Merge branch 'master' into api-to-backend-in-one-easy-step
* master:
Make use of currentmodule to maybe reduce redundant module definitions and also get source links.
Enable the new read the docs theme, it's pretty.
use is for identical object comparison
add gcm constants and EVP_CIPHER_CTX_ctrl macro
md5 is 128-bit. The person responsible for this mistake has been shot
add test to verify api is being copied in hash
When copying a hash, pass the api through to the new object
diff --git a/cryptography/bindings/openssl/evp.py b/cryptography/bindings/openssl/evp.py
index 41df105..80980c6 100644
--- a/cryptography/bindings/openssl/evp.py
+++ b/cryptography/bindings/openssl/evp.py
@@ -29,6 +29,9 @@
} EVP_PKEY;
static const int EVP_PKEY_RSA;
static const int EVP_PKEY_DSA;
+static const int EVP_CTRL_GCM_SET_IVLEN;
+static const int EVP_CTRL_GCM_GET_TAG;
+static const int EVP_CTRL_GCM_SET_TAG;
"""
FUNCTIONS = """
@@ -84,4 +87,5 @@
int EVP_PKEY_assign_RSA(EVP_PKEY *, RSA *);
int EVP_PKEY_assign_DSA(EVP_PKEY *, DSA *);
int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *);
+int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *, int, int, void *);
"""
diff --git a/cryptography/primitives/hashes.py b/cryptography/primitives/hashes.py
index f3eccc6..474dc16 100644
--- a/cryptography/primitives/hashes.py
+++ b/cryptography/primitives/hashes.py
@@ -40,7 +40,7 @@
self._backend.update_hash_context(self._ctx, data)
def copy(self):
- return self.__class__(ctx=self._copy_ctx())
+ return self.__class__(api=self._api, ctx=self._copy_ctx())
def digest(self):
return self._backend.finalize_hash_context(self._copy_ctx(),
diff --git a/docs/conf.py b/docs/conf.py
index 16b1109..a368ac7 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -248,3 +248,7 @@
# Example configuration for intersphinx: refer to the Python standard library.
intersphinx_mapping = {'http://docs.python.org/': None}
+
+
+# Enable the new ReadTheDocs theme
+RTD_NEW_THEME = True
diff --git a/docs/primitives/cryptographic-hashes.rst b/docs/primitives/cryptographic-hashes.rst
index aeb30f4..dcf2125 100644
--- a/docs/primitives/cryptographic-hashes.rst
+++ b/docs/primitives/cryptographic-hashes.rst
@@ -1,7 +1,9 @@
Message Digests
===============
-.. class:: cryptography.primitives.hashes.BaseHash(data=None)
+.. currentmodule:: cryptography.primitives.hashes
+
+.. class:: BaseHash(data=None)
Abstract base class that implements a common interface for all hash
algorithms that follow here.
@@ -32,7 +34,7 @@
NIST has deprecated SHA-1 in favor of the SHA-2 variants. New applications
are strongly suggested to use SHA-2 over SHA-1.
-.. class:: cryptography.primitives.hashes.SHA1()
+.. class:: SHA1()
SHA-1 is a cryptographic hash function standardized by NIST. It has a
160-bit message digest.
@@ -40,22 +42,22 @@
SHA-2 Family
~~~~~~~~~~~~
-.. class:: cryptography.primitives.hashes.SHA224()
+.. class:: SHA224()
SHA-224 is a cryptographic hash function from the SHA-2 family and
standardized by NIST. It has a 224-bit message digest.
-.. class:: cryptography.primitives.hashes.SHA256()
+.. class:: SHA256()
SHA-256 is a cryptographic hash function from the SHA-2 family and
standardized by NIST. It has a 256-bit message digest.
-.. class:: cryptography.primitives.hashes.SHA384()
+.. class:: SHA384()
SHA-384 is a cryptographic hash function from the SHA-2 family and
standardized by NIST. It has a 384-bit message digest.
-.. class:: cryptography.primitives.hashes.SHA512()
+.. class:: SHA512()
SHA-512 is a cryptographic hash function from the SHA-2 family and
standardized by NIST. It has a 512-bit message digest.
@@ -63,7 +65,7 @@
RIPEMD160
~~~~~~~~~
-.. class:: cryptography.primitives.hashes.RIPEMD160()
+.. class:: RIPEMD160()
RIPEMD160 is a cryptographic hash function that is part of ISO/IEC
10118-3:2004. It has a 160-bit message digest.
@@ -71,7 +73,7 @@
Whirlpool
~~~~~~~~~
-.. class:: cryptography.primitives.hashes.Whirlpool()
+.. class:: Whirlpool()
Whirlpool is a cryptographic hash function that is part of ISO/IEC
10118-3:2004. It has a 512-bit message digest.
@@ -84,7 +86,7 @@
MD5 is a deprecated hash algorithm that has practical known collision
attacks. You are strongly discouraged from using it.
-.. class:: cryptography.primitives.hashes.MD5()
+.. class:: MD5()
- MD5 is a deprecated cryptographic hash function. It has a 160-bit message
+ MD5 is a deprecated cryptographic hash function. It has a 128-bit message
digest and has practical known collision attacks.
diff --git a/docs/primitives/symmetric-encryption.rst b/docs/primitives/symmetric-encryption.rst
index 9768246..87e1e69 100644
--- a/docs/primitives/symmetric-encryption.rst
+++ b/docs/primitives/symmetric-encryption.rst
@@ -1,6 +1,8 @@
Symmetric Encryption
====================
+.. currentmodule:: cryptography.primitives.block
+
.. testsetup::
import binascii
@@ -11,7 +13,7 @@
Symmetric encryption is a way to encrypt (hide the plaintext value) material
where the encrypter and decrypter both use the same key.
-.. class:: cryptography.primitives.block.BlockCipher(cipher, mode)
+.. class:: BlockCipher(cipher, mode)
Block ciphers work by encrypting content in chunks, often 64- or 128-bits.
They combine an underlying algorithm (such as AES), with a mode (such as
@@ -43,7 +45,9 @@
:class:`~cryptography.primitives.interfaces.CipherContext`
provider.
-.. class:: cryptography.primitives.interfaces.CipherContext()
+.. currentmodule:: cryptography.primitives.interfaces
+
+.. class:: CipherContext()
When calling ``encryptor()`` or ``decryptor()`` on a BlockCipher object you
will receive a return object conforming to the CipherContext interface. You
@@ -64,7 +68,9 @@
Ciphers
~~~~~~~
-.. class:: cryptography.primitives.block.ciphers.AES(key)
+.. currentmodule:: cryptography.primitives.block.ciphers
+
+.. class:: AES(key)
AES (Advanced Encryption Standard) is a block cipher standardized by NIST.
AES is both fast, and cryptographically strong. It is a good default
@@ -73,7 +79,7 @@
:param bytes key: The secret key, either ``128``, ``192``, or ``256`` bits.
This must be kept secret.
-.. class:: cryptography.primitives.block.ciphers.Camellia(key)
+.. class:: Camellia(key)
Camellia is a block cipher approved for use by CRYPTREC and ISO/IEC.
It is considered to have comparable security and performance to AES, but
@@ -83,7 +89,7 @@
This must be kept secret.
-.. class:: cryptography.primitives.block.ciphers.TripleDES(key)
+.. class:: TripleDES(key)
Triple DES (Data Encryption Standard), sometimes refered to as 3DES, is a
block cipher standardized by NIST. Triple DES has known cryptoanalytic
@@ -103,7 +109,9 @@
Modes
~~~~~
-.. class:: cryptography.primitives.block.modes.CBC(initialization_vector)
+.. currentmodule:: cryptography.primitives.block.modes
+
+.. class:: CBC(initialization_vector)
CBC (Cipher block chaining) is a mode of operation for block ciphers. It is
considered cryptographically strong.
@@ -117,7 +125,7 @@
a given ``key``.
-.. class:: cryptography.primitives.block.modes.CTR(nonce)
+.. class:: CTR(nonce)
.. warning::
@@ -135,7 +143,7 @@
with a given key. The nonce does not need to be kept
secret and may be included alongside the ciphertext.
-.. class:: cryptography.primitives.block.modes.OFB(initialization_vector)
+.. class:: OFB(initialization_vector)
OFB (Output Feedback) is a mode of operation for block ciphers. It
transforms a block cipher into a stream cipher.
@@ -148,7 +156,7 @@
reuse an ``initialization_vector`` with
a given ``key``.
-.. class:: cryptography.primitives.block.modes.CFB(initialization_vector)
+.. class:: CFB(initialization_vector)
CFB (Cipher Feedback) is a mode of operation for block ciphers. It
transforms a block cipher into a stream cipher.
@@ -171,7 +179,7 @@
and existing applications should strongly consider migrating away.
-.. class:: cryptography.primitives.block.modes.ECB()
+.. class:: ECB()
ECB (Electronic Code Book) is the simplest mode of operation for block
ciphers. Each block of data is encrypted in the same way. This means
diff --git a/tests/primitives/test_hashes.py b/tests/primitives/test_hashes.py
index 505f6c8..7ddd185 100644
--- a/tests/primitives/test_hashes.py
+++ b/tests/primitives/test_hashes.py
@@ -13,10 +13,14 @@
from __future__ import absolute_import, division, print_function
+import pretend
+
import pytest
import six
+from cryptography.bindings import _default_api
+
from cryptography.primitives import hashes
from .utils import generate_base_hash_test
@@ -33,6 +37,24 @@
assert isinstance(m.hexdigest(), str)
+class TestCopyHash(object):
+ def test_copy_api_object(self):
+ pretend_api = pretend.stub(copy_hash_context=lambda a: "copiedctx")
+ pretend_ctx = pretend.stub()
+ h = hashes.SHA1(api=pretend_api, ctx=pretend_ctx)
+ assert h._api is pretend_api
+ assert h.copy()._api is h._api
+
+
+class TestDefaultAPISHA1(object):
+ def test_default_api_creation(self):
+ """
+ This test assumes the presence of SHA1 in the default API.
+ """
+ h = hashes.SHA1()
+ assert h._api is _default_api
+
+
class TestSHA1(object):
test_SHA1 = generate_base_hash_test(
hashes.SHA1,