From 719907c863ba9a5b61a1a056366e23e1100516e8 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Wed, 12 Feb 2014 14:01:05 -0800 Subject: Be clear about HKDF's applicability for password storage --- docs/hazmat/primitives/key-derivation-functions.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'docs') diff --git a/docs/hazmat/primitives/key-derivation-functions.rst b/docs/hazmat/primitives/key-derivation-functions.rst index 1937c2ec..da47ccd3 100644 --- a/docs/hazmat/primitives/key-derivation-functions.rst +++ b/docs/hazmat/primitives/key-derivation-functions.rst @@ -128,6 +128,7 @@ Different KDFs are suitable for different tasks such as: `HKDF`_ (HMAC-based Extract-and-Expand Key Derivation Function) is suitable for deriving keys of a fixed size used for other cryptographic operations. + **HKDF should not be used for password storage.** .. doctest:: -- cgit v1.2.3 From c43bb7579b4cdb7b0c9306e5444ad94563f081e5 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Wed, 12 Feb 2014 16:42:11 -0800 Subject: Switch this to a warning block --- docs/hazmat/primitives/key-derivation-functions.rst | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/hazmat/primitives/key-derivation-functions.rst b/docs/hazmat/primitives/key-derivation-functions.rst index da47ccd3..d8a0e241 100644 --- a/docs/hazmat/primitives/key-derivation-functions.rst +++ b/docs/hazmat/primitives/key-derivation-functions.rst @@ -128,7 +128,10 @@ Different KDFs are suitable for different tasks such as: `HKDF`_ (HMAC-based Extract-and-Expand Key Derivation Function) is suitable for deriving keys of a fixed size used for other cryptographic operations. - **HKDF should not be used for password storage.** + + .. warning:: + + HKDF should not be used for password storage. .. doctest:: -- cgit v1.2.3 From 61ea493b97e2c2ba2d60a2925d46ba7f33327536 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Wed, 12 Feb 2014 16:51:20 -0800 Subject: Syntax highlight the go code. Be mad Rob Pike. --- docs/development/custom-vectors/cast5.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'docs') diff --git a/docs/development/custom-vectors/cast5.rst b/docs/development/custom-vectors/cast5.rst index 7f1d72c1..09b3bdb1 100644 --- a/docs/development/custom-vectors/cast5.rst +++ b/docs/development/custom-vectors/cast5.rst @@ -23,5 +23,6 @@ Verification The following go code was used to verify the vectors. .. literalinclude:: /development/custom-vectors/cast5/verify_cast5.go + :language: go Download link: :download:`verify_cast5.go ` -- cgit v1.2.3 From bab0e1a4c6301b2a9d23840ae55af92730519edb Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 9 Feb 2014 10:51:59 -0600 Subject: add cast5 docs --- docs/hazmat/primitives/symmetric-encryption.rst | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'docs') diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index 85d8e8e3..d9c0cefa 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -116,6 +116,16 @@ Algorithms ``56`` bits long), they can simply be concatenated to produce the full key. This must be kept secret. +.. class:: CAST5(key) + + CAST5 (also known as CAST-128) is a block cipher approved for use in the + Canadian government by the `Communications Security Establishment`_. It is + a variable key length cipher and supports keys from 40-128 bits in length. + + :param bytes key: The secret key, 40-128 bits in length (in increments of + 8). This must be kept secret. + + Weak Ciphers ------------ @@ -469,3 +479,4 @@ Interfaces .. _`described by Colin Percival`: http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html .. _`recommends 96-bit IV length`: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf .. _`NIST SP-800-38D`: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf +.. _`Communications Security Establishment`: http://www.cse-cst.gc.ca -- cgit v1.2.3 From 70c90e965750da365e18d737faa6e08a1baf0f60 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 12 Feb 2014 18:58:31 -0600 Subject: remove some extra linebreaks --- docs/hazmat/primitives/symmetric-encryption.rst | 2 -- 1 file changed, 2 deletions(-) (limited to 'docs') diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index d9c0cefa..210e6567 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -99,7 +99,6 @@ Algorithms :param bytes key: The secret key, either ``128``, ``192``, or ``256`` bits. This must be kept secret. - .. class:: TripleDES(key) Triple DES (Data Encryption Standard), sometimes referred to as 3DES, is a @@ -125,7 +124,6 @@ Algorithms :param bytes key: The secret key, 40-128 bits in length (in increments of 8). This must be kept secret. - Weak Ciphers ------------ -- cgit v1.2.3 From 87c4edbda9c838b721546dd9f6b9964b915127b5 Mon Sep 17 00:00:00 2001 From: Chris Glass Date: Thu, 13 Feb 2014 09:34:21 +0100 Subject: Added a docs section on Linux installation This simply adds a short paragraph on what dependencies are needed on Linux, as well as the command line to install them on Ubuntu (since users of other distributions are more likely to know how to do it). --- docs/installation.rst | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/installation.rst b/docs/installation.rst index 7e7348e2..a2fc5b7c 100644 --- a/docs/installation.rst +++ b/docs/installation.rst @@ -22,8 +22,26 @@ to include the corresponding locations. For example: C:\> set INCLUDE=C:\OpenSSL-1.0.1f-64bit\include;%INCLUDE% C:\> pip install cryptography +Building cryptography on Linux +------------------------------ + +``cryptography`` should build very easily on linux provided you have headers +for the OpenSSL and libffi available on your system. + +For Ubuntu, the following command line will ensure this is the case: + +.. code-block:: console + + sudo apt-get install libssl-dev libffi-dev + +You should now be able to build and install cryptography with the usual + +.. code-block:: console + + python setup.py install + Using your own OpenSSL on Linux -------------------------------- +............................... Python links to OpenSSL for its own purposes and this can sometimes cause problems when you wish to use a different version of OpenSSL with cryptography. -- cgit v1.2.3 From f82d94f3d1c15e3b71528ba98c7e5ba4b54cc8ad Mon Sep 17 00:00:00 2001 From: Chris Glass Date: Thu, 13 Feb 2014 11:46:49 +0100 Subject: Added Debian mention, extra missing packages One tends to forget than not everyone has python-dev installed :) --- docs/installation.rst | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) (limited to 'docs') diff --git a/docs/installation.rst b/docs/installation.rst index a2fc5b7c..28b311cb 100644 --- a/docs/installation.rst +++ b/docs/installation.rst @@ -22,17 +22,22 @@ to include the corresponding locations. For example: C:\> set INCLUDE=C:\OpenSSL-1.0.1f-64bit\include;%INCLUDE% C:\> pip install cryptography -Building cryptography on Linux ------------------------------- +Building cryptography on GNU/Linux +---------------------------------- + +``cryptography`` should build very easily on GNU/Linux provided you have a C +compiler and headers for Python and the OpenSSL and libffi libraries available +on your system. -``cryptography`` should build very easily on linux provided you have headers -for the OpenSSL and libffi available on your system. +Debian and Ubuntu systems +......................... -For Ubuntu, the following command line will ensure this is the case: +For Debian and Ubuntu, the following command line will ensure the required +dependencies are installed: .. code-block:: console - sudo apt-get install libssl-dev libffi-dev + sudo apt-get install build-essential libssl-dev libffi-dev python-dev You should now be able to build and install cryptography with the usual @@ -40,8 +45,8 @@ You should now be able to build and install cryptography with the usual python setup.py install -Using your own OpenSSL on Linux -............................... +Using your own OpenSSL on GNU/Linux +................................... Python links to OpenSSL for its own purposes and this can sometimes cause problems when you wish to use a different version of OpenSSL with cryptography. -- cgit v1.2.3 From 03829e595123879d26c4681eb180f056d549bc7f Mon Sep 17 00:00:00 2001 From: Chris Glass Date: Thu, 13 Feb 2014 13:07:55 +0100 Subject: Added Pypy note and fixed libffi's "spelling" --- docs/installation.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'docs') diff --git a/docs/installation.rst b/docs/installation.rst index 28b311cb..f2b40892 100644 --- a/docs/installation.rst +++ b/docs/installation.rst @@ -26,8 +26,8 @@ Building cryptography on GNU/Linux ---------------------------------- ``cryptography`` should build very easily on GNU/Linux provided you have a C -compiler and headers for Python and the OpenSSL and libffi libraries available -on your system. +compiler, headers for Python (if you're not using Pypy), and headers for the +OpenSSL and `libffi` libraries available on your system. Debian and Ubuntu systems ......................... -- cgit v1.2.3 From ae20caaed83d86fa40be4b979f7f7553eb6277fa Mon Sep 17 00:00:00 2001 From: Chris Glass Date: Thu, 13 Feb 2014 13:47:28 +0100 Subject: Pypy is not a real word either apparently. --- docs/installation.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/installation.rst b/docs/installation.rst index f2b40892..9d8916e3 100644 --- a/docs/installation.rst +++ b/docs/installation.rst @@ -26,7 +26,7 @@ Building cryptography on GNU/Linux ---------------------------------- ``cryptography`` should build very easily on GNU/Linux provided you have a C -compiler, headers for Python (if you're not using Pypy), and headers for the +compiler, headers for Python (if you're not using `pypy`), and headers for the OpenSSL and `libffi` libraries available on your system. Debian and Ubuntu systems -- cgit v1.2.3 From 2e15c7fce6ce478039d150b4d5442b51582e77b4 Mon Sep 17 00:00:00 2001 From: Chris Glass Date: Thu, 13 Feb 2014 19:10:10 +0100 Subject: Changed .... lines to ~~~~ and s/Gnu\/Linux/Linux/ --- docs/installation.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'docs') diff --git a/docs/installation.rst b/docs/installation.rst index 9d8916e3..595ccc83 100644 --- a/docs/installation.rst +++ b/docs/installation.rst @@ -22,15 +22,15 @@ to include the corresponding locations. For example: C:\> set INCLUDE=C:\OpenSSL-1.0.1f-64bit\include;%INCLUDE% C:\> pip install cryptography -Building cryptography on GNU/Linux ----------------------------------- +Building cryptography on Linux +------------------------------ -``cryptography`` should build very easily on GNU/Linux provided you have a C +``cryptography`` should build very easily on Linux provided you have a C compiler, headers for Python (if you're not using `pypy`), and headers for the OpenSSL and `libffi` libraries available on your system. Debian and Ubuntu systems -......................... +~~~~~~~~~~~~~~~~~~~~~~~~~ For Debian and Ubuntu, the following command line will ensure the required dependencies are installed: @@ -45,8 +45,8 @@ You should now be able to build and install cryptography with the usual python setup.py install -Using your own OpenSSL on GNU/Linux -................................... +Using your own OpenSSL on Linux +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Python links to OpenSSL for its own purposes and this can sometimes cause problems when you wish to use a different version of OpenSSL with cryptography. -- cgit v1.2.3 From 849da1988a3e410432f62c2e5bfa8009e827891a Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 13 Feb 2014 12:32:06 -0600 Subject: add CAST5 support to changelog --- docs/changelog.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'docs') diff --git a/docs/changelog.rst b/docs/changelog.rst index 4d459bd9..cd289b6e 100644 --- a/docs/changelog.rst +++ b/docs/changelog.rst @@ -18,6 +18,7 @@ Changelog * Added :class:`~cryptography.hazmat.primitives.kdf.hkdf.HKDF`. * Added :doc:`/hazmat/backends/multibackend`. * Set default random for the :doc:`/hazmat/backends/openssl` to the OS random engine. +* Added :class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5` (CAST-128) support. 0.1 - 2014-01-08 ~~~~~~~~~~~~~~~~ -- cgit v1.2.3 From 4992384b9ebab1c06dd41423dadbb1f24625b019 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 13 Feb 2014 10:32:56 -0800 Subject: A few style nits in the docs --- docs/installation.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'docs') diff --git a/docs/installation.rst b/docs/installation.rst index 595ccc83..f9c3574d 100644 --- a/docs/installation.rst +++ b/docs/installation.rst @@ -26,8 +26,8 @@ Building cryptography on Linux ------------------------------ ``cryptography`` should build very easily on Linux provided you have a C -compiler, headers for Python (if you're not using `pypy`), and headers for the -OpenSSL and `libffi` libraries available on your system. +compiler, headers for Python (if you're not using ``pypy``), and headers for +the OpenSSL and ``libffi`` libraries available on your system. Debian and Ubuntu systems ~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -37,13 +37,13 @@ dependencies are installed: .. code-block:: console - sudo apt-get install build-essential libssl-dev libffi-dev python-dev + $ sudo apt-get install build-essential libssl-dev libffi-dev python-dev You should now be able to build and install cryptography with the usual .. code-block:: console - python setup.py install + $ pip install cryptography Using your own OpenSSL on Linux ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- cgit v1.2.3 From a5011ec2863d1a698780153a5f2498bd69add56f Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 13 Feb 2014 12:33:34 -0600 Subject: add versionadded to cast5 --- docs/hazmat/primitives/symmetric-encryption.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs') diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index 210e6567..d91dde9d 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -117,6 +117,8 @@ Algorithms .. class:: CAST5(key) + .. versionadded:: 0.2 + CAST5 (also known as CAST-128) is a block cipher approved for use in the Canadian government by the `Communications Security Establishment`_. It is a variable key length cipher and supports keys from 40-128 bits in length. -- cgit v1.2.3 From 14971b7c3a1a5d43363b76506e6a3d1881d7d51f Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 13 Feb 2014 12:56:14 -0800 Subject: Fixed a missing word in the RSA docs --- docs/hazmat/primitives/rsa.rst | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'docs') diff --git a/docs/hazmat/primitives/rsa.rst b/docs/hazmat/primitives/rsa.rst index a19ada33..0c7be2c2 100644 --- a/docs/hazmat/primitives/rsa.rst +++ b/docs/hazmat/primitives/rsa.rst @@ -8,7 +8,7 @@ RSA `RSA`_ is a `public-key`_ algorithm for encrypting and signing messages. .. class:: RSAPrivateKey(p, q, private_exponent, public_exponent, modulus) - + .. versionadded:: 0.2 An RSA private key is required for decryption and signing of messages. @@ -16,23 +16,23 @@ RSA You should use :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey.generate` to generate new keys. - + .. warning:: This method only checks a limited set of properties of its arguments. - Using an RSA that you do not trust or with incorrect parameters may - lead to insecure operation, crashes, and other undefined behavior. We - recommend that you only ever load private keys that were generated with - software you trust. + Using an RSA private key that you do not trust or with incorrect + parameters may lead to insecure operation, crashes, and other undefined + behavior. We recommend that you only ever load private keys that were + generated with software you trust. This class conforms to the :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey` interface. - :raises TypeError: This is raised when the arguments are not all integers. + :raises TypeError: This is raised when the arguments are not all integers. :raises ValueError: This is raised when the values of `p`, `q`, - `private_exponent`, `public_exponent` or `modulus` do + `private_exponent`, `public_exponent` or `modulus` do not match the bounds specified in `RFC 3447`_. .. classmethod:: generate(public_exponent, key_size, backend) @@ -52,7 +52,7 @@ RSA :return: A new instance of ``RSAPrivateKey``. .. class:: RSAPublicKey(public_exponent, modulus) - + .. versionadded:: 0.2 An RSA public key is required for encryption and verification of messages. @@ -65,7 +65,7 @@ RSA :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey` interface. - :raises TypeError: This is raised when the arguments are not all integers. + :raises TypeError: This is raised when the arguments are not all integers. :raises ValueError: This is raised when the values of `public_exponent` or `modulus` do not match the bounds specified in -- cgit v1.2.3 From a9d802a8364bff9f511db28b4c57bce3498b937d Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 13 Feb 2014 12:57:57 -0800 Subject: Also clean up this syntax --- docs/hazmat/primitives/rsa.rst | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'docs') diff --git a/docs/hazmat/primitives/rsa.rst b/docs/hazmat/primitives/rsa.rst index 0c7be2c2..2875b209 100644 --- a/docs/hazmat/primitives/rsa.rst +++ b/docs/hazmat/primitives/rsa.rst @@ -31,9 +31,10 @@ RSA :raises TypeError: This is raised when the arguments are not all integers. - :raises ValueError: This is raised when the values of `p`, `q`, - `private_exponent`, `public_exponent` or `modulus` do - not match the bounds specified in `RFC 3447`_. + :raises ValueError: This is raised when the values of ``p``, ``q``, + ``private_exponent``, ``public_exponent``, or + ``modulus`` do not match the bounds specified in + :rfc:`3447`. .. classmethod:: generate(public_exponent, key_size, backend) @@ -67,12 +68,11 @@ RSA :raises TypeError: This is raised when the arguments are not all integers. - :raises ValueError: This is raised when the values of `public_exponent` or - `modulus` do not match the bounds specified in - `RFC 3447`_. + :raises ValueError: This is raised when the values of ``public_exponent`` + or ``modulus`` do not match the bounds specified in + :rfc:`3447`. .. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem) .. _`public-key`: https://en.wikipedia.org/wiki/Public-key_cryptography -.. _`RFC 3447`: https://tools.ietf.org/html/rfc3447 .. _`use 65537`: http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html .. _`at least 2048`: http://www.ecrypt.eu.org/documents/D.SPA.20.pdf -- cgit v1.2.3