Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / dcf63ab6bcee9d5a4ae837186db8f0804ddca62c / . / docs / hazmat / primitives / interfaces.rst
blob: 3b837a0dd189fab55dedc96f86e6df4fa44cd973 [file] [log] [blame]
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]1.. hazmat::
2
3Interfaces
4==========
5
6
7``cryptography`` uses `Abstract Base Classes`_ as interfaces to describe the
David Reidbd18bcd2013-11-07 13:13:30 -0800[diff] [blame]8properties and methods of most primitive constructs. Backends may also use
9this information to influence their operation. Interfaces should also be used
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]10to document argument and return types.
11
David Reid9ed25e42013-11-07 13:15:27 -0800[diff] [blame]12.. _`Abstract Base Classes`: http://docs.python.org/3.2/library/abc.html
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]13
14
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]15Symmetric ciphers
David Reid0a394df2013-11-15 16:19:50 -0800[diff] [blame]16~~~~~~~~~~~~~~~~~
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]17
18.. currentmodule:: cryptography.hazmat.primitives.interfaces
19
David Reid0a394df2013-11-15 16:19:50 -0800[diff] [blame]20
21.. class:: CipherAlgorithm
22
23 A named symmetric encryption algorithm.
24
25 .. attribute:: name
26
27 :type: str
28
29 The standard name for the mode, for example, "AES", "Camellia", or
30 "Blowfish".
31
32 .. attribute:: key_size
33
34 :type: int
35
36 The number of bits in the key being used.
37
38
David Reid668d4802013-12-17 11:53:43 -0800[diff] [blame]39.. class:: BlockCipherAlgorithm
40
41 A block cipher algorithm.
42
43 .. attribute:: block_size
44
45 :type: int
46
47 The number of bits in a block.
48
49
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]50Cipher modes
David Reid0a394df2013-11-15 16:19:50 -0800[diff] [blame]51------------
52
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]53Interfaces used by the symmetric cipher modes described in
54:ref:`Symmetric Encryption Modes <symmetric-encryption-modes>`.
55
56.. class:: Mode
57
58 A named cipher mode.
59
60 .. attribute:: name
61
62 :type: str
63
64 This should be the standard shorthand name for the mode, for example
65 Cipher-Block Chaining mode is "CBC".
66
67 The name may be used by a backend to influence the operation of a
68 cipher in conjunction with the algorithm's name.
69
Alex Gaynor9626b5a2013-11-19 16:49:26 -0800[diff] [blame]70 .. method:: validate_for_algorithm(algorithm)
71
72 :param CipherAlgorithm algorithm:
73
74 Checks that the combination of this mode with the provided algorithm
75 meets any necessary invariants. This should raise an exception if they
76 are not met.
77
78 For example, the :class:`~cryptography.hazmat.primitives.modes.CBC`
79 mode uses this method to check that the provided initialization
80 vector's length matches the block size of the algorithm.
81
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]82
83.. class:: ModeWithInitializationVector
84
85 A cipher mode with an initialization vector.
86
87 .. attribute:: initialization_vector
88
89 :type: bytes
90
91 Exact requirements of the initialization are described by the
92 documentation of individual modes.
93
94
95.. class:: ModeWithNonce
96
97 A cipher mode with a nonce.
98
99 .. attribute:: nonce
100
101 :type: bytes
102
103 Exact requirements of the nonce are described by the documentation of
104 individual modes.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]105
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]106Asymmetric interfaces
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]107~~~~~~~~~~~~~~~~~~~~~
108
109.. class:: RSAPrivateKey
110
Paul Kehrer46688b12014-01-26 13:23:13 -0600[diff] [blame]111 .. versionadded:: 0.2
Paul Kehrer82629f42014-01-26 12:25:02 -0600[diff] [blame]112
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]113 An `RSA`_ private key.
114
Paul Kehrer01cdfb22014-04-15 11:27:03 -0400[diff] [blame]115 .. method:: signer(padding, algorithm, backend)
116
117 .. versionadded:: 0.3
118
119 Sign data which can be verified later by others using the public key.
120
121 :param padding: An instance of a
122 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
123 provider.
124
125 :param algorithm: An instance of a
126 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
127 provider.
128
129 :param backend: A
130 :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
131 provider.
132
133 :returns:
134 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
135
Paul Kehrer27f9ca62014-04-15 17:59:27 -0400[diff] [blame]136 .. method:: decrypt(ciphertext, padding, backend)
137
138 .. versionadded:: 0.4
139
140 Decrypt data that was encrypted via the public key.
141
142 :param bytes ciphertext: The ciphertext to decrypt.
143
144 :param padding: An instance of a
145 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
146 provider.
147
148 :param backend: A
149 :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
150 provider.
151
152 :return bytes: Decrypted data.
153
Paul Kehrer0e94fbe2014-01-26 11:47:21 -0600[diff] [blame]154 .. method:: public_key()
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]155
Paul Kehrer359b9462014-01-26 12:03:05 -0600[diff] [blame]156 :return: :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]157
158 An RSA public key object corresponding to the values of the private key.
159
160 .. attribute:: modulus
161
Paul Kehrerd527b302014-01-26 11:41:38 -0600[diff] [blame]162 :type: int
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]163
Paul Kehrer0e94fbe2014-01-26 11:47:21 -0600[diff] [blame]164 The public modulus.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]165
166 .. attribute:: public_exponent
167
168 :type: int
169
Paul Kehrer0e94fbe2014-01-26 11:47:21 -0600[diff] [blame]170 The public exponent.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]171
Alex Gaynor2649a692014-02-03 07:14:16 -0800[diff] [blame]172 .. attribute:: private_exponent
173
174 :type: int
175
176 The private exponent.
177
Alex Stapletonee3e6bf2014-02-02 21:13:48 +0000[diff] [blame]178 .. attribute:: key_size
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]179
180 :type: int
181
182 The bit length of the modulus.
183
184 .. attribute:: p
185
Paul Kehrerd527b302014-01-26 11:41:38 -0600[diff] [blame]186 :type: int
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]187
Alex Gaynor2a918742014-01-26 16:53:44 -0600[diff] [blame]188 ``p``, one of the two primes composing the :attr:`modulus`.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]189
190 .. attribute:: q
191
Paul Kehrerd527b302014-01-26 11:41:38 -0600[diff] [blame]192 :type: int
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]193
Alex Gaynor2a918742014-01-26 16:53:44 -0600[diff] [blame]194 ``q``, one of the two primes composing the :attr:`modulus`.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]195
196 .. attribute:: d
197
Paul Kehrerd527b302014-01-26 11:41:38 -0600[diff] [blame]198 :type: int
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]199
Alex Gaynor2649a692014-02-03 07:14:16 -0800[diff] [blame]200 The private exponent. Alias for :attr:`private_exponent`.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]201
Paul Kehrer8e9c9842014-02-13 12:23:27 -0600[diff] [blame]202 .. attribute:: dmp1
203
204 :type: int
205
206 A `Chinese remainder theorem`_ coefficient used to speed up RSA
207 operations. Calculated as: d mod (p-1)
208
209 .. attribute:: dmq1
210
211 :type: int
212
213 A `Chinese remainder theorem`_ coefficient used to speed up RSA
214 operations. Calculated as: d mod (q-1)
215
216 .. attribute:: iqmp
217
218 :type: int
219
220 A `Chinese remainder theorem`_ coefficient used to speed up RSA
221 operations. Calculated as: q\ :sup:`-1` mod p
222
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]223 .. attribute:: n
224
Paul Kehrerd527b302014-01-26 11:41:38 -0600[diff] [blame]225 :type: int
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]226
Alex Gaynor2a918742014-01-26 16:53:44 -0600[diff] [blame]227 The public modulus. Alias for :attr:`modulus`.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]228
229 .. attribute:: e
230
231 :type: int
232
Alex Gaynor2a918742014-01-26 16:53:44 -0600[diff] [blame]233 The public exponent. Alias for :attr:`public_exponent`.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]234
235
236.. class:: RSAPublicKey
237
Paul Kehrer46688b12014-01-26 13:23:13 -0600[diff] [blame]238 .. versionadded:: 0.2
Paul Kehrer82629f42014-01-26 12:25:02 -0600[diff] [blame]239
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]240 An `RSA`_ public key.
241
Paul Kehrer01cdfb22014-04-15 11:27:03 -0400[diff] [blame]242 .. method:: verifier(signature, padding, algorithm, backend)
243
244 .. versionadded:: 0.3
245
246 Verify data was signed by the private key associated with this public
247 key.
248
249 :param bytes signature: The signature to verify.
250
251 :param padding: An instance of a
252 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
253 provider.
254
255 :param algorithm: An instance of a
256 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
257 provider.
258
259 :param backend: A
260 :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
261 provider.
262
263 :returns:
264 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
265
266
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]267 .. attribute:: modulus
268
Paul Kehrerd527b302014-01-26 11:41:38 -0600[diff] [blame]269 :type: int
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]270
Paul Kehrer0e94fbe2014-01-26 11:47:21 -0600[diff] [blame]271 The public modulus.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]272
Alex Stapletonee3e6bf2014-02-02 21:13:48 +0000[diff] [blame]273 .. attribute:: key_size
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]274
275 :type: int
276
277 The bit length of the modulus.
278
279 .. attribute:: public_exponent
280
281 :type: int
282
Paul Kehrer0e94fbe2014-01-26 11:47:21 -0600[diff] [blame]283 The public exponent.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]284
285 .. attribute:: n
286
Paul Kehrerd527b302014-01-26 11:41:38 -0600[diff] [blame]287 :type: int
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]288
Alex Gaynor2a918742014-01-26 16:53:44 -0600[diff] [blame]289 The public modulus. Alias for :attr:`modulus`.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]290
291 .. attribute:: e
292
293 :type: int
294
Alex Gaynor2a918742014-01-26 16:53:44 -0600[diff] [blame]295 The public exponent. Alias for :attr:`public_exponent`.
296
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]297
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]298.. class:: DSAParameters
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]299
300 .. versionadded:: 0.3
301
302 `DSA`_ parameters.
303
304 .. attribute:: modulus
305
306 :type: int
307
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]308 The prime modulus that is used in generating the DSA key pair and used
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]309 in the DSA signing and verification processes.
310
311 .. attribute:: subgroup_order
312
313 :type: int
314
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]315 The subgroup order that is used in generating the DSA key pair
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]316 by the generator and used in the DSA signing and verification
317 processes.
318
319 .. attribute:: generator
320
321 :type: int
322
Mohammed Attiacb9a6c22014-03-04 04:16:35 +0200[diff] [blame]323 The generator that is used in generating the DSA key pair and used
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]324 in the DSA signing and verification processes.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]325
326 .. attribute:: p
327
328 :type: int
329
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]330 The prime modulus that is used in generating the DSA key pair and used
Mohammed Attia70324512014-03-04 03:34:39 +0200[diff] [blame]331 in the DSA signing and verification processes. Alias for :attr:`modulus`.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]332
333 .. attribute:: q
334
335 :type: int
336
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]337 The subgroup order that is used in generating the DSA key pair
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]338 by the generator and used in the DSA signing and verification
Mohammed Attia70324512014-03-04 03:34:39 +0200[diff] [blame]339 processes. Alias for :attr:`subgroup_order`.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]340
341 .. attribute:: g
342
343 :type: int
344
Mohammed Attiacb9a6c22014-03-04 04:16:35 +0200[diff] [blame]345 The generator that is used in generating the DSA key pair and used
Mohammed Attia70324512014-03-04 03:34:39 +0200[diff] [blame]346 in the DSA signing and verification processes. Alias for :attr:`generator`.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]347
348
349.. class:: DSAPrivateKey
350
351 .. versionadded:: 0.3
352
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]353 A `DSA`_ private key.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]354
355 .. method:: public_key()
356
357 :return: :class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey`
358
359 An DSA public key object corresponding to the values of the private key.
360
361 .. method:: parameters()
362
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]363 :return: :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]364
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]365 The DSAParameters object associated with this private key.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]366
367 .. attribute:: key_size
368
369 :type: int
370
371 The bit length of the modulus.
372
373 .. attribute:: x
374
375 :type: int
376
377 The private key.
378
379 .. attribute:: y
380
381 :type: int
382
383 The public key.
384
385
386.. class:: DSAPublicKey
387
388 .. versionadded:: 0.3
389
Mohammed Attiaedacb142014-03-17 12:28:23 +0200[diff] [blame]390 A `DSA`_ public key.
391
392 .. attribute:: key_size
393
394 :type: int
395
396 The bit length of the modulus.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]397
398 .. method:: parameters()
399
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]400 :return: :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]401
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]402 The DSAParameters object associated with this public key.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]403
404 .. attribute:: y
405
406 :type: int
407
408 The public key.
409
410
Paul Kehrereda558c2014-02-17 21:18:13 -0600[diff] [blame]411.. class:: AsymmetricSignatureContext
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]412
413 .. versionadded:: 0.2
414
415 .. method:: update(data)
416
Paul Kehrereda558c2014-02-17 21:18:13 -0600[diff] [blame]417 :param bytes data: The data you want to sign.
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]418
419 .. method:: finalize()
420
421 :return bytes signature: The signature.
422
423
Paul Kehrer430202d2014-02-18 13:36:53 -0600[diff] [blame]424.. class:: AsymmetricVerificationContext
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]425
426 .. versionadded:: 0.2
427
428 .. method:: update(data)
429
Paul Kehrereda558c2014-02-17 21:18:13 -0600[diff] [blame]430 :param bytes data: The data you wish to verify using the signature.
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]431
Paul Kehrerdd3780a2014-02-18 13:17:53 -0600[diff] [blame]432 .. method:: verify()
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]433
Paul Kehrerfef1fbd2014-02-26 23:39:37 -0400[diff] [blame]434 :raises cryptography.exceptions.InvalidSignature: If the signature does
435 not validate.
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]436
437
438.. class:: AsymmetricPadding
439
Paul Kehrer19f32d52014-02-17 19:23:06 -0600[diff] [blame]440 .. versionadded:: 0.2
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]441
442 .. attribute:: name
443
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]444Hash algorithms
Paul Kehrere51a2db2014-01-29 11:49:35 -0600[diff] [blame]445~~~~~~~~~~~~~~~
446
447.. class:: HashAlgorithm
448
Paul Kehrere51a2db2014-01-29 11:49:35 -0600[diff] [blame]449 .. attribute:: name
450
451 :type: str
452
Paul Kehrer4c75a8c2014-01-29 12:20:37 -0600[diff] [blame]453 The standard name for the hash algorithm, for example: ``"sha256"`` or
454 ``"whirlpool"``.
Paul Kehrere51a2db2014-01-29 11:49:35 -0600[diff] [blame]455
456 .. attribute:: digest_size
457
458 :type: int
459
460 The size of the resulting digest in bytes.
461
462 .. attribute:: block_size
463
464 :type: int
465
466 The internal block size of the hash algorithm in bytes.
467
468
Ayrxa0f98502014-04-15 19:17:03 +0800[diff] [blame]469.. class:: HashContext
470
471 .. attribute:: algorithm
472
473 A :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` that
474 will be used by this context.
475
476 .. method:: update(data)
477
478 :param data bytes: The data you want to hash.
479
480 .. method:: finalize()
481
482 :return: The final digest as bytes.
483
484 .. method:: copy()
485
486 :return: A :class:`~cryptography.hazmat.primitives.interfaces.HashContext`
487 that is a copy of the current context.
488
489
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]490Key derivation functions
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]491~~~~~~~~~~~~~~~~~~~~~~~~
492
493.. class:: KeyDerivationFunction
494
Alex Gaynor8454c512014-01-28 07:01:54 -0800[diff] [blame]495 .. versionadded:: 0.2
496
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]497 .. method:: derive(key_material)
498
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]499 :param key_material bytes: The input key material. Depending on what
500 key derivation function you are using this
501 could be either random material, or a user
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]502 supplied password.
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]503 :return: The new key.
Alex Gaynore19e89f2014-01-28 06:58:43 -0800[diff] [blame]504 :raises cryptography.exceptions.AlreadyFinalized: This is raised when
505 :meth:`derive` or
506 :meth:`verify` is
507 called more than
508 once.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]509
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]510 This generates and returns a new key from the supplied key material.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]511
512 .. method:: verify(key_material, expected_key)
513
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]514 :param key_material bytes: The input key material. This is the same as
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]515 ``key_material`` in :meth:`derive`.
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]516 :param expected_key bytes: The expected result of deriving a new key,
517 this is the same as the return value of
518 :meth:`derive`.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]519 :raises cryptography.exceptions.InvalidKey: This is raised when the
520 derived key does not match
521 the expected key.
Alex Gaynore19e89f2014-01-28 06:58:43 -0800[diff] [blame]522 :raises cryptography.exceptions.AlreadyFinalized: This is raised when
523 :meth:`derive` or
524 :meth:`verify` is
525 called more than
526 once.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]527
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]528 This checks whether deriving a new key from the supplied
529 ``key_material`` generates the same key as the ``expected_key``, and
530 raises an exception if they do not match. This can be used for
531 something like checking whether a user's password attempt matches the
532 stored derived key.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]533
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]534
Ayrx83cd3f82014-04-15 21:56:32 +0800[diff] [blame]535`CMAC`_
536~~~~~~~
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]537
538.. class:: CMACContext
539
540 .. versionadded:: 0.4
541
542 .. method:: update(data)
543
544 :param data bytes: The data you want to authenticate.
545
546 .. method:: finalize()
547
Ayrx7964c172014-04-15 21:50:58 +0800[diff] [blame]548 :return: The message authentication code.
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]549
550 .. method:: copy()
551
552 :return: A :class:`~cryptography.hazmat.primitives.interfaces.CMACContext`
553 that is a copy of the current context.
554
555
Paul Kehrer8e9c9842014-02-13 12:23:27 -0600[diff] [blame]556.. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
557.. _`Chinese remainder theorem`: https://en.wikipedia.org/wiki/Chinese_remainder_theorem
Mohammed Attia604c78f2014-03-04 03:56:08 +0200[diff] [blame]558.. _`DSA`: https://en.wikipedia.org/wiki/Digital_Signature_Algorithm
Ayrx83cd3f82014-04-15 21:56:32 +0800[diff] [blame]559.. _`CMAC`: https://en.wikipedia.org/wiki/CMAC