diff options
-rw-r--r-- | cryptography/bindings/openssl/evp.py | 4 | ||||
-rw-r--r-- | cryptography/primitives/hashes.py | 2 | ||||
-rw-r--r-- | docs/conf.py | 4 | ||||
-rw-r--r-- | docs/primitives/cryptographic-hashes.rst | 22 | ||||
-rw-r--r-- | docs/primitives/symmetric-encryption.rst | 28 | ||||
-rw-r--r-- | tests/primitives/test_hashes.py | 22 |
6 files changed, 61 insertions, 21 deletions
diff --git a/cryptography/bindings/openssl/evp.py b/cryptography/bindings/openssl/evp.py index 41df1056..80980c6e 100644 --- a/cryptography/bindings/openssl/evp.py +++ b/cryptography/bindings/openssl/evp.py @@ -29,6 +29,9 @@ typedef struct evp_pkey_st { } EVP_PKEY; static const int EVP_PKEY_RSA; static const int EVP_PKEY_DSA; +static const int EVP_CTRL_GCM_SET_IVLEN; +static const int EVP_CTRL_GCM_GET_TAG; +static const int EVP_CTRL_GCM_SET_TAG; """ FUNCTIONS = """ @@ -84,4 +87,5 @@ MACROS = """ int EVP_PKEY_assign_RSA(EVP_PKEY *, RSA *); int EVP_PKEY_assign_DSA(EVP_PKEY *, DSA *); int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *); +int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *, int, int, void *); """ diff --git a/cryptography/primitives/hashes.py b/cryptography/primitives/hashes.py index f3eccc6e..474dc167 100644 --- a/cryptography/primitives/hashes.py +++ b/cryptography/primitives/hashes.py @@ -40,7 +40,7 @@ class BaseHash(six.with_metaclass(abc.ABCMeta)): self._backend.update_hash_context(self._ctx, data) def copy(self): - return self.__class__(ctx=self._copy_ctx()) + return self.__class__(api=self._api, ctx=self._copy_ctx()) def digest(self): return self._backend.finalize_hash_context(self._copy_ctx(), diff --git a/docs/conf.py b/docs/conf.py index 16b1109e..a368ac70 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -248,3 +248,7 @@ texinfo_documents = [ # Example configuration for intersphinx: refer to the Python standard library. intersphinx_mapping = {'http://docs.python.org/': None} + + +# Enable the new ReadTheDocs theme +RTD_NEW_THEME = True diff --git a/docs/primitives/cryptographic-hashes.rst b/docs/primitives/cryptographic-hashes.rst index aeb30f40..dcf21250 100644 --- a/docs/primitives/cryptographic-hashes.rst +++ b/docs/primitives/cryptographic-hashes.rst @@ -1,7 +1,9 @@ Message Digests =============== -.. class:: cryptography.primitives.hashes.BaseHash(data=None) +.. currentmodule:: cryptography.primitives.hashes + +.. class:: BaseHash(data=None) Abstract base class that implements a common interface for all hash algorithms that follow here. @@ -32,7 +34,7 @@ SHA-1 NIST has deprecated SHA-1 in favor of the SHA-2 variants. New applications are strongly suggested to use SHA-2 over SHA-1. -.. class:: cryptography.primitives.hashes.SHA1() +.. class:: SHA1() SHA-1 is a cryptographic hash function standardized by NIST. It has a 160-bit message digest. @@ -40,22 +42,22 @@ SHA-1 SHA-2 Family ~~~~~~~~~~~~ -.. class:: cryptography.primitives.hashes.SHA224() +.. class:: SHA224() SHA-224 is a cryptographic hash function from the SHA-2 family and standardized by NIST. It has a 224-bit message digest. -.. class:: cryptography.primitives.hashes.SHA256() +.. class:: SHA256() SHA-256 is a cryptographic hash function from the SHA-2 family and standardized by NIST. It has a 256-bit message digest. -.. class:: cryptography.primitives.hashes.SHA384() +.. class:: SHA384() SHA-384 is a cryptographic hash function from the SHA-2 family and standardized by NIST. It has a 384-bit message digest. -.. class:: cryptography.primitives.hashes.SHA512() +.. class:: SHA512() SHA-512 is a cryptographic hash function from the SHA-2 family and standardized by NIST. It has a 512-bit message digest. @@ -63,7 +65,7 @@ SHA-2 Family RIPEMD160 ~~~~~~~~~ -.. class:: cryptography.primitives.hashes.RIPEMD160() +.. class:: RIPEMD160() RIPEMD160 is a cryptographic hash function that is part of ISO/IEC 10118-3:2004. It has a 160-bit message digest. @@ -71,7 +73,7 @@ RIPEMD160 Whirlpool ~~~~~~~~~ -.. class:: cryptography.primitives.hashes.Whirlpool() +.. class:: Whirlpool() Whirlpool is a cryptographic hash function that is part of ISO/IEC 10118-3:2004. It has a 512-bit message digest. @@ -84,7 +86,7 @@ MD5 MD5 is a deprecated hash algorithm that has practical known collision attacks. You are strongly discouraged from using it. -.. class:: cryptography.primitives.hashes.MD5() +.. class:: MD5() - MD5 is a deprecated cryptographic hash function. It has a 160-bit message + MD5 is a deprecated cryptographic hash function. It has a 128-bit message digest and has practical known collision attacks. diff --git a/docs/primitives/symmetric-encryption.rst b/docs/primitives/symmetric-encryption.rst index 9768246c..87e1e692 100644 --- a/docs/primitives/symmetric-encryption.rst +++ b/docs/primitives/symmetric-encryption.rst @@ -1,6 +1,8 @@ Symmetric Encryption ==================== +.. currentmodule:: cryptography.primitives.block + .. testsetup:: import binascii @@ -11,7 +13,7 @@ Symmetric Encryption Symmetric encryption is a way to encrypt (hide the plaintext value) material where the encrypter and decrypter both use the same key. -.. class:: cryptography.primitives.block.BlockCipher(cipher, mode) +.. class:: BlockCipher(cipher, mode) Block ciphers work by encrypting content in chunks, often 64- or 128-bits. They combine an underlying algorithm (such as AES), with a mode (such as @@ -43,7 +45,9 @@ where the encrypter and decrypter both use the same key. :class:`~cryptography.primitives.interfaces.CipherContext` provider. -.. class:: cryptography.primitives.interfaces.CipherContext() +.. currentmodule:: cryptography.primitives.interfaces + +.. class:: CipherContext() When calling ``encryptor()`` or ``decryptor()`` on a BlockCipher object you will receive a return object conforming to the CipherContext interface. You @@ -64,7 +68,9 @@ where the encrypter and decrypter both use the same key. Ciphers ~~~~~~~ -.. class:: cryptography.primitives.block.ciphers.AES(key) +.. currentmodule:: cryptography.primitives.block.ciphers + +.. class:: AES(key) AES (Advanced Encryption Standard) is a block cipher standardized by NIST. AES is both fast, and cryptographically strong. It is a good default @@ -73,7 +79,7 @@ Ciphers :param bytes key: The secret key, either ``128``, ``192``, or ``256`` bits. This must be kept secret. -.. class:: cryptography.primitives.block.ciphers.Camellia(key) +.. class:: Camellia(key) Camellia is a block cipher approved for use by CRYPTREC and ISO/IEC. It is considered to have comparable security and performance to AES, but @@ -83,7 +89,7 @@ Ciphers This must be kept secret. -.. class:: cryptography.primitives.block.ciphers.TripleDES(key) +.. class:: TripleDES(key) Triple DES (Data Encryption Standard), sometimes refered to as 3DES, is a block cipher standardized by NIST. Triple DES has known cryptoanalytic @@ -103,7 +109,9 @@ Ciphers Modes ~~~~~ -.. class:: cryptography.primitives.block.modes.CBC(initialization_vector) +.. currentmodule:: cryptography.primitives.block.modes + +.. class:: CBC(initialization_vector) CBC (Cipher block chaining) is a mode of operation for block ciphers. It is considered cryptographically strong. @@ -117,7 +125,7 @@ Modes a given ``key``. -.. class:: cryptography.primitives.block.modes.CTR(nonce) +.. class:: CTR(nonce) .. warning:: @@ -135,7 +143,7 @@ Modes with a given key. The nonce does not need to be kept secret and may be included alongside the ciphertext. -.. class:: cryptography.primitives.block.modes.OFB(initialization_vector) +.. class:: OFB(initialization_vector) OFB (Output Feedback) is a mode of operation for block ciphers. It transforms a block cipher into a stream cipher. @@ -148,7 +156,7 @@ Modes reuse an ``initialization_vector`` with a given ``key``. -.. class:: cryptography.primitives.block.modes.CFB(initialization_vector) +.. class:: CFB(initialization_vector) CFB (Cipher Feedback) is a mode of operation for block ciphers. It transforms a block cipher into a stream cipher. @@ -171,7 +179,7 @@ Insecure Modes and existing applications should strongly consider migrating away. -.. class:: cryptography.primitives.block.modes.ECB() +.. class:: ECB() ECB (Electronic Code Book) is the simplest mode of operation for block ciphers. Each block of data is encrypted in the same way. This means diff --git a/tests/primitives/test_hashes.py b/tests/primitives/test_hashes.py index 505f6c8a..7ddd1859 100644 --- a/tests/primitives/test_hashes.py +++ b/tests/primitives/test_hashes.py @@ -13,10 +13,14 @@ from __future__ import absolute_import, division, print_function +import pretend + import pytest import six +from cryptography.bindings import _default_api + from cryptography.primitives import hashes from .utils import generate_base_hash_test @@ -33,6 +37,24 @@ class TestBaseHash(object): assert isinstance(m.hexdigest(), str) +class TestCopyHash(object): + def test_copy_api_object(self): + pretend_api = pretend.stub(copy_hash_context=lambda a: "copiedctx") + pretend_ctx = pretend.stub() + h = hashes.SHA1(api=pretend_api, ctx=pretend_ctx) + assert h._api is pretend_api + assert h.copy()._api is h._api + + +class TestDefaultAPISHA1(object): + def test_default_api_creation(self): + """ + This test assumes the presence of SHA1 in the default API. + """ + h = hashes.SHA1() + assert h._api is _default_api + + class TestSHA1(object): test_SHA1 = generate_base_hash_test( hashes.SHA1, |