summaryrefslogtreecommitdiff
path: root/docs/hazmat
Commit message (Collapse)AuthorAgeFilesLines
* update MAC docs (#8777)Paul Kehrer2023-04-212-2/+2
| | | | | * Update hmac.rst * Update poly1305.rst
* we made WithSerialization an alias to the main types long ago (#8698)Paul Kehrer2023-04-105-82/+14
| | | stop documenting them entirely
* Make Union type aliases a documented public API (#8168)Marti Raudsepp2023-03-073-60/+191
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Rename Union type aliases to CamelCase Many `typing.Union` type aliases were previously using `UPPER_SNAKE_CASE`, but Python's convention is `CamelCase` for these (e.g. https://docs.python.org/3/library/typing.html#type-aliases) * Add utils.deprecated for the old non-underscore type aliases * Added documentation for new type aliases & minor tweaks * Use 'versionadded:: 40.0.0' * Fix CertificatePublicKeyTypes vs CertificateIssuerPublicKeyTypes. Rename CertificatePrivateKeyTypes to CertificateIssuerPrivateKeyTypes * Fix imports (ruff) * Fix one more versionadded * Tweak docs & Reorder: CertificateIssuerPublicKeyTypes before CertificateIssuerPrivateKeyTypes * Fix test mypy errors using cast() * Fix black, oops * Revert "Fix black, oops" This reverts commit 85344e231d697bdc0940e105f7aed729445f9743. * Revert "Fix test mypy errors using cast()" This reverts commit b272d8ca95fbbbc62060663f9e8930a139a7a43e. * Revert type of SubjectKeyIdentifier.from_public_key arg * Changelog tweak
* Update serialization.rst (#8464)Marty Hill2023-03-061-1/+1
| | | Proposed update to parameter in example call to pkcs12.serialize_key_and_certificates() on line 908.
* fixes #8374 -- removed docs for removed method (#8377)Alex Gaynor2023-02-221-16/+0
| | | | | * fixes #8374 -- removed docs for removed method * Update CHANGELOG.rst
* Add shortcut methods for exporting EC keys as raw bytes (#8357)David Buchanan2023-02-224-0/+108
| | | | | | | | | | | | | | | | | * WIP: Add raw export alias method for x25519 keys * Ditto for x448, ed448, ed25519 * Document new private_bytes_raw public_bytes_raw methods * docs: Populate versionadded to be 40 * docs: Fix PublicFormat -> PrivateFormat where applicable * formatting * Update tests for test_pub_priv_bytes_raw in x25519, x448, ed448 (TODO: ed25519) * Add test_pub_priv_bytes_raw test for Ed25519
* Fix SSHCertificateBuilder sample code (#8373)Jake2023-02-221-3/+2
| | | | | Update SSHCertificateBuilder sample code to: * Correctly use the signing key when signing the certificate, rather than the user's own private key. * Generate the user's public key in one line, making it clearer to the reader that only the public key is an input to the certificate builder.
* embrace my inner nitpicker (#8361)Paul Kehrer2023-02-204-14/+14
| | | fixes all our versionadded/changed to match actual versions we released
* add support for bytes-like objects in data and associated_data in aead ↵Mat2023-02-021-19/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | algorithms (#8187) * add support for bytes-like objects in data and associated_data in aead algorithms * flake * flake again * rework AESSIV _check_params * flake and 80char columns * associated_data cannot be None in _check_params, set to [] in calling function * Update src/cryptography/hazmat/primitives/ciphers/aead.py Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> * flake fix --------- Co-authored-by: mat gas <none@none.com> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* deprecate the rest of DSA support for SSH (#8013)Paul Kehrer2023-01-092-1/+10
| | | | | * deprecate the rest of DSA support for SSH * review comments
* more rigorously document that our verify methods return none (#8010)Paul Kehrer2023-01-085-0/+5
| | | they raise an exception!
* switch to using integers for valid_after/valid_before in SSH certs (#8007)Paul Kehrer2023-01-081-18/+16
| | | | | | | * switch to using integers for valid_after/valid_before in SSH certs * i know this, it's a unix timestamp * one more review nit
* SSHCertificateBuilder (#8004)Paul Kehrer2023-01-081-1/+125
| | | | | | | | | | | * SSHCertificateBuilder This adds support for generating SSH certificates * add deterministic signing tests and valid_for_all_principals * test another edge * one of these two fixes makes no sense
* support SSH certificate parsing (#7960)Paul Kehrer2023-01-071-0/+173
| | | | | | | | | | | | | * support SSH certificate parsing DSA (deliberately) not supported * make a unified API * Update src/cryptography/hazmat/primitives/serialization/ssh.py Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* Typo fixes (#7942)Alex Gaynor2022-12-282-3/+3
|
* add canonical names to Sphinx class documentation (#7938)Mathias Ertl2022-12-261-0/+6
|
* Update code to match Django recommendations (#7932)April King2022-12-231-2/+2
|
* remove reference to raising NotImplementedError in update_into (#7781)Alex Gaynor2022-11-071-2/+0
| | | this hasn't happened in a long time
* more warnings and context around RSA online decryption (#7699)Paul Kehrer2022-10-121-0/+5
|
* add unsafe_skip_rsa_key_validation (#7667)Paul Kehrer2022-10-032-4/+44
| | | | | | | | | | | | | | | | | | | * add unsafe_skip_rsa_key_validation This allows users to skip RSA key validation when calling load_pem_private_key, load_der_private_key, and RSAPrivateNumbers.private_key. This is a significant performance improvement but is **only safe if you know the key is valid**. If you use this when the key is invalid OpenSSL makes no guarantees about what might happen. Infinite loops, crashes, and all manner of terrible things become possible if that occurs. Beware, beware, beware. * Apply suggestions from code review Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> * remove unneeded variable Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* docs: update of ChaCha20 specification in hazmat (#7622)sec00re2022-09-181-1/+3
| | | | | | | | | | | | | * docs: update of ChaCha20 specification in hazmat Clarification of the term nonce, because it is not clear to the user that is the concatenation of 4-byte counter and 12-byte nonce. That is important for compatibility with other implementations. * docs: reformat of ChaCha20 specification * Update docs/hazmat/primitives/symmetric-encryption.rst Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* fix comment, no version of openssl has these (#7596)Alex Gaynor2022-09-111-1/+1
|
* Fix linkcheck -- ignore expired cert on SM3 website (#7583)Alex Gaynor2022-09-091-1/+1
|
* support setting more PKCS12 serialization encryption options (#7560)Paul Kehrer2022-09-051-14/+113
| | | | | | | | | | | | | | | | | | * support setting more PKCS12 serialization encryption options This is limited support, but makes it possible to set two different PBES choices as well as set KDF rounds and MAC algorithm * Apply suggestions from code review Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> * review feedback redux * Update docs/hazmat/primitives/asymmetric/serialization.rst Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* add AES128/AES256 classes (#7542)Paul Kehrer2022-08-261-0/+22
| | | | | | | | | | | These let developers be more explicit about the allowable key lengths for an AES key and make auditing the codebase a bit easier. But that's not really why we're adding them. In some upcoming serialization features we need to be able to specify AES 128 vs AES 256 and the current class doesn't work for that since it computes key length from the key you provide it when instantiating the class. That's incompatible with serialization where the key is derived later in the process. C'est la vie.
* PoC for making key serialization more configurable (#7520)Alex Gaynor2022-08-221-2/+48
|
* docs: add missing backquote (#7517)Jean Paul Galea2022-08-161-1/+1
|
* KBKDF: add CounterLocation.MiddleFixed (#7489)Jean Paul Galea2022-08-151-4/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * KBKDF: add CounterLocation.MiddleFixed * tests_kbkdf: add new tests - Test CounterLocation.MiddleFixed and blocation= * test_kbkdf_vectors: make use of MIDDLE_FIXED * docs: document KBKDF CounterLocation.MiddleFixed * s/blocation/break_location/g * CHANGELOG: document KBKDF{HMAC,CMAC} CounterLocation.MiddleFixed #7489 * kbkdf: fixed is static across n iterations, only the counter changes * kbkdf: check break_location is 0..len(fixed) - Update tests to assert exception is raised when break_location < 0 or > len(fixed) - When asserting for "break_location is ignored when MiddleFixed", use break_location=0 instead of =10, to ensure we don't raise because of break_location > len(fixed) - Assert that the right error messages are returned to the user. * kbkdf: keyword-only break_location * docs: document kw-only KBKDF{HMAC,CMAC}
* update link in docs (#7485)Alex Gaynor2022-08-051-2/+2
|
* Point people at AEADs in symmetric encryption docs (#7326)Alex Gaynor2022-06-101-6/+10
|
* add note that load_pem_private_key is the wrong func for SSH keys (#7315)Paul Kehrer2022-06-061-0/+4
|
* Doc: Add parameter nonce for class ChaCha20 (#7202)Yang Yang2022-05-071-1/+1
|
* Add support for PSS.AUTO and PSS.DIGEST_LENGTH (#7082)Paul Kehrer2022-04-161-1/+16
| | | | | | | * add PSS auto support for verification * add support for PSS.DIGEST_LENGTH * review comments
* serialize certs to pkcs7 (#7034)Paul Kehrer2022-04-041-0/+11
| | | | | * serialize certs to pkcs7 * missed assert
* SIV support (#7029)Paul Kehrer2022-04-021-0/+86
| | | | | * SIV support * empty commit to see if codecov sees the 3.0 coverage this time
* support 12-15 byte nonce sizes in OCB3 (#7011)Paul Kehrer2022-03-291-1/+1
| | | | | | | | | * support 12-15 byte nonce sizes in OCB3 * Update tests/hazmat/primitives/test_aead.py Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* Serialize PKCS12 CA alias/friendlyName (#6910)ajoino2022-03-291-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | * PKCS12 serialization wrapper supports PKCS12Certificate cas * Added code from Felix's gist to serialize_key_and_certificate_to_pkcs12. Doesn't break current behaviour/tests, need to write validate new behaviour, write tests, and format code. * Simplified instance check * Tried to write tests, but I cannot figure out how to read the friendlyName from parsed_more_certs. * Fixed test function and renamed it. * Fixed formatting. * Commiting before trying black * Formatted updates to make flake8 and black happy. * Fixed first review comments. * remove forgotten print statement * use backend.openssl_assert instead of if ... * Documented changes. * Updated documentation.
* allow ed pk12, better tests (#6865)whiteowl32022-02-271-3/+7
| | | | | * dont block pk12 serialization of ed pairs * mimic test_ec curve skipping to satisfy alpine ci
* Found another place where ancient PBKDF2 iterations were listed (#6816)April King2022-01-241-2/+2
|
* fix: fixed confusing typo on DSA docs (#6662)Natalia Maximo2021-11-271-1/+1
|
* OCB3 support (#6607)Paul Kehrer2021-11-141-0/+72
| | | | | * OCB3 support in aead package * improve comment
* deprecate backend part 6 of n (#6524)Paul Kehrer2021-11-033-795/+0
|
* deprecate backend part 5 of n (#6523)Paul Kehrer2021-11-031-14/+2
| | | | | * deprecate backend part 5 of n * remove doc8
* deprecate backend part 4 of n (#6522)Paul Kehrer2021-11-026-139/+28
|
* deprecate backend part 3 of n (#6521)Paul Kehrer2021-11-025-134/+42
| | | finish the asymmetric docs
* deprecate backend part 2 of n (#6518)Paul Kehrer2021-11-021-19/+6
|
* Convert CRL creation to Rust (#6496)Alex Gaynor2021-10-311-20/+0
| | | | | | | | | | | * Convert CRL creation to Rust * fixes * small reflows * Delete all teh code * flake8
* Convert CSR creation to Rust (#6495)Alex Gaynor2021-10-311-22/+0
| | | | | | | | | * Convert CSR creation to Rust * put this back * unused * coverage
* remove docs for removed backend methods (#6493)Alex Gaynor2021-10-291-26/+0
|
* Convert x.509 certificate generation to Rust (#6479)Alex Gaynor2021-10-291-19/+0
| | | | | | | | | | | * Convert x.509 certificate generation to Rust * flake8 * Coverage shenangins * moar hashes * moar hashes
View Lorry Controller Status