Blame - docs/hazmat/primitives/padding.rst - platform/external/python/cryptography

blob: b346b59e06b8b3d595a1d28f2861ccd1e418a249 [file] [log] [blame]

Alex Gaynor	af82d5e	2013-10-29 17:07:24 -0700	[diff] [blame]	1	.. hazmat::
Alex Gaynor	5f3db27	2013-10-29 10:56:35 -0700	[diff] [blame]	2
				3	Padding
				4	=======
				5
Paul Kehrer	2129d50	2015-02-13 12:37:34 -0600	[diff] [blame]	6	.. module:: cryptography.hazmat.primitives.padding
Alex Gaynor	5f3db27	2013-10-29 10:56:35 -0700	[diff] [blame]	7
Alex Gaynor	462bd60	2014-04-25 07:49:08 -0700	[diff] [blame]	8	Padding is a way to take data that may or may not be a multiple of the block
Alex Gaynor	5f3db27	2013-10-29 10:56:35 -0700	[diff] [blame]	9	size for a cipher and extend it out so that it is. This is required for many
				10	block cipher modes as they require the data to be encrypted to be an exact
				11	multiple of the block size.
				12
				13
Alex Gaynor	b2d5efd	2013-10-29 11:15:30 -0700	[diff] [blame]	14	.. class:: PKCS7(block_size)
Alex Gaynor	5f3db27	2013-10-29 10:56:35 -0700	[diff] [blame]	15
				16	PKCS7 padding is a generalization of PKCS5 padding (also known as standard
				17	padding). PKCS7 padding works by appending ``N`` bytes with the value of
				18	``chr(N)``, where ``N`` is the number of bytes required to make the final
				19	block of data the same size as the block size. A simple example of padding
				20	is:
				21
				22	.. doctest::
				23
Alex Gaynor	0708278	2013-10-29 11:18:23 -0700	[diff] [blame]	24	>>> from cryptography.hazmat.primitives import padding
Alex Gaynor	60ad3e1	2013-10-29 14:26:11 -0700	[diff] [blame]	25	>>> padder = padding.PKCS7(128).padder()
David Reid	db616be	2014-02-12 10:51:56 -0800	[diff] [blame]	26	>>> padded_data = padder.update(b"11111111111111112222222222")
Alex Gaynor	bae899a	2013-11-22 16:54:55 -0800	[diff] [blame]	27	>>> padded_data
David Reid	db616be	2014-02-12 10:51:56 -0800	[diff] [blame]	28	'1111111111111111'
David Reid	50309fb	2014-02-12 11:16:27 -0800	[diff] [blame]	29	>>> padded_data += padder.finalize()
				30	>>> padded_data
David Reid	db616be	2014-02-12 10:51:56 -0800	[diff] [blame]	31	'11111111111111112222222222\x06\x06\x06\x06\x06\x06'
Alex Gaynor	bae899a	2013-11-22 16:54:55 -0800	[diff] [blame]	32	>>> unpadder = padding.PKCS7(128).unpadder()
David Reid	db616be	2014-02-12 10:51:56 -0800	[diff] [blame]	33	>>> data = unpadder.update(padded_data)
				34	>>> data
				35	'1111111111111111'
				36	>>> data + unpadder.finalize()
				37	'11111111111111112222222222'
Alex Gaynor	5f3db27	2013-10-29 10:56:35 -0700	[diff] [blame]	38
				39	:param block_size: The size of the block in bits that the data is being
				40	padded to.
Paul Kehrer	c6f1956	2014-04-27 09:54:11 -0500	[diff] [blame]	41	:raises ValueError: Raised if block size is not a multiple of 8 or is not
				42	between 0 and 256.
Alex Gaynor	5f3db27	2013-10-29 10:56:35 -0700	[diff] [blame]	43
Alex Gaynor	b2d5efd	2013-10-29 11:15:30 -0700	[diff] [blame]	44	.. method:: padder()
				45
				46	:returns: A padding
Paul Kehrer	4ab6059	2015-02-13 09:06:48 -0600	[diff] [blame]	47	:class:`~cryptography.hazmat.primitives.padding.PaddingContext`
Gabriel Orisaka	617fe4b	2016-07-31 10:49:59 -0300	[diff] [blame^]	48	instance.
Alex Gaynor	b2d5efd	2013-10-29 11:15:30 -0700	[diff] [blame]	49
				50	.. method:: unpadder()
				51
				52	:returns: An unpadding
Paul Kehrer	4ab6059	2015-02-13 09:06:48 -0600	[diff] [blame]	53	:class:`~cryptography.hazmat.primitives.padding.PaddingContext`
Gabriel Orisaka	617fe4b	2016-07-31 10:49:59 -0300	[diff] [blame^]	54	instance.
Alex Gaynor	b2d5efd	2013-10-29 11:15:30 -0700	[diff] [blame]	55
				56
Cédric Krier	bf0f464	2016-02-26 18:40:20 +0100	[diff] [blame]	57	.. class:: ANSIX923(block_size)
				58
Cédric Krier	6cfd919	2016-03-15 14:35:19 +0100	[diff] [blame]	59	.. versionadded:: 1.3
				60
Cédric Krier	93a3d53	2016-02-26 23:34:15 +0100	[diff] [blame]	61	`ANSI X.923`_ padding works by appending ``N-1`` bytes with the value of
				62	``0`` and a last byte with the value of ``chr(N)``, where ``N`` is the
				63	number of bytes required to make the final block of data the same size as
				64	the block size. A simple example of padding is:
Cédric Krier	bf0f464	2016-02-26 18:40:20 +0100	[diff] [blame]	65
				66	.. doctest::
				67
				68	>>> padder = padding.ANSIX923(128).padder()
				69	>>> padded_data = padder.update(b"11111111111111112222222222")
				70	>>> padded_data
				71	'1111111111111111'
				72	>>> padded_data += padder.finalize()
				73	>>> padded_data
				74	'11111111111111112222222222\x00\x00\x00\x00\x00\x06'
				75	>>> unpadder = padding.ANSIX923(128).unpadder()
				76	>>> data = unpadder.update(padded_data)
				77	>>> data
				78	'1111111111111111'
				79	>>> data + unpadder.finalize()
				80	'11111111111111112222222222'
				81
				82	:param block_size: The size of the block in bits that the data is being
				83	padded to.
				84	:raises ValueError: Raised if block size is not a multiple of 8 or is not
				85	between 0 and 256.
				86
				87	.. method:: padder()
				88
				89	:returns: A padding
				90	:class:`~cryptography.hazmat.primitives.padding.PaddingContext`
Gabriel Orisaka	617fe4b	2016-07-31 10:49:59 -0300	[diff] [blame^]	91	instance.
Cédric Krier	bf0f464	2016-02-26 18:40:20 +0100	[diff] [blame]	92
				93	.. method:: unpadder()
				94
				95	:returns: An unpadding
				96	:class:`~cryptography.hazmat.primitives.padding.PaddingContext`
Gabriel Orisaka	617fe4b	2016-07-31 10:49:59 -0300	[diff] [blame^]	97	instance.
Cédric Krier	bf0f464	2016-02-26 18:40:20 +0100	[diff] [blame]	98
				99
Alex Gaynor	b2d5efd	2013-10-29 11:15:30 -0700	[diff] [blame]	100	.. class:: PaddingContext
				101
Alex Gaynor	b481889	2014-02-06 10:58:50 -0800	[diff] [blame]	102	When calling ``padder()`` or ``unpadder()`` the result will conform to the
				103	``PaddingContext`` interface. You can then call ``update(data)`` with data
				104	until you have fed everything into the context. Once that is done call
				105	``finalize()`` to finish the operation and obtain the remainder of the
				106	data.
Alex Gaynor	b2d5efd	2013-10-29 11:15:30 -0700	[diff] [blame]	107
				108	.. method:: update(data)
				109
				110	:param bytes data: The data you wish to pass into the context.
				111	:return bytes: Returns the data that was padded or unpadded.
Paul Kehrer	c6f1956	2014-04-27 09:54:11 -0500	[diff] [blame]	112	:raises TypeError: Raised if data is not bytes.
Alex Stapleton	425fc04	2014-04-25 22:32:01 +0100	[diff] [blame]	113	:raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize`.
Ayrx	00eff9c	2014-05-17 19:47:09 +0800	[diff] [blame]	114	:raises TypeError: This exception is raised if ``data`` is not ``bytes``.
Alex Gaynor	b2d5efd	2013-10-29 11:15:30 -0700	[diff] [blame]	115
				116	.. method:: finalize()
				117
Alex Stapleton	425fc04	2014-04-25 22:32:01 +0100	[diff] [blame]	118	Finalize the current context and return the rest of the data.
				119
				120	After ``finalize`` has been called this object can no longer be used;
				121	:meth:`update` and :meth:`finalize` will raise an
				122	:class:`~cryptography.exceptions.AlreadyFinalized` exception.
				123
Alex Gaynor	b2d5efd	2013-10-29 11:15:30 -0700	[diff] [blame]	124	:return bytes: Returns the remainder of the data.
Paul Kehrer	c6f1956	2014-04-27 09:54:11 -0500	[diff] [blame]	125	:raises TypeError: Raised if data is not bytes.
Alex Stapleton	425fc04	2014-04-25 22:32:01 +0100	[diff] [blame]	126	:raises ValueError: When trying to remove padding from incorrectly
				127	padded data.
Cédric Krier	93a3d53	2016-02-26 23:34:15 +0100	[diff] [blame]	128
				129	.. _`ANSI X.923`: https://en.wikipedia.org/wiki/Padding_%28cryptography%29#ANSI_X.923