DH subgroup order (q) (#3369)
* Support DH q (subgroup order)
* Change RFC5114.txt to NIST format
* Add tests for DH q
* Update docs for DH q
* Fix pep8
* Improve test covergae for DH q
* Create _dh_params_dup that copy q if DHparams_dup don't
On OpenSSL < 1.0.2 DHparams_dup don't copy q. _dh_params_dup
call DHparams_dup and if the version is smaller than 1.0.2
copy q manually
* Copy q manually on libressl
* Add to test vectors serialized RFC5114 2048 bit DH parameters with 224 bit subgroup
* Support serialization of DH with q
* Add tests for serialization of DH with q
* Support DH serialization with q only if Cryptography_HAS_EVP_PKEY_DHX is true
* Raise exception when trying to serialize DH X9.42 when not supported
* raise unsupported key type when deserilizing DH X9.42 if not supported
* pep8 fixes
* Fix test_serialization
* Add dhx_serialization_supported method to DHBacked
* document q in dh_parameters_supported
* Rename dhx_serialization_supported to dh_x942_serialization_supported
diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst
index 87fc6ab..4f15d5c 100644
--- a/docs/hazmat/backends/interfaces.rst
+++ b/docs/hazmat/backends/interfaces.rst
@@ -666,14 +666,23 @@
:raises cryptography.exceptions.UnsupportedAlgorithm: This is raised
when any backend specific criteria are not met.
- .. method:: dh_parameters_supported(p, g)
+ .. method:: dh_parameters_supported(p, g, q=None)
:param int p: The p value of the DH key.
:param int g: The g value of the DH key.
- :returns: ``True`` if the given values of ``p`` and ``g`` are supported
- by this backend, otherwise ``False``.
+ :param int q: The q value of the DH key.
+
+ :returns: ``True`` if the given values of ``p``, ``g`` and ``q``
+ are supported by this backend, otherwise ``False``.
+
+ .. versionadded:: 1.8
+
+ .. method:: dh_x942_serialization_supported()
+
+ :returns: True if serialization of DH objects with
+ subgroup order (q) is supported by this backend.
.. class:: ScryptBackend