docs/hazmat/primitives/hmac.rst - platform/external/python/cryptography - Gitiles

 .. hazmat::

 Hash-based Message Authentication Codes
 =======================================

 .. currentmodule:: cryptography.hazmat.primitives.hmac

 .. testsetup::

     import binascii
     key = binascii.unhexlify(b"0" * 32)

 Hash-based message authentication codes (or HMACs) are a tool for calculating
 message authentication codes using a cryptographic hash function coupled with a
 secret key. You can use an HMAC to verify integrity as well as authenticate a
 message.

 .. class:: HMAC(key, algorithm, backend)

     HMAC objects take a ``key`` and a provider of
     :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`.
     The ``key`` should be randomly generated bytes and is recommended to be
     equal in length to the ``digest_size`` of the hash function chosen.
     You must keep the ``key`` secret.

     This is an implementation of :rfc:`2104`.

     .. doctest::

         >>> from cryptography.hazmat.backends import default_backend
         >>> from cryptography.hazmat.primitives import hashes, hmac
         >>> h = hmac.HMAC(key, hashes.SHA256(), backend=default_backend())
         >>> h.update(b"message to hash")
         >>> h.finalize()
         '#F\xdaI\x8b"e\xc4\xf1\xbb\x9a\x8fc\xff\xf5\xdex.\xbc\xcd/+\x8a\x86\x1d\x84\'\xc3\xa6\x1d\xd8J'

     If the backend doesn't support the requested ``algorithm`` an
     :class:`~cryptography.exceptions.UnsupportedAlgorithm` will be raised.

     :param key: Secret key as ``bytes``.
     :param algorithm: A
         :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
         provider such as those described in
         :ref:`Cryptographic Hashes <cryptographic-hash-algorithms>`.
     :param backend: A
         :class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
         provider.

     .. method:: update(msg)

         :param bytes msg: The bytes to hash and authenticate.
         :raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize`

     .. method:: copy()

         Copy this :class:`HMAC` instance, usually so that we may call
         :meth:`finalize` and get an intermediate digest value while we continue
         to call :meth:`update` on the original.

         :return: A new instance of :class:`HMAC` which can be updated
             and finalized independently of the original instance.
         :raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize`

     .. method:: finalize()

         Finalize the current context and return the message digest as bytes.

         Once ``finalize`` is called this object can no longer be used and
         :meth:`update`, :meth:`copy`, and :meth:`finalize` will raise
         :class:`~cryptography.exceptions.AlreadyFinalized`.

         :return bytes: The message digest as bytes.
         :raises cryptography.exceptions.AlreadyFinalized:
	.. hazmat::

	Hash-based Message Authentication Codes
	=======================================

	.. currentmodule:: cryptography.hazmat.primitives.hmac

	.. testsetup::

	import binascii
	key = binascii.unhexlify(b"0" * 32)

	Hash-based message authentication codes (or HMACs) are a tool for calculating
	message authentication codes using a cryptographic hash function coupled with a
	secret key. You can use an HMAC to verify integrity as well as authenticate a
	message.

	.. class:: HMAC(key, algorithm, backend)

	HMAC objects take a ``key`` and a provider of
	:class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`.
	The ``key`` should be randomly generated bytes and is recommended to be
	equal in length to the ``digest_size`` of the hash function chosen.
	You must keep the ``key`` secret.

	This is an implementation of :rfc:`2104`.

	.. doctest::

	>>> from cryptography.hazmat.backends import default_backend
	>>> from cryptography.hazmat.primitives import hashes, hmac
	>>> h = hmac.HMAC(key, hashes.SHA256(), backend=default_backend())
	>>> h.update(b"message to hash")
	>>> h.finalize()
	'#F\xdaI\x8b"e\xc4\xf1\xbb\x9a\x8fc\xff\xf5\xdex.\xbc\xcd/+\x8a\x86\x1d\x84\'\xc3\xa6\x1d\xd8J'

	If the backend doesn't support the requested ``algorithm`` an
	:class:`~cryptography.exceptions.UnsupportedAlgorithm` will be raised.

	:param key: Secret key as ``bytes``.
	:param algorithm: A
	:class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
	provider such as those described in
	:ref:`Cryptographic Hashes <cryptographic-hash-algorithms>`.
	:param backend: A
	:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
	provider.

	.. method:: update(msg)

	:param bytes msg: The bytes to hash and authenticate.
	:raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize`

	.. method:: copy()

	Copy this :class:`HMAC` instance, usually so that we may call
	:meth:`finalize` and get an intermediate digest value while we continue
	to call :meth:`update` on the original.

	:return: A new instance of :class:`HMAC` which can be updated
	and finalized independently of the original instance.
	:raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize`

	.. method:: finalize()

	Finalize the current context and return the message digest as bytes.

	Once ``finalize`` is called this object can no longer be used and
	:meth:`update`, :meth:`copy`, and :meth:`finalize` will raise
	:class:`~cryptography.exceptions.AlreadyFinalized`.

	:return bytes: The message digest as bytes.
	:raises cryptography.exceptions.AlreadyFinalized: