[Python-modules-commits] [python-cryptography] 01/05: Import python-cryptography_1.1.orig.tar.gz
Tristan Seligmann
mithrandi at moszumanska.debian.org
Fri Oct 30 06:55:43 UTC 2015
This is an automated email from the git hooks/post-receive script.
mithrandi pushed a commit to branch master
in repository python-cryptography.
commit dc547b5ee848bd3c03c269d55647acf813c05c62
Author: Tristan Seligmann <mithrandi at debian.org>
Date: Thu Oct 29 09:13:13 2015 +0200
Import python-cryptography_1.1.orig.tar.gz
---
AUTHORS.rst | 1 +
CHANGELOG.rst | 25 ++
PKG-INFO | 5 +-
README.rst | 2 +-
docs/development/test-vectors.rst | 15 +-
docs/doing-a-release.rst | 25 +-
docs/fernet.rst | 44 +-
docs/hazmat/bindings/openssl.rst | 2 +-
docs/hazmat/primitives/asymmetric/dh.rst | 2 +-
docs/hazmat/primitives/asymmetric/dsa.rst | 10 +-
docs/hazmat/primitives/asymmetric/ec.rst | 96 ++++-
docs/hazmat/primitives/asymmetric/rsa.rst | 16 +-
.../hazmat/primitives/asymmetric/serialization.rst | 6 +-
docs/hazmat/primitives/index.rst | 1 +
.../hazmat/primitives/key-derivation-functions.rst | 95 +++++
docs/hazmat/primitives/keywrap.rst | 59 +++
docs/hazmat/primitives/mac/index.rst | 2 +-
docs/installation.rst | 92 ++++-
docs/security.rst | 7 +-
docs/spelling_wordlist.txt | 7 +-
docs/x509/reference.rst | 225 +++++++++--
docs/x509/tutorial.rst | 20 +-
setup.py | 7 +-
src/_cffi_src/build_openssl.py | 4 +-
src/_cffi_src/openssl/asn1.py | 19 +-
src/_cffi_src/openssl/bignum.py | 19 +-
src/_cffi_src/openssl/engine.py | 2 +
src/_cffi_src/openssl/pkcs7.py | 30 ++
src/_cffi_src/openssl/ssl.py | 17 +
src/_cffi_src/openssl/x509v3.py | 2 +
src/cryptography.egg-info/PKG-INFO | 5 +-
src/cryptography.egg-info/SOURCES.txt | 10 +-
src/cryptography/__about__.py | 2 +-
src/cryptography/exceptions.py | 1 +
src/cryptography/hazmat/backends/interfaces.py | 8 +-
src/cryptography/hazmat/backends/multibackend.py | 24 ++
.../hazmat/backends/openssl/backend.py | 203 +++++++++-
src/cryptography/hazmat/backends/openssl/dsa.py | 3 +
src/cryptography/hazmat/backends/openssl/ec.py | 28 ++
src/cryptography/hazmat/backends/openssl/rsa.py | 3 +
src/cryptography/hazmat/backends/openssl/x509.py | 328 ++++++++++-----
.../hazmat/bindings/openssl/_conditional.py | 6 +-
.../hazmat/bindings/openssl/binding.py | 27 +-
.../hazmat/primitives/asymmetric/ec.py | 42 ++
src/cryptography/hazmat/primitives/kdf/x963kdf.py | 70 ++++
src/cryptography/hazmat/primitives/keywrap.py | 85 ++++
src/cryptography/utils.py | 21 +-
src/cryptography/x509/__init__.py | 6 +-
src/cryptography/x509/base.py | 14 +-
src/cryptography/x509/extensions.py | 20 +-
src/cryptography/x509/name.py | 8 +
src/cryptography/x509/oid.py | 6 +-
tests/hazmat/backends/test_multibackend.py | 31 +-
tests/hazmat/backends/test_openssl.py | 6 +
tests/hazmat/bindings/test_openssl.py | 4 +-
tests/hazmat/primitives/test_dsa.py | 5 +
tests/hazmat/primitives/test_ec.py | 208 +++++++++-
tests/hazmat/primitives/test_keywrap.py | 116 ++++++
tests/hazmat/primitives/test_rsa.py | 17 +
tests/hazmat/primitives/test_x963_vectors.py | 72 ++++
tests/hazmat/primitives/test_x963kdf.py | 120 ++++++
tests/hypothesis/__init__.py | 5 +
tests/hypothesis/test_fernet.py | 15 +
tests/test_utils.py | 85 +++-
tests/test_x509.py | 441 +++++++++++++++++++++
tests/test_x509_ext.py | 78 ++++
tests/utils.py | 61 ++-
67 files changed, 2745 insertions(+), 296 deletions(-)
diff --git a/AUTHORS.rst b/AUTHORS.rst
index 6f862b9..eaadd52 100644
--- a/AUTHORS.rst
+++ b/AUTHORS.rst
@@ -26,3 +26,4 @@ PGP key fingerprints are enclosed in parentheses.
* Andre Caron <andre.l.caron at gmail.com>
* Jiangge Zhang <tonyseek at gmail.com> (BBEC 782B 015F 71B1 5FF7 EACA 1A8C AA98 255F 5000)
* Major Hayden <major at mhtx.net> (1BF9 9264 9596 0033 698C 252B 7370 51E0 C101 1FB1)
+* Phoebe Queen <foibey at gmail.com> (10D4 7741 AB65 50F4 B264 3888 DA40 201A 072B C1FA)
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index ee736db..9518a3d 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -1,6 +1,31 @@
Changelog
=========
+1.1 - 2015-10-28
+~~~~~~~~~~~~~~~~
+
+* Added support for Elliptic Curve Diffie-Hellman with
+ :class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDH`.
+* Added :class:`~cryptography.hazmat.primitives.kdf.x963kdf.X963KDF`.
+* Added support for parsing certificate revocation lists (CRLs) using
+ :func:`~cryptography.x509.load_pem_x509_crl` and
+ :func:`~cryptography.x509.load_der_x509_crl`.
+* Add support for AES key wrapping with
+ :func:`~cryptography.hazmat.primitives.keywrap.aes_key_wrap` and
+ :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap`.
+* Added a ``__hash__`` method to :class:`~cryptography.x509.Name`.
+* Add support for encoding and decoding elliptic curve points to a byte string
+ form using
+ :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.encode_point`
+ and
+ :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.from_encoded_point`.
+* Added :meth:`~cryptography.x509.Extensions.get_extension_for_class`.
+* :class:`~cryptography.x509.CertificatePolicies` are now supported in the
+ :class:`~cryptography.x509.CertificateBuilder`.
+* ``countryName`` is now encoded as a ``PrintableString`` when creating subject
+ and issuer distinguished names with the Certificate and CSR builder classes.
+
+
1.0.2 - 2015-09-27
~~~~~~~~~~~~~~~~~~
* **SECURITY ISSUE**: The OpenSSL backend prior to 1.0.2 made extensive use
diff --git a/PKG-INFO b/PKG-INFO
index 0f2a3d2..55ef53d 100644
--- a/PKG-INFO
+++ b/PKG-INFO
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: cryptography
-Version: 1.0.2
+Version: 1.1
Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
Home-page: https://github.com/pyca/cryptography
Author: The cryptography developers
@@ -26,7 +26,7 @@ Description: Cryptography
``cryptography`` is a package which provides cryptographic recipes and
primitives to Python developers. Our goal is for it to be your "cryptographic
- standard library". It supports Python 2.6-2.7, Python 3.3+, and PyPy.
+ standard library". It supports Python 2.6-2.7, Python 3.3+, and PyPy 2.6+.
``cryptography`` includes both high level recipes, and low level interfaces to
common cryptographic algorithms such as symmetric ciphers, message digests and
@@ -79,6 +79,7 @@ Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.3
Classifier: Programming Language :: Python :: 3.4
+Classifier: Programming Language :: Python :: 3.5
Classifier: Programming Language :: Python :: Implementation :: CPython
Classifier: Programming Language :: Python :: Implementation :: PyPy
Classifier: Topic :: Security :: Cryptography
diff --git a/README.rst b/README.rst
index 949826e..19fa779 100644
--- a/README.rst
+++ b/README.rst
@@ -18,7 +18,7 @@ Cryptography
``cryptography`` is a package which provides cryptographic recipes and
primitives to Python developers. Our goal is for it to be your "cryptographic
-standard library". It supports Python 2.6-2.7, Python 3.3+, and PyPy.
+standard library". It supports Python 2.6-2.7, Python 3.3+, and PyPy 2.6+.
``cryptography`` includes both high level recipes, and low level interfaces to
common cryptographic algorithms such as symmetric ciphers, message digests and
diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
index 1c84435..0b249cc 100644
--- a/docs/development/test-vectors.rst
+++ b/docs/development/test-vectors.rst
@@ -148,6 +148,9 @@ Custom X.509 Vectors
certificate containing a subject alternative name extension with the
following general names: ``rfc822Name``, ``dNSName``, ``iPAddress``,
``directoryName``, and ``uniformResourceIdentifier``.
+* ``san_empty_hostname.pem`` - An RSA 2048 bit self-signed certificate
+ containing a subject alternative extension with an empty ``dNSName``
+ general name.
* ``san_other_name.pem`` - An RSA 2048 bit self-signed certificate containing
a subject alternative name extension with the ``otherName`` general name.
* ``san_registered_id.pem`` - An RSA 1024 bit certificate containing a
@@ -193,6 +196,9 @@ Custom X.509 Vectors
containing an authority information access extension with an OCSP entry.
* ``aia_ca_issuers.pem`` - An RSA 2048 bit self-signed certificate
containing an authority information access extension with a CA issuers entry.
+* ``cdp_empty_hostname.pem`` - An RSA 2048 bit self-signed certificate
+ containing a CRL distribution point extension with ``fullName`` URI without
+ a hostname.
* ``cdp_fullname_reasons_crl_issuer.pem`` - An RSA 1024 bit certificate
containing a CRL distribution points extension with ``fullName``,
``cRLIssuer``, and ``reasons`` data.
@@ -248,6 +254,8 @@ Custom X.509 Vectors
policy constraints extension with an inhibit policy mapping element.
* ``pc_require.pem`` - An RSA 2048 bit self-signed certificate containing a
policy constraints extension with a require explicit policy element.
+* ``unsupported_subject_public_key_info.pem`` - A certificate whose public key
+ is an unknown OID (``1.3.6.1.4.1.8432.1.1.2``).
Custom X.509 Request Vectors
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -294,6 +302,8 @@ Custom X.509 Certificate Revocation List Vectors
to "1.2.3.4". The CRL uses an unsupported MD2 signature algorithm.
* ``crl_unsupported_reason.pem`` - Contains a CRL with one revocation which has
an unsupported reason code.
+* ``crl_inval_cert_issuer_entry_ext.pem`` - Contains a CRL with one revocation
+ which has one entry extension for certificate issuer with an empty value.
Hashes
~~~~~~
@@ -318,6 +328,7 @@ Key derivation functions
* HKDF (SHA1, SHA256) from :rfc:`5869`.
* PBKDF2 (HMAC-SHA1) from :rfc:`6070`.
* scrypt from the `draft RFC`_.
+* X9.63 KDF from `NIST CAVP`_.
Key wrapping
~~~~~~~~~~~~
@@ -395,14 +406,14 @@ header format (substituting the correct information):
.. _`IETF`: https://www.ietf.org/
.. _`NIST CAVP`: http://csrc.nist.gov/groups/STM/cavp/
.. _`Bruce Schneier's vectors`: https://www.schneier.com/code/vectors.txt
-.. _`Camellia page`: http://info.isl.ntt.co.jp/crypt/eng/camellia/
+.. _`Camellia page`: https://info.isl.ntt.co.jp/crypt/eng/camellia/
.. _`CRYPTREC`: http://www.cryptrec.go.jp
.. _`OpenSSL's test vectors`: https://github.com/openssl/openssl/blob/97cf1f6c2854a3a955fd7dd3a1f113deba00c9ef/crypto/evp/evptests.txt#L232
.. _`RIPEMD website`: http://homes.esat.kuleuven.be/~bosselae/ripemd160.html
.. _`Whirlpool website`: http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html
.. _`draft RFC`: https://tools.ietf.org/html/draft-josefsson-scrypt-kdf-01
.. _`Specification repository`: https://github.com/fernet/spec
-.. _`errata`: http://www.rfc-editor.org/errata_search.php?rfc=6238
+.. _`errata`: https://www.rfc-editor.org/errata_search.php?rfc=6238
.. _`OpenSSL example key`: https://github.com/openssl/openssl/blob/d02b48c63a58ea4367a0e905979f140b7d090f86/test/testrsa.pem
.. _`GnuTLS key parsing tests`: https://gitlab.com/gnutls/gnutls/commit/f16ef39ef0303b02d7fa590a37820440c466ce8d
.. _`enc-rsa-pkcs8.pem`: https://gitlab.com/gnutls/gnutls/blob/f8d943b38bf74eaaa11d396112daf43cb8aa82ae/tests/pkcs8-decode/encpkcs8.pem
diff --git a/docs/doing-a-release.rst b/docs/doing-a-release.rst
index 283b98b..0087ec5 100644
--- a/docs/doing-a-release.rst
+++ b/docs/doing-a-release.rst
@@ -3,12 +3,27 @@ Doing a release
Doing a release of ``cryptography`` requires a few steps.
-Verifying OpenSSL version
--------------------------
+Verifying and upgrading OpenSSL version
+---------------------------------------
-The release process uses a static build for Windows wheels. Check that the
-Windows Jenkins builders have the latest version of OpenSSL installed
-before performing the release.
+The release process uses a static build for Windows and OS X wheels. Check that
+the Windows and OS X Jenkins builders have the latest version of OpenSSL
+installed before performing the release. If they do not:
+
+Upgrading Windows
+~~~~~~~~~~~~~~~~~
+
+Run the ``openssl-release`` Jenkins job, then copy the resulting artifacts to
+the Windows builders and unzip them in the root of the file system.
+
+Upgrading OS X
+~~~~~~~~~~~~~~
+
+``brew update`` and then ``brew upgrade openssl --universal --build-bottle`` to
+build a universal library (32-bit and 64-bit) compatible with all Intel Macs.
+This can be confirmed by using
+``lipo -info /usr/local/opt/openssl/lib/libssl.dylib`` to see the available
+architectures.
Bumping the version number
--------------------------
diff --git a/docs/fernet.rst b/docs/fernet.rst
index eacbc2a..a2bab32 100644
--- a/docs/fernet.rst
+++ b/docs/fernet.rst
@@ -3,7 +3,7 @@ Fernet (symmetric encryption)
.. currentmodule:: cryptography.fernet
-Fernet provides guarantees that a message encrypted using it cannot be
+Fernet guarantees that a message encrypted using it cannot be
manipulated or read without the key. `Fernet`_ is an implementation of
symmetric (also known as "secret key") authenticated cryptography. Fernet also
has support for implementing key rotation via :class:`MultiFernet`.
@@ -106,6 +106,47 @@ has support for implementing key rotation via :class:`MultiFernet`.
See :meth:`Fernet.decrypt` for more information.
+
+Using passwords with Fernet
+---------------------------
+
+It is possible to use passwords with Fernet. To do this, you need to run the
+password through a key derivation function such as
+:class:`~cryptography.hazmat.primitives.kdf.pbkdf2.PBKDF2HMAC`, bcrypt or
+scrypt.
+
+.. doctest::
+
+ >>> import base64
+ >>> import os
+ >>> from cryptography.fernet import Fernet
+ >>> from cryptography.hazmat.backends import default_backend
+ >>> from cryptography.hazmat.primitives import hashes
+ >>> from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
+ >>> password = b"password"
+ >>> salt = os.urandom(16)
+ >>> kdf = PBKDF2HMAC(
+ ... algorithm=hashes.SHA256(),
+ ... length=32,
+ ... salt=salt,
+ ... iterations=100000,
+ ... backend=default_backend()
+ ... )
+ >>> key = base64.urlsafe_b64encode(kdf.derive(password))
+ >>> f = Fernet(key)
+ >>> token = f.encrypt(b"Secret message!")
+ >>> token
+ '...'
+ >>> f.decrypt(token)
+ 'Secret message!'
+
+In this scheme, the salt has to be stored in a retrievable location in order
+to derive the same key from the password in the future.
+
+The iteration count used should be adjusted to be as high as your server can
+tolerate. A good default is at least 100,000 iterations which is what Django
+`recommends`_ in 2014.
+
Implementation
--------------
@@ -125,3 +166,4 @@ For complete details consult the `specification`_.
.. _`Fernet`: https://github.com/fernet/spec/
.. _`specification`: https://github.com/fernet/spec/blob/master/Spec.md
+.. _`recommends`: https://github.com/django/django/blob/master/django/utils/crypto.py#L148
diff --git a/docs/hazmat/bindings/openssl.rst b/docs/hazmat/bindings/openssl.rst
index 446c450..0ec0a3d 100644
--- a/docs/hazmat/bindings/openssl.rst
+++ b/docs/hazmat/bindings/openssl.rst
@@ -37,7 +37,7 @@ Threading
``cryptography`` enables OpenSSLs `thread safety facilities`_ in two different
ways depending on the configuration of your system. Normally the locking
callbacks provided by your Python implementation specifically for OpenSSL will
-be used. However if you have linked ``cryptography`` to a different version of
+be used. However, if you have linked ``cryptography`` to a different version of
OpenSSL than that used by your Python implementation we enable an alternative
locking callback. This version is implemented in Python and so may result in
lower performance in some situations. In particular parallelism is reduced
diff --git a/docs/hazmat/primitives/asymmetric/dh.rst b/docs/hazmat/primitives/asymmetric/dh.rst
index dde18cf..f4e0de6 100644
--- a/docs/hazmat/primitives/asymmetric/dh.rst
+++ b/docs/hazmat/primitives/asymmetric/dh.rst
@@ -29,7 +29,7 @@ Numbers
The private value.
-.. class:: DHPublicNumbers(parameters, y)
+.. class:: DHPublicNumbers(y, parameter_numbers)
.. versionadded:: 0.8
diff --git a/docs/hazmat/primitives/asymmetric/dsa.rst b/docs/hazmat/primitives/asymmetric/dsa.rst
index 4eb17e3..1429cb0 100644
--- a/docs/hazmat/primitives/asymmetric/dsa.rst
+++ b/docs/hazmat/primitives/asymmetric/dsa.rst
@@ -86,8 +86,14 @@ described in :rfc:`3279`. This can be decoded using
Verification
~~~~~~~~~~~~
-Using a :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`
-provider.
+Verification is performed using a
+:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey` provider.
+You can get a public key object with
+:func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`,
+:func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`,
+:meth:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicNumbers.public_key`
+, or
+:meth:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey.public_key`.
.. doctest::
diff --git a/docs/hazmat/primitives/asymmetric/ec.rst b/docs/hazmat/primitives/asymmetric/ec.rst
index 323f4c3..c1619dd 100644
--- a/docs/hazmat/primitives/asymmetric/ec.rst
+++ b/docs/hazmat/primitives/asymmetric/ec.rst
@@ -12,7 +12,7 @@ Elliptic curve cryptography
Generate a new private key on ``curve`` for use with ``backend``.
- :param backend: A :class:`EllipticCurve` provider.
+ :param curve: A :class:`EllipticCurve` provider.
:param backend: A
:class:`~cryptography.hazmat.backends.interfaces.EllipticCurveBackend`
@@ -122,13 +122,75 @@ Elliptic Curve Signature Algorithms
:returns: A new instance of a :class:`EllipticCurvePublicKey`
provider.
+ .. method:: encode_point()
+
+ .. versionadded:: 1.1
+
+ Encodes an elliptic curve point to a byte string as described in
+ `SEC 1 v2.0`_ section 2.3.3. This method only supports uncompressed
+ points.
+
+ :return bytes: The encoded point.
+
+ .. classmethod:: from_encoded_point(curve, data)
+
+ .. versionadded:: 1.1
+
+ Decodes a byte string as described in `SEC 1 v2.0`_ section 2.3.3 and
+ returns an :class:`EllipticCurvePublicNumbers`. This method only
+ supports uncompressed points.
+
+ :param curve: An
+ :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve`
+ instance.
+
+ :param bytes data: The serialized point byte string.
+
+ :returns: An :class:`EllipticCurvePublicNumbers` instance.
+
+ :raises ValueError: Raised on invalid point type or data length.
+
+ :raises TypeError: Raised when curve is not an
+ :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve`.
+
+Elliptic Curve Key Exchange algorithm
+-------------------------------------
+
+.. class:: ECDH()
+
+ .. versionadded:: 1.1
+
+ The Elliptic Curve Diffie-Hellman Key Exchange algorithm first standardized
+ in NIST publication `800-56A`_, and later in `800-56Ar2`_.
+
+ For most applications the ``shared_key`` should be passed to a key
+ derivation function.
+
+ .. doctest::
+
+ >>> from cryptography.hazmat.backends import default_backend
+ >>> from cryptography.hazmat.primitives.asymmetric import ec
+ >>> private_key = ec.generate_private_key(
+ ... ec.SECP384R1(), default_backend()
+ ... )
+ >>> peer_public_key = ec.generate_private_key(
+ ... ec.SECP384R1(), default_backend()
+ ... ).public_key()
+ >>> shared_key = private_key.exchange(ec.ECDH(), peer_public_key)
+
+ ECDHE (or EECDH), the ephemeral form of this exchange, is **strongly
+ preferred** over simple ECDH and provides `forward secrecy`_ when used.
+ You must generate a new private key using :func:`generate_private_key` for
+ each :meth:`~EllipticCurvePrivateKey.exchange` when performing an ECDHE key
+ exchange.
+
Elliptic Curves
---------------
Elliptic curves provide equivalent security at much smaller key sizes than
-asymmetric cryptography systems such as RSA or DSA. For some operations they
-can also provide higher performance at every security level. According to NIST
-they can have as much as a `64x lower computational cost than DH`_.
+other asymmetric cryptography systems such as RSA or DSA. For many operations
+elliptic curves are also significantly faster; `elliptic curve diffie-hellman
+is faster than diffie-hellman`_.
.. note::
Curves with a size of `less than 224 bits`_ should not be used. You should
@@ -138,7 +200,7 @@ Generally the NIST prime field ("P") curves are significantly faster than the
other types suggested by NIST at both signing and verifying with ECDSA.
Prime fields also `minimize the number of security concerns for elliptic-curve
-cryptography`_. However there is `some concern`_ that both the prime field and
+cryptography`_. However, there is `some concern`_ that both the prime field and
binary field ("B") NIST curves may have been weakened during their generation.
Currently `cryptography` only supports NIST curves, none of which are
@@ -314,6 +376,24 @@ Key Interfaces
:returns:
:class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricSignatureContext`
+ .. method:: exchange(algorithm, peer_public_key)
+
+ .. versionadded:: 1.1
+
+ Perform's a key exchange operation using the provided algorithm with
+ the peer's public key.
+
+ For most applications the result should be passed to a key derivation
+ function.
+
+ :param algorithm: The key exchange algorithm, currently only
+ :class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDH` is
+ supported.
+ :param EllipticCurvePublicKey peer_public_key: The public key for the
+ peer.
+
+ :returns bytes: A shared key.
+
.. method:: public_key()
:return: :class:`EllipticCurvePublicKey`
@@ -419,10 +499,14 @@ Key Interfaces
.. _`FIPS 186-3`: http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf
.. _`FIPS 186-4`: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
+.. _`800-56A`: http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf
+.. _`800-56Ar2`: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf
.. _`some concern`: https://crypto.stackexchange.com/questions/10263/should-we-trust-the-nist-recommended-ecc-parameters
.. _`less than 224 bits`: http://www.ecrypt.eu.org/ecrypt2/documents/D.SPA.20.pdf
-.. _`64x lower computational cost than DH`: https://www.nsa.gov/business/programs/elliptic_curve.shtml
+.. _`elliptic curve diffie-hellman is faster than diffie-hellman`: http://digitalcommons.unl.edu/cgi/viewcontent.cgi?article=1100&context=cseconfwork
.. _`minimize the number of security concerns for elliptic-curve cryptography`: http://cr.yp.to/ecdh/curve25519-20060209.pdf
.. _`SafeCurves`: http://safecurves.cr.yp.to/
.. _`ECDSA`: https://en.wikipedia.org/wiki/ECDSA
.. _`EdDSA`: https://en.wikipedia.org/wiki/EdDSA
+.. _`forward secrecy`: https://en.wikipedia.org/wiki/Forward_secrecy
+.. _`SEC 1 v2.0`: http://www.secg.org/sec1-v2.pdf
diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst
index e8bbf5c..bc2402d 100644
--- a/docs/hazmat/primitives/asymmetric/rsa.rst
+++ b/docs/hazmat/primitives/asymmetric/rsa.rst
@@ -163,9 +163,15 @@ Verification
~~~~~~~~~~~~
The previous section describes what to do if you have a private key and want to
-sign something. If you have a public key, a message, and a signature, you can
-check that the public key genuinely was used to sign that specific message. You
-also need to know which signing algorithm was used:
+sign something. If you have a public key, a message, a signature, and the
+signing algorithm that was used you can check that the private key associated
+with a given public key was used to sign that specific message. You can obtain
+a public key to use in verification using
+:func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`,
+:func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`,
+:meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicNumbers.public_key`
+, or
+:meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey.public_key`.
.. doctest::
@@ -421,7 +427,7 @@ Handling partial RSA private keys
If you are trying to load RSA private keys yourself you may find that not all
parameters required by ``RSAPrivateNumbers`` are available. In particular the
`Chinese Remainder Theorem`_ (CRT) values ``dmp1``, ``dmq1``, ``iqmp`` may be
-missing or present in a different form. For example `OpenPGP`_ does not include
+missing or present in a different form. For example, `OpenPGP`_ does not include
the ``iqmp``, ``dmp1`` or ``dmq1`` parameters.
The following functions are provided for users who want to work with keys like
@@ -652,4 +658,4 @@ Key interfaces
.. _`Chinese Remainder Theorem`: https://en.wikipedia.org/wiki/RSA_%28cryptosystem%29#Using_the_Chinese_remainder_algorithm
.. _`security proof`: http://eprint.iacr.org/2001/062.pdf
.. _`recommended padding algorithm`: http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html
-.. _`proven secure`: http://cseweb.ucsd.edu/~mihir/papers/oae.pdf
+.. _`proven secure`: https://cseweb.ucsd.edu/~mihir/papers/oae.pdf
diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst
index 8d51f0d..f14f403 100644
--- a/docs/hazmat/primitives/asymmetric/serialization.rst
+++ b/docs/hazmat/primitives/asymmetric/serialization.rst
@@ -337,8 +337,6 @@ Serialization Encodings
.. class:: Encoding
- .. versionadded:: 0.8
-
An enumeration for encoding types. Used with the ``private_bytes`` method
available on
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization`
@@ -353,10 +351,14 @@ Serialization Encodings
.. attribute:: PEM
+ .. versionadded:: 0.8
+
For PEM format. This is a base64 format with delimiters.
.. attribute:: DER
+ .. versionadded:: 0.9
+
For DER format. This is a binary format.
diff --git a/docs/hazmat/primitives/index.rst b/docs/hazmat/primitives/index.rst
index a9ab38a..cf27622 100644
--- a/docs/hazmat/primitives/index.rst
+++ b/docs/hazmat/primitives/index.rst
@@ -11,6 +11,7 @@ Primitives
symmetric-encryption
padding
key-derivation-functions
+ keywrap
asymmetric/index
constant-time
interfaces
diff --git a/docs/hazmat/primitives/key-derivation-functions.rst b/docs/hazmat/primitives/key-derivation-functions.rst
index 35e2dd8..4d95629 100644
--- a/docs/hazmat/primitives/key-derivation-functions.rst
+++ b/docs/hazmat/primitives/key-derivation-functions.rst
@@ -506,6 +506,99 @@ Different KDFs are suitable for different tasks such as:
``key_material`` generates the same key as the ``expected_key``, and
raises an exception if they do not match.
+.. currentmodule:: cryptography.hazmat.primitives.kdf.x963kdf
+
+.. class:: X963KDF(algorithm, length, otherinfo, backend)
+
+ .. versionadded:: 1.1
+
+ X963KDF (ANSI X9.63 Key Derivation Function) is defined by ANSI
+ in the `ANSI X9.63:2001`_ document, to be used to derive keys for use
+ after a Key Exchange negotiation operation.
+
+ SECG in `SEC 1 v2.0`_ recommends that
+ :class:`~cryptography.hazmat.primitives.kdf.concatkdf.ConcatKDFHash` be
+ used for new projects. This KDF should only be used for backwards
+ compatibility with pre-existing protocols.
+
+
+ .. warning::
+
+ X963KDF should not be used for password storage.
+
+ .. doctest::
+
+ >>> import os
+ >>> from cryptography.hazmat.primitives import hashes
+ >>> from cryptography.hazmat.primitives.kdf.x963kdf import X963KDF
+ >>> from cryptography.hazmat.backends import default_backend
+ >>> backend = default_backend()
+ >>> sharedinfo = b"ANSI X9.63 Example"
+ >>> xkdf = X963KDF(
+ ... algorithm=hashes.SHA256(),
+ ... length=256,
+ ... sharedinfo=sharedinfo,
+ ... backend=backend
+ ... )
+ >>> key = xkdf.derive(b"input key")
+ >>> xkdf = X963KDF(
+ ... algorithm=hashes.SHA256(),
+ ... length=256,
+ ... sharedinfo=sharedinfo,
+ ... backend=backend
+ ... )
+ >>> xkdf.verify(b"input key", key)
+
+ :param algorithm: An instance of a
+ :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`
+ provider
+
+ :param int length: The desired length of the derived key in bytes.
+ Maximum is ``hashlen * (2^32 -1)``.
+
+ :param bytes sharedinfo: Application specific context information.
+ If ``None`` is explicitly passed an empty byte string will be used.
+
+ :param backend: A cryptography backend
+ :class:`~cryptography.hazmat.backends.interfaces.HashBackend`
+ provider.
+
+ :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised
+ if the provided ``backend`` does not implement
+ :class:`~cryptography.hazmat.backends.interfaces.HashBackend`
+
+ :raises TypeError: This exception is raised if ``sharedinfo`` is not
+ ``bytes``.
+
+ .. method:: derive(key_material)
+
+ :param bytes key_material: The input key material.
+ :return bytes: The derived key.
+ :raises TypeError: This exception is raised if ``key_material`` is
+ not ``bytes``.
+
+ Derives a new key from the input key material.
+
+ .. method:: verify(key_material, expected_key)
+
+ :param bytes key_material: The input key material. This is the same as
+ ``key_material`` in :meth:`derive`.
+ :param bytes expected_key: The expected result of deriving a new key,
+ this is the same as the return value of
+ :meth:`derive`.
+ :raises cryptography.exceptions.InvalidKey: This is raised when the
+ derived key does not match
+ the expected key.
+ :raises cryptography.exceptions.AlreadyFinalized: This is raised when
+ :meth:`derive` or
+ :meth:`verify` is
+ called more than
+ once.
+
+ This checks whether deriving a new key from the supplied
+ ``key_material`` generates the same key as the ``expected_key``, and
+ raises an exception if they do not match.
+
Interface
~~~~~~~~~
@@ -556,6 +649,8 @@ Interface
.. _`NIST SP 800-132`: http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf
.. _`NIST SP 800-56Ar2`: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf
+.. _`ANSI X9.63:2001`: https://webstore.ansi.org
+.. _`SEC 1 v2.0`: http://www.secg.org/sec1-v2.pdf
.. _`Password Storage Cheat Sheet`: https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
.. _`PBKDF2`: https://en.wikipedia.org/wiki/PBKDF2
.. _`scrypt`: https://en.wikipedia.org/wiki/Scrypt
diff --git a/docs/hazmat/primitives/keywrap.rst b/docs/hazmat/primitives/keywrap.rst
new file mode 100644
index 0000000..e4f9ffe
--- /dev/null
+++ b/docs/hazmat/primitives/keywrap.rst
@@ -0,0 +1,59 @@
+.. hazmat::
+
+.. module:: cryptography.hazmat.primitives.keywrap
+
+Key wrapping
+============
+
+Key wrapping is a cryptographic construct that uses symmetric encryption to
+encapsulate key material. Key wrapping algorithms are occasionally utilized
+to protect keys at rest or transmit them over insecure networks. Many of the
+protections offered by key wrapping are also offered by using authenticated
+:doc:`symmetric encryption </hazmat/primitives/symmetric-encryption>`.
+
+.. function:: aes_key_wrap(wrapping_key, key_to_wrap, backend)
+
+ .. versionadded:: 1.1
+
+ This function performs AES key wrap (without padding) as specified in
+ :rfc:`3394`.
+
+ :param bytes wrapping_key: The wrapping key.
+
+ :param bytes key_to_wrap: The key to wrap.
+
+ :param backend: A
+ :class:`~cryptography.hazmat.backends.interfaces.CipherBackend`
+ provider that supports
+ :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES`.
+
+ :return bytes: The wrapped key as bytes.
+
+.. function:: aes_key_unwrap(wrapping_key, wrapped_key, backend)
+
+ .. versionadded:: 1.1
+
+ This function performs AES key unwrap (without padding) as specified in
+ :rfc:`3394`.
+
+ :param bytes wrapping_key: The wrapping key.
+
+ :param bytes wrapped_key: The wrapped key.
+
+ :param backend: A
+ :class:`~cryptography.hazmat.backends.interfaces.CipherBackend`
+ provider that supports
+ :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES`.
+
+ :return bytes: The unwrapped key as bytes.
+
+ :raises cryptography.hazmat.primitives.keywrap.InvalidUnwrap: This is
+ raised if the key is not successfully unwrapped.
+
+Exceptions
+~~~~~~~~~~
+
+.. class:: InvalidUnwrap
+
+ This is raised when a wrapped key fails to unwrap. It can be caused by a
+ corrupted or invalid wrapped key or an invalid wrapping key.
diff --git a/docs/hazmat/primitives/mac/index.rst b/docs/hazmat/primitives/mac/index.rst
index bc54bae..05db708 100644
--- a/docs/hazmat/primitives/mac/index.rst
+++ b/docs/hazmat/primitives/mac/index.rst
@@ -9,7 +9,7 @@ recommend that HMAC should be used unless you have a good reason otherwise.
For more information on why HMAC is preferred, see `Use cases for CMAC vs.
HMAC?`_
-.. _`Use cases for CMAC vs. HMAC?`: http://crypto.stackexchange.com/questions/15721/use-cases-for-cmac-vs-hmac
+.. _`Use cases for CMAC vs. HMAC?`: https://crypto.stackexchange.com/questions/15721/use-cases-for-cmac-vs-hmac
.. toctree::
:maxdepth: 1
diff --git a/docs/installation.rst b/docs/installation.rst
index 277e021..61f9348 100644
--- a/docs/installation.rst
+++ b/docs/installation.rst
@@ -10,29 +10,29 @@ You can install ``cryptography`` with ``pip``:
Supported platforms
-------------------
-Currently we test ``cryptography`` on Python 2.6, 2.7, 3.3, 3.4 and PyPy
-on these operating systems.
+Currently we test ``cryptography`` on Python 2.6, 2.7, 3.3, 3.4, 3.5, and PyPy
+2.6+ on these operating systems.
* x86-64 CentOS 7.x, 6.4 and CentOS 5.x
* x86-64 FreeBSD 10
-* OS X 10.10 Yosemite, 10.9 Mavericks, 10.8 Mountain Lion, and 10.7 Lion
-* x86-64 Ubuntu 12.04 LTS
-* x86-64 Debian Wheezy (7.x) and Jessie (8.x)
-* 32-bit Python on 64-bit Windows Server 2008
-* 64-bit Python on 64-bit Windows Server 2012
+* OS X 10.11 El Capitan, 10.10 Yosemite, 10.9 Mavericks, 10.8 Mountain Lion,
+ and 10.7 Lion
+* x86-64 Ubuntu 12.04 LTS and Ubuntu 14.04 LTS
+* x86-64 Debian Wheezy (7.x), Jessie (8.x), and Debian Sid (unstable)
+* 32-bit and 64-bit Python on 64-bit Windows Server 2012
We test compiling with ``clang`` as well as ``gcc`` and use the following
OpenSSL releases:
* ``OpenSSL 0.9.8e-fips-rhel5`` (``RHEL/CentOS 5``)
* ``OpenSSL 0.9.8k``
-* ``OpenSSL 0.9.8za``
+* ``OpenSSL 0.9.8-latest`` (The most recent 0.9.8 release)
* ``OpenSSL 1.0.0-fips`` (``RHEL/CentOS 6.4``)
* ``OpenSSL 1.0.1``
* ``OpenSSL 1.0.1e-fips`` (``RHEL/CentOS 7``)
* ``OpenSSL 1.0.1j-freebsd``
-* ``OpenSSL 1.0.1-latest`` (The most recent 1.0.1 release)
-* ``OpenSSL 1.0.2``
+* ``OpenSSL 1.0.1f``
+* ``OpenSSL 1.0.2-latest``
On Windows
----------
@@ -46,7 +46,9 @@ dependencies are included. Just run
If you prefer to compile it yourself you'll need to have OpenSSL installed.
You can compile OpenSSL yourself as well or use the binaries we build for our
-release infrastructure (`32-bit`_ and `64-bit`_). Wherever you place your copy
+release infrastructure (`openssl-release`_). Be sure to download the proper
+version for your architecture and Python (2010 works for Python 2.6, 2.7, 3.3,
+and 3.4 while 2015 is required for 3.5). Wherever you place your copy
of OpenSSL you'll need to set the ``LIB`` and ``INCLUDE`` environment variables
to include the proper locations. For example:
@@ -58,6 +60,8 @@ to include the proper locations. For example:
C:\> pip install cryptography
+.. _build-on-linux:
+
Building cryptography on Linux
------------------------------
@@ -115,17 +119,62 @@ You'll also need to generate your own ``openssl.ld`` file. For example::
You should replace the version string on the first line as appropriate for your
build.
-Building cryptography on OS X
------------------------------
-
-The wheel package on OS X is a statically linked build (as of 1.0.1) so for
-users on 10.10 (Yosemite) and above you need two steps:
+Static Wheels
+~~~~~~~~~~~~~
+
+Cryptography ships statically-linked wheels for OS X and Windows, ensuring that
+these platforms can always use the most-recent OpenSSL, regardless of what is
+shipped by default on those platforms. As a result of various difficulties
+around Linux binary linking, Cryptography cannot do the same on Linux.
+
+However, you can build your own statically-linked wheels that will work on your
+own systems. This will allow you to continue to use relatively old Linux
+distributions (such as LTS releases), while making sure you have the most
+recent OpenSSL available to your Python programs.
+
+To do so, you should find yourself a machine that is as similar as possible to
+your target environment (e.g. your production environment): for example, spin
+up a new cloud server running your target Linux distribution. On this machine,
+install the Cryptography dependencies as mentioned in :ref:`build-on-linux`.
+Please also make sure you have `virtualenv`_ installed: this should be
+available from your system package manager.
+
+Then, paste the following into a shell script. You'll need to populate the
+``OPENSSL_VERSION`` variable. To do that, visit `openssl.org`_ and find the
+latest non-FIPS release version number, then set the string appropriately. For
+example, for OpenSSL 1.0.2d, use ``OPENSSL_VERSION="1.0.2d"``.
+
+When this shell script is complete, you'll find a collection of wheel files in
+a directory called ``wheelhouse``. These wheels can be installed by a
+sufficiently-recent version of ``pip``. The Cryptography wheel in this
+directory contains a statically-linked OpenSSL binding, which ensures that you
+have access to the most-recent OpenSSL releases without corrupting your system
+dependencies.
.. code-block:: console
- $ xcode-select --install
+ set -e
-followed by
+ OPENSSL_VERSION="VERSIONGOESHERE"
+ CWD=$(pwd)
+
+ virtualenv env
+ . env/bin/activate
+ pip install -U setuptools
+ pip install -U wheel pip
+ curl -O https://openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz
+ tar xvf openssl-${OPENSSL_VERSION}.tar.gz
+ cd openssl-${OPENSSL_VERSION}
+ ./config no-shared no-ssl2 -fPIC --prefix=${CWD}/openssl
+ make && make install
+ cd ..
+ CFLAGS="-I${CWD}/openssl/include" LDFLAGS="-L${CWD}/openssl/lib" pip wheel --no-use-wheel cryptography
+
+Building cryptography on OS X
+-----------------------------
+
+The wheel package on OS X is a statically linked build (as of 1.0.1) so for
+users on 10.10 (Yosemite) and above you only need one step:
.. code-block:: console
@@ -202,8 +251,9 @@ information, consult `Greg Wilson's blog post`_ on the subject.
.. _`Homebrew`: http://brew.sh
-.. _`MacPorts`: http://www.macports.org
-.. _`32-bit`: https://jenkins.cryptography.io/job/openssl-win32-release/
-.. _`64-bit`: https://jenkins.cryptography.io/job/openssl-win64-release/
+.. _`MacPorts`: https://www.macports.org
+.. _`openssl-release`: https://jenkins.cryptography.io/job/openssl-release/
.. _`bug in conda`: https://github.com/conda/conda-recipes/issues/110
.. _`Greg Wilson's blog post`: http://software-carpentry.org/blog/2014/04/mr-biczo-was-right.html
+.. _virtualenv: https://virtualenv.pypa.io/en/latest/
+.. _openssl.org: https://openssl.org/source/
diff --git a/docs/security.rst b/docs/security.rst
index 5025345..13f9996 100644
--- a/docs/security.rst
+++ b/docs/security.rst
@@ -30,9 +30,10 @@ as well as the 2 most recent releases.
New releases for OpenSSL updates
--------------------------------
-As of version 0.5, ``cryptography`` statically links OpenSSL on Windows to ease
-installation. Due to this, ``cryptography`` will release a new version whenever
-OpenSSL has a security or bug fix release to avoid shipping insecure software.
+As of version 0.5, ``cryptography`` statically links OpenSSL on Windows, and as
+of version 1.0.1 on OS X, to ease installation. Due to this, ``cryptography``
+will release a new version whenever OpenSSL has a security or bug fix release to
+avoid shipping insecure software.
Like all our other releases, this will be announced on the mailing list and we
strongly recommend that you upgrade as soon as possible.
diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt
index 50da4a4..dc8bcd0 100644
--- a/docs/spelling_wordlist.txt
+++ b/docs/spelling_wordlist.txt
@@ -1,10 +1,12 @@
affine
backend
backends
+bcrypt
Backends
Blowfish
boolean
Botan
+Capitan
Changelog
ciphertext
committer
@@ -22,11 +24,13 @@ deserialize
deserialized
Diffie
Docstrings
+Django
Encodings
fernet
Fernet
+FIPS
hazmat
-Käsper
+hostname
indistinguishability
initialisms
interoperable
@@ -46,6 +50,7 @@ online
paddings
pickleable
plaintext
+pre
preprocessor
preprocessors
pseudorandom
diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst
index 8d5d6a6..f056a72 100644
--- a/docs/x509/reference.rst
+++ b/docs/x509/reference.rst
@@ -5,6 +5,21 @@ X.509 Reference
... 3979 lines suppressed ...
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/python-cryptography.git
More information about the Python-modules-commits
mailing list