Merge branch 'master' into idea-bespoke-vectors

* master: (246 commits)
  Fixed python3 incompatibility
  Removed dependency on setuptools for version check
  don't need to move these definitions
  conditional NIDs for 0.9.8e
  x509 changes for 0.9.8e support
  more changes for 0.9.8e support, this time in the ssl.h headers
  macro switches in evp for 0.9.8e
  bind some error constants conditionally for 0.9.8e support
  BIO macro switch for 0.9.8e support
  move some nids
  conditionally bind AES_wrap/unwrap for 0.9.8e support
  Add GPG key fingerprint for lvh
  change comparison to be easier to read
  ridiculous workaround time
  whoops
  Missing imports
  Convert stuff
  Add binding for DSA_new
  Fix drop in coverage levels by removing branches
  Added check to turn of CC backend for OS X version < 10.8
  ...

Conflicts:
	docs/development/test-vectors.rst

5 files changed, 69 insertions, 9 deletions

diff --git a/docs/development/custom-vectors/cast5.rst b/docs/development/custom-vectors/cast5.rst
index 09b3bdb1..f5400270 100644
--- a/docs/development/custom-vectors/cast5.rst
+++ b/docs/development/custom-vectors/cast5.rst
@@ -1,10 +1,11 @@
 CAST5 Vector Creation
 =====================
 
-This page documents the code that was used to generate the CAST5 CBC, CFB, and
-OFB test vectors as well as the code used to verify them against another
-implementation. For CAST5 the vectors were generated using OpenSSL and verified
-with Go.
+This page documents the code that was used to generate the CAST5 CBC, CFB, OFB,
+and CTR test vectors as well as the code used to verify them against another
+implementation. For CAST5 the CBC, CFB, and OFB vectors were generated using
+OpenSSL and the CTR vectors were generated using Apple's CommonCrypto. All the
+generated vectors were verified with Go.
 
 Creation
 --------
diff --git a/docs/development/custom-vectors/cast5/generate_cast5.py b/docs/development/custom-vectors/cast5/generate_cast5.py
index c3f579e7..32ef3b43 100644
--- a/docs/development/custom-vectors/cast5/generate_cast5.py
+++ b/docs/development/custom-vectors/cast5/generate_cast5.py
@@ -1,6 +1,6 @@
 import binascii
 
-from cryptography.hazmat.backends.openssl.backend import backend
+from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives.ciphers import base, algorithms, modes
 
 
@@ -8,7 +8,7 @@ def encrypt(mode, key, iv, plaintext):
     cipher = base.Cipher(
         algorithms.CAST5(binascii.unhexlify(key)),
         mode(binascii.unhexlify(iv)),
-        backend
+        default_backend()
     )
     encryptor = cipher.encryptor()
     ct = encryptor.update(binascii.unhexlify(plaintext))
@@ -57,3 +57,5 @@ ofb_path = "tests/hazmat/primitives/vectors/ciphers/AES/OFB/OFBMMT128.rsp"
 write_file(build_vectors(modes.OFB, ofb_path), "cast5-ofb.txt")
 cfb_path = "tests/hazmat/primitives/vectors/ciphers/AES/CFB/CFB128MMT128.rsp"
 write_file(build_vectors(modes.CFB, cfb_path), "cast5-cfb.txt")
+ctr_path = "tests/hazmat/primitives/vectors/ciphers/AES/CTR/aes-128-ctr.txt"
+write_file(build_vectors(modes.CTR, ctr_path), "cast5-ctr.txt")
diff --git a/docs/development/custom-vectors/cast5/verify_cast5.go b/docs/development/custom-vectors/cast5/verify_cast5.go
index 49e1023d..f735d989 100644
--- a/docs/development/custom-vectors/cast5/verify_cast5.go
+++ b/docs/development/custom-vectors/cast5/verify_cast5.go
@@ -91,6 +91,26 @@ func (o cfbVerifier) validate(count string, key, iv, plaintext, expected_ciphert
 	}
 }
 
+type ctrVerifier struct{}
+
+func (o ctrVerifier) validate(count string, key, iv, plaintext, expected_ciphertext []byte) {
+	block, err := cast5.NewCipher(key)
+	if err != nil {
+		panic(err)
+	}
+
+	ciphertext := make([]byte, len(plaintext))
+	stream := cipher.NewCTR(block, iv)
+	stream.XORKeyStream(ciphertext, plaintext)
+
+	if !bytes.Equal(ciphertext, expected_ciphertext) {
+		panic(fmt.Errorf("vector mismatch @ COUNT = %s:\n  %s != %s\n",
+			count,
+			hex.EncodeToString(expected_ciphertext),
+			hex.EncodeToString(ciphertext)))
+	}
+}
+
 func validateVectors(verifier VectorVerifier, filename string) {
 	vectors, err := os.Open(filename)
 	if err != nil {
@@ -138,4 +158,7 @@ func main() {
 	validateVectors(cbcVerifier{},
 		"tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-cbc.txt")
 	fmt.Println("CBC OK.")
+	validateVectors(ctrVerifier{},
+		"tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-ctr.txt")
+	fmt.Println("CTR OK.")
 }
diff --git a/docs/development/submitting-patches.rst b/docs/development/submitting-patches.rst
index 5dca3f79..1797b9c1 100644
--- a/docs/development/submitting-patches.rst
+++ b/docs/development/submitting-patches.rst
@@ -15,7 +15,10 @@ follow the directions on the :doc:`security page </security>`.
 Code
 ----
 
-When in doubt, refer to :pep:`8` for Python code.
+When in doubt, refer to :pep:`8` for Python code. You can check if your code
+meets our automated requirements by running ``flake8`` against it. If you've
+installed the development requirements this will automatically use our
+configuration. You can also run the ``tox`` job with ``tox -e pep8``.
 
 `Write comments as complete sentences.`_
 
diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
index 8b3a6460..1d768179 100644
--- a/docs/development/test-vectors.rst
+++ b/docs/development/test-vectors.rst
@@ -13,8 +13,18 @@ Sources
 Asymmetric Ciphers
 ~~~~~~~~~~~~~~~~~~
 
-* RSA PKCS1 from the RSA FTP site (ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/
+* RSA PKCS #1 from the RSA FTP site (ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/
   and ftp://ftp.rsa.com/pub/rsalabs/tmp/).
+* RSA FIPS 186-2 and PKCS1 v1.5 vulnerability test vectors from `NIST CAVP`_.
+* DSA test vectors from `FIPS 186-2`_ and `FIPS 186-3`_.
+* OpenSSL PEM RSA serialization vectors from the `OpenSSL example key`_ and
+  `GnuTLS key parsing tests`_.
+* OpenSSL PEM DSA serialization vectors from the `GnuTLS example keys`_.
+* PKCS #8 PEM serialization vectors from
+
+  * GnuTLS: `encpkcs8.pem`_, `enc2pkcs8.pem`_, `unencpkcs8.pem`_,
+    `pkcs12_s2k_pem.c`_.
+  * `Botan's ECC private keys`_.
 
 Hashes
 ~~~~~~
@@ -38,6 +48,7 @@ Key Derivation Functions
 
 * HKDF (SHA1, SHA256) from :rfc:`5869`.
 * PBKDF2 (HMAC-SHA1) from :rfc:`6070`.
+* scrypt from the `draft RFC`_.
 
 Recipes
 ~~~~~~~
@@ -47,7 +58,8 @@ Recipes
 Symmetric Ciphers
 ~~~~~~~~~~~~~~~~~
 
-* AES (CBC, CFB, CTR, ECB, GCM, OFB) from `NIST CAVP`_.
+* AES (CBC, CFB, ECB, GCM, OFB) from `NIST CAVP`_.
+* AES CTR from :rfc:`3686`.
 * 3DES (CBC, CFB, ECB, OFB) from `NIST CAVP`_.
 * ARC4 from :rfc:`6229`.
 * Blowfish (CBC, CFB, ECB, OFB) from `Bruce Schneier's vectors`_.
@@ -60,6 +72,13 @@ Symmetric Ciphers
 * IDEA (CBC, CFB, OFB) generated by this project.
   See: :doc:`/development/custom-vectors/idea`
 
+Two Factor Authentication
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* HOTP from :rfc:`4226`
+* TOTP from :rfc:`6238` (Note that an `errata`_ for the test vectors in RFC
+  6238 exists)
+
 Creating Test Vectors
 ---------------------
 
@@ -94,6 +113,18 @@ header format (substituting the correct information):
 .. _`OpenSSL's test vectors`: https://github.com/openssl/openssl/blob/97cf1f6c2854a3a955fd7dd3a1f113deba00c9ef/crypto/evp/evptests.txt#L232
 .. _`RIPEMD website`: http://homes.esat.kuleuven.be/~bosselae/ripemd160.html
 .. _`Whirlpool website`: http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html
+.. _`draft RFC`: https://tools.ietf.org/html/draft-josefsson-scrypt-kdf-01
 .. _`Specification repository`: https://github.com/fernet/spec
+.. _`errata`: http://www.rfc-editor.org/errata_search.php?rfc=6238
+.. _`OpenSSL example key`: http://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=test/testrsa.pem;h=aad21067a8f7cb93a52a511eb9162fd83be39135;hb=66e8211c0b1347970096e04b18aa52567c325200
+.. _`GnuTLS key parsing tests`: https://gitorious.org/gnutls/gnutls/commit/f16ef39ef0303b02d7fa590a37820440c466ce8d
+.. _`encpkcs8.pem`: https://gitorious.org/gnutls/gnutls/source/f8d943b38bf74eaaa11d396112daf43cb8aa82ae:tests/pkcs8-decode/encpkcs8.pem
+.. _`enc2pkcs8.pem`: https://gitorious.org/gnutls/gnutls/source/f8d943b38bf74eaaa11d396112daf43cb8aa82ae:tests/pkcs8-decode/enc2pkcs8.pem
+.. _`unencpkcs8.pem`: https://gitorious.org/gnutls/gnutls/source/f8d943b38bf74eaaa11d396112daf43cb8aa82ae:tests/pkcs8-decode/unencpkcs8.pem
+.. _`pkcs12_s2k_pem.c`: https://gitorious.org/gnutls/gnutls/source/f8d943b38bf74eaaa11d396112daf43cb8aa82ae:tests/pkcs12_s2k_pem.c
+.. _`Botan's ECC private keys`: https://github.com/randombit/botan/tree/4917f26a2b154e841cd27c1bcecdd41d2bdeb6ce/src/tests/data/ecc
+.. _`FIPS 186-2`: http://csrc.nist.gov/groups/STM/cavp/documents/dss/186-2dsatestvectors.zip
+.. _`FIPS 186-3`: http://csrc.nist.gov/groups/STM/cavp/documents/dss/186-3dsatestvectors.zip
+.. _`GnuTLS example keys`: https://gitorious.org/gnutls/gnutls/commit/ad2061deafdd7db78fd405f9d143b0a7c579da7b
 .. _`NESSIE IDEA vectors`: https://www.cosic.esat.kuleuven.be/nessie/testvectors/bc/idea/Idea-128-64.verified.test-vectors
 .. _`NESSIE`: https://en.wikipedia.org/wiki/NESSIE