From 7c0674641b28cd73fc0eea2ba91c1e03bf99e3fc Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Mon, 16 Dec 2013 10:11:00 -0800 Subject: Rework the index to give people a better lay of the land --- docs/index.rst | 35 +++++++++++++++++++++++++++++------ 1 file changed, 29 insertions(+), 6 deletions(-) (limited to 'docs') diff --git a/docs/index.rst b/docs/index.rst index 776c9d37..dd20a4a4 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -32,9 +32,24 @@ existing libraries: * Poor introspectability, and thus poor testability. * Extremely error prone APIs, and bad defaults. +Layout +------ -Contents --------- +``cryptography`` is broadly divided into two levels. One with safe +cryptographic recipes, "cryptography for humans" if you will. These are safe +and easy to use and don't require developers to make many decisions. + +The other level is low-level cryptographic primitives. These are often +dangerous and can be used incorrectly. They require making decisions and having +an in-depth knowledge of the cryptographic concepts at work. Because of the +potential danger in working at this level, this is referred to as the "hazmat" +layer. + +We recommend using the recipes layer whenever possible, and falling back to the +hazmat layer only when necessary. + +The recipes layer +~~~~~~~~~~~~~~~~~ .. toctree:: :maxdepth: 2 @@ -42,15 +57,23 @@ Contents architecture exceptions glossary - contributing - security - community Hazardous Materials -------------------- +~~~~~~~~~~~~~~~~~~~ .. toctree:: :maxdepth: 2 hazmat/primitives/index hazmat/backends/index + + +The ``cryptography`` open source project +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. toctree:: + :maxdepth: 2 + + contributing + security + community -- cgit v1.2.3 From df8bfea7df603a41c6c83a77b7fb93531b408a48 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Mon, 16 Dec 2013 10:17:48 -0800 Subject: DOn't assume people know that contraction --- docs/index.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'docs') diff --git a/docs/index.rst b/docs/index.rst index dd20a4a4..8e879b05 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -42,8 +42,8 @@ and easy to use and don't require developers to make many decisions. The other level is low-level cryptographic primitives. These are often dangerous and can be used incorrectly. They require making decisions and having an in-depth knowledge of the cryptographic concepts at work. Because of the -potential danger in working at this level, this is referred to as the "hazmat" -layer. +potential danger in working at this level, this is referred to as the +"hazardous materials" or "hazmat" layer. We recommend using the recipes layer whenever possible, and falling back to the hazmat layer only when necessary. -- cgit v1.2.3 From 2cfbc12d9111c17d48882a3db24de77375fcc9b1 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Mon, 16 Dec 2013 10:19:00 -0800 Subject: Be consistent --- docs/index.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'docs') diff --git a/docs/index.rst b/docs/index.rst index 8e879b05..232ee63f 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -58,8 +58,8 @@ The recipes layer exceptions glossary -Hazardous Materials -~~~~~~~~~~~~~~~~~~~ +The hazardous materials layer +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. toctree:: :maxdepth: 2 -- cgit v1.2.3 From be980532c4714e29d9afcec439eca8550343142c Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Mon, 16 Dec 2013 10:24:26 -0800 Subject: A foolish consistency is a really cool idea -- Samuel Clemens --- docs/index.rst | 1 - 1 file changed, 1 deletion(-) (limited to 'docs') diff --git a/docs/index.rst b/docs/index.rst index 232ee63f..381063df 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -67,7 +67,6 @@ The hazardous materials layer hazmat/primitives/index hazmat/backends/index - The ``cryptography`` open source project ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- cgit v1.2.3 From 668d4803571876c1cf803b33495ddcf4433a4d83 Mon Sep 17 00:00:00 2001 From: David Reid Date: Tue, 17 Dec 2013 11:53:43 -0800 Subject: BlockCipherAlgorithm because we should document block_size and ARC4 shouldn't need block_size = 1. --- docs/hazmat/primitives/interfaces.rst | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'docs') diff --git a/docs/hazmat/primitives/interfaces.rst b/docs/hazmat/primitives/interfaces.rst index 11cff51a..361b723e 100644 --- a/docs/hazmat/primitives/interfaces.rst +++ b/docs/hazmat/primitives/interfaces.rst @@ -36,6 +36,17 @@ Symmetric Ciphers The number of bits in the key being used. +.. class:: BlockCipherAlgorithm + + A block cipher algorithm. + + .. attribute:: block_size + + :type: int + + The number of bits in a block. + + Cipher Modes ------------ -- cgit v1.2.3 From 2288e30119e2af3e2b448345cf6a9e61f8d06aa0 Mon Sep 17 00:00:00 2001 From: Julian Krause Date: Tue, 17 Dec 2013 21:26:23 -0800 Subject: Add verify function to hmac and hashes. --- docs/hazmat/primitives/cryptographic-hashes.rst | 7 +++++++ docs/hazmat/primitives/hmac.rst | 7 +++++++ 2 files changed, 14 insertions(+) (limited to 'docs') diff --git a/docs/hazmat/primitives/cryptographic-hashes.rst b/docs/hazmat/primitives/cryptographic-hashes.rst index 90ca198a..02c7b5e1 100644 --- a/docs/hazmat/primitives/cryptographic-hashes.rst +++ b/docs/hazmat/primitives/cryptographic-hashes.rst @@ -67,6 +67,13 @@ Message Digests :return bytes: The message digest as bytes. + .. method:: verify(sig) + + Finalize the current context and securely compare digest to sig. + + :raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize` + :raises cryptography.exceptions.InvalidSignature: If sig does not match digest + .. _cryptographic-hash-algorithms: diff --git a/docs/hazmat/primitives/hmac.rst b/docs/hazmat/primitives/hmac.rst index 0c0d0220..b556bd6a 100644 --- a/docs/hazmat/primitives/hmac.rst +++ b/docs/hazmat/primitives/hmac.rst @@ -69,3 +69,10 @@ message. :return bytes: The message digest as bytes. :raises cryptography.exceptions.AlreadyFinalized: + + .. method:: verify(sig) + + Finalize the current context and securely compare digest to sig. + + :raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize` + :raises cryptography.exceptions.InvalidSignature: If sig does not match digest -- cgit v1.2.3 From 1b1327cfe537b9e7bdc271239d1025c2479239c3 Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Sat, 21 Dec 2013 15:16:57 +0000 Subject: Raise UnsupportedAlgorithm when initing Hash() Instead of just an AssertionError. --- docs/hazmat/primitives/cryptographic-hashes.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'docs') diff --git a/docs/hazmat/primitives/cryptographic-hashes.rst b/docs/hazmat/primitives/cryptographic-hashes.rst index 90ca198a..38347378 100644 --- a/docs/hazmat/primitives/cryptographic-hashes.rst +++ b/docs/hazmat/primitives/cryptographic-hashes.rst @@ -28,6 +28,9 @@ Message Digests >>> digest.finalize() 'l\xa1=R\xcap\xc8\x83\xe0\xf0\xbb\x10\x1eBZ\x89\xe8bM\xe5\x1d\xb2\xd29%\x93\xafj\x84\x11\x80\x90' + If the backend doesn't support the requested ``algorithm`` an + :class:`~cryptography.exceptions.UnsupportedAlgorithm` will be raised. + Keep in mind that attacks against cryptographic hashes only get stronger with time, and that often algorithms that were once thought to be strong, become broken. Because of this it's important to include a plan for -- cgit v1.2.3 From 447d64fb69e19c0059e3ba18ef3b1317a716a7c4 Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Sat, 21 Dec 2013 21:26:55 +0000 Subject: Raise UnsupportedAlgorithm when initing HMACs --- docs/hazmat/primitives/hmac.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs') diff --git a/docs/hazmat/primitives/hmac.rst b/docs/hazmat/primitives/hmac.rst index 0c0d0220..0547b7d2 100644 --- a/docs/hazmat/primitives/hmac.rst +++ b/docs/hazmat/primitives/hmac.rst @@ -34,6 +34,8 @@ message. >>> h.finalize() '#F\xdaI\x8b"e\xc4\xf1\xbb\x9a\x8fc\xff\xf5\xdex.\xbc\xcd/+\x8a\x86\x1d\x84\'\xc3\xa6\x1d\xd8J' + If the backend doesn't support the requested ``algorithm`` an + :class:`~cryptography.exceptions.UnsupportedAlgorithm` will be raised. :param key: Secret key as ``bytes``. :param algorithm: A -- cgit v1.2.3 From ca73504e62e2c55a7235f94c78cb8ee4d3718590 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 21 Dec 2013 17:31:48 -0600 Subject: add note regarding not truncating tags --- docs/hazmat/primitives/symmetric-encryption.rst | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'docs') diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index f4d0457a..8ed64c7c 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -352,6 +352,11 @@ Modes Do not reuse an ``initialization_vector`` with a given ``key``. + .. note:: + + Do not truncate the GCM authentication tag unless absolutely necessary. + If you must truncate the minimum allowable length is 4 bytes. + :param bytes tag: The tag bytes to verify during decryption. When encrypting this must be None. -- cgit v1.2.3 From a7fbf07a3e96133b40df05ac5be159bbf6f1fc91 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 21 Dec 2013 18:12:25 -0600 Subject: doc updates --- docs/hazmat/primitives/symmetric-encryption.rst | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'docs') diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index 8ed64c7c..85d7d5b1 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -354,8 +354,10 @@ Modes .. note:: - Do not truncate the GCM authentication tag unless absolutely necessary. - If you must truncate the minimum allowable length is 4 bytes. + `NIST SP-800-38D`_ recommends that GCM tags be 128, 120, 122, 104, or + 96-bits in length. Tags are shortened by truncating bytes. Longer tags + provide better security margins. If you must shorten the tag the minimum + allowed length is 4 bytes (32 bits). :param bytes tag: The tag bytes to verify during decryption. When encrypting this must be None. @@ -395,3 +397,4 @@ Insecure Modes .. _`described by Colin Percival`: http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html .. _`recommends 96-bit IV length`: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf +.. _`NIST SP-800-38D`: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf -- cgit v1.2.3 From fc73e2d04315e21011869fbd925df9e7a99d21ae Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 21 Dec 2013 18:41:38 -0600 Subject: prose updates for GCM tag --- docs/hazmat/primitives/symmetric-encryption.rst | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'docs') diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index 85d7d5b1..f009bb78 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -354,10 +354,12 @@ Modes .. note:: - `NIST SP-800-38D`_ recommends that GCM tags be 128, 120, 122, 104, or - 96-bits in length. Tags are shortened by truncating bytes. Longer tags - provide better security margins. If you must shorten the tag the minimum - allowed length is 4 bytes (32 bits). + Cryptography will emit a 128-bit tag when finalizing encryption. + You can shorten a tag by truncating it to the desired length, but this + is **not recommended** as it lowers the security margins of the + authentication (`NIST SP-800-38D`_ recommends 96-bit or greater). + If you must shorten the tag the minimum allowed length is 4 bytes + (32 bit). :param bytes tag: The tag bytes to verify during decryption. When encrypting this must be None. -- cgit v1.2.3 From 048d6cb43a0757f3b4cca385e788d30173ebcb17 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 21 Dec 2013 18:53:19 -0600 Subject: a few more doc changes to gcm tag info --- docs/hazmat/primitives/symmetric-encryption.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'docs') diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index f009bb78..6e3c1024 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -357,9 +357,10 @@ Modes Cryptography will emit a 128-bit tag when finalizing encryption. You can shorten a tag by truncating it to the desired length, but this is **not recommended** as it lowers the security margins of the - authentication (`NIST SP-800-38D`_ recommends 96-bit or greater). + authentication (`NIST SP-800-38D`_ recommends 96-bits or greater). If you must shorten the tag the minimum allowed length is 4 bytes - (32 bit). + (32-bits). Applications **must** verify the tag is the expected length + to guarantee the expected security margin. :param bytes tag: The tag bytes to verify during decryption. When encrypting this must be None. -- cgit v1.2.3 From 15cf6b995624e938209e611f3953dd8dbb7a57b8 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sat, 21 Dec 2013 19:22:39 -0800 Subject: A handful of cleanups and rewordings to the docs --- docs/contributing.rst | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'docs') diff --git a/docs/contributing.rst b/docs/contributing.rst index cb9c7283..f176393f 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -53,11 +53,10 @@ API Considerations Most projects' APIs are designed with a philosophy of "make easy things easy, and make hard things possible". One of the perils of writing cryptographic code -is that code that is secure looks just like code that isn't, and produces -results that are also difficult to distinguish. As a result ``cryptography`` -has, as a design philosophy: "make it hard to do insecure things". Here are a -few strategies for API design which should be both followed, and should inspire -other API choices: +is that secure code looks just like insecure code, and it's results are almost +always indistinguishable. As a result ``cryptography`` has, as a design +philosophy: "make it hard to do insecure things". Here are a few strategies for +API design which should be both followed, and should inspire other API choices: If it is incorrect to ignore the result of a method, it should raise an exception, and not return a boolean ``True``/``False`` flag. For example, a @@ -163,7 +162,7 @@ as much as possible. To that end: * When documenting a generic interface, use a strong algorithm in examples. (e.g. when showing a hashing example, don't use - :class:`cryptography.hazmat.primitives.hashes.MD5`) + :class:`~cryptography.hazmat.primitives.hashes.MD5`) * When giving prescriptive advice, always provide references and supporting material. * When there is real disagreement between cryptographic experts, represent both @@ -206,7 +205,7 @@ automatically, so all you have to do is: $ py.test ... - 4294 passed in 15.24 seconds + 62746 passed in 220.43 seconds This runs the tests with the default Python interpreter. @@ -244,7 +243,8 @@ Use `tox`_ to build the documentation. For example: docs: commands succeeded congratulations :) -The HTML documentation index can now be found at ``docs/_build/html/index.html`` +The HTML documentation index can now be found at +``docs/_build/html/index.html``. .. _`GitHub`: https://github.com/pyca/cryptography -- cgit v1.2.3 From 6955ea32cdfbc8719c5f4ae9c55c989787553a97 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sat, 21 Dec 2013 19:26:19 -0800 Subject: Recommend that recipes include a version --- docs/contributing.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'docs') diff --git a/docs/contributing.rst b/docs/contributing.rst index cb9c7283..cec067ca 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -77,6 +77,10 @@ whether the signature was valid. if not is_valid: raise InvalidSignature +Every recipe should include a version or algorithmic marker of some sort in its +output in order to allow transparent upgrading of the algorithms in use, as +the algorithms or parameters needed to achieve a given security margin evolve. + APIs at the :doc:`/hazmat/primitives/index` layer should always take an explicit backend, APIs at the recipes layer should automatically use the :func:`~cryptography.hazmat.backends.default_backend`, but optionally allow -- cgit v1.2.3 From 95243f5b34f6cdfc16fb95669efbe2a61ac81179 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sat, 21 Dec 2013 19:37:24 -0800 Subject: English, how does it work? --- docs/contributing.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/contributing.rst b/docs/contributing.rst index f176393f..b1702df8 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -53,7 +53,7 @@ API Considerations Most projects' APIs are designed with a philosophy of "make easy things easy, and make hard things possible". One of the perils of writing cryptographic code -is that secure code looks just like insecure code, and it's results are almost +is that secure code looks just like insecure code, and its results are almost always indistinguishable. As a result ``cryptography`` has, as a design philosophy: "make it hard to do insecure things". Here are a few strategies for API design which should be both followed, and should inspire other API choices: -- cgit v1.2.3 From 35cb3659bcf97eea22ce1ad14b7fc3d0913d2be2 Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Sat, 21 Dec 2013 16:29:45 +0000 Subject: UnsupportedAlgorithm error messages for Ciphers --- docs/hazmat/primitives/symmetric-encryption.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index f4d0457a..dfadd895 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -61,7 +61,7 @@ an "encrypt-then-MAC" formulation as `described by Colin Percival`_. provider. If the backend doesn't support the requested combination of ``cipher`` - and ``mode`` an :class:`cryptography.exceptions.UnsupportedAlgorithm` + and ``mode`` an :class:`~cryptography.exceptions.UnsupportedAlgorithm` will be raised. .. method:: decryptor() -- cgit v1.2.3 From 90ae866e0a83ef92ce2b2e7c58ccb86e79f3bee8 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 23 Dec 2013 17:21:00 -0600 Subject: add hmac_supported method to backend. Previously we were implicitly assuming that if a hash was supported then its hmac equivalent was as well. --- docs/hazmat/backends/interfaces.rst | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'docs') diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst index b524943d..45fbaf09 100644 --- a/docs/hazmat/backends/interfaces.rst +++ b/docs/hazmat/backends/interfaces.rst @@ -126,12 +126,23 @@ A specific ``backend`` may provide one or more of these interfaces. A backend with methods for using cryptographic hash functions as message authentication codes. + .. method:: hmac_supported(algorithm) + + Check if the specified ``algorithm`` is supported by this backend. + + :param algorithm: An instance of a + :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` + provider. + + :returns: ``True`` if the specified ``algorithm`` is supported for HMAC + by this backend, otherwise ``False``. + .. method:: create_hmac_ctx(algorithm) Create a :class:`~cryptogrpahy.hazmat.primitives.interfaces.HashContext` that - uses the specified ``algorithm`` to calculate a hash-based message - authentication code. + uses the specified ``algorithm`` to calculate a hash-based message + authentication code. :param algorithm: An instance of a :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` -- cgit v1.2.3 From 4f776c495cfef4dd29023cb7bb035612d1e53916 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 23 Dec 2013 17:25:54 -0600 Subject: fix erroneous indent and add abstractmethod to HMACBackend --- docs/hazmat/backends/interfaces.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'docs') diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst index 45fbaf09..5b6cd64d 100644 --- a/docs/hazmat/backends/interfaces.rst +++ b/docs/hazmat/backends/interfaces.rst @@ -141,8 +141,8 @@ A specific ``backend`` may provide one or more of these interfaces. Create a :class:`~cryptogrpahy.hazmat.primitives.interfaces.HashContext` that - uses the specified ``algorithm`` to calculate a hash-based message - authentication code. + uses the specified ``algorithm`` to calculate a hash-based message + authentication code. :param algorithm: An instance of a :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` -- cgit v1.2.3 From 1a9bbf24301a9b0dc76ede1128d74ca629075888 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 24 Dec 2013 10:59:50 -0800 Subject: Document our API stability policy. Fixes #312 --- docs/contributing.rst | 1 - docs/index.rst | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/contributing.rst b/docs/contributing.rst index 744f2098..620e1b6a 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -136,7 +136,6 @@ Include a space after commas between parameters: // Bad long f(int,char *) - Documentation ------------- diff --git a/docs/index.rst b/docs/index.rst index 381063df..70558bda 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -75,4 +75,5 @@ The ``cryptography`` open source project contributing security + api-stability community -- cgit v1.2.3 From f5415c859d4e413e9ac8b1862157babdcbda88ec Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 24 Dec 2013 11:00:15 -0800 Subject: Forgotten file --- docs/api-stability.rst | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 docs/api-stability.rst (limited to 'docs') diff --git a/docs/api-stability.rst b/docs/api-stability.rst new file mode 100644 index 00000000..6497a687 --- /dev/null +++ b/docs/api-stability.rst @@ -0,0 +1,48 @@ +API Stability +============= + +From its first release, ``cryptography`` will have a strong API stability +policy. + +What does this policy cover? +---------------------------- + +This policy includes any API or behavior which is documented in this +documentation. + +What does "stable" mean? +------------------------ + +* Public APIs will not be removed or renamed without providing a compatibility + alias. +* The behavior of existing APIs will not change. + +What doesn't this policy cover? +------------------------------- + +* We may add new features, things like the result of ``dir(obj))`` or the + contents of ``obj.__dict__`` may change. +* Objects are not guarnteed to be pickleable, and pickled objects from one + version of ``cryptography`` may not be loadable in future versions. + +Security +~~~~~~~~ + +In the event a security vulnerability, or hardening necessitates it, we will +break backwards compatibility in order to address an issue. + +Deprecation +----------- + +From time to time we will want to change the behavior of an API or remove it +entirely. In that case, here's how the process will work: + +* In ``cryptography X.Y`` the feature exists. +* In ``cryptography X.Y+1`` using that feature will emit a + ``PendingDeprecationWarning``. +* In ``cryptography X.Y+2`` using that feature will emit a + ``DeprecationWarning``. +* In ``cryptography X.Y+3`` the feature will be removed or changed. + +In short, code which runs without warnings will always continue to work for a +period of two releases. -- cgit v1.2.3 From 6cf1e697a8024c779b9b86d29f300a3bfed30cfe Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 24 Dec 2013 11:02:54 -0800 Subject: Note abotu development versions --- docs/api-stability.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs') diff --git a/docs/api-stability.rst b/docs/api-stability.rst index 6497a687..40608ac5 100644 --- a/docs/api-stability.rst +++ b/docs/api-stability.rst @@ -24,6 +24,8 @@ What doesn't this policy cover? contents of ``obj.__dict__`` may change. * Objects are not guarnteed to be pickleable, and pickled objects from one version of ``cryptography`` may not be loadable in future versions. +* Development versions of ``cryptography``. Before a feature is in a release, + it is not covered by this policy and may change. Security ~~~~~~~~ -- cgit v1.2.3 From d43134ae57a1bb91bfa47a53176a88789728d686 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 24 Dec 2013 11:03:16 -0800 Subject: Typo --- docs/api-stability.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/api-stability.rst b/docs/api-stability.rst index 40608ac5..a457306f 100644 --- a/docs/api-stability.rst +++ b/docs/api-stability.rst @@ -22,7 +22,7 @@ What doesn't this policy cover? * We may add new features, things like the result of ``dir(obj))`` or the contents of ``obj.__dict__`` may change. -* Objects are not guarnteed to be pickleable, and pickled objects from one +* Objects are not guaranteed to be pickleable, and pickled objects from one version of ``cryptography`` may not be loadable in future versions. * Development versions of ``cryptography``. Before a feature is in a release, it is not covered by this policy and may change. -- cgit v1.2.3 From 1c9e57bbc64d5023ec9d35f162b0a071a39b0a48 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 24 Dec 2013 12:47:45 -0800 Subject: Rephrase --- docs/api-stability.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'docs') diff --git a/docs/api-stability.rst b/docs/api-stability.rst index a457306f..e87cc140 100644 --- a/docs/api-stability.rst +++ b/docs/api-stability.rst @@ -30,8 +30,9 @@ What doesn't this policy cover? Security ~~~~~~~~ -In the event a security vulnerability, or hardening necessitates it, we will -break backwards compatibility in order to address an issue. +One exception to our API stability policy is for security. We will violate this +policy as necessary in order to resolve a security issue or harden +``cryptography`` against a possible attack. Deprecation ----------- -- cgit v1.2.3 From 8f42fe4e86267c4dee696707ac08371a1aa2531a Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 24 Dec 2013 13:15:52 -0800 Subject: Slightly reorganize and cleanuip the backend docs --- docs/hazmat/backends/index.rst | 24 ++++++++++++------------ docs/hazmat/backends/openssl.rst | 4 ++-- 2 files changed, 14 insertions(+), 14 deletions(-) (limited to 'docs') diff --git a/docs/hazmat/backends/index.rst b/docs/hazmat/backends/index.rst index a89cf0d5..06951281 100644 --- a/docs/hazmat/backends/index.rst +++ b/docs/hazmat/backends/index.rst @@ -1,17 +1,10 @@ .. hazmat:: -Bindings +Backends ======== -.. toctree:: - :maxdepth: 1 - - openssl - interfaces - - -Getting a Backend Provider -~~~~~~~~~~~~~~~~~~~~~~~~~~ +Getting a Backend +----------------- .. currentmodule:: cryptography.hazmat.backends @@ -19,8 +12,7 @@ Getting a Backend Provider the widest number of supported cryptographic algorithms as well as supporting platform specific implementations. -You can get the default backend by calling -:func:`~default_backend`. +You can get the default backend by calling :func:`~default_backend`. The default backend will change over time as we implement new backends and the libraries we use in those backends changes. @@ -32,3 +24,11 @@ the libraries we use in those backends changes. :class:`~interfaces.CipherBackend`, :class:`~interfaces.HashBackend`, and :class:`~interfaces.HMACBackend`. +Individual Backends +------------------- + +.. toctree:: + :maxdepth: 1 + + openssl + interfaces diff --git a/docs/hazmat/backends/openssl.rst b/docs/hazmat/backends/openssl.rst index 12fbff04..5e51c75e 100644 --- a/docs/hazmat/backends/openssl.rst +++ b/docs/hazmat/backends/openssl.rst @@ -1,7 +1,7 @@ .. hazmat:: -OpenSSL -======= +OpenSSL Backend +=============== These are `CFFI`_ bindings to the `OpenSSL`_ C library. -- cgit v1.2.3 From c91fe6a21fbae3107de7b2e53b7343cd67ac8c6d Mon Sep 17 00:00:00 2001 From: Julian Krause Date: Wed, 25 Dec 2013 11:00:49 -0800 Subject: Clean up documentation and naming. --- docs/exceptions.rst | 6 ++++++ docs/hazmat/primitives/cryptographic-hashes.rst | 7 ++++--- docs/hazmat/primitives/hmac.rst | 7 ++++--- 3 files changed, 14 insertions(+), 6 deletions(-) (limited to 'docs') diff --git a/docs/exceptions.rst b/docs/exceptions.rst index 087066b8..8be2c48c 100644 --- a/docs/exceptions.rst +++ b/docs/exceptions.rst @@ -8,6 +8,12 @@ Exceptions This is raised when a context is used after being finalized. +.. class:: InvalidSignature + + This is raised when the verify function of a hash function does not + compare equal. + + .. class:: NotYetFinalized This is raised when the AEAD tag property is accessed on a context diff --git a/docs/hazmat/primitives/cryptographic-hashes.rst b/docs/hazmat/primitives/cryptographic-hashes.rst index 02c7b5e1..f6a3f7a1 100644 --- a/docs/hazmat/primitives/cryptographic-hashes.rst +++ b/docs/hazmat/primitives/cryptographic-hashes.rst @@ -67,12 +67,13 @@ Message Digests :return bytes: The message digest as bytes. - .. method:: verify(sig) + .. method:: verify(digest) - Finalize the current context and securely compare digest to sig. + Finalize the current context and securely compare that digest to ``digest``. + :param bytes digest: Received hash digest :raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize` - :raises cryptography.exceptions.InvalidSignature: If sig does not match digest + :raises cryptography.exceptions.InvalidSignature: If hash digest does not match digest .. _cryptographic-hash-algorithms: diff --git a/docs/hazmat/primitives/hmac.rst b/docs/hazmat/primitives/hmac.rst index b556bd6a..0c19f20c 100644 --- a/docs/hazmat/primitives/hmac.rst +++ b/docs/hazmat/primitives/hmac.rst @@ -70,9 +70,10 @@ message. :return bytes: The message digest as bytes. :raises cryptography.exceptions.AlreadyFinalized: - .. method:: verify(sig) + .. method:: verify(signature) - Finalize the current context and securely compare digest to sig. + Finalize the current context and securely compare digest to ``signature``. + :param bytes signature: The bytes of the HMAC signature recieved. :raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize` - :raises cryptography.exceptions.InvalidSignature: If sig does not match digest + :raises cryptography.exceptions.InvalidSignature: If signature does not match digest -- cgit v1.2.3 From 831467cce6c2a2b916e30914635924042b15ed2d Mon Sep 17 00:00:00 2001 From: Julian Krause Date: Thu, 26 Dec 2013 21:12:58 -0800 Subject: Documentation clarity and grammer fixes. --- docs/exceptions.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/exceptions.rst b/docs/exceptions.rst index 8be2c48c..1fbd3267 100644 --- a/docs/exceptions.rst +++ b/docs/exceptions.rst @@ -10,7 +10,7 @@ Exceptions .. class:: InvalidSignature - This is raised when the verify function of a hash function does not + This is raised when the verify method of a hash context does not compare equal. -- cgit v1.2.3 From b808f8cc91e302d4120eefa80c946a7cdcf9a155 Mon Sep 17 00:00:00 2001 From: Julian Krause Date: Thu, 26 Dec 2013 21:47:39 -0800 Subject: Remove verify from Hash. --- docs/hazmat/primitives/cryptographic-hashes.rst | 8 -------- 1 file changed, 8 deletions(-) (limited to 'docs') diff --git a/docs/hazmat/primitives/cryptographic-hashes.rst b/docs/hazmat/primitives/cryptographic-hashes.rst index f00dd3f5..38347378 100644 --- a/docs/hazmat/primitives/cryptographic-hashes.rst +++ b/docs/hazmat/primitives/cryptographic-hashes.rst @@ -70,14 +70,6 @@ Message Digests :return bytes: The message digest as bytes. - .. method:: verify(digest) - - Finalize the current context and securely compare that digest to ``digest``. - - :param bytes digest: Received hash digest - :raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize` - :raises cryptography.exceptions.InvalidSignature: If hash digest does not match digest - .. _cryptographic-hash-algorithms: -- cgit v1.2.3 From 047dab8e76639ef2682c78b899ee9ba1f7ba28f8 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 27 Dec 2013 16:45:52 -0600 Subject: update style guide docs to reflect change to (void) --- docs/contributing.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'docs') diff --git a/docs/contributing.rst b/docs/contributing.rst index 620e1b6a..139f7f3b 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -110,14 +110,14 @@ Don't name parameters: ...; }; -Don't include stray ``void`` parameters: +Include ``void`` if the function takes no arguments: .. code-block:: c // Good - long f(); - // Bad long f(void); + // Bad + long f(); Wrap lines at 80 characters like so: -- cgit v1.2.3 From ccd9c0069f6955e8325ec63853e4609241cbea06 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 27 Dec 2013 20:25:06 -0600 Subject: Convert #defines to explicit type declaration for consistency --- docs/contributing.rst | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'docs') diff --git a/docs/contributing.rst b/docs/contributing.rst index 139f7f3b..336d2acb 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -136,6 +136,23 @@ Include a space after commas between parameters: // Bad long f(int,char *) +Values set by #define should be assigned the appropriate type. If you see +this: + +.. code-block:: c + + #define SOME_INTEGER 0x0; + #define SOME_UINTEGER (unsigned int)0x0001; + #define SOME_STRING "hello"; + +...it should be added to the bindings like so: + +.. code-block:: c + + static const int SOME_INTEGER; + static const unsigned int SOME_UINTEGER; + static char *const SOME_STRING; + Documentation ------------- -- cgit v1.2.3 From 745ee07dcf72bee4dab1d807779be6449a81b96f Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 27 Dec 2013 20:42:54 -0600 Subject: Fix docs --- docs/contributing.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/contributing.rst b/docs/contributing.rst index 336d2acb..63c99530 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -136,7 +136,7 @@ Include a space after commas between parameters: // Bad long f(int,char *) -Values set by #define should be assigned the appropriate type. If you see +Values set by ``#define`` should be assigned the appropriate type. If you see this: .. code-block:: c -- cgit v1.2.3 From 9020b4845a8667a2f400a0fb1b5138cb8d51eaca Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Sat, 28 Dec 2013 16:28:59 +0000 Subject: String literals are const char*. GCC won't whine with -Wall because so much code isn't const correct but writing to a string literal is undefined. -Wwrite-strings is the warning flag to enable to spot these. --- docs/contributing.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'docs') diff --git a/docs/contributing.rst b/docs/contributing.rst index 63c99530..657c4359 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -141,17 +141,17 @@ this: .. code-block:: c - #define SOME_INTEGER 0x0; - #define SOME_UINTEGER (unsigned int)0x0001; - #define SOME_STRING "hello"; + #define SOME_INTEGER_LITERAL 0x0; + #define SOME_UNSIGNED_INTEGER_LITERAL 0x0001U; + #define SOME_STRING_LITERAL "hello"; ...it should be added to the bindings like so: .. code-block:: c - static const int SOME_INTEGER; - static const unsigned int SOME_UINTEGER; - static char *const SOME_STRING; + static const int SOME_INTEGER_LITERAL; + static const unsigned int SOME_UNSIGNED_INTEGER_LITERAL; + static const char *const SOME_STRING_LITERAL; Documentation ------------- -- cgit v1.2.3 From e68d73e37be57774246165a5d5263c89825e0864 Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Tue, 31 Dec 2013 14:00:38 +0000 Subject: Document compiling OpenSSL to avoid conflicts --- docs/hazmat/backends/openssl.rst | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'docs') diff --git a/docs/hazmat/backends/openssl.rst b/docs/hazmat/backends/openssl.rst index 5e51c75e..99b327d9 100644 --- a/docs/hazmat/backends/openssl.rst +++ b/docs/hazmat/backends/openssl.rst @@ -21,5 +21,32 @@ These are `CFFI`_ bindings to the `OpenSSL`_ C library. and access constants. +Using your own OpenSSL on Linux +------------------------------- + +Python links to OpenSSL for its own purposes and this can sometimes cause +problems when you wish to use a different version of OpenSSL with cryptography. +If you want to use cryptography with your own build of OpenSSL you will need to +make sure that the build is configured correctly so that your version of +OpenSSL doesn't conflict with Python's. + +The options you need to add allow the linker to identify every symbol correctly +even when multiple versions of the library are linked into the same program. If +you are using your distribution's source packages these will probably be +patched in for you already, otherwise you'll need to use options something like +this when configuring OpenSSL:: + + ./config -Wl,--version-script=openssl.ld -Wl,-Bsymbolic-functions -fPIC shared + +You'll also need to generate your own ``openssl.ld`` file. For example:: + + OPENSSL_1.0.1F_CUSTOM { + global: + *; + }; + +You should replace the version string on the first line as appropriate for your +build. + .. _`CFFI`: https://cffi.readthedocs.org/ .. _`OpenSSL`: https://www.openssl.org/ -- cgit v1.2.3 From dd1f5c5398a4c38179af70ed258641d720aa7d28 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Wed, 1 Jan 2014 06:23:31 -0800 Subject: Bump the copyright year --- docs/conf.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/conf.py b/docs/conf.py index 5092e4d3..5dbcdab8 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -54,7 +54,7 @@ master_doc = 'index' # General information about the project. project = 'Cryptography' -copyright = '2013, Individual Contributors' +copyright = '2013-2014, Individual Contributors' # The version info for the project you're documenting, acts as replacement for # |version| and |release|, also used in various other places throughout the -- cgit v1.2.3