diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/development/test-vectors.rst | 7 | ||||
| -rw-r--r-- | docs/doing-a-release.rst | 13 | ||||
| -rw-r--r-- | docs/hazmat/primitives/asymmetric/padding.rst | 26 | ||||
| -rw-r--r-- | docs/hazmat/primitives/asymmetric/rsa.rst | 24 | ||||
| -rw-r--r-- | docs/index.rst | 6 |
5 files changed, 46 insertions, 30 deletions
diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index c5ea8152..484d06bd 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -20,7 +20,9 @@ Asymmetric ciphers * RSA PKCS #1 from the RSA FTP site (ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/ and ftp://ftp.rsa.com/pub/rsalabs/tmp/). * RSA FIPS 186-2 and PKCS1 v1.5 vulnerability test vectors from `NIST CAVP`_. -* DSA test vectors from `FIPS 186-2`_ and `FIPS 186-3`_. +* FIPS 186-2 and FIPS 186-3 DSA test vectors from `NIST CAVP`_. +* FIPS 186-2 and FIPS 186-3 ECDSA test vectors from `NIST CAVP`_. +* Ed25519 test vectors from the `Ed25519 website_`. * OpenSSL PEM RSA serialization vectors from the `OpenSSL example key`_ and `GnuTLS key parsing tests`_. * OpenSSL PEM DSA serialization vectors from the `GnuTLS example keys`_. @@ -127,8 +129,7 @@ header format (substituting the correct information): .. _`unencpkcs8.pem`: https://gitorious.org/gnutls/gnutls/source/f8d943b38bf74eaaa11d396112daf43cb8aa82ae:tests/pkcs8-decode/unencpkcs8.pem .. _`pkcs12_s2k_pem.c`: https://gitorious.org/gnutls/gnutls/source/f8d943b38bf74eaaa11d396112daf43cb8aa82ae:tests/pkcs12_s2k_pem.c .. _`Botan's ECC private keys`: https://github.com/randombit/botan/tree/4917f26a2b154e841cd27c1bcecdd41d2bdeb6ce/src/tests/data/ecc -.. _`FIPS 186-2`: http://csrc.nist.gov/groups/STM/cavp/documents/dss/186-2dsatestvectors.zip -.. _`FIPS 186-3`: http://csrc.nist.gov/groups/STM/cavp/documents/dss/186-3dsatestvectors.zip .. _`GnuTLS example keys`: https://gitorious.org/gnutls/gnutls/commit/ad2061deafdd7db78fd405f9d143b0a7c579da7b .. _`NESSIE IDEA vectors`: https://www.cosic.esat.kuleuven.be/nessie/testvectors/bc/idea/Idea-128-64.verified.test-vectors .. _`NESSIE`: https://en.wikipedia.org/wiki/NESSIE +.. _`Ed25519 website`: http://ed25519.cr.yp.to/software.html diff --git a/docs/doing-a-release.rst b/docs/doing-a-release.rst index fc88a91c..ad3b4791 100644 --- a/docs/doing-a-release.rst +++ b/docs/doing-a-release.rst @@ -39,3 +39,16 @@ correctly: '...' Verify that this is the version you just released. + +Post-release tasks +------------------ + +* Update the version number to the next major (e.g. ``0.5.dev1``) in + ``cryptography/__about__.py`` and + ``vectors/cryptography_vectors/__about__.py``. +* Add new :doc:`/changelog` entry with next version and note that it is under + active development +* Send a pull request with these items +* Check for any outstanding code undergoing a deprecation cycle by looking in + ``cryptography.utils`` for ``DeprecatedIn**`` definitions. If any exist open + a ticket to increment them for the next release. diff --git a/docs/hazmat/primitives/asymmetric/padding.rst b/docs/hazmat/primitives/asymmetric/padding.rst index 2a5de3c7..89af7eaa 100644 --- a/docs/hazmat/primitives/asymmetric/padding.rst +++ b/docs/hazmat/primitives/asymmetric/padding.rst @@ -10,10 +10,13 @@ Padding correct padding signatures can be forged, messages decrypted, and private keys compromised. -.. class:: PSS(mgf) +.. class:: PSS(mgf, salt_length) .. versionadded:: 0.3 + .. versionchanged:: 0.4 + Added ``salt_length`` parameter. + PSS (Probabilistic Signature Scheme) is a signature scheme defined in :rfc:`3447`. It is more complex than PKCS1 but possesses a `security proof`_. This is the `recommended padding algorithm`_ for RSA signatures. @@ -21,6 +24,14 @@ Padding :param mgf: A mask generation function object. At this time the only supported MGF is :class:`MGF1`. + :param int salt_length: The length of the salt. It is recommended that this + be set to ``PSS.MAX_LENGTH``. + + .. attribute:: MAX_LENGTH + + Pass this attribute to ``salt_length`` to get the maximum salt length + available. + .. class:: PKCS1v15() .. versionadded:: 0.3 @@ -31,10 +42,13 @@ Padding Mask generation functions ~~~~~~~~~~~~~~~~~~~~~~~~~ -.. class:: MGF1(algorithm, salt_length) +.. class:: MGF1(algorithm) .. versionadded:: 0.3 + .. versionchanged:: 0.4 + Deprecated the ``salt_length`` parameter. + MGF1 (Mask Generation Function 1) is used as the mask generation function in :class:`PSS` padding. It takes a hash algorithm and a salt length. @@ -42,14 +56,6 @@ Mask generation functions :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` provider. - :param int salt_length: The length of the salt. It is recommended that this - be set to ``MGF1.MAX_LENGTH``. - - .. attribute:: MAX_LENGTH - - Pass this attribute to ``salt_length`` to get the maximum salt length - available. - .. _`Padding is critical`: http://rdist.root.org/2009/10/06/why-rsa-encryption-padding-is-critical/ .. _`security proof`: http://eprint.iacr.org/2001/062.pdf diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst index 182e35d2..5074f1c5 100644 --- a/docs/hazmat/primitives/asymmetric/rsa.rst +++ b/docs/hazmat/primitives/asymmetric/rsa.rst @@ -42,9 +42,9 @@ RSA Usually one of the small Fermat primes 3, 5, 17, 257, 65537. If in doubt you should `use 65537`_. :param int key_size: The length of the modulus in bits. For keys - generated in 2014 this should be `at least 2048`_. (See page 41.) - Must be at least 512. Some backends may have additional - limitations. + generated in 2014 it is strongly recommended to be + `at least 2048`_ (See page 41). It must not be less than 512. + Some backends may have additional limitations. :param backend: A :class:`~cryptography.hazmat.backends.interfaces.RSABackend` provider. @@ -73,10 +73,8 @@ RSA ... ) >>> signer = private_key.signer( ... padding.PSS( - ... mgf=padding.MGF1( - ... algorithm=hashes.SHA256(), - ... salt_length=padding.MGF1.MAX_LENGTH - ... ) + ... mgf=padding.MGF1(hashes.SHA256()), + ... salt_length=padding.PSS.MAX_LENGTH ... ), ... hashes.SHA256(), ... default_backend() @@ -158,10 +156,8 @@ RSA ... ) >>> signer = private_key.signer( ... padding.PSS( - ... mgf=padding.MGF1( - ... algorithm=hashes.SHA256(), - ... salt_length=padding.MGF1.MAX_LENGTH - ... ) + ... mgf=padding.MGF1(hashes.SHA256()), + ... salt_length=padding.PSS.MAX_LENGTH ... ), ... hashes.SHA256(), ... default_backend() @@ -173,10 +169,8 @@ RSA >>> verifier = public_key.verifier( ... signature, ... padding.PSS( - ... mgf=padding.MGF1( - ... algorithm=hashes.SHA256(), - ... salt_length=padding.MGF1.MAX_LENGTH - ... ) + ... mgf=padding.MGF1(hashes.SHA256()), + ... salt_length=padding.PSS.MAX_LENGTH ... ), ... hashes.SHA256(), ... default_backend() diff --git a/docs/index.rst b/docs/index.rst index 58424bfc..083533c9 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -2,7 +2,9 @@ Welcome to ``cryptography`` =========================== ``cryptography`` is a Python library which exposes cryptographic recipes and -primitives. Our goal is for it to be your "cryptographic standard library". +primitives. Our goal is for it to be your "cryptographic standard library". If +you are interested in learning more about the field of cryptography, we +recommend `Crypto 101, by Laurens Van Houtven`_. Installation ------------ @@ -98,4 +100,4 @@ The ``cryptography`` open source project documentation. If you're interested in discussing an audit please :doc:`get in touch </community>`. -.. _`pre-compiled binaries`: https://www.openssl.org/related/binaries.html +.. _`Crypto 101, by Laurens Van Houtven`: https://www.crypto101.io/ |