diff --git a/Changelog.rst b/Changelog.rst index 4bb3ba7c4..d6d9be203 100644 --- a/Changelog.rst +++ b/Changelog.rst @@ -1,58 +1,58 @@ Changelog ========= -3.4 (???) +3.4 (7 February 2016) +++++++++++++++++++ New features ------------ -* For CBC/CFB/OFB/CTR, `encrypt` and `decrypt` cannot be intermixed. -* For CBC/CFB/OFB, the cipher object has both `IV` and `iv` attributes. - `new` accepts `IV` as well as `iv` as parameter. -* For CFB/OPENPGP, `encrypt` and `decrypt` do not require the plaintext +* Added ``Crypto.PublicKey.ECC`` module (NIST P-256 curve only), including export/import of ECC keys. +* Added support for ECDSA (FIPS 186-3 and RFC6979). +* For CBC/CFB/OFB/CTR cipher objects, ``encrypt()`` and ``decrypt()`` cannot be intermixed. +* CBC/CFB/OFB, the cipher objects have both ``IV`` and ``iv`` attributes. + ``new()`` accepts ``IV`` as well as ``iv`` as parameter. +* For CFB/OPENPGP cipher object, ``encrypt()`` and ``decrypt()`` do not require the plaintext or ciphertext pieces to have length multiple of the CFB segment size. -* Dedicated tests for all cipher modes, including NIST test vectors -* CTR/CCM/EAX/GCM/SIV/Salsa20/ChaCha20 objects expose the new attribute `nonce`. +* Added dedicated tests for all cipher modes, including NIST test vectors +* CTR/CCM/EAX/GCM/SIV/Salsa20/ChaCha20 objects expose the ``nonce`` attribute. * For performance reasons, CCM cipher optionally accepted a pre-declaration of the length of the associated data, but never checked if the actual data passed - to the cipher really matched that length. Now, such check is enforced. -* CTR cipher accepts parameter `nonce` and possibly `initial_value` in - alternative to `counter` (which is deprecated). -* All `iv`/`IV` and `nonce` parameters are optional. If not provided, - they will be randomly generated (exception: `nonce` for CTR mode in case + to the cipher really matched that length. Such check is now enforced. +* CTR cipher objects accept parameter ``nonce`` and possibly ``initial_value`` in + alternative to ``counter`` (which is deprecated). +* All ``iv``/``IV`` and ``nonce`` parameters are optional. If not provided, + they will be randomly generated (exception: ``nonce`` for CTR mode in case of block sizes smaller than 16 bytes). * Refactored ARC2 cipher. -* Added `Crypto.Cipher.DES3.adjust_key_parity` function. -* Added `Public.ECC` module (P-256 curve only), including export/import of ECC keys. -* Added support for ECDSA (FIPS 186-3 and RFC6979). -* Added `RSA.import_key` as an alias to the deprecated `RSA.importKey` - (same for the `DSA` module). -* Added `size_in_bits` and `size_in_bytes` methods to `RsaKey`. +* Added ``Crypto.Cipher.DES3.adjust_key_parity()`` function. +* Added ``RSA.import_key`` as an alias to the deprecated ``RSA.importKey`` + (same for the ``DSA`` module). +* Added ``size_in_bits()`` and ``size_in_bytes()`` methods to ``RsaKey``. Resolved issues --------------- -* RSA key size is now returned correctly in `RsaKey.__repr__` method (kudos to hannesv). -* CTR mode does not modify anymore `counter` parameter passed to 'new' method. -* CTR raises `OverflowError` instead of `ValueError` when the counter wraps around. +* RSA key size is now returned correctly in ``RsaKey.__repr__()`` method (kudos to *hannesv*). +* CTR mode does not modify anymore ``counter`` parameter passed to ``new()`` method. +* CTR raises ``OverflowError`` instead of ``ValueError`` when the counter wraps around. * PEM files with Windows newlines could not be imported. -* `Crypto.IO.PEM` and `Crypto.IO.PKCS8` used to accept empty passphrases. -* GH#6: NotImplementedError now raised for unsupported methods `sign`, `verify`, - `encrypt`, `decrypt`, `blind`, `unblind` and `size` in objects `RsaKey`, `DsaKey`, - `ElGamalKey`. +* ``Crypto.IO.PEM`` and ``Crypto.IO.PKCS8`` used to accept empty passphrases. +* GH#6: NotImplementedError now raised for unsupported methods ``sign``, ``verify``, + ``encrypt``, ``decrypt``, ``blind``, ``unblind`` and ``size`` in objects ``RsaKey``, ``DsaKey``, + ``ElGamalKey``. Breaks in compatibility ----------------------- -* Parameter `segment_size` cannot be 0 for the CFB mode. -* For OCB ciphers, a final call without parameters to `encrypt` must end a sequence - of calls to `encrypt` with data (similarly for `decrypt`). -* Key size for `ARC2`, `ARC4` and `Blowfish` must be at least 40 bits long (still very weak). +* Parameter ``segment_size`` cannot be 0 for the CFB mode. +* For OCB ciphers, a final call without parameters to ``encrypt`` must end a sequence + of calls to ``encrypt`` with data (similarly for ``decrypt``). +* Key size for ``ARC2``, ``ARC4`` and ``Blowfish`` must be at least 40 bits long (still very weak). * DES3 (Triple DES module) does not allow keys that degenerate to Single DES. -* Removed method `getRandomNumber` in `Crypto.Util.number`. -* Removed module `Crypto.pct_warnings`. -* Removed attribute `Crypto.PublicKey.RSA.algorithmIdentifier`. +* Removed method ``getRandomNumber`` in ``Crypto.Util.number``. +* Removed module ``Crypto.pct_warnings``. +* Removed attribute ``Crypto.PublicKey.RSA.algorithmIdentifier``. 3.3.1 (1 November 2015) +++++++++++++++++++ @@ -60,7 +60,7 @@ Breaks in compatibility New features ------------ -* Opt-in for `update` after `digest` for SHA-3, keccak, BLAKE2 hashes +* Opt-in for ``update()`` after ``digest()`` for SHA-3, keccak, BLAKE2 hashes Resolved issues ------------ @@ -71,8 +71,8 @@ Resolved issues Breaks in compatibility ----------------------- -* Removed method `copy` from BLAKE2 hashes -* Removed ability to `update` a BLAKE2 hash after the first call to `(hex)digest` +* Removed method ``copy()`` from BLAKE2 hashes +* Removed ability to ``update()`` a BLAKE2 hash after the first call to ``(hex)digest()`` 3.3 (29 October 2015) +++++++++++++++++++ @@ -95,8 +95,8 @@ Resolved issues Breaks in compatibility ----------------------- -* Removed method `copy` from all SHA-3 hashes -* Removed ability to `update` a SHA-3 hash after the first call to `(hex)digest` +* Removed method ``copy()`` from all SHA-3 hashes +* Removed ability to ``update()`` a SHA-3 hash after the first call to ``(hex)digest()`` 3.2.1 (9 September 2015) +++++++++++++++++++ diff --git a/FuturePlans.rst b/FuturePlans.rst index 54966eefd..e24ab774e 100644 --- a/FuturePlans.rst +++ b/FuturePlans.rst @@ -9,6 +9,7 @@ Future releases will include: - Add unit tests for PEM I/O - Move old ciphers into a Museum submodule - Add more ECC curves +- Import/export of ECC keys with compressed points - Add algorithms: - Poly1305 - Elliptic Curves (ECIES, ECDH) diff --git a/README.rst b/README.rst index 6969cd696..125b31b49 100644 --- a/README.rst +++ b/README.rst @@ -52,7 +52,7 @@ All the code can be downloaded from `GitHub`_. News ---- -* **?? 2015 (NEW()**. Release 3.4. +* **7 Feb 2016 (NEW)**. Release 3.4. * Nov 2015. Release 3.3.1. * 29 Oct 2015. Release 3.3. * 9 Sep 2015. Minor release 3.2.1. diff --git a/lib/Crypto/Cipher/_mode_cbc.py b/lib/Crypto/Cipher/_mode_cbc.py index 76b878577..f1b8dffe8 100644 --- a/lib/Crypto/Cipher/_mode_cbc.py +++ b/lib/Crypto/Cipher/_mode_cbc.py @@ -109,12 +109,15 @@ def __init__(self, block_cipher, iv): # by the cipher mode block_cipher.release() - #: The block size of the underlying cipher, in bytes. self.block_size = len(iv) + """The block size of the underlying cipher, in bytes.""" - #: The Initialization Vector originally used to create the object. - #: The value does not change. - self.IV = self.iv = iv + self.iv = iv + """The Initialization Vector originally used to create the object. + The value does not change.""" + + self.IV = iv + """Alias for `iv`""" self._next = [ self.encrypt, self.decrypt ] diff --git a/lib/Crypto/Cipher/_mode_ccm.py b/lib/Crypto/Cipher/_mode_ccm.py index e5ee44ecd..d9ac6338c 100644 --- a/lib/Crypto/Cipher/_mode_ccm.py +++ b/lib/Crypto/Cipher/_mode_ccm.py @@ -111,11 +111,11 @@ class CcmMode(object): def __init__(self, factory, key, nonce, mac_len, msg_len, assoc_len, cipher_params): - #: The block size of the underlying cipher, in bytes. self.block_size = factory.block_size + """The block size of the underlying cipher, in bytes.""" - #: The nonce used for this cipher instance self.nonce = nonce + """The nonce used for this cipher instance""" self._factory = factory self._key = key diff --git a/lib/Crypto/Cipher/_mode_cfb.py b/lib/Crypto/Cipher/_mode_cfb.py index fa95e13ea..0bdbce0b1 100644 --- a/lib/Crypto/Cipher/_mode_cfb.py +++ b/lib/Crypto/Cipher/_mode_cfb.py @@ -108,12 +108,15 @@ def __init__(self, block_cipher, iv, segment_size): # by the cipher mode block_cipher.release() - #: The block size of the underlying cipher, in bytes. self.block_size = len(iv) + """The block size of the underlying cipher, in bytes.""" - #: The Initialization Vector originally used to create the object. - #: The value does not change. - self.IV = self.iv = iv + self.iv = iv + """The Initialization Vector originally used to create the object. + The value does not change.""" + + self.IV = iv + """Alias for `iv`""" self._next = [ self.encrypt, self.decrypt ] diff --git a/lib/Crypto/Cipher/_mode_ctr.py b/lib/Crypto/Cipher/_mode_ctr.py index 78d92de4e..d96a90eeb 100644 --- a/lib/Crypto/Cipher/_mode_ctr.py +++ b/lib/Crypto/Cipher/_mode_ctr.py @@ -116,8 +116,8 @@ def __init__(self, block_cipher, initial_counter_block, """ if len(initial_counter_block) == prefix_len + counter_len: - #: Nonce; not available if there is a fixed suffix self.nonce = initial_counter_block[:prefix_len] + """Nonce; not available if there is a fixed suffix""" expect_byte_string(initial_counter_block) self._state = VoidPointer() @@ -141,8 +141,8 @@ def __init__(self, block_cipher, initial_counter_block, # by the cipher mode block_cipher.release() - #: The block size of the underlying cipher, in bytes. self.block_size = len(initial_counter_block) + """The block size of the underlying cipher, in bytes.""" self._next = [self.encrypt, self.decrypt] diff --git a/lib/Crypto/Cipher/_mode_eax.py b/lib/Crypto/Cipher/_mode_eax.py index 28b7377de..930a9c516 100644 --- a/lib/Crypto/Cipher/_mode_eax.py +++ b/lib/Crypto/Cipher/_mode_eax.py @@ -76,7 +76,10 @@ def __init__(self, factory, key, nonce, mac_len, cipher_params): """EAX cipher mode""" self.block_size = factory.block_size + """The block size of the underlying cipher, in bytes.""" + self.nonce = nonce + """The nonce originally used to create the object.""" self._mac_len = mac_len self._mac_tag = None # Cache for MAC tag diff --git a/lib/Crypto/Cipher/_mode_gcm.py b/lib/Crypto/Cipher/_mode_gcm.py index caf558a93..4955c0e2b 100644 --- a/lib/Crypto/Cipher/_mode_gcm.py +++ b/lib/Crypto/Cipher/_mode_gcm.py @@ -147,8 +147,8 @@ def __init__(self, factory, key, nonce, mac_len, cipher_params): if not byte_string(nonce): raise TypeError("Nonce must be a byte string") - #: Nonce self.nonce = nonce + """Nonce""" self._factory = factory self._key = key diff --git a/lib/Crypto/Cipher/_mode_ocb.py b/lib/Crypto/Cipher/_mode_ocb.py index 19fc16ddd..c755e61d9 100644 --- a/lib/Crypto/Cipher/_mode_ocb.py +++ b/lib/Crypto/Cipher/_mode_ocb.py @@ -115,10 +115,11 @@ def __init__(self, factory, nonce, mac_len, cipher_params): raise ValueError("OCB mode is only available for ciphers" " that operate on 128 bits blocks") - #: The block size of the underlying cipher, in bytes. self.block_size = 16 + """The block size of the underlying cipher, in bytes.""" self.nonce = nonce + """Nonce used for this session.""" if len(nonce) not in range(1, 16): raise ValueError("Nonce must be at most 15 bytes long") diff --git a/lib/Crypto/Cipher/_mode_ofb.py b/lib/Crypto/Cipher/_mode_ofb.py index 66b43f868..387ff880b 100644 --- a/lib/Crypto/Cipher/_mode_ofb.py +++ b/lib/Crypto/Cipher/_mode_ofb.py @@ -105,12 +105,15 @@ def __init__(self, block_cipher, iv): # by the cipher mode block_cipher.release() - #: The block size of the underlying cipher, in bytes. self.block_size = len(iv) + """The block size of the underlying cipher, in bytes.""" - #: The Initialization Vector originally used to create the object. - #: The value does not change. - self.IV = self.iv = iv + self.iv = iv + """The Initialization Vector originally used to create the object. + The value does not change.""" + + self.IV = iv + """Alias for `iv`""" self._next = [ self.encrypt, self.decrypt ] diff --git a/lib/Crypto/Cipher/_mode_siv.py b/lib/Crypto/Cipher/_mode_siv.py index 9e51e4c65..7ab8e59c1 100644 --- a/lib/Crypto/Cipher/_mode_siv.py +++ b/lib/Crypto/Cipher/_mode_siv.py @@ -87,7 +87,10 @@ class SivMode(object): """ def __init__(self, factory, key, nonce, kwargs): + self.block_size = factory.block_size + """The block size of the underlying cipher, in bytes.""" + self._factory = factory self._nonce = nonce @@ -103,9 +106,9 @@ def __init__(self, factory, key, nonce, kwargs): if len(nonce) == 0: raise ValueError("When provided, the nonce must be non-empty") - #: Public attribute is only available in case of non-deterministic - #: encryption self.nonce = nonce + """Public attribute is only available in case of non-deterministic + encryption.""" subkey_size = len(key) // 2 diff --git a/lib/Crypto/PublicKey/ECC.py b/lib/Crypto/PublicKey/ECC.py index cb47a6eac..c1fd081e4 100644 --- a/lib/Crypto/PublicKey/ECC.py +++ b/lib/Crypto/PublicKey/ECC.py @@ -105,7 +105,10 @@ class _Curve(object): class EccPoint(object): - """A class to abstract a point over an Elliptic Curve.""" + """A class to abstract a point over an Elliptic Curve. + + :undocumented: __init__, __eq__, __neg__, __iadd__, __add__, __mul__ + """ def __init__(self, x, y): self._x = Integer(x) diff --git a/lib/Crypto/Signature/DSS.py b/lib/Crypto/Signature/DSS.py index c4d1b6bad..60b8e12a0 100644 --- a/lib/Crypto/Signature/DSS.py +++ b/lib/Crypto/Signature/DSS.py @@ -75,7 +75,10 @@ class DssSigScheme(object): - """This signature scheme can perform DSS signature or verification.""" + """This signature scheme can perform DSS signature or verification. + + :undocumented: __init__ + """ def __init__(self, key, encoding, order): """Create a new Digital Signature Standard (DSS) object. diff --git a/lib/Crypto/__init__.py b/lib/Crypto/__init__.py index b7c927346..29782080a 100644 --- a/lib/Crypto/__init__.py +++ b/lib/Crypto/__init__.py @@ -44,4 +44,4 @@ __all__ = ['Cipher', 'Hash', 'Protocol', 'PublicKey', 'Util', 'Signature', 'IO', 'Math'] -version_info = (3, 4, "rc1") +version_info = (3, 4, None)