Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 1b1327cfe537b9e7bdc271239d1025c2479239c3 / . / docs / hazmat / primitives / cryptographic-hashes.rst
blob: 383473780b22a1d52e4a035e2c8e084dce514646 [file] [log] [blame]
Alex Gaynoraf82d5e2013-10-29 17:07:24 -0700[diff] [blame]1.. hazmat::
Donald Stufftd8f01182013-10-27 16:59:56 -0400[diff] [blame]2
Donald Stuffte51fb932013-10-27 17:26:17 -0400[diff] [blame]3Message Digests
4===============
5
Donald Stufftf04317a2013-10-27 16:44:30 -0400[diff] [blame]6.. currentmodule:: cryptography.hazmat.primitives.hashes
David Reid1f3d7182013-10-22 16:55:18 -0700[diff] [blame]7
David Reidef0fcf22013-11-06 11:12:45 -0800[diff] [blame]8.. class:: Hash(algorithm, backend)
Matthew Iversen505491b2013-10-19 15:56:17 +1100[diff] [blame]9
David Reid55602982013-11-01 13:34:05 -0700[diff] [blame]10 A cryptographic hash function takes an arbitrary block of data and
11 calculates a fixed-size bit string (a digest), such that different data
12 results (with a high probability) in different digests.
Matthew Iversen505491b2013-10-19 15:56:17 +1100[diff] [blame]13
David Reid55602982013-11-01 13:34:05 -0700[diff] [blame]14 This is an implementation of
Alex Gaynorab5f0112013-11-08 10:34:00 -0800[diff] [blame]15 :class:`~cryptography.hazmat.primitives.interfaces.HashContext` meant to
David Reid55602982013-11-01 13:34:05 -0700[diff] [blame]16 be used with
Alex Gaynorab5f0112013-11-08 10:34:00 -0800[diff] [blame]17 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
David Reid55602982013-11-01 13:34:05 -0700[diff] [blame]18 implementations to provide an incremental interface to calculating
19 various message digests.
Alex Gaynor23d01a22013-10-28 10:14:46 -0700[diff] [blame]20
21 .. doctest::
David Reid846460a2013-11-06 11:24:50 -0800[diff] [blame]22
Alex Gaynorf8796b12013-12-13 20:28:55 -0800[diff] [blame]23 >>> from cryptography.hazmat.backends import default_backend
Alex Gaynor23d01a22013-10-28 10:14:46 -0700[diff] [blame]24 >>> from cryptography.hazmat.primitives import hashes
David Reid63fa19a2013-11-20 10:49:13 -0800[diff] [blame]25 >>> digest = hashes.Hash(hashes.SHA256(), backend=default_backend())
Alex Gaynor23d01a22013-10-28 10:14:46 -0700[diff] [blame]26 >>> digest.update(b"abc")
27 >>> digest.update(b"123")
David Reid30b16132013-10-31 13:37:24 -0700[diff] [blame]28 >>> digest.finalize()
29 'l\xa1=R\xcap\xc8\x83\xe0\xf0\xbb\x10\x1eBZ\x89\xe8bM\xe5\x1d\xb2\xd29%\x93\xafj\x84\x11\x80\x90'
Alex Gaynorf3b06cd2013-10-21 21:49:50 -0700[diff] [blame]30
Alex Stapleton1b1327c2013-12-21 15:16:57 +0000[diff] [blame^]31 If the backend doesn't support the requested ``algorithm`` an
32 :class:`~cryptography.exceptions.UnsupportedAlgorithm` will be raised.
33
Alex Gaynor94801292013-11-13 10:33:01 -0800[diff] [blame]34 Keep in mind that attacks against cryptographic hashes only get stronger
35 with time, and that often algorithms that were once thought to be strong,
36 become broken. Because of this it's important to include a plan for
37 upgrading the hash algorithm you use over time. For more information, see
38 `Lifetimes of cryptographic hash functions`_.
39
David Reid663295d2013-11-20 13:55:08 -0800[diff] [blame]40 :param algorithm: A
41 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
42 provider such as those described in
43 :ref:`below <cryptographic-hash-algorithms>`.
44 :param backend: A
Alex Gaynorf8796b12013-12-13 20:28:55 -0800[diff] [blame]45 :class:`~cryptography.hazmat.backends.interfaces.HashBackend`
David Reid663295d2013-11-20 13:55:08 -0800[diff] [blame]46 provider.
47
Paul Kehrer6b9ddeb2013-10-19 12:28:15 -0500[diff] [blame]48 .. method:: update(data)
Matthew Iversen505491b2013-10-19 15:56:17 +1100[diff] [blame]49
Alex Gaynorddc62f02013-10-20 06:14:24 -0700[diff] [blame]50 :param bytes data: The bytes you wish to hash.
David Reid6392a9c2013-11-13 10:01:15 -0800[diff] [blame]51 :raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize`
Matthew Iversen505491b2013-10-19 15:56:17 +1100[diff] [blame]52
53 .. method:: copy()
54
David Reid6392a9c2013-11-13 10:01:15 -0800[diff] [blame]55 Copy this :class:`Hash` instance, usually so that we may call
56 :meth:`finalize` and get an intermediate digest value while we continue
57 to call :meth:`update` on the original.
58
59 :return: A new instance of :class:`Hash` which can be updated
60 and finalized independently of the original instance.
61 :raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize`
Matthew Iversen505491b2013-10-19 15:56:17 +1100[diff] [blame]62
David Reid30b16132013-10-31 13:37:24 -0700[diff] [blame]63 .. method:: finalize()
Alex Gaynor14968452013-11-01 14:05:14 -0700[diff] [blame]64
David Reid55602982013-11-01 13:34:05 -0700[diff] [blame]65 Finalize the current context and return the message digest as bytes.
66
David Reid6392a9c2013-11-13 10:01:15 -0800[diff] [blame]67 Once ``finalize`` is called this object can no longer be used and
Alex Gaynor272d5372013-11-13 13:50:02 -0800[diff] [blame]68 :meth:`update`, :meth:`copy`, and :meth:`finalize` will raise
David Reid6392a9c2013-11-13 10:01:15 -0800[diff] [blame]69 :class:`~cryptography.exceptions.AlreadyFinalized`.
Matthew Iversen505491b2013-10-19 15:56:17 +1100[diff] [blame]70
71 :return bytes: The message digest as bytes.
72
Matthew Iversen505491b2013-10-19 15:56:17 +1100[diff] [blame]73
David Reid663295d2013-11-20 13:55:08 -0800[diff] [blame]74.. _cryptographic-hash-algorithms:
75
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]76SHA-1
Matthew Iversen505491b2013-10-19 15:56:17 +1100[diff] [blame]77~~~~~
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]78
79.. attention::
80
81 NIST has deprecated SHA-1 in favor of the SHA-2 variants. New applications
82 are strongly suggested to use SHA-2 over SHA-1.
83
David Reid1f3d7182013-10-22 16:55:18 -0700[diff] [blame]84.. class:: SHA1()
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]85
86 SHA-1 is a cryptographic hash function standardized by NIST. It has a
87 160-bit message digest.
88
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]89SHA-2 Family
Matthew Iversen505491b2013-10-19 15:56:17 +1100[diff] [blame]90~~~~~~~~~~~~
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]91
David Reid1f3d7182013-10-22 16:55:18 -0700[diff] [blame]92.. class:: SHA224()
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]93
94 SHA-224 is a cryptographic hash function from the SHA-2 family and
95 standardized by NIST. It has a 224-bit message digest.
96
David Reid1f3d7182013-10-22 16:55:18 -0700[diff] [blame]97.. class:: SHA256()
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]98
99 SHA-256 is a cryptographic hash function from the SHA-2 family and
100 standardized by NIST. It has a 256-bit message digest.
101
David Reid1f3d7182013-10-22 16:55:18 -0700[diff] [blame]102.. class:: SHA384()
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]103
104 SHA-384 is a cryptographic hash function from the SHA-2 family and
105 standardized by NIST. It has a 384-bit message digest.
106
David Reid1f3d7182013-10-22 16:55:18 -0700[diff] [blame]107.. class:: SHA512()
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]108
109 SHA-512 is a cryptographic hash function from the SHA-2 family and
110 standardized by NIST. It has a 512-bit message digest.
111
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]112RIPEMD160
Matthew Iversen505491b2013-10-19 15:56:17 +1100[diff] [blame]113~~~~~~~~~
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]114
David Reid1f3d7182013-10-22 16:55:18 -0700[diff] [blame]115.. class:: RIPEMD160()
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]116
117 RIPEMD160 is a cryptographic hash function that is part of ISO/IEC
118 10118-3:2004. It has a 160-bit message digest.
119
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]120Whirlpool
Matthew Iversen505491b2013-10-19 15:56:17 +1100[diff] [blame]121~~~~~~~~~
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]122
David Reid1f3d7182013-10-22 16:55:18 -0700[diff] [blame]123.. class:: Whirlpool()
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]124
125 Whirlpool is a cryptographic hash function that is part of ISO/IEC
126 10118-3:2004. It has a 512-bit message digest.
127
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]128MD5
Matthew Iversen505491b2013-10-19 15:56:17 +1100[diff] [blame]129~~~
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]130
131.. warning::
132
133 MD5 is a deprecated hash algorithm that has practical known collision
Alex Gaynorab5f0112013-11-08 10:34:00 -0800[diff] [blame]134 attacks. You are strongly discouraged from using it. Existing applications
135 should strongly consider moving away.
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]136
David Reid1f3d7182013-10-22 16:55:18 -0700[diff] [blame]137.. class:: MD5()
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]138
Paul Kehrer2b9b3012013-10-22 17:09:38 -0500[diff] [blame]139 MD5 is a deprecated cryptographic hash function. It has a 128-bit message
Paul Kehrer36e7d0d2013-10-18 18:54:40 -0500[diff] [blame]140 digest and has practical known collision attacks.
Alex Gaynor94801292013-11-13 10:33:01 -0800[diff] [blame]141
142
143.. _`Lifetimes of cryptographic hash functions`: http://valerieaurora.org/hash.html