Commit e44e1ff6 authored by SVN-Git Migration's avatar SVN-Git Migration

Imported Upstream version 0.8

parent 5a961cbf
......@@ -19,3 +19,4 @@ PGP key fingerprints are enclosed in parentheses.
* Mohammed Attia <skeuomorf@gmail.com> (854A F9C5 9FF5 6E38 B17D 9587 2D70 E1ED 5290 D357)
* Michael Hart <michael.hart1994@gmail.com>
* Mark Adams <mark@markadams.me> (A18A 7DD3 283C CF2A B0CE FE0E C7A0 5E3F C972 098C)
* Gregory Haynes <greg@greghaynes.net> (6FB6 44BF 9FD0 EBA2 1CE9 471F B08F 42F9 0DC6 599F)
This diff is collapsed.
Metadata-Version: 1.1
Name: cryptography
Version: 0.7.2
Version: 0.8
Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
Home-page: https://github.com/pyca/cryptography
Author: The cryptography developers
......@@ -9,7 +9,7 @@ License: BSD or Apache License, Version 2.0
Description: Cryptography
============
.. image:: https://pypip.in/version/cryptography/badge.svg
.. image:: https://pypip.in/version/cryptography/badge.svg?style=flat
:target: https://pypi.python.org/pypi/cryptography/
:alt: Latest Version
......
Cryptography
============
.. image:: https://pypip.in/version/cryptography/badge.svg
.. image:: https://pypip.in/version/cryptography/badge.svg?style=flat
:target: https://pypi.python.org/pypi/cryptography/
:alt: Latest Version
......
......@@ -58,6 +58,8 @@ if spelling is not None:
# Add any paths that contain templates here, relative to this directory.
templates_path = ['_templates']
nitpicky = True
# The suffix of source filenames.
source_suffix = '.rst'
......@@ -69,7 +71,7 @@ master_doc = 'index'
# General information about the project.
project = 'Cryptography'
copyright = '2013-2014, Individual Contributors'
copyright = '2013-2015, Individual Contributors'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
......@@ -268,6 +270,6 @@ texinfo_documents = [
# texinfo_show_urls = 'footnote'
# Example configuration for intersphinx: refer to the Python standard library.
intersphinx_mapping = {'https://docs.python.org/': None}
intersphinx_mapping = {'https://docs.python.org/3': None}
epub_theme = 'epub'
......@@ -19,7 +19,7 @@ func unhexlify(s string) []byte {
return bytes
}
type VectorArgs struct {
type vectorArgs struct {
count string
key string
iv string
......@@ -27,13 +27,13 @@ type VectorArgs struct {
ciphertext string
}
type VectorVerifier interface {
validate(count string, key, iv, plaintext, expected_ciphertext []byte)
type vectorVerifier interface {
validate(count string, key, iv, plaintext, expectedCiphertext []byte)
}
type ofbVerifier struct{}
func (o ofbVerifier) validate(count string, key, iv, plaintext, expected_ciphertext []byte) {
func (o ofbVerifier) validate(count string, key, iv, plaintext, expectedCiphertext []byte) {
block, err := cast5.NewCipher(key)
if err != nil {
panic(err)
......@@ -43,17 +43,17 @@ func (o ofbVerifier) validate(count string, key, iv, plaintext, expected_ciphert
stream := cipher.NewOFB(block, iv)
stream.XORKeyStream(ciphertext, plaintext)
if !bytes.Equal(ciphertext, expected_ciphertext) {
if !bytes.Equal(ciphertext, expectedCiphertext) {
panic(fmt.Errorf("vector mismatch @ COUNT = %s:\n %s != %s\n",
count,
hex.EncodeToString(expected_ciphertext),
hex.EncodeToString(expectedCiphertext),
hex.EncodeToString(ciphertext)))
}
}
type cbcVerifier struct{}
func (o cbcVerifier) validate(count string, key, iv, plaintext, expected_ciphertext []byte) {
func (o cbcVerifier) validate(count string, key, iv, plaintext, expectedCiphertext []byte) {
block, err := cast5.NewCipher(key)
if err != nil {
panic(err)
......@@ -63,17 +63,17 @@ func (o cbcVerifier) validate(count string, key, iv, plaintext, expected_ciphert
mode := cipher.NewCBCEncrypter(block, iv)
mode.CryptBlocks(ciphertext, plaintext)
if !bytes.Equal(ciphertext, expected_ciphertext) {
if !bytes.Equal(ciphertext, expectedCiphertext) {
panic(fmt.Errorf("vector mismatch @ COUNT = %s:\n %s != %s\n",
count,
hex.EncodeToString(expected_ciphertext),
hex.EncodeToString(expectedCiphertext),
hex.EncodeToString(ciphertext)))
}
}
type cfbVerifier struct{}
func (o cfbVerifier) validate(count string, key, iv, plaintext, expected_ciphertext []byte) {
func (o cfbVerifier) validate(count string, key, iv, plaintext, expectedCiphertext []byte) {
block, err := cast5.NewCipher(key)
if err != nil {
panic(err)
......@@ -83,17 +83,17 @@ func (o cfbVerifier) validate(count string, key, iv, plaintext, expected_ciphert
stream := cipher.NewCFBEncrypter(block, iv)
stream.XORKeyStream(ciphertext, plaintext)
if !bytes.Equal(ciphertext, expected_ciphertext) {
if !bytes.Equal(ciphertext, expectedCiphertext) {
panic(fmt.Errorf("vector mismatch @ COUNT = %s:\n %s != %s\n",
count,
hex.EncodeToString(expected_ciphertext),
hex.EncodeToString(expectedCiphertext),
hex.EncodeToString(ciphertext)))
}
}
type ctrVerifier struct{}
func (o ctrVerifier) validate(count string, key, iv, plaintext, expected_ciphertext []byte) {
func (o ctrVerifier) validate(count string, key, iv, plaintext, expectedCiphertext []byte) {
block, err := cast5.NewCipher(key)
if err != nil {
panic(err)
......@@ -103,15 +103,15 @@ func (o ctrVerifier) validate(count string, key, iv, plaintext, expected_ciphert
stream := cipher.NewCTR(block, iv)
stream.XORKeyStream(ciphertext, plaintext)
if !bytes.Equal(ciphertext, expected_ciphertext) {
if !bytes.Equal(ciphertext, expectedCiphertext) {
panic(fmt.Errorf("vector mismatch @ COUNT = %s:\n %s != %s\n",
count,
hex.EncodeToString(expected_ciphertext),
hex.EncodeToString(expectedCiphertext),
hex.EncodeToString(ciphertext)))
}
}
func validateVectors(verifier VectorVerifier, filename string) {
func validateVectors(verifier vectorVerifier, filename string) {
vectors, err := os.Open(filename)
if err != nil {
panic(err)
......@@ -119,7 +119,7 @@ func validateVectors(verifier VectorVerifier, filename string) {
defer vectors.Close()
var segments []string
var vector *VectorArgs
var vector *vectorArgs
scanner := bufio.NewScanner(vectors)
for scanner.Scan() {
......@@ -134,7 +134,7 @@ func validateVectors(verifier VectorVerifier, filename string) {
unhexlify(vector.plaintext),
unhexlify(vector.ciphertext))
}
vector = &VectorArgs{count: segments[1]}
vector = &vectorArgs{count: segments[1]}
case strings.ToUpper(segments[0]) == "IV":
vector.iv = segments[1][:16]
case strings.ToUpper(segments[0]) == "KEY":
......@@ -150,15 +150,15 @@ func validateVectors(verifier VectorVerifier, filename string) {
func main() {
validateVectors(ofbVerifier{},
"tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-ofb.txt")
"vectors/cryptography_vectors/ciphers/CAST5/cast5-ofb.txt")
fmt.Println("OFB OK.")
validateVectors(cfbVerifier{},
"tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-cfb.txt")
"vectors/cryptography_vectors/ciphers/CAST5/cast5-cfb.txt")
fmt.Println("CFB OK.")
validateVectors(cbcVerifier{},
"tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-cbc.txt")
"vectors/cryptography_vectors/ciphers/CAST5/cast5-cbc.txt")
fmt.Println("CBC OK.")
validateVectors(ctrVerifier{},
"tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-ctr.txt")
"vectors/cryptography_vectors/ciphers/CAST5/cast5-ctr.txt")
fmt.Println("CTR OK.")
}
......@@ -151,6 +151,6 @@ So, specifically:
.. _`Write comments as complete sentences.`: http://nedbatchelder.com/blog/201401/comments_should_be_sentences.html
.. _`syntax`: http://sphinx-doc.org/domains.html#info-field-lists
.. _`Studies have shown`: http://www.ibm.com/developerworks/rational/library/11-proven-practices-for-peer-review/
.. _`Studies have shown`: https://smartbear.com/smartbear/media/pdfs/wp-cc-11-best-practices-of-peer-code-review.pdf
.. _`our mailing list`: https://mail.python.org/mailman/listinfo/cryptography-dev
.. _`doc8`: https://github.com/stackforge/doc8
......@@ -33,29 +33,50 @@ Asymmetric ciphers
`unenc-rsa-pkcs8.pem`_, `pkcs12_s2k_pem.c`_. The contents of
`enc2-rsa-pkcs8.pem`_ was re-encrypted using a stronger PKCS#8 cipher.
* `Botan's ECC private keys`_.
* `asymmetric/public/PKCS1/dsa.pub.pem`_ is a PKCS1 DSA public key from the
Ruby test suite.
Custom Asymmetric Vectors
~~~~~~~~~~~~~~~~~~~~~~~~~
* ``ec_private_key.pem`` - Contains an Elliptic Curve key generated by OpenSSL
from the curve ``secp256r1``.
* ``ec_private_key_encrypted.pem`` - Contains the same Elliptic Curve key as
``ec_private_key.pem``, except that it is encrypted with AES-128 with the
password "123456".
* ``ec_public_key.pem`` - Contains the public key corresponding to
``ec_private_key.pem``, generated using OpenSSL.
* ``rsa_private_key.pem`` - Contains an RSA 2048 bit key generated using
OpenSSL, protected by the secret "123456" with DES3 encryption.
* ``rsa_public_key.pem`` - Contains an RSA 2048 bit public generated using
OpenSSL from ``rsa_private_key.pem``.
* ``dsaparam.pem`` - Contains 2048-bit DSA parameters generated using OpenSSL;
contains no keys.
* ``dsa_private_key.pem`` - Contains a DSA 2048 bit key generated using
OpenSSL from the parameters in ``dsaparam.pem``, protected by the secret
"123456" with DES3 encryption.
* ``dsa_public_key.pem`` - Contains a DSA 2048 bit key generated using OpenSSL
from ``dsa_private_key.pem``.
* ``asymmetric/PEM_Serialization/ec_private_key.pem`` and
``asymmetric/DER_Serialization/ec_private_key.der`` - Contains an Elliptic
Curve key generated by OpenSSL from the curve ``secp256r1``.
* ``asymmetric/PEM_Serialization/ec_private_key_encrypted.pem`` and
``asymmetric/DER_Serialization/ec_private_key_encrypted.der``- Contains the
same Elliptic Curve key as ``ec_private_key.pem``, except that it is
encrypted with AES-128 with the password "123456".
* ``asymmetric/PEM_Serialization/ec_public_key.pem`` and
``asymmetric/DER_Serialization/ec_public_key.der``- Contains the public key
corresponding to ``ec_private_key.pem``, generated using OpenSSL.
* ``asymmetric/PEM_Serialization/rsa_private_key.pem`` - Contains an RSA 2048
bit key generated using OpenSSL, protected by the secret "123456" with DES3
encryption.
* ``asymmetric/PEM_Serialization/rsa_public_key.pem`` and
``asymmetric/DER_Serialization/rsa_public_key.der``- Contains an RSA 2048
bit public generated using OpenSSL from ``rsa_private_key.pem``.
* ``asymmetric/PEM_Serialization/dsaparam.pem`` - Contains 2048-bit DSA
parameters generated using OpenSSL; contains no keys.
* ``asymmetric/PEM_Serialization/dsa_private_key.pem`` - Contains a DSA 2048
bit key generated using OpenSSL from the parameters in ``dsaparam.pem``,
protected by the secret "123456" with DES3 encryption.
* ``asymmetric/PEM_Serialization/dsa_public_key.pem`` and
``asymmetric/DER_Serialization/dsa_public_key.der`` - Contains a DSA 2048 bit
key generated using OpenSSL from ``dsa_private_key.pem``.
* ``asymmetric/PKCS8/unenc-dsa-pkcs8.pem`` and
``asymmetric/DER_Serialization/unenc-dsa-pkcs8.der`` - Contains a DSA 1024
bit key generated using OpenSSL.
* ``asymmetric/PKCS8/unenc-dsa-pkcs8.pub.pem`` and
``asymmetric/DER_Serialization/unenc-dsa-pkcs8.pub.der`` - Contains a DSA
2048 bit public key generated using OpenSSL from ``unenc-dsa-pkcs8.pem``.
* DER conversions of the `GnuTLS example keys`_ for DSA as well as the
`OpenSSL example key`_ for RSA.
* DER conversions of `enc-rsa-pkcs8.pem`_, `enc2-rsa-pkcs8.pem`_, and
`unenc-rsa-pkcs8.pem`_.
* ``asymmetric/public/PKCS1/rsa.pub.pem`` and
``asymmetric/public/PKCS1/rsa.pub.der`` are PKCS1 conversions of the public
key from ``asymmetric/PKCS8/unenc-rsa-pkcs8.pem`` using PEM and DER encoding.
X.509
~~~~~
......@@ -64,6 +85,9 @@ X.509
* ``v1_cert.pem`` from the OpenSSL source tree (`testx509.pem`_).
* ``ecdsa_root.pem`` - `DigiCert Global Root G3`_, a ``secp384r1`` ECDSA root
certificate.
* ``verisign-md2-root.pem`` - A legacy Verisign public root signed using the
MD2 algorithm. This is a PEM conversion of the `root data`_ in the NSS source
tree.
Custom X.509 Vectors
~~~~~~~~~~~~~~~~~~~~
......@@ -76,6 +100,28 @@ Custom X.509 Vectors
generated using OpenSSL.
* ``ec_no_named_curve.pem`` - Contains an ECDSA certificate that does not have
an embedded OID defining the curve.
* ``all_supported_names.pem`` - An RSA 2048 bit certificate generated using
OpenSSL that contains a subject and issuer that have two of each supported
attribute type from :rfc:`5280`.
* ``unsupported_subject_name.pem`` - An RSA 2048 bit self-signed CA certificate
generated using OpenSSL that contains the unsupported "initials" name.
* ``utf8_common_name.pem`` - An RSA 2048 bit self-signed CA certificate
generated using OpenSSL that contains a UTF8String common name with the value
"We heart UTF8!™".
Custom X.509 Request Vectors
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* ``dsa_sha1.pem`` - Contains a certificate request using 1024-bit DSA
parameters and SHA1 generated using OpenSSL.
* ``rsa_md4.pem`` - Contains a certificate request using 2048 bit RSA and MD4
generated using OpenSSL.
* ``rsa_sha1.pem`` - Contains a certificate request using 2048 bit RSA and
SHA1 generated using OpenSSL.
* ``rsa_sha256.pem`` - Contains a certificate request using 2048 bit RSA and
SHA256 generated using OpenSSL.
* ``ec_sha256.pem`` - Contains a certificate request using EC (``secp384r1``)
and SHA256 generated using OpenSSL.
Hashes
~~~~~~
......@@ -180,12 +226,12 @@ header format (substituting the correct information):
.. _`draft RFC`: https://tools.ietf.org/html/draft-josefsson-scrypt-kdf-01
.. _`Specification repository`: https://github.com/fernet/spec
.. _`errata`: http://www.rfc-editor.org/errata_search.php?rfc=6238
.. _`OpenSSL example key`: http://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=test/testrsa.pem;h=aad21067a8f7cb93a52a511eb9162fd83be39135;hb=66e8211c0b1347970096e04b18aa52567c325200
.. _`GnuTLS key parsing tests`: https://gitorious.org/gnutls/gnutls/commit/f16ef39ef0303b02d7fa590a37820440c466ce8d
.. _`enc-rsa-pkcs8.pem`: https://gitorious.org/gnutls/gnutls/source/f8d943b38bf74eaaa11d396112daf43cb8aa82ae:tests/pkcs8-decode/encpkcs8.pem
.. _`enc2-rsa-pkcs8.pem`: https://gitorious.org/gnutls/gnutls/source/f8d943b38bf74eaaa11d396112daf43cb8aa82ae:tests/pkcs8-decode/enc2pkcs8.pem
.. _`unenc-rsa-pkcs8.pem`: https://gitorious.org/gnutls/gnutls/source/f8d943b38bf74eaaa11d396112daf43cb8aa82ae:tests/pkcs8-decode/unencpkcs8.pem
.. _`pkcs12_s2k_pem.c`: https://gitorious.org/gnutls/gnutls/source/f8d943b38bf74eaaa11d396112daf43cb8aa82ae:tests/pkcs12_s2k_pem.c
.. _`OpenSSL example key`: https://github.com/openssl/openssl/blob/d02b48c63a58ea4367a0e905979f140b7d090f86/test/testrsa.pem
.. _`GnuTLS key parsing tests`: https://gitlab.com/gnutls/gnutls/commit/f16ef39ef0303b02d7fa590a37820440c466ce8d
.. _`enc-rsa-pkcs8.pem`: https://gitlab.com/gnutls/gnutls/blob/f8d943b38bf74eaaa11d396112daf43cb8aa82ae/tests/pkcs8-decode/encpkcs8.pem
.. _`enc2-rsa-pkcs8.pem`: https://gitlab.com/gnutls/gnutls/blob/f8d943b38bf74eaaa11d396112daf43cb8aa82ae/tests/pkcs8-decode/enc2pkcs8.pem
.. _`unenc-rsa-pkcs8.pem`: https://gitlab.com/gnutls/gnutls/blob/f8d943b38bf74eaaa11d396112daf43cb8aa82ae/tests/pkcs8-decode/unencpkcs8.pem
.. _`pkcs12_s2k_pem.c`: https://gitlab.com/gnutls/gnutls/blob/f8d943b38bf74eaaa11d396112daf43cb8aa82ae/tests/pkcs12_s2k_pem.c
.. _`Botan's ECC private keys`: https://github.com/randombit/botan/tree/4917f26a2b154e841cd27c1bcecdd41d2bdeb6ce/src/tests/data/ecc
.. _`GnuTLS example keys`: https://gitorious.org/gnutls/gnutls/commit/ad2061deafdd7db78fd405f9d143b0a7c579da7b
.. _`NESSIE IDEA vectors`: https://www.cosic.esat.kuleuven.be/nessie/testvectors/bc/idea/Idea-128-64.verified.test-vectors
......@@ -195,3 +241,5 @@ header format (substituting the correct information):
.. _`NIST PKI Testing`: http://csrc.nist.gov/groups/ST/crypto_apps_infra/pki/pkitesting.html
.. _`testx509.pem`: https://github.com/openssl/openssl/blob/master/test/testx509.pem
.. _`DigiCert Global Root G3`: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt
.. _`root data`: https://hg.mozilla.org/projects/nss/file/25b2922cc564/security/nss/lib/ckfw/builtins/certdata.txt#l2053
.. _`asymmetric/public/PKCS1/dsa.pub.pem`: https://github.com/ruby/ruby/blob/4ccb387f3bc436a08fc6d72c4931994f5de95110/test/openssl/test_pkey_dsa.rb#L53
......@@ -67,6 +67,8 @@ Post-release tasks
* Check for any outstanding code undergoing a deprecation cycle by looking in
``cryptography.utils`` for ``DeprecatedIn**`` definitions. If any exist open
a ticket to increment them for the next release.
* Send an email to the `mailing list`_ announcing the release.
* Send an email to the `mailing list`_ and `python-announce`_ announcing the
release.
.. _`mailing list`: https://mail.python.org/mailman/listinfo/cryptography-dev
.. _`python-announce`: https://mail.python.org/mailman/listinfo/python-announce-list
......@@ -60,3 +60,7 @@ Glossary
This is a property of encryption systems whereby two encrypted messages
aren't distinguishable without knowing the encryption key. This is
considered a basic, necessary property for a working encryption system.
text
This type corresponds to ``unicode`` on Python 2 and ``str`` on Python
3. This is equivalent to ``six.text_type``.
This diff is collapsed.
......@@ -15,13 +15,15 @@ Red Hat Enterprise Linux 5) and greater. Earlier versions may work but are
* :class:`~cryptography.hazmat.backends.interfaces.CipherBackend`
* :class:`~cryptography.hazmat.backends.interfaces.CMACBackend`
* :class:`~cryptography.hazmat.backends.interfaces.DERSerializationBackend`
* :class:`~cryptography.hazmat.backends.interfaces.DSABackend`
* :class:`~cryptography.hazmat.backends.interfaces.EllipticCurveBackend`
* :class:`~cryptography.hazmat.backends.interfaces.HashBackend`
* :class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
* :class:`~cryptography.hazmat.backends.interfaces.PBKDF2HMACBackend`
* :class:`~cryptography.hazmat.backends.interfaces.PKCS8SerializationBackend`
* :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
* :class:`~cryptography.hazmat.backends.interfaces.TraditionalOpenSSLSerializationBackend`
* :class:`~cryptography.hazmat.backends.interfaces.PEMSerializationBackend`
* :class:`~cryptography.hazmat.backends.interfaces.X509Backend`
It also exposes the following:
......@@ -79,4 +81,4 @@ seeded from the same pool as ``/dev/random``.
.. _`OpenSSL`: https://www.openssl.org/
.. _`initializing the RNG`: https://en.wikipedia.org/wiki/OpenSSL#Predictable_keys_.28Debian-specific.29
.. _`Yarrow`: https://en.wikipedia.org/wiki/Yarrow_algorithm
.. _`Microsoft documentation`: http://msdn.microsoft.com/en-us/library/windows/desktop/aa379942(v=vs.85).aspx
.. _`Microsoft documentation`: https://msdn.microsoft.com/en-us/library/windows/desktop/aa379942(v=vs.85).aspx
......@@ -17,7 +17,7 @@ available on Mac OS X versions 10.8 and above.
.. attribute:: ffi
This is a :class:`cffi.FFI` instance. It can be used to allocate and
This is a ``cffi.FFI`` instance. It can be used to allocate and
otherwise manipulate CommonCrypto structures.
.. attribute:: lib
......
......@@ -3,7 +3,7 @@
Bindings
========
.. currentmodule:: cryptography.hazmat.bindings
.. module:: cryptography.hazmat.bindings
``cryptography`` aims to provide low-level CFFI based bindings to multiple
native C libraries. These provide no automatic initialization of the library
......
......@@ -16,7 +16,7 @@ versions may work but are **not tested or supported**.
.. attribute:: ffi
This is a :class:`cffi.FFI` instance. It can be used to allocate and
This is a ``cffi.FFI`` instance. It can be used to allocate and
otherwise manipulate OpenSSL structures.
.. attribute:: lib
......
.. hazmat::
Diffie-Hellman key exchange
===========================
.. currentmodule:: cryptography.hazmat.primitives.asymmetric.dh
.. class:: DHPrivateNumbers(x, public_numbers)
.. versionadded:: 0.8
The collection of integers that make up a Diffie-Hellman private key.
.. attribute:: public_numbers
:type: :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicNumbers`
The :class:`DHPublicNumbers` which makes up the DH public
key associated with this DH private key.
.. attribute:: x
:type: int
The private value.
.. class:: DHPublicNumbers(parameters, y)
.. versionadded:: 0.8
The collection of integers that make up a Diffie-Hellman public key.
.. attribute:: parameter_numbers
:type: :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHParameterNumbers`
The parameters for this DH group.
.. attribute:: y
:type: int
The public value.
.. class:: DHParameterNumbers(p, g)
.. versionadded:: 0.8
The collection of integers that define a Diffie-Hellman group.
.. attribute:: p
:type: int
The prime modulus value.
.. attribute:: g
:type: int
The generator value.
This diff is collapsed.
......@@ -3,7 +3,7 @@
Elliptic curve cryptography
===========================
.. currentmodule:: cryptography.hazmat.primitives.asymmetric.ec
.. module:: cryptography.hazmat.primitives.asymmetric.ec
.. function:: generate_private_key(curve, backend)
......@@ -12,17 +12,13 @@ Elliptic curve cryptography
Generate a new private key on ``curve`` for use with ``backend``.
:param backend: A
:class:`~cryptography.hazmat.primitives.interfaces.EllipticCurve`
provider.
:param backend: A :class:`EllipticCurve` provider.
:param backend: A
:class:`~cryptography.hazmat.backends.interfaces.EllipticCurveBackend`
provider.
:returns: A new instance of a
:class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePrivateKey`
provider.
:returns: A new instance of a :class:`EllipticCurvePrivateKey` provider.
Elliptic Curve Signature Algorithms
......@@ -36,7 +32,7 @@ Elliptic Curve Signature Algorithms
`FIPS 186-3`_, and later in `FIPS 186-4`_.
:param algorithm: An instance of a
:class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
:class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`
provider.
.. doctest::
......@@ -86,8 +82,7 @@ Elliptic Curve Signature Algorithms
:class:`~cryptography.hazmat.backends.interfaces.EllipticCurveBackend`
provider.
:returns: A new instance of a
:class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePrivateKey`
:returns: A new instance of a :class:`EllipticCurvePrivateKey`
provider.
......@@ -99,7 +94,7 @@ Elliptic Curve Signature Algorithms
.. attribute:: curve
:type: :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurve`
:type: :class:`EllipticCurve`
The elliptic curve for this key.
......@@ -124,8 +119,7 @@ Elliptic Curve Signature Algorithms
:class:`~cryptography.hazmat.backends.interfaces.EllipticCurveBackend`
provider.
:returns: A new instance of a
:class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePublicKey`
:returns: A new instance of a :class:`EllipticCurvePublicKey`
provider.
Elliptic Curves
......@@ -151,8 +145,7 @@ Currently `cryptography` only supports NIST curves, none of which are
considered "safe" by the `SafeCurves`_ project run by Daniel J. Bernstein and
Tanja Lange.
All named curves are providers of
:class:`~cryptography.hazmat.primtives.interfaces.EllipticCurve`.
All named curves are providers of :class:`EllipticCurve`.
.. class:: SECT571K1
......@@ -258,12 +251,196 @@ All named curves are providers of
SECG curve ``secp192r1``. Also called NIST P-192.
Key Interfaces
~~~~~~~~~~~~~~
.. class:: EllipticCurve
.. versionadded:: 0.5
A named elliptic curve.
.. attribute:: name
:type: string
The name of the curve. Usually the name used for the ASN.1 OID such as
``secp256k1``.
.. attribute:: key_size
:type: int
The bit length of the curve's base point.
.. class:: EllipticCurveSignatureAlgorithm
.. versionadded:: 0.5
A signature algorithm for use with elliptic curve keys.
.. attribute:: algorithm
:type: :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`
The digest algorithm to be used with the signature scheme.
.. class:: EllipticCurvePrivateKey
.. versionadded:: 0.5
An elliptic curve private key for use with an algorithm such as `ECDSA`_ or
`EdDSA`_.
.. method:: signer(signature_algorithm)
Sign data which can be verified later by others using the public key.
The signature is formatted as DER-encoded bytes, as specified in
:rfc:`6979`.
:param signature_algorithm: An instance of a
:class:`EllipticCurveSignatureAlgorithm` provider.
:returns:
:class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricSignatureContext`
.. method:: public_key()
:return: :class:`EllipticCurvePublicKey`
The EllipticCurvePublicKey object for this private key.
.. class:: EllipticCurvePrivateKeyWithNumbers
.. versionadded:: 0.6
Extends :class:`EllipticCurvePrivateKey`.
.. method:: private_numbers()
Create a :class:`EllipticCurvePrivateNumbers` object.
:returns: An :class:`EllipticCurvePrivateNumbers` instance.
.. class:: EllipticCurvePrivateKeyWithSerialization
.. versionadded:: 0.8
Extends :class:`EllipticCurvePrivateKey`.
.. method:: private_numbers()
Create a :class:`EllipticCurvePrivateNumbers` object.
:returns: An :class:`EllipticCurvePrivateNumbers` instance.
.. method:: private_bytes(encoding, format, encryption_algorithm)
Allows serialization of the key to bytes. Encoding (
:attr:`~cryptography.hazmat.primitives.serialization.Encoding.PEM` or
:attr:`~cryptography.hazmat.primitives.serialization.Encoding.DER`),
format (
:attr:`~cryptography.hazmat.primitives.serialization.PrivateFormat.TraditionalOpenSSL`
or
:attr:`~cryptography.hazmat.primitives.serialization.PrivateFormat.PKCS8`)
and encryption algorithm (such as
:class:`~cryptography.hazmat.primitives.serialization.BestAvailableEncryption`
or :class:`~cryptography.hazmat.primitives.serialization.NoEncryption`)
are chosen to define the exact serialization.
:param encoding: A value from the
:class:`~cryptography.hazmat.primitives.serialization.Encoding` enum.
:param format: A value from the
:class:`~cryptography.hazmat.primitives.serialization.PrivateFormat` enum.
:param encryption_algorithm: An instance of an object conforming to the
:class:`~cryptography.hazmat.primitives.serialization.KeySerializationEncryption`
interface.
:return bytes: Serialized key.
.. class:: EllipticCurvePublicKey
.. versionadded:: 0.5
An elliptic curve public key.
.. method:: verifier(signature, signature_algorithm)
Verify data was signed by the private key associated with this public
key.
:param bytes signature: The signature to verify. DER encoded as
specified in :rfc:`6979`.
:param signature_algorithm: An instance of a
:class:`EllipticCurveSignatureAlgorithm` provider.
:returns:
:class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricVerificationContext`
.. attribute:: curve
:type: :class:`EllipticCurve`
The elliptic curve for this key.
.. class:: EllipticCurvePublicKeyWithNumbers
.. versionadded:: 0.6
Extends :class:`EllipticCurvePublicKey`.