Merge pull request #214 from reaperhulk/arc4-support
ARC4 Support
diff --git a/AUTHORS.rst b/AUTHORS.rst
index b3b7f35..0ef9958 100644
--- a/AUTHORS.rst
+++ b/AUTHORS.rst
@@ -10,4 +10,3 @@
* Christian Heimes <christian@python.org>
* Paul Kehrer <paul.l.kehrer@gmail.com>
* Jarret Raim <jarito@gmail.com>
-
diff --git a/cryptography/hazmat/primitives/padding.py b/cryptography/hazmat/primitives/padding.py
index ddcadd8..eac18c2 100644
--- a/cryptography/hazmat/primitives/padding.py
+++ b/cryptography/hazmat/primitives/padding.py
@@ -101,12 +101,12 @@
if self._buffer is None:
raise ValueError("Context was already finalized")
- if not self._buffer:
+ if len(self._buffer) != self.block_size // 8:
raise ValueError("Invalid padding bytes")
pad_size = six.indexbytes(self._buffer, -1)
- if pad_size > self.block_size // 8:
+ if not (0 < pad_size <= self.block_size // 8):
raise ValueError("Invalid padding bytes")
mismatch = 0
diff --git a/dev-requirements.txt b/dev-requirements.txt
index 752517d..cd975d5 100644
--- a/dev-requirements.txt
+++ b/dev-requirements.txt
@@ -4,3 +4,5 @@
coverage
sphinx
tox
+sphinx_rtd_theme
+-e .
diff --git a/docs/conf.py b/docs/conf.py
index 69be32e..77050e7 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -14,6 +14,12 @@
import os
import sys
+try:
+ import sphinx_rtd_theme
+except ImportError:
+ sphinx_rtd_theme = None
+
+
# If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
@@ -98,16 +104,18 @@
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
-html_theme = 'default'
+
+if sphinx_rtd_theme:
+ html_theme = "sphinx_rtd_theme"
+ html_theme_path = [sphinx_rtd_theme.get_html_theme_path()]
+else:
+ html_theme = "default"
# Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the
# documentation.
#html_theme_options = {}
-# Add any paths that contain custom themes here, relative to this directory.
-#html_theme_path = []
-
# The name for this set of Sphinx documents. If None, it defaults to
# "<project> v<release> documentation".
#html_title = None
diff --git a/docs/hazmat/primitives/cryptographic-hashes.rst b/docs/hazmat/primitives/cryptographic-hashes.rst
index 76ca20c..20fa23c 100644
--- a/docs/hazmat/primitives/cryptographic-hashes.rst
+++ b/docs/hazmat/primitives/cryptographic-hashes.rst
@@ -12,9 +12,9 @@
results (with a high probability) in different digests.
This is an implementation of
- :class:`cryptography.hazmat.primitives.interfaces.HashContext` meant to
+ :class:`~cryptography.hazmat.primitives.interfaces.HashContext` meant to
be used with
- :class:`cryptography.hazmat.primitives.interfaces.HashAlgorithm`
+ :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
implementations to provide an incremental interface to calculating
various message digests.
@@ -102,7 +102,8 @@
.. warning::
MD5 is a deprecated hash algorithm that has practical known collision
- attacks. You are strongly discouraged from using it.
+ attacks. You are strongly discouraged from using it. Existing applications
+ should strongly consider moving away.
.. class:: MD5()
diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
index 77e61b5..28b143b 100644
--- a/docs/hazmat/primitives/symmetric-encryption.rst
+++ b/docs/hazmat/primitives/symmetric-encryption.rst
@@ -14,13 +14,22 @@
Symmetric encryption is a way to encrypt (hide the plaintext value) material
-where the encrypter and decrypter both use the same key.
+where the encrypter and decrypter both use the same key. Note that symmetric
+encryption is **not** sufficient for most applications, because it only
+provides secrecy (an attacker can't see the message) but not authenticity (an
+attacker can create bogus messages and force the application to decrypt them).
+For this reason it is *strongly* reccomended to combine encryption with a
+message authentication code, such as :doc:`HMAC </hazmat/primitives/hmac>`, in
+an "encrypt-then-MAC" formulation as `described by Colin Percival`_.
.. class:: Cipher(algorithm, mode)
- Cipher objects combine an algorithm (such as AES) with a mode (such as
- CBC, CTR, or GCM). A simple example of encrypting (and then decrypting)
- content with AES is:
+ Cipher objects combine an algorithm (such as
+ :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES`) with a
+ mode (such as
+ :class:`~cryptography.hazmat.primitives.ciphers.modes.CBC` or
+ :class:`~cryptography.hazmat.primitives.ciphers.modes.CTR`). A simple
+ example of encrypting (and then decrypting) content with AES is:
.. doctest::
@@ -143,8 +152,7 @@
Blowfish is a block cipher developed by Bruce Schneier. It is known to be
susceptible to attacks when using weak keys. The author has recommended
- that users of Blowfish move to newer algorithms like
- :class:`AES`.
+ that users of Blowfish move to newer algorithms, such as :class:`AES`.
:param bytes key: The secret key, 32-448 bits in length (in increments of
8). This must be kept secret.
@@ -273,3 +281,6 @@
ciphers. Each block of data is encrypted in the same way. This means
identical plaintext blocks will always result in identical ciphertext
blocks, and thus result in information leakage
+
+
+.. _`described by Colin Percival`: http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html
diff --git a/tests/hazmat/primitives/test_padding.py b/tests/hazmat/primitives/test_padding.py
index 3cefafa..6a2b624 100644
--- a/tests/hazmat/primitives/test_padding.py
+++ b/tests/hazmat/primitives/test_padding.py
@@ -29,6 +29,8 @@
(128, b"1111111111111111"),
(128, b"111111111111111\x06"),
(128, b""),
+ (128, b"\x06" * 6),
+ (128, b"\x00" * 16),
])
def test_invalid_padding(self, size, padded):
unpadder = padding.PKCS7(size).unpadder()
diff --git a/tox.ini b/tox.ini
index dab22a6..257275c 100644
--- a/tox.ini
+++ b/tox.ini
@@ -11,7 +11,9 @@
coverage report -m
[testenv:docs]
-deps = sphinx
+deps =
+ sphinx
+ sphinx_rtd_theme
basepython = python2.7
commands =
sphinx-build -W -b html -d {envtmpdir}/doctrees docs docs/_build/html