* Restore missing section from ChaCha20 docs
This change fixes the indentation of a note inside the ChaCha20
section of the docs, which caused the note to not render in the
resulting HTML.
* Fix ChaCha20 docs to specify non RFC-compliance
Currently, cryptography uses OpenSSL's ChaCha20 implementation,
which is based on the original algorithm designed by Daniel J.
Bernstein rather than the later standardized version (RFC 7539).
Since the documentation does not reflect this (it describes the RFC
version of the algorithm, rather than the original version we use),
this change fixes that.
* Remove random counter from ChaCha20 example docs
This changes the ChaCha20 example in the documentation to use a
normal user-defined variable for the counter part of the nonce,
rather than a randomized counter.
* admit to the existence of nuance in HKDF
* Update docs/hazmat/primitives/key-derivation-functions.rst
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
---------
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* Rename Union type aliases to CamelCase
Many `typing.Union` type aliases were previously using `UPPER_SNAKE_CASE`, but Python's convention is `CamelCase` for these (e.g. https://docs.python.org/3/library/typing.html#type-aliases)
* Add utils.deprecated for the old non-underscore type aliases
* Added documentation for new type aliases & minor tweaks
* Use 'versionadded:: 40.0.0'
* Fix CertificatePublicKeyTypes vs CertificateIssuerPublicKeyTypes. Rename CertificatePrivateKeyTypes to CertificateIssuerPrivateKeyTypes
* Fix imports (ruff)
* Fix one more versionadded
* Tweak docs & Reorder: CertificateIssuerPublicKeyTypes before CertificateIssuerPrivateKeyTypes
* Fix test mypy errors using cast()
* Fix black, oops
* Revert "Fix black, oops"
This reverts commit 85344e231d697bdc0940e105f7aed729445f9743.
* Revert "Fix test mypy errors using cast()"
This reverts commit b272d8ca95fbbbc62060663f9e8930a139a7a43e.
* Revert type of SubjectKeyIdentifier.from_public_key arg
* Changelog tweak
* WIP: Add raw export alias method for x25519 keys
* Ditto for x448, ed448, ed25519
* Document new private_bytes_raw public_bytes_raw methods
* docs: Populate versionadded to be 40
* docs: Fix PublicFormat -> PrivateFormat where applicable
* formatting
* Update tests for test_pub_priv_bytes_raw in x25519, x448, ed448 (TODO: ed25519)
* Add test_pub_priv_bytes_raw test for Ed25519
Update SSHCertificateBuilder sample code to:
* Correctly use the signing key when signing the certificate, rather than the user's own private key.
* Generate the user's public key in one line, making it clearer to the reader that only the public key is an input to the certificate builder.
* add support for bytes-like objects in data and associated_data in aead algorithms
* flake
* flake again
* rework AESSIV _check_params
* flake and 80char columns
* associated_data cannot be None in _check_params, set to [] in calling function
* Update src/cryptography/hazmat/primitives/ciphers/aead.py
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* flake fix
---------
Co-authored-by: mat gas <none@none.com>
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* SSHCertificateBuilder
This adds support for generating SSH certificates
* add deterministic signing tests and valid_for_all_principals
* test another edge
* one of these two fixes makes no sense
* support SSH certificate parsing
DSA (deliberately) not supported
* make a unified API
* Update src/cryptography/hazmat/primitives/serialization/ssh.py
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* add unsafe_skip_rsa_key_validation
This allows users to skip RSA key validation when calling
load_pem_private_key, load_der_private_key, and
RSAPrivateNumbers.private_key. This is a significant performance
improvement but is **only safe if you know the key is valid**. If you
use this when the key is invalid OpenSSL makes no guarantees about what
might happen. Infinite loops, crashes, and all manner of terrible things
become possible if that occurs. Beware, beware, beware.
* Apply suggestions from code review
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* remove unneeded variable
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* docs: update of ChaCha20 specification in hazmat
Clarification of the term nonce, because it is not clear to the user that is the concatenation of 4-byte counter and 12-byte nonce. That is important for compatibility with other implementations.
* docs: reformat of ChaCha20 specification
* Update docs/hazmat/primitives/symmetric-encryption.rst
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* support setting more PKCS12 serialization encryption options
This is limited support, but makes it possible to set two different PBES
choices as well as set KDF rounds and MAC algorithm
* Apply suggestions from code review
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* review feedback redux
* Update docs/hazmat/primitives/asymmetric/serialization.rst
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
These let developers be more explicit about the allowable key lengths
for an AES key and make auditing the codebase a bit easier.
But that's not really why we're adding them. In some upcoming
serialization features we need to be able to specify AES 128 vs AES 256
and the current class doesn't work for that since it computes key
length from the key you provide it when instantiating the class.
That's incompatible with serialization where the key is derived
later in the process. C'est la vie.
* KBKDF: add CounterLocation.MiddleFixed
* tests_kbkdf: add new tests
- Test CounterLocation.MiddleFixed and blocation=
* test_kbkdf_vectors: make use of MIDDLE_FIXED
* docs: document KBKDF CounterLocation.MiddleFixed
* s/blocation/break_location/g
* CHANGELOG: document KBKDF{HMAC,CMAC} CounterLocation.MiddleFixed #7489
* kbkdf: fixed is static across n iterations, only the counter changes
* kbkdf: check break_location is 0..len(fixed)
- Update tests to assert exception is raised when
break_location < 0 or > len(fixed)
- When asserting for "break_location is ignored when MiddleFixed",
use break_location=0 instead of =10,
to ensure we don't raise because of break_location > len(fixed)
- Assert that the right error messages are returned to the user.
* kbkdf: keyword-only break_location
* docs: document kw-only KBKDF{HMAC,CMAC}
