ---------------------
 
@@ -94,6 +113,18 @@ header format (substituting the correct information):
 .. _`OpenSSL's test vectors`: https://github.com/openssl/openssl/blob/97cf1f6c2854a3a955fd7dd3a1f113deba00c9ef/crypto/evp/evptests.txt#L232
 .. _`RIPEMD website`: http://homes.esat.kuleuven.be/~bosselae/ripemd160.html
 .. _`Whirlpool website`: http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html
+.. _`draft RFC`: https://tools.ietf.org/html/draft-josefsson-scrypt-kdf-01
 .. _`Specification repository`: https://github.com/fernet/spec
+.. _`errata`: http://www.rfc-editor.org/errata_search.php?rfc=6238
+.. _`OpenSSL example key`: http://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=test/testrsa.pem;h=aad21067a8f7cb93a52a511eb9162fd83be39135;hb=66e8211c0b1347970096e04b18aa52567c325200
+.. _`GnuTLS key parsing tests`: https://gitorious.org/gnutls/gnutls/commit/f16ef39ef0303b02d7fa590a37820440c466ce8d
+.. _`encpkcs8.pem`: https://gitorious.org/gnutls/gnutls/source/f8d943b38bf74eaaa11d396112daf43cb8aa82ae:tests/pkcs8-decode/encpkcs8.pem
+.. _`enc2pkcs8.pem`: https://gitorious.org/gnutls/gnutls/source/f8d943b38bf74eaaa11d396112daf43cb8aa82ae:tests/pkcs8-decode/enc2pkcs8.pem
+.. _`unencpkcs8.pem`: https://gitorious.org/gnutls/gnutls/source/f8d943b38bf74eaaa11d396112daf43cb8aa82ae:tests/pkcs8-decode/unencpkcs8.pem
+.. _`pkcs12_s2k_pem.c`: https://gitorious.org/gnutls/gnutls/source/f8d943b38bf74eaaa11d396112daf43cb8aa82ae:tests/pkcs12_s2k_pem.c
+.. _`Botan's ECC private keys`: https://github.com/randombit/botan/tree/4917f26a2b154e841cd27c1bcecdd41d2bdeb6ce/src/tests/data/ecc
+.. _`FIPS 186-2`: http://csrc.nist.gov/groups/STM/cavp/documents/dss/186-2dsatestvectors.zip
+.. _`FIPS 186-3`: http://csrc.nist.gov/groups/STM/cavp/documents/dss/186-3dsatestvectors.zip
+.. _`GnuTLS example keys`: https://gitorious.org/gnutls/gnutls/commit/ad2061deafdd7db78fd405f9d143b0a7c579da7b
 .. _`NESSIE IDEA vectors`: https://www.cosic.esat.kuleuven.be/nessie/testvectors/bc/idea/Idea-128-64.verified.test-vectors
 .. _`NESSIE`: https://en.wikipedia.org/wiki/NESSIE