7 files changed, 65 insertions, 52 deletions
diff --git a/docs/conf.py b/docs/conf.py
index fc16b38a..f674ebe8 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -69,7 +69,7 @@ master_doc = 'index'
 
 # General information about the project.
 project = 'Cryptography'
-copyright = '2013-2014, Individual Contributors'
+copyright = '2013-2015, Individual Contributors'
 
 # The version info for the project you're documenting, acts as replacement for
 # |version| and |release|, also used in various other places throughout the
diff --git a/docs/development/custom-vectors/cast5/verify_cast5.go b/docs/development/custom-vectors/cast5/verify_cast5.go
index f735d989..cbc89a03 100644
--- a/docs/development/custom-vectors/cast5/verify_cast5.go
+++ b/docs/development/custom-vectors/cast5/verify_cast5.go
@@ -19,7 +19,7 @@ func unhexlify(s string) []byte {
 	return bytes
 }
 
-type VectorArgs struct {
+type vectorArgs struct {
 	count      string
 	key        string
 	iv         string
@@ -27,13 +27,13 @@ type VectorArgs struct {
 	ciphertext string
 }
 
-type VectorVerifier interface {
-	validate(count string, key, iv, plaintext, expected_ciphertext []byte)
+type vectorVerifier interface {
+	validate(count string, key, iv, plaintext, expectedCiphertext []byte)
 }
 
 type ofbVerifier struct{}
 
-func (o ofbVerifier) validate(count string, key, iv, plaintext, expected_ciphertext []byte) {
+func (o ofbVerifier) validate(count string, key, iv, plaintext, expectedCiphertext []byte) {
 	block, err := cast5.NewCipher(key)
 	if err != nil {
 		panic(err)
@@ -43,17 +43,17 @@ func (o ofbVerifier) validate(count string, key, iv, plaintext, expected_ciphert
 	stream := cipher.NewOFB(block, iv)
 	stream.XORKeyStream(ciphertext, plaintext)
 
-	if !bytes.Equal(ciphertext, expected_ciphertext) {
+	if !bytes.Equal(ciphertext, expectedCiphertext) {
 		panic(fmt.Errorf("vector mismatch @ COUNT = %s:\n  %s != %s\n",
 			count,
-			hex.EncodeToString(expected_ciphertext),
+			hex.EncodeToString(expectedCiphertext),
 			hex.EncodeToString(ciphertext)))
 	}
 }
 
 type cbcVerifier struct{}
 
-func (o cbcVerifier) validate(count string, key, iv, plaintext, expected_ciphertext []byte) {
+func (o cbcVerifier) validate(count string, key, iv, plaintext, expectedCiphertext []byte) {
 	block, err := cast5.NewCipher(key)
 	if err != nil {
 		panic(err)
@@ -63,17 +63,17 @@ func (o cbcVerifier) validate(count string, key, iv, plaintext, expected_ciphert
 	mode := cipher.NewCBCEncrypter(block, iv)
 	mode.CryptBlocks(ciphertext, plaintext)
 
-	if !bytes.Equal(ciphertext, expected_ciphertext) {
+	if !bytes.Equal(ciphertext, expectedCiphertext) {
 		panic(fmt.Errorf("vector mismatch @ COUNT = %s:\n  %s != %s\n",
 			count,
-			hex.EncodeToString(expected_ciphertext),
+			hex.EncodeToString(expectedCiphertext),
 			hex.EncodeToString(ciphertext)))
 	}
 }
 
 type cfbVerifier struct{}
 
-func (o cfbVerifier) validate(count string, key, iv, plaintext, expected_ciphertext []byte) {
+func (o cfbVerifier) validate(count string, key, iv, plaintext, expectedCiphertext []byte) {
 	block, err := cast5.NewCipher(key)
 	if err != nil {
 		panic(err)
@@ -83,17 +83,17 @@ func (o cfbVerifier) validate(count string, key, iv, plaintext, expected_ciphert
 	stream := cipher.NewCFBEncrypter(block, iv)
 	stream.XORKeyStream(ciphertext, plaintext)
 
-	if !bytes.Equal(ciphertext, expected_ciphertext) {
+	if !bytes.Equal(ciphertext, expectedCiphertext) {
 		panic(fmt.Errorf("vector mismatch @ COUNT = %s:\n  %s != %s\n",
 			count,
-			hex.EncodeToString(expected_ciphertext),
+			hex.EncodeToString(expectedCiphertext),
 			hex.EncodeToString(ciphertext)))
 	}
 }
 
 type ctrVerifier struct{}
 
-func (o ctrVerifier) validate(count string, key, iv, plaintext, expected_ciphertext []byte) {
+func (o ctrVerifier) validate(count string, key, iv, plaintext, expectedCiphertext []byte) {
 	block, err := cast5.NewCipher(key)
 	if err != nil {
 		panic(err)
@@ -103,15 +103,15 @@ func (o ctrVerifier) validate(count string, key, iv, plaintext, expected_ciphert
 	stream := cipher.NewCTR(block, iv)
 	stream.XORKeyStream(ciphertext, plaintext)
 
-	if !bytes.Equal(ciphertext, expected_ciphertext) {
+	if !bytes.Equal(ciphertext, expectedCiphertext) {
 		panic(fmt.Errorf("vector mismatch @ COUNT = %s:\n  %s != %s\n",
 			count,
-			hex.EncodeToString(expected_ciphertext),
+			hex.EncodeToString(expectedCiphertext),
 			hex.EncodeToString(ciphertext)))
 	}
 }
 
-func validateVectors(verifier VectorVerifier, filename string) {
+func validateVectors(verifier vectorVerifier, filename string) {
 	vectors, err := os.Open(filename)
 	if err != nil {
 		panic(err)
@@ -119,7 +119,7 @@ func validateVectors(verifier VectorVerifier, filename string) {
 	defer vectors.Close()
 
 	var segments []string
-	var vector *VectorArgs
+	var vector *vectorArgs
 
 	scanner := bufio.NewScanner(vectors)
 	for scanner.Scan() {
@@ -134,7 +134,7 @@ func validateVectors(verifier VectorVerifier, filename string) {
 					unhexlify(vector.plaintext),
 					unhexlify(vector.ciphertext))
 			}
-			vector = &VectorArgs{count: segments[1]}
+			vector = &vectorArgs{count: segments[1]}
 		case strings.ToUpper(segments[0]) == "IV":
 			vector.iv = segments[1][:16]
 		case strings.ToUpper(segments[0]) == "KEY":
@@ -150,15 +150,15 @@ func validateVectors(verifier VectorVerifier, filename string) {
 
 func main() {
 	validateVectors(ofbVerifier{},
-		"tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-ofb.txt")
+		"vectors/cryptography_vectors/ciphers/CAST5/cast5-ofb.txt")
 	fmt.Println("OFB OK.")
 	validateVectors(cfbVerifier{},
-		"tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-cfb.txt")
+		"vectors/cryptography_vectors/ciphers/CAST5/cast5-cfb.txt")
 	fmt.Println("CFB OK.")
 	validateVectors(cbcVerifier{},
-		"tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-cbc.txt")
+		"vectors/cryptography_vectors/ciphers/CAST5/cast5-cbc.txt")
 	fmt.Println("CBC OK.")
 	validateVectors(ctrVerifier{},
-		"tests/hazmat/primitives/vectors/ciphers/CAST5/cast5-ctr.txt")
+		"vectors/cryptography_vectors/ciphers/CAST5/cast5-ctr.txt")
 	fmt.Println("CTR OK.")
 }
diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
index 10c20dba..2edf1fbb 100644
--- a/docs/development/test-vectors.rst
+++ b/docs/development/test-vectors.rst
@@ -37,24 +37,40 @@ Asymmetric ciphers
 Custom Asymmetric Vectors
 ~~~~~~~~~~~~~~~~~~~~~~~~~
 
-* ``ec_private_key.pem`` - Contains an Elliptic Curve key generated by OpenSSL
-  from the curve ``secp256r1``.
-* ``ec_private_key_encrypted.pem`` - Contains the same Elliptic Curve key as
-  ``ec_private_key.pem``, except that it is encrypted with AES-128 with the
-  password "123456".
-* ``ec_public_key.pem`` - Contains the public key corresponding to
-  ``ec_private_key.pem``, generated using OpenSSL.
-* ``rsa_private_key.pem`` - Contains an RSA 2048 bit key generated using
-  OpenSSL, protected by the secret "123456" with DES3 encryption.
-* ``rsa_public_key.pem`` - Contains an RSA 2048 bit public generated using
-  OpenSSL from ``rsa_private_key.pem``.
-* ``dsaparam.pem`` - Contains 2048-bit DSA parameters generated using OpenSSL;
-  contains no keys.
-* ``dsa_private_key.pem`` - Contains a DSA 2048 bit key generated using
-  OpenSSL from the parameters in ``dsaparam.pem``, protected by the secret
-  "123456" with DES3 encryption.
-* ``dsa_public_key.pem`` - Contains a DSA 2048 bit key generated using OpenSSL
-  from ``dsa_private_key.pem``.
+* ``asymmetric/PEM_Serialization/ec_private_key.pem`` and
+  ``asymmetric/DER_Serialization/ec_private_key.der`` - Contains an Elliptic
+  Curve key generated by OpenSSL from the curve ``secp256r1``.
+* ``asymmetric/PEM_Serialization/ec_private_key_encrypted.pem`` and
+  ``asymmetric/DER_Serialization/ec_private_key_encrypted.der``- Contains the
+  same Elliptic Curve key as ``ec_private_key.pem``, except that it is
+  encrypted with AES-128 with the password "123456".
+* ``asymmetric/PEM_Serialization/ec_public_key.pem`` and
+  ``asymmetric/DER_Serialization/ec_public_key.der``- Contains the public key
+  corresponding to ``ec_private_key.pem``, generated using OpenSSL.
+* ``asymmetric/PEM_Serialization/rsa_private_key.pem`` - Contains an RSA 2048
+  bit key generated using OpenSSL, protected by the secret "123456" with DES3
+  encryption.
+* ``asymmetric/PEM_Serialization/rsa_public_key.pem`` and
+  ``asymmetric/DER_Serialization/rsa_public_key.der``- Contains an RSA 2048
+  bit public generated using OpenSSL from ``rsa_private_key.pem``.
+* ``asymmetric/PEM_Serialization/dsaparam.pem`` - Contains 2048-bit DSA
+  parameters generated using OpenSSL; contains no keys.
+* ``asymmetric/PEM_Serialization/dsa_private_key.pem`` - Contains a DSA 2048
+  bit key generated using OpenSSL from the parameters in ``dsaparam.pem``,
+  protected by the secret "123456" with DES3 encryption.
+* ``asymmetric/PEM_Serialization/dsa_public_key.pem`` and
+  ``asymmetric/DER_Serialization/dsa_public_key.der`` - Contains a DSA 2048 bit
+  key generated using OpenSSL from ``dsa_private_key.pem``.
+* ``asymmetric/PKCS8/unenc-dsa-pkcs8.pem`` and
+  ``asymmetric/DER_Serialization/unenc-dsa-pkcs8.der`` - Contains a DSA 1024
+  bit key generated using OpenSSL.
+* ``asymmetric/PKCS8/unenc-dsa-pkcs8.pub.pem`` and
+  ``asymmetric/DER_Serialization/unenc-dsa-pkcs8.pub.der`` - Contains a DSA
+  2048 bit public key generated using OpenSSL from ``unenc-dsa-pkcs8.pem``.
+* DER conversions of the `GnuTLS example keys`_ for DSA as well as the
+  `OpenSSL example key`_ for RSA.
+* DER conversions of `enc-rsa-pkcs8.pem`_, `enc2-rsa-pkcs8.pem`_, and
+  `unenc-rsa-pkcs8.pem`_.
 
 
 X.509
diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst
index e9ee9467..052e397f 100644
--- a/docs/hazmat/backends/interfaces.rst
+++ b/docs/hazmat/backends/interfaces.rst
@@ -299,7 +299,7 @@ A specific ``backend`` may provide one or more of these interfaces.
     .. method:: generate_dsa_parameters(key_size)
 
         :param int key_size: The length of the modulus in bits. It should be
-            either 1024, 2048 or 3072. For keys generated in 2014 this should
+            either 1024, 2048 or 3072. For keys generated in 2015 this should
             be at least 2048.
             Note that some applications (such as SSH) have not yet gained
             support for larger key sizes specified in FIPS 186-3 and are still
@@ -327,7 +327,7 @@ A specific ``backend`` may provide one or more of these interfaces.
     .. method:: generate_dsa_private_key_and_parameters(key_size)
 
         :param int key_size: The length of the modulus in bits. It should be
-            either 1024, 2048 or 3072. For keys generated in 2014 this should
+            either 1024, 2048 or 3072. For keys generated in 2015 this should
             be at least 2048.
             Note that some applications (such as SSH) have not yet gained
             support for larger key sizes specified in FIPS 186-3 and are still
diff --git a/docs/hazmat/primitives/asymmetric/dsa.rst b/docs/hazmat/primitives/asymmetric/dsa.rst
index df3c99fc..c2197d10 100644
--- a/docs/hazmat/primitives/asymmetric/dsa.rst
+++ b/docs/hazmat/primitives/asymmetric/dsa.rst
@@ -18,7 +18,7 @@ Generation
     generate a new set of parameters and key in one step.
 
     :param int key_size: The length of the modulus in bits. It should be
-        either 1024, 2048 or 3072. For keys generated in 2014 this should
+        either 1024, 2048 or 3072. For keys generated in 2015 this should
         be `at least 2048`_ (See page 41).  Note that some applications
         (such as SSH) have not yet gained support for larger key sizes
         specified in FIPS 186-3 and are still restricted to only the
@@ -42,7 +42,7 @@ Generation
     Generate DSA parameters using the provided ``backend``.
 
     :param int key_size: The length of the modulus in bits. It should be
-        either 1024, 2048 or 3072. For keys generated in 2014 this should
+        either 1024, 2048 or 3072. For keys generated in 2015 this should
         be `at least 2048`_ (See page 41).  Note that some applications
         (such as SSH) have not yet gained support for larger key sizes
         specified in FIPS 186-3 and are still restricted to only the
diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst
index 837059bd..fa72cced 100644
--- a/docs/hazmat/primitives/asymmetric/rsa.rst
+++ b/docs/hazmat/primitives/asymmetric/rsa.rst
@@ -39,7 +39,7 @@ mathematical properties`_.
         Usually one of the small Fermat primes 3, 5, 17, 257, 65537. If in
         doubt you should `use 65537`_.
     :param int key_size: The length of the modulus in bits. For keys
-        generated in 2014 it is strongly recommended to be
+        generated in 2015 it is strongly recommended to be
         `at least 2048`_ (See page 41). It must not be less than 512.
         Some backends may have additional limitations.
     :param backend: A backend which provides
diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
index 8d3769f5..d532ad1b 100644
--- a/docs/hazmat/primitives/symmetric-encryption.rst
+++ b/docs/hazmat/primitives/symmetric-encryption.rst
@@ -6,12 +6,6 @@ Symmetric encryption
 
 .. currentmodule:: cryptography.hazmat.primitives.ciphers
 
-.. testsetup::
-
-    import binascii
-    key = binascii.unhexlify(b"0" * 32)
-    iv = binascii.unhexlify(b"0" * 32)
-
 
 Symmetric encryption is a way to `encrypt`_ or hide the contents of material
 where the sender and receiver both use the same secret key. Note that symmetric
@@ -35,9 +29,12 @@ in an "encrypt-then-MAC" formulation as `described by Colin Percival`_.
 
     .. doctest::
 
+        >>> import os
         >>> from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
         >>> from cryptography.hazmat.backends import default_backend
         >>> backend = default_backend()
+        >>> key = os.urandom(32)
+        >>> iv = os.urandom(16)
         >>> cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=backend)
         >>> encryptor = cipher.encryptor()
         >>> ct = encryptor.update(b"a secret message") + encryptor.finalize()