Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 0d6203f25ad15d5e369e23c8a30ba9d2e42eaf1e / . / docs / hazmat / primitives / interfaces.rst
blob: 6029d1a9cfa2414970ce84e459b426f49444493c [file] [log] [blame]
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]1.. hazmat::
2
Paul Kehrer45efdbc2015-02-12 10:58:22 -0600[diff] [blame]3.. module:: cryptography.hazmat.primitives.interfaces
4
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]5Interfaces
6==========
7
8
9``cryptography`` uses `Abstract Base Classes`_ as interfaces to describe the
David Reidbd18bcd2013-11-07 13:13:30 -0800[diff] [blame]10properties and methods of most primitive constructs. Backends may also use
11this information to influence their operation. Interfaces should also be used
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]12to document argument and return types.
13
Alex Gaynore9df2942014-12-12 10:56:26 -0800[diff] [blame]14.. _`Abstract Base Classes`: https://docs.python.org/3/library/abc.html
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]15
16
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]17Asymmetric interfaces
Alex Gaynor645315b2014-06-23 11:55:55 -0700[diff] [blame]18---------------------
19
Paul Kehrer0d6203f2015-02-16 13:17:14 -0600[diff] [blame^]20In 0.8 the asymmetric signature and verification interfaces were moved to the
21:mod:`cryptography.hazmat.primitives.asymmetric` module.
Alex Gaynor645315b2014-06-23 11:55:55 -0700[diff] [blame]22
Paul Kehrer64ddb7a2015-02-14 19:20:28 -0600[diff] [blame]23In 0.8 the asymmetric padding interface was moved to the
24:mod:`cryptography.hazmat.primitives.asymmetric.padding` module.
Alex Gaynor645315b2014-06-23 11:55:55 -0700[diff] [blame]25
Paul Kehrerd2fa7d22015-02-12 00:15:02 -0600[diff] [blame]26DSA
27~~~
28
29In 0.8 the DSA key interfaces were moved to the
30:mod:`cryptography.hazmat.primitives.asymmetric.dsa` module.
31
Alex Gaynor645315b2014-06-23 11:55:55 -0700[diff] [blame]32
33RSA
34~~~
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]35
Alex Stapletonf79c2312014-12-30 12:50:14 +0000[diff] [blame]36In 0.8 the RSA key interfaces were moved to the
37:mod:`cryptography.hazmat.primitives.asymmetric.rsa` module.
Paul Kehrerf0a48c62014-06-07 17:04:13 -0500[diff] [blame]38
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]39
Alex Gaynor645315b2014-06-23 11:55:55 -0700[diff] [blame]40Elliptic Curve
41~~~~~~~~~~~~~~
42
Paul Kehrer3bc87ab2015-02-12 00:01:53 -0600[diff] [blame]43In 0.8 the EC key interfaces were moved to the
44:mod:`cryptography.hazmat.primitives.asymmetric.ec` module.
Paul Kehrere025be22014-09-24 11:26:48 -0500[diff] [blame]45
46
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]47Key derivation functions
Alex Gaynor645315b2014-06-23 11:55:55 -0700[diff] [blame]48------------------------
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]49
50.. class:: KeyDerivationFunction
51
Alex Gaynor8454c512014-01-28 07:01:54 -0800[diff] [blame]52 .. versionadded:: 0.2
53
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]54 .. method:: derive(key_material)
55
Alex Gaynore85e3562014-11-22 23:26:30 -0800[diff] [blame]56 :param bytes key_material: The input key material. Depending on what
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]57 key derivation function you are using this
Alex Gaynore85e3562014-11-22 23:26:30 -0800[diff] [blame]58 could be either random bytes, or a user
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]59 supplied password.
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]60 :return: The new key.
Alex Gaynore19e89f2014-01-28 06:58:43 -0800[diff] [blame]61 :raises cryptography.exceptions.AlreadyFinalized: This is raised when
62 :meth:`derive` or
63 :meth:`verify` is
64 called more than
65 once.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]66
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]67 This generates and returns a new key from the supplied key material.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]68
69 .. method:: verify(key_material, expected_key)
70
Alex Gaynore85e3562014-11-22 23:26:30 -0800[diff] [blame]71 :param bytes key_material: The input key material. This is the same as
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]72 ``key_material`` in :meth:`derive`.
Alex Gaynore85e3562014-11-22 23:26:30 -0800[diff] [blame]73 :param bytes expected_key: The expected result of deriving a new key,
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]74 this is the same as the return value of
75 :meth:`derive`.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]76 :raises cryptography.exceptions.InvalidKey: This is raised when the
77 derived key does not match
78 the expected key.
Alex Gaynore19e89f2014-01-28 06:58:43 -0800[diff] [blame]79 :raises cryptography.exceptions.AlreadyFinalized: This is raised when
80 :meth:`derive` or
81 :meth:`verify` is
82 called more than
83 once.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]84
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]85 This checks whether deriving a new key from the supplied
86 ``key_material`` generates the same key as the ``expected_key``, and
87 raises an exception if they do not match. This can be used for
88 something like checking whether a user's password attempt matches the
89 stored derived key.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]90
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]91
Terry Chiacc5e4452014-10-12 15:35:21 +0800[diff] [blame]92`Message Authentication Code`_
93------------------------------
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]94
95.. class:: CMACContext
96
Alex Gaynor7d156882014-10-20 10:40:34 -0700[diff] [blame]97 :class:`CMACContext` has been deprecated in favor of :class:`MACContext`.
Terry Chiac7c82f32014-10-20 12:15:22 +0800[diff] [blame]98
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]99 .. versionadded:: 0.4
100
101 .. method:: update(data)
102
Alex Gaynore85e3562014-11-22 23:26:30 -0800[diff] [blame]103 :param bytes data: The data you want to authenticate.
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]104
105 .. method:: finalize()
106
Ayrx7964c172014-04-15 21:50:58 +0800[diff] [blame]107 :return: The message authentication code.
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]108
109 .. method:: copy()
110
111 :return: A :class:`~cryptography.hazmat.primitives.interfaces.CMACContext`
112 that is a copy of the current context.
113
Terry Chiacc5e4452014-10-12 15:35:21 +0800[diff] [blame]114.. class:: MACContext
115
116 .. versionadded:: 0.7
117
118 .. method:: update(data)
119
Alex Gaynore85e3562014-11-22 23:26:30 -0800[diff] [blame]120 :param bytes data: The data you want to authenticate.
Terry Chiacc5e4452014-10-12 15:35:21 +0800[diff] [blame]121
122 .. method:: finalize()
123
124 :return: The message authentication code.
125
126 .. method:: copy()
127
Alex Gaynor7d156882014-10-20 10:40:34 -0700[diff] [blame]128 :return: A
129 :class:`~cryptography.hazmat.primitives.interfaces.MACContext` that
130 is a copy of the current context.
Terry Chiacc5e4452014-10-12 15:35:21 +0800[diff] [blame]131
Alex Gaynor7d156882014-10-20 10:40:34 -0700[diff] [blame]132 .. method:: verify(signature)
Terry Chiacc5e4452014-10-12 15:35:21 +0800[diff] [blame]133
Alex Gaynore85e3562014-11-22 23:26:30 -0800[diff] [blame]134 :param bytes signature: The signature to verify.
Terry Chiacc5e4452014-10-12 15:35:21 +0800[diff] [blame]135
136 :raises cryptography.exceptions.InvalidSignature: This is raised when
137 the provided signature does not match the expected signature.
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]138
Paul Kehrer05c122b2014-11-24 08:41:05 -1000[diff] [blame]139
Ayrx83cd3f82014-04-15 21:56:32 +0800[diff] [blame]140.. _`CMAC`: https://en.wikipedia.org/wiki/CMAC