From daac6d056753614077941da0a392c086dadbe965 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 20 Oct 2013 13:15:28 -0500 Subject: When copying a hash, pass the api through to the new object --- cryptography/primitives/hashes.py | 2 +- tests/primitives/test_hashes.py | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/cryptography/primitives/hashes.py b/cryptography/primitives/hashes.py index 7133a916..3aa52462 100644 --- a/cryptography/primitives/hashes.py +++ b/cryptography/primitives/hashes.py @@ -37,7 +37,7 @@ class BaseHash(six.with_metaclass(abc.ABCMeta)): self._api.update_hash_context(self._ctx, data) def copy(self): - return self.__class__(ctx=self._copy_ctx()) + return self.__class__(api=self._api, ctx=self._copy_ctx()) def digest(self): return self._api.finalize_hash_context(self._copy_ctx(), diff --git a/tests/primitives/test_hashes.py b/tests/primitives/test_hashes.py index 03de8916..d721f7af 100644 --- a/tests/primitives/test_hashes.py +++ b/tests/primitives/test_hashes.py @@ -17,6 +17,8 @@ import pytest import six +from cryptography.bindings import _default_api + from cryptography.primitives import hashes from .utils import generate_base_hash_test @@ -33,6 +35,15 @@ class TestBaseHash(object): assert isinstance(m.hexdigest(), str) +class TestDefaultAPISHA1(object): + def test_default_api_creation(self): + """ + This test assumes the presence of SHA1 in the default API. + """ + h = hashes.SHA1() + assert h._api == _default_api + + class TestSHA1(object): test_SHA1 = generate_base_hash_test( hashes.SHA1, -- cgit v1.2.3 From 7a2a19176716530e938e31e09eac2dde679031ab Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 20 Oct 2013 13:45:23 -0500 Subject: add test to verify api is being copied in hash --- tests/primitives/test_hashes.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/primitives/test_hashes.py b/tests/primitives/test_hashes.py index d721f7af..07e2d8e7 100644 --- a/tests/primitives/test_hashes.py +++ b/tests/primitives/test_hashes.py @@ -13,6 +13,8 @@ from __future__ import absolute_import, division, print_function +import pretend + import pytest import six @@ -35,6 +37,15 @@ class TestBaseHash(object): assert isinstance(m.hexdigest(), str) +class TestCopyHash(object): + def test_copy_api_object(self): + pretend_api = pretend.stub(copy_hash_context=lambda a: "copiedctx") + pretend_ctx = pretend.stub() + h = hashes.SHA1(api=pretend_api, ctx=pretend_ctx) + assert h._api is pretend_api + assert h.copy()._api is h._api + + class TestDefaultAPISHA1(object): def test_default_api_creation(self): """ -- cgit v1.2.3 From 2b9b3016cdceff473fbfa50b9c8b6e7ba4e76c07 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 22 Oct 2013 17:09:38 -0500 Subject: md5 is 128-bit. The person responsible for this mistake has been shot --- docs/primitives/cryptographic-hashes.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/primitives/cryptographic-hashes.rst b/docs/primitives/cryptographic-hashes.rst index aeb30f40..abeb8467 100644 --- a/docs/primitives/cryptographic-hashes.rst +++ b/docs/primitives/cryptographic-hashes.rst @@ -86,5 +86,5 @@ MD5 .. class:: cryptography.primitives.hashes.MD5() - MD5 is a deprecated cryptographic hash function. It has a 160-bit message + MD5 is a deprecated cryptographic hash function. It has a 128-bit message digest and has practical known collision attacks. -- cgit v1.2.3 From 9ec1fd44682b459a719a216081e780db702933e3 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 22 Oct 2013 18:13:18 -0500 Subject: add gcm constants and EVP_CIPHER_CTX_ctrl macro --- cryptography/bindings/openssl/evp.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cryptography/bindings/openssl/evp.py b/cryptography/bindings/openssl/evp.py index 41df1056..80980c6e 100644 --- a/cryptography/bindings/openssl/evp.py +++ b/cryptography/bindings/openssl/evp.py @@ -29,6 +29,9 @@ typedef struct evp_pkey_st { } EVP_PKEY; static const int EVP_PKEY_RSA; static const int EVP_PKEY_DSA; +static const int EVP_CTRL_GCM_SET_IVLEN; +static const int EVP_CTRL_GCM_GET_TAG; +static const int EVP_CTRL_GCM_SET_TAG; """ FUNCTIONS = """ @@ -84,4 +87,5 @@ MACROS = """ int EVP_PKEY_assign_RSA(EVP_PKEY *, RSA *); int EVP_PKEY_assign_DSA(EVP_PKEY *, DSA *); int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *); +int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *, int, int, void *); """ -- cgit v1.2.3 From 463db6846a94e29b7ef565d176457f329e6d6db6 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 22 Oct 2013 18:28:31 -0500 Subject: use is for identical object comparison --- tests/primitives/test_hashes.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/primitives/test_hashes.py b/tests/primitives/test_hashes.py index 07e2d8e7..46517701 100644 --- a/tests/primitives/test_hashes.py +++ b/tests/primitives/test_hashes.py @@ -52,7 +52,7 @@ class TestDefaultAPISHA1(object): This test assumes the presence of SHA1 in the default API. """ h = hashes.SHA1() - assert h._api == _default_api + assert h._api is _default_api class TestSHA1(object): -- cgit v1.2.3 From 7728516367e984ed75960c61432e441382a4d7c3 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 22 Oct 2013 16:29:41 -0700 Subject: Enable the new read the docs theme, it's pretty. Refs: https://twitter.com/readthedocs/status/392794577918099456 --- docs/conf.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/conf.py b/docs/conf.py index 16b1109e..a368ac70 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -248,3 +248,7 @@ texinfo_documents = [ # Example configuration for intersphinx: refer to the Python standard library. intersphinx_mapping = {'http://docs.python.org/': None} + + +# Enable the new ReadTheDocs theme +RTD_NEW_THEME = True -- cgit v1.2.3 From 1f3d718cd48ae5f2efe01f724cdf00669087af8f Mon Sep 17 00:00:00 2001 From: David Reid Date: Tue, 22 Oct 2013 16:55:18 -0700 Subject: Make use of currentmodule to maybe reduce redundant module definitions and also get source links. --- docs/primitives/cryptographic-hashes.rst | 20 +++++++++++--------- docs/primitives/symmetric-encryption.rst | 28 ++++++++++++++++++---------- 2 files changed, 29 insertions(+), 19 deletions(-) diff --git a/docs/primitives/cryptographic-hashes.rst b/docs/primitives/cryptographic-hashes.rst index aeb30f40..f917ab45 100644 --- a/docs/primitives/cryptographic-hashes.rst +++ b/docs/primitives/cryptographic-hashes.rst @@ -1,7 +1,9 @@ Message Digests =============== -.. class:: cryptography.primitives.hashes.BaseHash(data=None) +.. currentmodule:: cryptography.primitives.hashes + +.. class:: BaseHash(data=None) Abstract base class that implements a common interface for all hash algorithms that follow here. @@ -32,7 +34,7 @@ SHA-1 NIST has deprecated SHA-1 in favor of the SHA-2 variants. New applications are strongly suggested to use SHA-2 over SHA-1. -.. class:: cryptography.primitives.hashes.SHA1() +.. class:: SHA1() SHA-1 is a cryptographic hash function standardized by NIST. It has a 160-bit message digest. @@ -40,22 +42,22 @@ SHA-1 SHA-2 Family ~~~~~~~~~~~~ -.. class:: cryptography.primitives.hashes.SHA224() +.. class:: SHA224() SHA-224 is a cryptographic hash function from the SHA-2 family and standardized by NIST. It has a 224-bit message digest. -.. class:: cryptography.primitives.hashes.SHA256() +.. class:: SHA256() SHA-256 is a cryptographic hash function from the SHA-2 family and standardized by NIST. It has a 256-bit message digest. -.. class:: cryptography.primitives.hashes.SHA384() +.. class:: SHA384() SHA-384 is a cryptographic hash function from the SHA-2 family and standardized by NIST. It has a 384-bit message digest. -.. class:: cryptography.primitives.hashes.SHA512() +.. class:: SHA512() SHA-512 is a cryptographic hash function from the SHA-2 family and standardized by NIST. It has a 512-bit message digest. @@ -63,7 +65,7 @@ SHA-2 Family RIPEMD160 ~~~~~~~~~ -.. class:: cryptography.primitives.hashes.RIPEMD160() +.. class:: RIPEMD160() RIPEMD160 is a cryptographic hash function that is part of ISO/IEC 10118-3:2004. It has a 160-bit message digest. @@ -71,7 +73,7 @@ RIPEMD160 Whirlpool ~~~~~~~~~ -.. class:: cryptography.primitives.hashes.Whirlpool() +.. class:: Whirlpool() Whirlpool is a cryptographic hash function that is part of ISO/IEC 10118-3:2004. It has a 512-bit message digest. @@ -84,7 +86,7 @@ MD5 MD5 is a deprecated hash algorithm that has practical known collision attacks. You are strongly discouraged from using it. -.. class:: cryptography.primitives.hashes.MD5() +.. class:: MD5() MD5 is a deprecated cryptographic hash function. It has a 160-bit message digest and has practical known collision attacks. diff --git a/docs/primitives/symmetric-encryption.rst b/docs/primitives/symmetric-encryption.rst index 9768246c..87e1e692 100644 --- a/docs/primitives/symmetric-encryption.rst +++ b/docs/primitives/symmetric-encryption.rst @@ -1,6 +1,8 @@ Symmetric Encryption ==================== +.. currentmodule:: cryptography.primitives.block + .. testsetup:: import binascii @@ -11,7 +13,7 @@ Symmetric Encryption Symmetric encryption is a way to encrypt (hide the plaintext value) material where the encrypter and decrypter both use the same key. -.. class:: cryptography.primitives.block.BlockCipher(cipher, mode) +.. class:: BlockCipher(cipher, mode) Block ciphers work by encrypting content in chunks, often 64- or 128-bits. They combine an underlying algorithm (such as AES), with a mode (such as @@ -43,7 +45,9 @@ where the encrypter and decrypter both use the same key. :class:`~cryptography.primitives.interfaces.CipherContext` provider. -.. class:: cryptography.primitives.interfaces.CipherContext() +.. currentmodule:: cryptography.primitives.interfaces + +.. class:: CipherContext() When calling ``encryptor()`` or ``decryptor()`` on a BlockCipher object you will receive a return object conforming to the CipherContext interface. You @@ -64,7 +68,9 @@ where the encrypter and decrypter both use the same key. Ciphers ~~~~~~~ -.. class:: cryptography.primitives.block.ciphers.AES(key) +.. currentmodule:: cryptography.primitives.block.ciphers + +.. class:: AES(key) AES (Advanced Encryption Standard) is a block cipher standardized by NIST. AES is both fast, and cryptographically strong. It is a good default @@ -73,7 +79,7 @@ Ciphers :param bytes key: The secret key, either ``128``, ``192``, or ``256`` bits. This must be kept secret. -.. class:: cryptography.primitives.block.ciphers.Camellia(key) +.. class:: Camellia(key) Camellia is a block cipher approved for use by CRYPTREC and ISO/IEC. It is considered to have comparable security and performance to AES, but @@ -83,7 +89,7 @@ Ciphers This must be kept secret. -.. class:: cryptography.primitives.block.ciphers.TripleDES(key) +.. class:: TripleDES(key) Triple DES (Data Encryption Standard), sometimes refered to as 3DES, is a block cipher standardized by NIST. Triple DES has known cryptoanalytic @@ -103,7 +109,9 @@ Ciphers Modes ~~~~~ -.. class:: cryptography.primitives.block.modes.CBC(initialization_vector) +.. currentmodule:: cryptography.primitives.block.modes + +.. class:: CBC(initialization_vector) CBC (Cipher block chaining) is a mode of operation for block ciphers. It is considered cryptographically strong. @@ -117,7 +125,7 @@ Modes a given ``key``. -.. class:: cryptography.primitives.block.modes.CTR(nonce) +.. class:: CTR(nonce) .. warning:: @@ -135,7 +143,7 @@ Modes with a given key. The nonce does not need to be kept secret and may be included alongside the ciphertext. -.. class:: cryptography.primitives.block.modes.OFB(initialization_vector) +.. class:: OFB(initialization_vector) OFB (Output Feedback) is a mode of operation for block ciphers. It transforms a block cipher into a stream cipher. @@ -148,7 +156,7 @@ Modes reuse an ``initialization_vector`` with a given ``key``. -.. class:: cryptography.primitives.block.modes.CFB(initialization_vector) +.. class:: CFB(initialization_vector) CFB (Cipher Feedback) is a mode of operation for block ciphers. It transforms a block cipher into a stream cipher. @@ -171,7 +179,7 @@ Insecure Modes and existing applications should strongly consider migrating away. -.. class:: cryptography.primitives.block.modes.ECB() +.. class:: ECB() ECB (Electronic Code Book) is the simplest mode of operation for block ciphers. Each block of data is encrypted in the same way. This means -- cgit v1.2.3