Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 20c99038a184928282d5b0598e7c201c0b851851 / . / docs / hazmat / primitives / interfaces.rst
blob: 97f89b283a3deb0eb4cf187a2f00ecd9883634c0 [file] [log] [blame]
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]1.. hazmat::
2
3Interfaces
4==========
5
6
7``cryptography`` uses `Abstract Base Classes`_ as interfaces to describe the
David Reidbd18bcd2013-11-07 13:13:30 -0800[diff] [blame]8properties and methods of most primitive constructs. Backends may also use
9this information to influence their operation. Interfaces should also be used
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]10to document argument and return types.
11
David Reid9ed25e42013-11-07 13:15:27 -0800[diff] [blame]12.. _`Abstract Base Classes`: http://docs.python.org/3.2/library/abc.html
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]13
14
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]15Symmetric ciphers
David Reid0a394df2013-11-15 16:19:50 -0800[diff] [blame]16~~~~~~~~~~~~~~~~~
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]17
18.. currentmodule:: cryptography.hazmat.primitives.interfaces
19
David Reid0a394df2013-11-15 16:19:50 -0800[diff] [blame]20
21.. class:: CipherAlgorithm
22
23 A named symmetric encryption algorithm.
24
25 .. attribute:: name
26
27 :type: str
28
29 The standard name for the mode, for example, "AES", "Camellia", or
30 "Blowfish".
31
32 .. attribute:: key_size
33
34 :type: int
35
36 The number of bits in the key being used.
37
38
David Reid668d4802013-12-17 11:53:43 -0800[diff] [blame]39.. class:: BlockCipherAlgorithm
40
41 A block cipher algorithm.
42
43 .. attribute:: block_size
44
45 :type: int
46
47 The number of bits in a block.
48
49
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]50Cipher modes
David Reid0a394df2013-11-15 16:19:50 -0800[diff] [blame]51------------
52
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]53Interfaces used by the symmetric cipher modes described in
54:ref:`Symmetric Encryption Modes <symmetric-encryption-modes>`.
55
56.. class:: Mode
57
58 A named cipher mode.
59
60 .. attribute:: name
61
62 :type: str
63
64 This should be the standard shorthand name for the mode, for example
65 Cipher-Block Chaining mode is "CBC".
66
67 The name may be used by a backend to influence the operation of a
68 cipher in conjunction with the algorithm's name.
69
Alex Gaynor9626b5a2013-11-19 16:49:26 -0800[diff] [blame]70 .. method:: validate_for_algorithm(algorithm)
71
72 :param CipherAlgorithm algorithm:
73
74 Checks that the combination of this mode with the provided algorithm
75 meets any necessary invariants. This should raise an exception if they
76 are not met.
77
78 For example, the :class:`~cryptography.hazmat.primitives.modes.CBC`
79 mode uses this method to check that the provided initialization
80 vector's length matches the block size of the algorithm.
81
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]82
83.. class:: ModeWithInitializationVector
84
85 A cipher mode with an initialization vector.
86
87 .. attribute:: initialization_vector
88
89 :type: bytes
90
91 Exact requirements of the initialization are described by the
92 documentation of individual modes.
93
94
95.. class:: ModeWithNonce
96
97 A cipher mode with a nonce.
98
99 .. attribute:: nonce
100
101 :type: bytes
102
103 Exact requirements of the nonce are described by the documentation of
104 individual modes.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]105
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]106Asymmetric interfaces
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]107~~~~~~~~~~~~~~~~~~~~~
108
109.. class:: RSAPrivateKey
110
Paul Kehrer46688b12014-01-26 13:23:13 -0600[diff] [blame]111 .. versionadded:: 0.2
Paul Kehrer82629f42014-01-26 12:25:02 -0600[diff] [blame]112
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]113 An `RSA`_ private key.
114
Paul Kehrer01cdfb22014-04-15 11:27:03 -0400[diff] [blame]115 .. method:: signer(padding, algorithm, backend)
116
117 .. versionadded:: 0.3
118
119 Sign data which can be verified later by others using the public key.
120
121 :param padding: An instance of a
122 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
123 provider.
124
125 :param algorithm: An instance of a
126 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
127 provider.
128
129 :param backend: A
130 :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
131 provider.
132
133 :returns:
134 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
135
Paul Kehrer27f9ca62014-04-15 17:59:27 -0400[diff] [blame]136 .. method:: decrypt(ciphertext, padding, backend)
137
138 .. versionadded:: 0.4
139
140 Decrypt data that was encrypted via the public key.
141
142 :param bytes ciphertext: The ciphertext to decrypt.
143
144 :param padding: An instance of a
145 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
146 provider.
147
148 :param backend: A
149 :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
150 provider.
151
152 :return bytes: Decrypted data.
153
Paul Kehrer0e94fbe2014-01-26 11:47:21 -0600[diff] [blame]154 .. method:: public_key()
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]155
Paul Kehrer359b9462014-01-26 12:03:05 -0600[diff] [blame]156 :return: :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]157
158 An RSA public key object corresponding to the values of the private key.
159
160 .. attribute:: modulus
161
Paul Kehrerd527b302014-01-26 11:41:38 -0600[diff] [blame]162 :type: int
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]163
Paul Kehrer0e94fbe2014-01-26 11:47:21 -0600[diff] [blame]164 The public modulus.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]165
166 .. attribute:: public_exponent
167
168 :type: int
169
Paul Kehrer0e94fbe2014-01-26 11:47:21 -0600[diff] [blame]170 The public exponent.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]171
Alex Gaynor2649a692014-02-03 07:14:16 -0800[diff] [blame]172 .. attribute:: private_exponent
173
174 :type: int
175
176 The private exponent.
177
Alex Stapletonee3e6bf2014-02-02 21:13:48 +0000[diff] [blame]178 .. attribute:: key_size
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]179
180 :type: int
181
182 The bit length of the modulus.
183
184 .. attribute:: p
185
Paul Kehrerd527b302014-01-26 11:41:38 -0600[diff] [blame]186 :type: int
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]187
Alex Gaynor2a918742014-01-26 16:53:44 -0600[diff] [blame]188 ``p``, one of the two primes composing the :attr:`modulus`.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]189
190 .. attribute:: q
191
Paul Kehrerd527b302014-01-26 11:41:38 -0600[diff] [blame]192 :type: int
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]193
Alex Gaynor2a918742014-01-26 16:53:44 -0600[diff] [blame]194 ``q``, one of the two primes composing the :attr:`modulus`.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]195
196 .. attribute:: d
197
Paul Kehrerd527b302014-01-26 11:41:38 -0600[diff] [blame]198 :type: int
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]199
Alex Gaynor2649a692014-02-03 07:14:16 -0800[diff] [blame]200 The private exponent. Alias for :attr:`private_exponent`.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]201
Paul Kehrer8e9c9842014-02-13 12:23:27 -0600[diff] [blame]202 .. attribute:: dmp1
203
204 :type: int
205
206 A `Chinese remainder theorem`_ coefficient used to speed up RSA
207 operations. Calculated as: d mod (p-1)
208
209 .. attribute:: dmq1
210
211 :type: int
212
213 A `Chinese remainder theorem`_ coefficient used to speed up RSA
214 operations. Calculated as: d mod (q-1)
215
216 .. attribute:: iqmp
217
218 :type: int
219
220 A `Chinese remainder theorem`_ coefficient used to speed up RSA
221 operations. Calculated as: q\ :sup:`-1` mod p
222
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]223 .. attribute:: n
224
Paul Kehrerd527b302014-01-26 11:41:38 -0600[diff] [blame]225 :type: int
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]226
Alex Gaynor2a918742014-01-26 16:53:44 -0600[diff] [blame]227 The public modulus. Alias for :attr:`modulus`.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]228
229 .. attribute:: e
230
231 :type: int
232
Alex Gaynor2a918742014-01-26 16:53:44 -0600[diff] [blame]233 The public exponent. Alias for :attr:`public_exponent`.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]234
235
236.. class:: RSAPublicKey
237
Paul Kehrer46688b12014-01-26 13:23:13 -0600[diff] [blame]238 .. versionadded:: 0.2
Paul Kehrer82629f42014-01-26 12:25:02 -0600[diff] [blame]239
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]240 An `RSA`_ public key.
241
Paul Kehrer01cdfb22014-04-15 11:27:03 -0400[diff] [blame]242 .. method:: verifier(signature, padding, algorithm, backend)
243
244 .. versionadded:: 0.3
245
246 Verify data was signed by the private key associated with this public
247 key.
248
249 :param bytes signature: The signature to verify.
250
251 :param padding: An instance of a
252 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
253 provider.
254
255 :param algorithm: An instance of a
256 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
257 provider.
258
259 :param backend: A
260 :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
261 provider.
262
263 :returns:
264 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
265
Paul Kehrer4e602f32014-04-24 12:07:54 -0500[diff] [blame]266 .. method:: encrypt(plaintext, padding, backend)
267
268 .. versionadded:: 0.4
269
270 Encrypt data with the public key.
271
272 :param bytes plaintext: The plaintext to encrypt.
273
274 :param padding: An instance of a
275 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
276 provider.
277
278 :param backend: A
279 :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
280 provider.
281
282 :return bytes: Encrypted data.
Paul Kehrer01cdfb22014-04-15 11:27:03 -0400[diff] [blame]283
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]284 .. attribute:: modulus
285
Paul Kehrerd527b302014-01-26 11:41:38 -0600[diff] [blame]286 :type: int
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]287
Paul Kehrer0e94fbe2014-01-26 11:47:21 -0600[diff] [blame]288 The public modulus.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]289
Alex Stapletonee3e6bf2014-02-02 21:13:48 +0000[diff] [blame]290 .. attribute:: key_size
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]291
292 :type: int
293
294 The bit length of the modulus.
295
296 .. attribute:: public_exponent
297
298 :type: int
299
Paul Kehrer0e94fbe2014-01-26 11:47:21 -0600[diff] [blame]300 The public exponent.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]301
302 .. attribute:: n
303
Paul Kehrerd527b302014-01-26 11:41:38 -0600[diff] [blame]304 :type: int
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]305
Alex Gaynor2a918742014-01-26 16:53:44 -0600[diff] [blame]306 The public modulus. Alias for :attr:`modulus`.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]307
308 .. attribute:: e
309
310 :type: int
311
Alex Gaynor2a918742014-01-26 16:53:44 -0600[diff] [blame]312 The public exponent. Alias for :attr:`public_exponent`.
313
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]314
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]315.. class:: DSAParameters
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]316
317 .. versionadded:: 0.3
318
319 `DSA`_ parameters.
320
321 .. attribute:: modulus
322
323 :type: int
324
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]325 The prime modulus that is used in generating the DSA key pair and used
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]326 in the DSA signing and verification processes.
327
328 .. attribute:: subgroup_order
329
330 :type: int
331
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]332 The subgroup order that is used in generating the DSA key pair
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]333 by the generator and used in the DSA signing and verification
334 processes.
335
336 .. attribute:: generator
337
338 :type: int
339
Mohammed Attiacb9a6c22014-03-04 04:16:35 +0200[diff] [blame]340 The generator that is used in generating the DSA key pair and used
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]341 in the DSA signing and verification processes.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]342
343 .. attribute:: p
344
345 :type: int
346
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]347 The prime modulus that is used in generating the DSA key pair and used
Mohammed Attia70324512014-03-04 03:34:39 +0200[diff] [blame]348 in the DSA signing and verification processes. Alias for :attr:`modulus`.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]349
350 .. attribute:: q
351
352 :type: int
353
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]354 The subgroup order that is used in generating the DSA key pair
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]355 by the generator and used in the DSA signing and verification
Mohammed Attia70324512014-03-04 03:34:39 +0200[diff] [blame]356 processes. Alias for :attr:`subgroup_order`.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]357
358 .. attribute:: g
359
360 :type: int
361
Mohammed Attiacb9a6c22014-03-04 04:16:35 +0200[diff] [blame]362 The generator that is used in generating the DSA key pair and used
Mohammed Attia70324512014-03-04 03:34:39 +0200[diff] [blame]363 in the DSA signing and verification processes. Alias for :attr:`generator`.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]364
365
366.. class:: DSAPrivateKey
367
368 .. versionadded:: 0.3
369
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]370 A `DSA`_ private key.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]371
372 .. method:: public_key()
373
374 :return: :class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey`
375
376 An DSA public key object corresponding to the values of the private key.
377
378 .. method:: parameters()
379
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]380 :return: :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]381
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]382 The DSAParameters object associated with this private key.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]383
Paul Kehrer0b3ff3b2014-05-01 15:34:42 -0500[diff] [blame]384 .. method:: signer(algorithm, backend)
385
386 .. versionadded:: 0.4
387
388 Sign data which can be verified later by others using the public key.
389
390 :param algorithm: An instance of a
391 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
392 provider.
393
394 :param backend: A
395 :class:`~cryptography.hazmat.backends.interfaces.DSABackend`
396 provider.
397
398 :returns:
399 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
400
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]401 .. attribute:: key_size
402
403 :type: int
404
405 The bit length of the modulus.
406
407 .. attribute:: x
408
409 :type: int
410
411 The private key.
412
413 .. attribute:: y
414
415 :type: int
416
417 The public key.
418
419
420.. class:: DSAPublicKey
421
422 .. versionadded:: 0.3
423
Mohammed Attiaedacb142014-03-17 12:28:23 +0200[diff] [blame]424 A `DSA`_ public key.
425
426 .. attribute:: key_size
427
428 :type: int
429
430 The bit length of the modulus.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]431
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]432 .. attribute:: y
433
434 :type: int
435
436 The public key.
437
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]438 .. method:: parameters()
439
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]440 :return: :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]441
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]442 The DSAParameters object associated with this public key.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]443
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]444 .. method:: verifier(signature, algorithm, backend)
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]445
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]446 .. versionadded:: 0.4
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]447
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]448 Verify data was signed by the private key associated with this public
449 key.
450
Paul Kehrere0aeaf82014-05-01 11:58:23 -0500[diff] [blame]451 :param bytes signature: The signature to verify. DER encoded as
452 specified in :rfc:`6979`.
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]453
454 :param algorithm: An instance of a
455 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
456 provider.
457
458 :param backend: A
459 :class:`~cryptography.hazmat.backends.interfaces.DSABackend`
460 provider.
461
462 :returns:
463 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]464
465
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]466.. class:: EllipticCurve
467
Alex Stapleton20c99032014-05-03 21:06:46 +0100[diff] [blame^]468 .. versionadded:: 0.5
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]469
470 A named elliptic curve.
471
472 .. attribute:: name
473
474 :type: string
475
476 The name of the curve. Usually the name used for the ASN.1 OID such as
477 "secp256k1".
478
479 .. attribute:: key_size
480
481 :type: int
482
483 The bit length of the curves base point.
484
485
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]486.. class:: EllipticCurveSignatureAlgorithm
487
Alex Stapleton20c99032014-05-03 21:06:46 +0100[diff] [blame^]488 .. versionadded:: 0.5
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]489
490 A signature algorithm for use with elliptic curve keys.
491
Alex Stapleton80228a12014-04-20 16:44:26 +0100[diff] [blame]492 .. attribute:: algorithm
493
494 :type: :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
495
496 The digest algorithm to be used with the signature scheme.
497
498 .. method:: signer(private_key, backend)
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]499
500 Sign data which can be verified later by others using the public key.
501
502 :param private_key: An instance of a
503 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePrivateKey`
504 provider.
505
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]506 :param backend: A
507 :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
508 provider.
509
510 :returns:
511 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
512
Alex Stapleton80228a12014-04-20 16:44:26 +0100[diff] [blame]513 .. method:: verifier(signature, public_key, backend)
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]514
515 Verify data was signed by the private key associated with this public
516 key.
517
518 :param bytes signature: The signature to verify.
519
520 :param public_key: An instance of a
521 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePublicKey`
522 provider.
523
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]524 :param backend: A
525 :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
526 provider.
527
528 :returns:
529 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
530
531
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]532.. class:: EllipticCurvePrivateKey
533
Alex Stapleton20c99032014-05-03 21:06:46 +0100[diff] [blame^]534 .. versionadded:: 0.5
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]535
536 An elliptic curve private key for use with an algorithm such as `ECDSA`_ or
537 `EdDSA`_.
538
Alex Stapleton80228a12014-04-20 16:44:26 +0100[diff] [blame]539 .. classmethod:: signer(signature_algorithm, backend)
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]540
541 Sign data which can be verified later by others using the public key.
542
543 :param signature_algorithm: An instance of a
544 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurveSignatureAlgorithm`
545 provider.
546
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]547 :param backend: A
548 :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
549 provider.
550
551 :returns:
552 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
553
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]554 .. attribute:: curve
555
556 :type: :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurve`
557
558 The elliptic curve for this key.
559
560 .. attribute:: private_key
561
562 :type: int
563
564 The private key.
565
566 .. attribute:: key_size
567
568 :type: int
569
570 The bit length of the curves base point.
571
572 .. attribute:: x
573
574 :type: int
575
576 The affine x component of the public point used for verifying.
577
578 .. attribute:: y
579
580 :type: int
581
582 The affine y component of the public point used for verifying.
583
584 .. method:: public_key()
585
586 :return: :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePublicKey`
587
588 The EllipticCurvePublicKey object for this private key.
589
590
591.. class:: EllipticCurvePublicKey
592
Alex Stapleton20c99032014-05-03 21:06:46 +0100[diff] [blame^]593 .. versionadded:: 0.5
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]594
595 An elliptic curve public key.
596
Alex Stapleton80228a12014-04-20 16:44:26 +0100[diff] [blame]597 .. classmethod:: verifier(signer, signature_algorithm, backend)
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]598
599 Verify data was signed by the private key associated with this public
600 key.
601
Alex Stapleton80228a12014-04-20 16:44:26 +0100[diff] [blame]602 :param bytes signature: The signature to verify.
603
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]604 :param signature_algorithm: An instance of a
605 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurveSignatureAlgorithm`
606 provider.
607
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]608 :param backend: A
609 :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
610 provider.
611
612 :returns:
613 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
614
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]615 .. attribute:: curve
616
617 :type: :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurve`
618
619 The elliptic curve for this key.
620
621 .. attribute:: x
622
623 :type: int
624
625 The affine x component of the public point used for verifying.
626
627 .. attribute:: y
628
629 :type: int
630
631 The affine y component of the public point used for verifying.
632
633 .. attribute:: key_size
634
635 :type: int
636
637 The bit length of the curves base point.
638
639
Paul Kehrereda558c2014-02-17 21:18:13 -0600[diff] [blame]640.. class:: AsymmetricSignatureContext
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]641
642 .. versionadded:: 0.2
643
644 .. method:: update(data)
645
Paul Kehrereda558c2014-02-17 21:18:13 -0600[diff] [blame]646 :param bytes data: The data you want to sign.
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]647
648 .. method:: finalize()
649
650 :return bytes signature: The signature.
651
652
Paul Kehrer430202d2014-02-18 13:36:53 -0600[diff] [blame]653.. class:: AsymmetricVerificationContext
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]654
655 .. versionadded:: 0.2
656
657 .. method:: update(data)
658
Paul Kehrereda558c2014-02-17 21:18:13 -0600[diff] [blame]659 :param bytes data: The data you wish to verify using the signature.
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]660
Paul Kehrerdd3780a2014-02-18 13:17:53 -0600[diff] [blame]661 .. method:: verify()
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]662
Paul Kehrerfef1fbd2014-02-26 23:39:37 -0400[diff] [blame]663 :raises cryptography.exceptions.InvalidSignature: If the signature does
664 not validate.
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]665
666
667.. class:: AsymmetricPadding
668
Paul Kehrer19f32d52014-02-17 19:23:06 -0600[diff] [blame]669 .. versionadded:: 0.2
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]670
671 .. attribute:: name
672
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]673Hash algorithms
Paul Kehrere51a2db2014-01-29 11:49:35 -0600[diff] [blame]674~~~~~~~~~~~~~~~
675
676.. class:: HashAlgorithm
677
Paul Kehrere51a2db2014-01-29 11:49:35 -0600[diff] [blame]678 .. attribute:: name
679
680 :type: str
681
Paul Kehrer4c75a8c2014-01-29 12:20:37 -0600[diff] [blame]682 The standard name for the hash algorithm, for example: ``"sha256"`` or
683 ``"whirlpool"``.
Paul Kehrere51a2db2014-01-29 11:49:35 -0600[diff] [blame]684
685 .. attribute:: digest_size
686
687 :type: int
688
689 The size of the resulting digest in bytes.
690
691 .. attribute:: block_size
692
693 :type: int
694
695 The internal block size of the hash algorithm in bytes.
696
697
Ayrxa0f98502014-04-15 19:17:03 +0800[diff] [blame]698.. class:: HashContext
699
700 .. attribute:: algorithm
701
702 A :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` that
703 will be used by this context.
704
705 .. method:: update(data)
706
707 :param data bytes: The data you want to hash.
708
709 .. method:: finalize()
710
711 :return: The final digest as bytes.
712
713 .. method:: copy()
714
715 :return: A :class:`~cryptography.hazmat.primitives.interfaces.HashContext`
716 that is a copy of the current context.
717
718
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]719Key derivation functions
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]720~~~~~~~~~~~~~~~~~~~~~~~~
721
722.. class:: KeyDerivationFunction
723
Alex Gaynor8454c512014-01-28 07:01:54 -0800[diff] [blame]724 .. versionadded:: 0.2
725
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]726 .. method:: derive(key_material)
727
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]728 :param key_material bytes: The input key material. Depending on what
729 key derivation function you are using this
730 could be either random material, or a user
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]731 supplied password.
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]732 :return: The new key.
Alex Gaynore19e89f2014-01-28 06:58:43 -0800[diff] [blame]733 :raises cryptography.exceptions.AlreadyFinalized: This is raised when
734 :meth:`derive` or
735 :meth:`verify` is
736 called more than
737 once.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]738
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]739 This generates and returns a new key from the supplied key material.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]740
741 .. method:: verify(key_material, expected_key)
742
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]743 :param key_material bytes: The input key material. This is the same as
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]744 ``key_material`` in :meth:`derive`.
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]745 :param expected_key bytes: The expected result of deriving a new key,
746 this is the same as the return value of
747 :meth:`derive`.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]748 :raises cryptography.exceptions.InvalidKey: This is raised when the
749 derived key does not match
750 the expected key.
Alex Gaynore19e89f2014-01-28 06:58:43 -0800[diff] [blame]751 :raises cryptography.exceptions.AlreadyFinalized: This is raised when
752 :meth:`derive` or
753 :meth:`verify` is
754 called more than
755 once.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]756
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]757 This checks whether deriving a new key from the supplied
758 ``key_material`` generates the same key as the ``expected_key``, and
759 raises an exception if they do not match. This can be used for
760 something like checking whether a user's password attempt matches the
761 stored derived key.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]762
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]763
Ayrx83cd3f82014-04-15 21:56:32 +0800[diff] [blame]764`CMAC`_
765~~~~~~~
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]766
767.. class:: CMACContext
768
769 .. versionadded:: 0.4
770
771 .. method:: update(data)
772
773 :param data bytes: The data you want to authenticate.
774
775 .. method:: finalize()
776
Ayrx7964c172014-04-15 21:50:58 +0800[diff] [blame]777 :return: The message authentication code.
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]778
779 .. method:: copy()
780
781 :return: A :class:`~cryptography.hazmat.primitives.interfaces.CMACContext`
782 that is a copy of the current context.
783
784
Paul Kehrer8e9c9842014-02-13 12:23:27 -0600[diff] [blame]785.. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
786.. _`Chinese remainder theorem`: https://en.wikipedia.org/wiki/Chinese_remainder_theorem
Mohammed Attia604c78f2014-03-04 03:56:08 +0200[diff] [blame]787.. _`DSA`: https://en.wikipedia.org/wiki/Digital_Signature_Algorithm
Ayrx83cd3f82014-04-15 21:56:32 +0800[diff] [blame]788.. _`CMAC`: https://en.wikipedia.org/wiki/CMAC
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]789.. _`ECDSA`: http://en.wikipedia.org/wiki/ECDSA
790.. _`EdDSA`: http://en.wikipedia.org/wiki/EdDSA