Merge branch 'master' into urandom-engine

* master: (108 commits)
  PBKDF2HMAC requires a PBKDF2HMACBackend provider.
  one more replacement
  simplify hmac supported and hash supported calls for commoncrypto
  simplify check for algorithm
  a bit more language work + changelog changes for pbkdf2hmac
  one more style fix
  a few typo fixes, capitalization, etc
  switch to private attributes in pbkdf2hmac
  expand docs to talk more about the purposes of KDFs
  update docs re: PBKDF2HMAC iterations
  add test for null char replacement
  Added installation section to index.rst
  called -> used
  quotes inside, diff examples
  Expose this method because probably someone will need it eventually
  fix spacing, remove versionadded since HashAlgorithm was in 0.1
  document HashAlgorithm
  Added canonical installation document with details about various platforms, fixes #519
  update docs for pbkdf2
  Add bindings for X509_REQ_get_extensions.
  ...

Conflicts:
	cryptography/hazmat/bindings/openssl/binding.py
	docs/hazmat/backends/openssl.rst

3 files changed, 298 insertions, 0 deletions

diff --git a/docs/hazmat/primitives/index.rst b/docs/hazmat/primitives/index.rst
index b115fdbc..bde07392 100644
--- a/docs/hazmat/primitives/index.rst
+++ b/docs/hazmat/primitives/index.rst
@@ -10,5 +10,6 @@ Primitives
     hmac
     symmetric-encryption
     padding
+    key-derivation-functions
     constant-time
     interfaces
diff --git a/docs/hazmat/primitives/interfaces.rst b/docs/hazmat/primitives/interfaces.rst
index edb24cd9..09a5a4ce 100644
--- a/docs/hazmat/primitives/interfaces.rst
+++ b/docs/hazmat/primitives/interfaces.rst
@@ -102,3 +102,175 @@ Interfaces used by the symmetric cipher modes described in
 
         Exact requirements of the nonce are described by the documentation of
         individual modes.
+
+Asymmetric Interfaces
+~~~~~~~~~~~~~~~~~~~~~
+
+.. class:: RSAPrivateKey
+
+    .. versionadded:: 0.2
+
+    An `RSA`_ private key.
+
+    .. method:: public_key()
+
+        :return: :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`
+
+        An RSA public key object corresponding to the values of the private key.
+
+    .. attribute:: modulus
+
+        :type: int
+
+        The public modulus.
+
+    .. attribute:: public_exponent
+
+        :type: int
+
+        The public exponent.
+
+    .. attribute:: key_length
+
+        :type: int
+
+        The bit length of the modulus.
+
+    .. attribute:: p
+
+        :type: int
+
+        ``p``, one of the two primes composing the :attr:`modulus`.
+
+    .. attribute:: q
+
+        :type: int
+
+        ``q``, one of the two primes composing the :attr:`modulus`.
+
+    .. attribute:: d
+
+        :type: int
+
+        The private exponent.
+
+    .. attribute:: n
+
+        :type: int
+
+        The public modulus. Alias for :attr:`modulus`.
+
+    .. attribute:: e
+
+        :type: int
+
+        The public exponent. Alias for :attr:`public_exponent`.
+
+
+.. class:: RSAPublicKey
+
+    .. versionadded:: 0.2
+
+    An `RSA`_ public key.
+
+    .. attribute:: modulus
+
+        :type: int
+
+        The public modulus.
+
+    .. attribute:: key_length
+
+        :type: int
+
+        The bit length of the modulus.
+
+    .. attribute:: public_exponent
+
+        :type: int
+
+        The public exponent.
+
+    .. attribute:: n
+
+        :type: int
+
+        The public modulus. Alias for :attr:`modulus`.
+
+    .. attribute:: e
+
+        :type: int
+
+        The public exponent. Alias for :attr:`public_exponent`.
+
+
+Hash Algorithms
+~~~~~~~~~~~~~~~
+
+.. class:: HashAlgorithm
+
+    .. attribute:: name
+
+        :type: str
+
+        The standard name for the hash algorithm, for example: ``"sha256"`` or
+        ``"whirlpool"``.
+
+    .. attribute:: digest_size
+
+        :type: int
+
+        The size of the resulting digest in bytes.
+
+    .. attribute:: block_size
+
+        :type: int
+
+        The internal block size of the hash algorithm in bytes.
+
+
+Key Derivation Functions
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. class:: KeyDerivationFunction
+
+    .. versionadded:: 0.2
+
+    .. method:: derive(key_material)
+
+        :param key_material bytes: The input key material. Depending on what
+                                   key derivation function you are using this
+                                   could be either random material, or a user
+                                   supplied password.
+        :return: The new key.
+        :raises cryptography.exceptions.AlreadyFinalized: This is raised when
+                                                          :meth:`derive` or
+                                                          :meth:`verify` is
+                                                          called more than
+                                                          once.
+
+        This generates and returns a new key from the supplied key material.
+
+    .. method:: verify(key_material, expected_key)
+
+        :param key_material bytes: The input key material. This is the same as
+                                   ``key_material`` in :meth:`derive`.
+        :param expected_key bytes: The expected result of deriving a new key,
+                                   this is the same as the return value of
+                                   :meth:`derive`.
+        :raises cryptography.exceptions.InvalidKey: This is raised when the
+                                                    derived key does not match
+                                                    the expected key.
+        :raises cryptography.exceptions.AlreadyFinalized: This is raised when
+                                                          :meth:`derive` or
+                                                          :meth:`verify` is
+                                                          called more than
+                                                          once.
+
+        This checks whether deriving a new key from the supplied
+        ``key_material`` generates the same key as the ``expected_key``, and
+        raises an exception if they do not match. This can be used for
+        something like checking whether a user's password attempt matches the
+        stored derived key.
+
+.. _`RSA`: http://en.wikipedia.org/wiki/RSA_(cryptosystem)
diff --git a/docs/hazmat/primitives/key-derivation-functions.rst b/docs/hazmat/primitives/key-derivation-functions.rst
new file mode 100644
index 00000000..551dbd6d
--- /dev/null
+++ b/docs/hazmat/primitives/key-derivation-functions.rst
@@ -0,0 +1,125 @@
+.. hazmat::
+
+Key Derivation Functions
+========================
+
+.. currentmodule:: cryptography.hazmat.primitives.kdf
+
+Key derivation functions derive bytes suitable for cryptographic operations
+from passwords or other data sources using a pseudo-random function (PRF).
+Different KDFs are suitable for different tasks such as:
+
+* Cryptographic key derivation
+
+    Deriving a key suitable for use as input to an encryption algorithm.
+    Typically this means taking a password and running it through an algorithm
+    such as :class:`~cryptography.hazmat.primitives.kdf.pbkdf2.PBKDF2HMAC` or HKDF.
+    This process is typically known as `key stretching`_.
+
+* Password storage
+
+    When storing passwords you want to use an algorithm that is computationally
+    intensive. Legitimate users will only need to compute it once (for example,
+    taking the user's password, running it through the KDF, then comparing it
+    to the stored value), while attackers will need to do it billions of times.
+    Ideal password storage KDFs will be demanding on both computational and
+    memory resources.
+
+.. currentmodule:: cryptography.hazmat.primitives.kdf.pbkdf2
+
+.. class:: PBKDF2HMAC(algorithm, length, salt, iterations, backend)
+
+    .. versionadded:: 0.2
+
+    `PBKDF2`_ (Password Based Key Derivation Function 2) is typically used for
+    deriving a cryptographic key from a password. It may also be used for
+    key storage, but an alternate key storage KDF such as `scrypt`_ is generally
+    considered a better solution.
+
+    This class conforms to the
+    :class:`~cryptography.hazmat.primitives.interfaces.KeyDerivationFunction`
+    interface.
+
+    .. doctest::
+
+        >>> import os
+        >>> from cryptography.hazmat.primitives import hashes
+        >>> from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
+        >>> from cryptography.hazmat.backends import default_backend
+        >>> backend = default_backend()
+        >>> salt = os.urandom(16)
+        >>> # derive
+        >>> kdf = PBKDF2HMAC(
+        ...     algorithm=hashes.SHA256(),
+        ...     length=32,
+        ...     salt=salt,
+        ...     iterations=100000,
+        ...     backend=backend
+        ... )
+        >>> key = kdf.derive(b"my great password")
+        >>> # verify
+        >>> kdf = PBKDF2HMAC(
+        ...     algorithm=hashes.SHA256(),
+        ...     length=32,
+        ...     salt=salt,
+        ...     iterations=100000,
+        ...     backend=backend
+        ... )
+        >>> kdf.verify(b"my great password", key)
+
+    :param algorithm: An instance of a
+        :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
+        provider.
+    :param int length: The desired length of the derived key. Maximum is
+        (2\ :sup:`32` - 1) * ``algorithm.digest_size``.
+    :param bytes salt: A salt. `NIST SP 800-132`_ recommends 128-bits or
+        longer.
+    :param int iterations: The number of iterations to perform of the hash
+        function. This can be used to control the length of time the operation
+        takes. Higher numbers help mitigate brute force attacks against derived
+        keys. See OWASP's `Password Storage Cheat Sheet`_ for more
+        detailed recommendations if you intend to use this for password storage.
+    :param backend: A
+        :class:`~cryptography.hazmat.backends.interfaces.PBKDF2HMACBackend`
+        provider.
+
+    .. method:: derive(key_material)
+
+        :param key_material bytes: The input key material. For PBKDF2 this
+            should be a password.
+        :return bytes: the derived key.
+        :raises cryptography.exceptions.AlreadyFinalized: This is raised when
+                                                          :meth:`derive` or
+                                                          :meth:`verify` is
+                                                          called more than
+                                                          once.
+
+        This generates and returns a new key from the supplied password.
+
+    .. method:: verify(key_material, expected_key)
+
+        :param key_material bytes: The input key material. This is the same as
+                                   ``key_material`` in :meth:`derive`.
+        :param expected_key bytes: The expected result of deriving a new key,
+                                   this is the same as the return value of
+                                   :meth:`derive`.
+        :raises cryptography.exceptions.InvalidKey: This is raised when the
+                                                    derived key does not match
+                                                    the expected key.
+        :raises cryptography.exceptions.AlreadyFinalized: This is raised when
+                                                          :meth:`derive` or
+                                                          :meth:`verify` is
+                                                          called more than
+                                                          once.
+
+        This checks whether deriving a new key from the supplied
+        ``key_material`` generates the same key as the ``expected_key``, and
+        raises an exception if they do not match. This can be used for
+        checking whether the password a user provides matches the stored derived
+        key.
+
+.. _`NIST SP 800-132`: http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf
+.. _`Password Storage Cheat Sheet`: https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
+.. _`PBKDF2`: http://en.wikipedia.org/wiki/PBKDF2
+.. _`scrypt`: http://en.wikipedia.org/wiki/Scrypt
+.. _`key stretching`: http://en.wikipedia.org/wiki/Key_stretching