aboutsummaryrefslogtreecommitdiffstats
path: root/docs/hazmat/primitives/asymmetric
Commit message (Collapse)AuthorAgeFilesLines
* Switch NIST PDFs from nvlpubs to csrc which is HTTPS (#3929)Alex Gaynor2017-09-202-3/+3
|
* Update the rest of the NIST urls to their new HTTPS homes (#3928)Alex Gaynor2017-09-201-2/+2
|
* Fix mistake in `RSAPublicKey.verify` documentation (#3872)David Sanders2017-08-201-1/+1
|
* update docs to reflect #3364 (#3786)Paul Kehrer2017-07-171-1/+1
|
* we forgot to document these DH methods (#3757)Paul Kehrer2017-07-061-0/+27
|
* doc the relationship between PrivateKey and PrivateKeyWithSerialization (#3721)Paul Kehrer2017-06-244-8/+25
| | | | | | | | * doc the relationship between PrivateKey and PrivateKeyWithSerialization Or at least do it better. * let's talk about opaque keys
* Reorganize DHParameters and DHPublicKey *WithSerialization (#3722)Paul Kehrer2017-06-241-15/+13
| | | | | | | | * Reorganize DHParameters and DHPublicKey *WithSerialization fixes #3720 * fix up the changelog
* changelog entry and a few updates to the new DH params docs (#3718)Paul Kehrer2017-06-242-5/+6
|
* Dh parameters serialization (#3504)Aviv Palivoda2017-06-242-0/+110
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support DH parameter serizalization - no X9.42 * Support X9.42 serialization - DER not working * Fix dhp_rfc5114_2.der Changing the DER parameters serialization after the fix in openssl commit a292c9f1b835 * DH parameters X9.42 DER serialization fixed * fix _skip_dhx_unsupported * document DH parameter_bytes * PEP8 fixes * Document load_pem_parameters * Document load_der_parameters * document ParameterFormat * Increase test coverage * Increase test covrage * Remove unneeded check * Fix typo * Fix error in load_der_parameters * Add load_pem_parameters and load_der_parameters to interfaces * CR fixes * Removed unverified phrase * Update version to 2.0 * Fix pep8 * Rename ParameterFormat.ASN1 to ParameterFormat.DHParameter * link pkcs3 * Add new line at end of file to serialization.rst * Rename DHparameters to PKCS3 * doc CR fix
* be clearer that 65537 is the right answer (#3714)Paul Kehrer2017-06-231-1/+2
| | | | | | | | * be clearer that 65537 is the right answer * Different language * remove trailing whitespace
* fix typo in docs for curve name (#3705)Paul Kehrer2017-06-141-1/+1
| | | fixes #3704
* It's a method you must call (#3696)Jean-Paul Calderone2017-06-091-1/+1
| | | Fix misworded guidance for how to serialize a private key to bytes.
* X25519 Support (#3686)Paul Kehrer2017-06-092-0/+86
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * early days * sort of working * more things * remove private_bytes * public bytes, interface fix * load public keys * x25519 support basically done now * private_bytes is gone * some reminders * doctest this too * remove a thing that doesn't matter * x25519 supported checks * libressl has the NID, but a different API, so check for OpenSSL * pep8 * add missing coverage * update to use reasons * expand test a little * add changelog entry * review feedback
* deprecate signer/verifier on asymmetric keys (#3663)Paul Kehrer2017-06-035-196/+105
| | | | | | * deprecate signer/verifier on asymmetric keys * review feedback, switch deprecated_call to work around a bug
* make signature and verification contexts error better re: prehashed (#3658)Paul Kehrer2017-06-021-0/+12
| | | | | | * make signature and verification contexts error better re: prehashed * code review feedback
* Modify DH/ECDH examples to be explicit for DHE/ECDHE (#3622)Paul Kehrer2017-05-272-3/+32
| | | | | | | | * Modify DH/ECDH examples to be explicit for DHE/ECDHE Also add note to DH docs that you should probably use ECDH * give a reason
* Put the exchange method on the correct interface (#3591)Alex Gaynor2017-05-241-12/+12
| | | | | | * Put the exchange method on the correct interface * fixed links in docs
* Update the docs to not be redundant and wrong (#3593)Paul Kehrer2017-05-241-3/+0
|
* add convenience methods for key_size on EC{Public,Private}Key (#3587)Paul Kehrer2017-05-231-0/+18
|
* Document DH in serialization (#3569)Aviv Palivoda2017-05-231-1/+10
|
* Fixes #3538 -- Make our OpenSSL EC verifier's implementation match the API ↵Alex Gaynor2017-05-101-14/+19
| | | | | | | | | | | | | | (#3539) * Document our real API for EC verification, not an accident * formatting consistency * fix the code itself * fixed class name * fixed a test too
* fix typo (#3442)Ofek Lev2017-03-121-1/+1
|
* DH subgroup order (q) (#3369)Aviv Palivoda2017-03-051-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support DH q (subgroup order) * Change RFC5114.txt to NIST format * Add tests for DH q * Update docs for DH q * Fix pep8 * Improve test covergae for DH q * Create _dh_params_dup that copy q if DHparams_dup don't On OpenSSL < 1.0.2 DHparams_dup don't copy q. _dh_params_dup call DHparams_dup and if the version is smaller than 1.0.2 copy q manually * Copy q manually on libressl * Add to test vectors serialized RFC5114 2048 bit DH parameters with 224 bit subgroup * Support serialization of DH with q * Add tests for serialization of DH with q * Support DH serialization with q only if Cryptography_HAS_EVP_PKEY_DHX is true * Raise exception when trying to serialize DH X9.42 when not supported * raise unsupported key type when deserilizing DH X9.42 if not supported * pep8 fixes * Fix test_serialization * Add dhx_serialization_supported method to DHBacked * document q in dh_parameters_supported * Rename dhx_serialization_supported to dh_x942_serialization_supported
* Two random grammar fixes (#3402)Alex Gaynor2017-02-181-1/+1
|
* DH serialization (#3297)Aviv Palivoda2017-02-071-0/+46
| | | | | | | | | | | | | | | | | | * DH keys support serialization * Add DH serialization documentation * Add tests for DH keys serialization in DER encoding * update version to 1.8 * Allow only SubjectPublicKeyInfo serialization * Remove support in TraditionalOpenSSL format * Fix pep8 * Refactor dh serialization tests
* OpenSSL DH backend implementation [Second attempt] (#2914)Aviv Palivoda2016-11-261-43/+120
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Start of OpenSSL DH backend implementation * Supporting DH in MultiBackend * DHBackend has dh_parameters_supported method * Removed DHParametersWithNumbers and DHPrivateKeyWithNumbers from documentation * Removed ExchangeContext. exchange is a method of DHPrivateKeyWithSerialization * PEP8 fixes * Fixed TestDH.test_bad_tls_exchange * Fixed generate_private_key reference in dh documentation * test DH multibackend support * testing DH coversion to serialized * Validating that we receive serialized class in test_generate_dh * Testing DH exchange symmetric key padding * struct DH is now opaqued * PEP8 fixes * Testing load_dh_private_numbers throws ValueError when DH_check fails * Using openssl_assert * Passing keywords arguments in DH key exchange example * test_dh::test_bad_tls_exchange now uses pre calculated parameters * TestDH - Add test that the computed secret is equivalent to the definition by comparing with secret computed in pure python * Add missing generator parameter to DHBackend interface docs. * Include parameter type in DHBackend abc docs. * Add docs for dh.generate_parameters function * Remove the dh Numbers section, and move the DHNumbers class docs to where they are first used. * Add note of big endian byte packing to DH exchange method. * DH documentation updates. Add single sentence overview with wikipedia link. Add paragraph on assembling using Numbers objects. Add link to backend interface docs. First section was all indented, I think by mistake. * Add exchange method to DHPrivateKey abstract base class. * Small tweaks to DH documentation - remove Provider. * Add endian to dictionary * Use utils.int_from_bytes in test_tls_exchange_algorithm * Removed duplicate line * Change dh.rst exchange algorithm from doctest to code-block The example in the Diffie-Hellman exhange algorithm is using 2048 bits key. Generating the parameters of 2048 takes long time. This caused the automated tests to fail. In order to pass the tests we change the example to code-block so it will not run in the doc tests. * Fix dh docs * Document the generator in DHBackend relevant methods * Fix dh tests * use DHparams_dup * Fix key type to unsigned char as expected by DH_compute_key * Validate that DH generator is 2 or 5 * test dh exchange using botan vectors * group all numbers classes * Simplify _DHPrivateKey * Rename test with serialized to numbers * Move bad exchange params to external vector file * update exchange versionadded to 1.7 * Make key_size bit accurate * Change botan link * Added CHANGELOG entry
* update docs and changelog for prehashed support (#3268)Paul Kehrer2016-11-201-3/+15
|
* add support for prehashing in ECDSA sign/verify (#3267)Paul Kehrer2016-11-201-1/+5
| | | | | | * add support for prehashing in ECDSA sign/verify * move signature_algorithm check to its own function
* support prehashed sign/verify in DSA (#3266)Paul Kehrer2016-11-201-2/+12
|
* support RSA verify with prehashing (#3265)Paul Kehrer2016-11-202-2/+19
| | | | | | | | | | * support RSA verify with prehashing * review feedback * more dedupe * refactor and move to a separate module
* support prehashing in RSA sign (#3238)Paul Kehrer2016-11-202-1/+40
| | | | | | | | * support prehashing in RSA sign * check to make sure digest size matches prehashed data provided * move doctest for prehashed
* change derive_elliptic_curve_public_point to return EllipticCurvePubl… (#3243)Paul Kehrer2016-11-181-3/+4
| | | | | | | | | | | | | | * change derive_elliptic_curve_public_point to return EllipticCurvePublicKey * also rename the backend interface method * review feedback * Rename to derive_elliptic_curve_private_key * Returns EllipticCurvePrivateKey * Reuses the EC_POINT in the openssl impl * Rename "secret" arg to "private_value" which is consistent with our naming for the value in ECPrivateNumbers.
* add ec.private_key_from_secret_and_curve (#3225)Ofek Lev2016-11-111-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * finish https://github.com/pyca/cryptography/pull/1973 * change API & add test Function will now return an instance of EllipticCurvePrivateKey, as that is the users' ultimate goal anyway. * fix test * improve coverage * complete coverage * final fix * centos fix * retry * cleanup asserts * use openssl_assert * skip unsupported platforms * change API name to derive_private_key * change version added * improve description of `secret` param * separate successful and failure test cases * simplify successful case * add docs for derive_elliptic_curve_public_point * add period
* EC samples for verifying a singature, + serialization (#3076)Alex Railean2016-09-251-0/+79
| | | | | | | | | | | | | | | | | | | | | | | | * first draft of verification and serialization * tweaks in the RST syntax * added example of deserialization * taking into account the returned value, so that doctests pass * adjusted rst syntax and indentation for code samples * removed print call * forgot to actually call splitlines * added missing argument when loading private key * added Deserialization to dictionary * made lines shorter to meet style requirements * applied requested changes in style
* Clarify what to pass to the sign-function (#3066)Loy2016-07-301-1/+1
| | | Sign needs an ECDSA instance and from following the link to EllipticCurveSignatureAlgorithm, that wasn't clear directly.
* Removed provider language from asymmetric primitives docs (#3052)Gabriel Orisaka2016-07-265-132/+91
| | | | | | * Removed provider language from asymmetric primitives docs * Reverted changes to some examples
* Enforce that p > q to improve OpenSSL compatibility (fixes #2990) (#3010)Dirkjan Ochtman2016-07-191-1/+3
|
* One shot sign/verification ECDSA (#3029)Aviv Palivoda2016-07-022-5/+46
| | | | | | | | | | | | | | * Add sign and verify methods to ECDSA * Documented ECDSA sign/verify methods * Added CHANGELOG entry * Skipping test verify and sign if curve is not supported * Fixed typo in documentation return type * Removed provider language from EllipticCurvePrivateKey and EllipticCurvePublicKey
* one shot verify documentation fix (#3031)Aviv Palivoda2016-06-302-4/+4
|
* One shot sign/verify DSA (#3003)Aviv Palivoda2016-06-301-0/+53
| | | | | | | | * Add sign and verify methods to DSA * Documented DSA sign/verify methods * Added CHANGELOG entry
* Fixed #3008 -- expose calculate max pss salt length (#3014)Alex Gaynor2016-06-271-4/+17
| | | | | | | | | | | | | | * Fixed #3008 -- expose calculate max pss salt length * Fixed a few mistakes in the docs * move all the code around * oops * write a unit test * versionadded + changelog
* rest syntaxAlex Gaynor2016-06-271-1/+1
|
* Fixes #2992 -- clearly link to a key dumping docs in serialization mo… (#3013)Alex Gaynor2016-06-251-0/+10
| | | | | | | | * Fixes #2992 -- clearly link to a key dumping docs in serialization module * fixed rest * guh, grammar
* Use `d` instead of `private_exponent` for consistency (#2991)Dirkjan Ochtman2016-06-221-4/+4
| | | | True story: I used `e` instead of `d` because it seemed more closely related to `e`. Should have looked it up, of course... but the docs could be better.
* Clean up some of the nonsense in our DSA docs. (#2969)Alex Gaynor2016-06-041-5/+5
| | | Fixes #1478
* Add convenience methods to sign and verify w/ RSA (#2945)Colleen Murphy2016-06-041-3/+73
| | | | | | | | | This patch adds wrapper methods to allow the user to sign and verify a single message block without having to go through the multi-step process of creating a signer or verifier, updating it with the one message, and finalizing the result. This will make signing and verifying data more user-friendly when only using small messages. Partial bug #1529
* Refs #1478 -- attempt to improve our nonsense docs for ECCurve.key_size (#2959)Alex Gaynor2016-06-031-1/+2
| | | | | | * Refs #1478 -- attempt to improve our nonsense docs for ECCurve.key_size * fix
* SSH serialization for public keys (#2957)Alex Gaynor2016-06-031-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * SSH serialization for public keys * name errors ahoy! * id, ego, superego * dsa support * EC support * Don't keyerror * Documentation OpenSSH * flake8 * fix * bytes bytes bytes * skip curve unsupported * bytes! * Move a function * reorganize code for coverage
* HTTPS some links, in the odd event users of a cryptographic library would ↵Alex Gaynor2016-03-062-2/+2
| | | | care about authentication, integrity, or confidentiality
* Minor doc tweak per issue #2694Phoebe Queen2016-01-291-1/+5
|