Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 645315b47e6e59674a0f032d172f99ebc90d72b1 / . / docs / hazmat / primitives / interfaces.rst
blob: 7d02839a1dc99748dcbb44e74b12a55bf1d0da8a [file] [log] [blame]
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]1.. hazmat::
2
3Interfaces
4==========
5
6
7``cryptography`` uses `Abstract Base Classes`_ as interfaces to describe the
David Reidbd18bcd2013-11-07 13:13:30 -0800[diff] [blame]8properties and methods of most primitive constructs. Backends may also use
9this information to influence their operation. Interfaces should also be used
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]10to document argument and return types.
11
David Reid9ed25e42013-11-07 13:15:27 -0800[diff] [blame]12.. _`Abstract Base Classes`: http://docs.python.org/3.2/library/abc.html
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]13
14
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]15Symmetric ciphers
Alex Gaynor645315b2014-06-23 11:55:55 -0700[diff] [blame^]16-----------------
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]17
18.. currentmodule:: cryptography.hazmat.primitives.interfaces
19
David Reid0a394df2013-11-15 16:19:50 -0800[diff] [blame]20
21.. class:: CipherAlgorithm
22
23 A named symmetric encryption algorithm.
24
25 .. attribute:: name
26
27 :type: str
28
29 The standard name for the mode, for example, "AES", "Camellia", or
30 "Blowfish".
31
32 .. attribute:: key_size
33
34 :type: int
35
36 The number of bits in the key being used.
37
38
David Reid668d4802013-12-17 11:53:43 -0800[diff] [blame]39.. class:: BlockCipherAlgorithm
40
41 A block cipher algorithm.
42
43 .. attribute:: block_size
44
45 :type: int
46
47 The number of bits in a block.
48
49
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]50Cipher modes
Alex Gaynor645315b2014-06-23 11:55:55 -0700[diff] [blame^]51~~~~~~~~~~~~
David Reid0a394df2013-11-15 16:19:50 -0800[diff] [blame]52
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]53Interfaces used by the symmetric cipher modes described in
54:ref:`Symmetric Encryption Modes <symmetric-encryption-modes>`.
55
56.. class:: Mode
57
58 A named cipher mode.
59
60 .. attribute:: name
61
62 :type: str
63
64 This should be the standard shorthand name for the mode, for example
65 Cipher-Block Chaining mode is "CBC".
66
67 The name may be used by a backend to influence the operation of a
68 cipher in conjunction with the algorithm's name.
69
Alex Gaynor9626b5a2013-11-19 16:49:26 -0800[diff] [blame]70 .. method:: validate_for_algorithm(algorithm)
71
72 :param CipherAlgorithm algorithm:
73
74 Checks that the combination of this mode with the provided algorithm
75 meets any necessary invariants. This should raise an exception if they
76 are not met.
77
78 For example, the :class:`~cryptography.hazmat.primitives.modes.CBC`
79 mode uses this method to check that the provided initialization
80 vector's length matches the block size of the algorithm.
81
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]82
83.. class:: ModeWithInitializationVector
84
85 A cipher mode with an initialization vector.
86
87 .. attribute:: initialization_vector
88
89 :type: bytes
90
91 Exact requirements of the initialization are described by the
92 documentation of individual modes.
93
94
95.. class:: ModeWithNonce
96
97 A cipher mode with a nonce.
98
99 .. attribute:: nonce
100
101 :type: bytes
102
103 Exact requirements of the nonce are described by the documentation of
104 individual modes.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]105
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]106Asymmetric interfaces
Alex Gaynor645315b2014-06-23 11:55:55 -0700[diff] [blame^]107---------------------
108
109.. class:: AsymmetricSignatureContext
110
111 .. versionadded:: 0.2
112
113 .. method:: update(data)
114
115 :param bytes data: The data you want to sign.
116
117 .. method:: finalize()
118
119 :return bytes signature: The signature.
120
121
122.. class:: AsymmetricVerificationContext
123
124 .. versionadded:: 0.2
125
126 .. method:: update(data)
127
128 :param bytes data: The data you wish to verify using the signature.
129
130 .. method:: verify()
131
132 :raises cryptography.exceptions.InvalidSignature: If the signature does
133 not validate.
134
135
136.. class:: AsymmetricPadding
137
138 .. versionadded:: 0.2
139
140 .. attribute:: name
141
142
143RSA
144~~~
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]145
146.. class:: RSAPrivateKey
147
Paul Kehrer46688b12014-01-26 13:23:13 -0600[diff] [blame]148 .. versionadded:: 0.2
Paul Kehrer82629f42014-01-26 12:25:02 -0600[diff] [blame]149
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]150 An `RSA`_ private key.
151
Paul Kehrerf2fb02a2014-06-19 10:16:42 -0600[diff] [blame]152 .. method:: signer(padding, algorithm)
Paul Kehrer01cdfb22014-04-15 11:27:03 -0400[diff] [blame]153
154 .. versionadded:: 0.3
155
156 Sign data which can be verified later by others using the public key.
157
158 :param padding: An instance of a
159 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
160 provider.
161
162 :param algorithm: An instance of a
163 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
164 provider.
165
Paul Kehrer01cdfb22014-04-15 11:27:03 -0400[diff] [blame]166 :returns:
167 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
168
Paul Kehrerf2fb02a2014-06-19 10:16:42 -0600[diff] [blame]169 .. method:: decrypt(ciphertext, padding)
Paul Kehrer27f9ca62014-04-15 17:59:27 -0400[diff] [blame]170
171 .. versionadded:: 0.4
172
173 Decrypt data that was encrypted via the public key.
174
175 :param bytes ciphertext: The ciphertext to decrypt.
176
177 :param padding: An instance of a
178 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
179 provider.
180
Paul Kehrer27f9ca62014-04-15 17:59:27 -0400[diff] [blame]181 :return bytes: Decrypted data.
182
Paul Kehrer0e94fbe2014-01-26 11:47:21 -0600[diff] [blame]183 .. method:: public_key()
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]184
Paul Kehrer359b9462014-01-26 12:03:05 -0600[diff] [blame]185 :return: :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]186
187 An RSA public key object corresponding to the values of the private key.
188
Alex Stapletonee3e6bf2014-02-02 21:13:48 +0000[diff] [blame]189 .. attribute:: key_size
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]190
191 :type: int
192
193 The bit length of the modulus.
194
Paul Kehrerf0a48c62014-06-07 17:04:13 -0500[diff] [blame]195.. class:: RSAPrivateKeyWithNumbers
196
197 .. versionadded:: 0.5
198
199 Extends :class:`RSAPrivateKey`.
200
201 .. method:: private_numbers()
202
203 Create a
204 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers`
205 object.
206
207 :returns: An
208 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers`
209 instance.
210
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]211
212.. class:: RSAPublicKey
213
Paul Kehrer46688b12014-01-26 13:23:13 -0600[diff] [blame]214 .. versionadded:: 0.2
Paul Kehrer82629f42014-01-26 12:25:02 -0600[diff] [blame]215
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]216 An `RSA`_ public key.
217
Paul Kehrerf2fb02a2014-06-19 10:16:42 -0600[diff] [blame]218 .. method:: verifier(signature, padding, algorithm)
Paul Kehrer01cdfb22014-04-15 11:27:03 -0400[diff] [blame]219
220 .. versionadded:: 0.3
221
222 Verify data was signed by the private key associated with this public
223 key.
224
225 :param bytes signature: The signature to verify.
226
227 :param padding: An instance of a
228 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
229 provider.
230
231 :param algorithm: An instance of a
232 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
233 provider.
234
Paul Kehrer01cdfb22014-04-15 11:27:03 -0400[diff] [blame]235 :returns:
236 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
237
Paul Kehrerf2fb02a2014-06-19 10:16:42 -0600[diff] [blame]238 .. method:: encrypt(plaintext, padding)
Paul Kehrer4e602f32014-04-24 12:07:54 -0500[diff] [blame]239
240 .. versionadded:: 0.4
241
242 Encrypt data with the public key.
243
244 :param bytes plaintext: The plaintext to encrypt.
245
246 :param padding: An instance of a
247 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
248 provider.
249
Paul Kehrer4e602f32014-04-24 12:07:54 -0500[diff] [blame]250 :return bytes: Encrypted data.
Paul Kehrer01cdfb22014-04-15 11:27:03 -0400[diff] [blame]251
Alex Stapletonee3e6bf2014-02-02 21:13:48 +0000[diff] [blame]252 .. attribute:: key_size
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]253
254 :type: int
255
256 The bit length of the modulus.
257
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]258
Paul Kehrerf0a48c62014-06-07 17:04:13 -0500[diff] [blame]259.. class:: RSAPublicKeyWithNumbers
260
261 .. versionadded:: 0.5
262
263 Extends :class:`RSAPublicKey`.
264
265 .. method:: public_numbers()
266
267 Create a
268 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicNumbers`
269 object.
270
271 :returns: An
272 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicNumbers`
273 instance.
274
275
Alex Gaynor645315b2014-06-23 11:55:55 -0700[diff] [blame^]276DSA
277~~~
278
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]279.. class:: DSAParameters
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]280
281 .. versionadded:: 0.3
282
283 `DSA`_ parameters.
284
285 .. attribute:: modulus
286
287 :type: int
288
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]289 The prime modulus that is used in generating the DSA key pair and used
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]290 in the DSA signing and verification processes.
291
292 .. attribute:: subgroup_order
293
294 :type: int
295
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]296 The subgroup order that is used in generating the DSA key pair
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]297 by the generator and used in the DSA signing and verification
298 processes.
299
300 .. attribute:: generator
301
302 :type: int
303
Mohammed Attiacb9a6c22014-03-04 04:16:35 +0200[diff] [blame]304 The generator that is used in generating the DSA key pair and used
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]305 in the DSA signing and verification processes.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]306
307 .. attribute:: p
308
309 :type: int
310
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]311 The prime modulus that is used in generating the DSA key pair and used
Mohammed Attia70324512014-03-04 03:34:39 +0200[diff] [blame]312 in the DSA signing and verification processes. Alias for :attr:`modulus`.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]313
314 .. attribute:: q
315
316 :type: int
317
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]318 The subgroup order that is used in generating the DSA key pair
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]319 by the generator and used in the DSA signing and verification
Mohammed Attia70324512014-03-04 03:34:39 +0200[diff] [blame]320 processes. Alias for :attr:`subgroup_order`.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]321
322 .. attribute:: g
323
324 :type: int
325
Mohammed Attiacb9a6c22014-03-04 04:16:35 +0200[diff] [blame]326 The generator that is used in generating the DSA key pair and used
Mohammed Attia70324512014-03-04 03:34:39 +0200[diff] [blame]327 in the DSA signing and verification processes. Alias for :attr:`generator`.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]328
329
330.. class:: DSAPrivateKey
331
332 .. versionadded:: 0.3
333
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]334 A `DSA`_ private key.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]335
336 .. method:: public_key()
337
338 :return: :class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey`
339
340 An DSA public key object corresponding to the values of the private key.
341
342 .. method:: parameters()
343
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]344 :return: :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]345
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]346 The DSAParameters object associated with this private key.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]347
Paul Kehrer0b3ff3b2014-05-01 15:34:42 -0500[diff] [blame]348 .. method:: signer(algorithm, backend)
349
350 .. versionadded:: 0.4
351
352 Sign data which can be verified later by others using the public key.
353
354 :param algorithm: An instance of a
355 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
356 provider.
357
358 :param backend: A
359 :class:`~cryptography.hazmat.backends.interfaces.DSABackend`
360 provider.
361
362 :returns:
363 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
364
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]365 .. attribute:: key_size
366
367 :type: int
368
369 The bit length of the modulus.
370
371 .. attribute:: x
372
373 :type: int
374
375 The private key.
376
377 .. attribute:: y
378
379 :type: int
380
381 The public key.
382
383
384.. class:: DSAPublicKey
385
386 .. versionadded:: 0.3
387
Mohammed Attiaedacb142014-03-17 12:28:23 +0200[diff] [blame]388 A `DSA`_ public key.
389
390 .. attribute:: key_size
391
392 :type: int
393
394 The bit length of the modulus.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]395
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]396 .. attribute:: y
397
398 :type: int
399
400 The public key.
401
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]402 .. method:: parameters()
403
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]404 :return: :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]405
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]406 The DSAParameters object associated with this public key.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]407
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]408 .. method:: verifier(signature, algorithm, backend)
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]409
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]410 .. versionadded:: 0.4
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]411
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]412 Verify data was signed by the private key associated with this public
413 key.
414
Paul Kehrere0aeaf82014-05-01 11:58:23 -0500[diff] [blame]415 :param bytes signature: The signature to verify. DER encoded as
416 specified in :rfc:`6979`.
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]417
418 :param algorithm: An instance of a
419 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
420 provider.
421
422 :param backend: A
423 :class:`~cryptography.hazmat.backends.interfaces.DSABackend`
424 provider.
425
426 :returns:
427 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]428
429
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]430.. class:: EllipticCurve
431
Alex Stapleton20c99032014-05-03 21:06:46 +0100[diff] [blame]432 .. versionadded:: 0.5
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]433
434 A named elliptic curve.
435
436 .. attribute:: name
437
438 :type: string
439
440 The name of the curve. Usually the name used for the ASN.1 OID such as
Alex Stapleton6e526742014-05-23 22:06:06 +0100[diff] [blame]441 ``secp256k1``.
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]442
443 .. attribute:: key_size
444
445 :type: int
446
Alex Stapletond4365692014-05-26 09:25:25 +0100[diff] [blame]447 The bit length of the curve's base point.
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]448
449
Alex Gaynor645315b2014-06-23 11:55:55 -0700[diff] [blame^]450Elliptic Curve
451~~~~~~~~~~~~~~
452
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]453.. class:: EllipticCurveSignatureAlgorithm
454
Alex Stapleton20c99032014-05-03 21:06:46 +0100[diff] [blame]455 .. versionadded:: 0.5
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]456
457 A signature algorithm for use with elliptic curve keys.
458
Alex Stapleton80228a12014-04-20 16:44:26 +0100[diff] [blame]459 .. attribute:: algorithm
460
461 :type: :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
462
463 The digest algorithm to be used with the signature scheme.
464
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]465
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]466.. class:: EllipticCurvePrivateKey
467
Alex Stapleton20c99032014-05-03 21:06:46 +0100[diff] [blame]468 .. versionadded:: 0.5
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]469
470 An elliptic curve private key for use with an algorithm such as `ECDSA`_ or
471 `EdDSA`_.
472
Alex Stapleton33c9d832014-05-23 21:31:51 +0100[diff] [blame]473 .. classmethod:: signer(signature_algorithm)
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]474 Sign data which can be verified later by others using the public key.
475
476 :param signature_algorithm: An instance of a
477 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurveSignatureAlgorithm`
478 provider.
479
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]480 :returns:
481 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
482
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]483
484 :type: :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurve`
485
486 The elliptic curve for this key.
487
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]488 .. method:: public_key()
489
490 :return: :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePublicKey`
491
492 The EllipticCurvePublicKey object for this private key.
493
494
495.. class:: EllipticCurvePublicKey
496
Alex Stapleton20c99032014-05-03 21:06:46 +0100[diff] [blame]497 .. versionadded:: 0.5
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]498
499 An elliptic curve public key.
500
Alex Stapletone47bafb2014-05-17 13:19:15 +0100[diff] [blame]501 .. classmethod:: verifier(signature, signature_algorithm)
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]502 Verify data was signed by the private key associated with this public
503 key.
504
Alex Stapleton80228a12014-04-20 16:44:26 +0100[diff] [blame]505 :param bytes signature: The signature to verify.
506
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]507 :param signature_algorithm: An instance of a
508 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurveSignatureAlgorithm`
509 provider.
510
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]511 :returns:
512 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
513
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]514 .. attribute:: curve
515
516 :type: :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurve`
517
518 The elliptic curve for this key.
519
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]520
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]521Hash algorithms
Alex Gaynor645315b2014-06-23 11:55:55 -0700[diff] [blame^]522---------------
Paul Kehrere51a2db2014-01-29 11:49:35 -0600[diff] [blame]523
524.. class:: HashAlgorithm
525
Paul Kehrere51a2db2014-01-29 11:49:35 -0600[diff] [blame]526 .. attribute:: name
527
528 :type: str
529
Paul Kehrer4c75a8c2014-01-29 12:20:37 -0600[diff] [blame]530 The standard name for the hash algorithm, for example: ``"sha256"`` or
531 ``"whirlpool"``.
Paul Kehrere51a2db2014-01-29 11:49:35 -0600[diff] [blame]532
533 .. attribute:: digest_size
534
535 :type: int
536
537 The size of the resulting digest in bytes.
538
539 .. attribute:: block_size
540
541 :type: int
542
543 The internal block size of the hash algorithm in bytes.
544
545
Ayrxa0f98502014-04-15 19:17:03 +0800[diff] [blame]546.. class:: HashContext
547
548 .. attribute:: algorithm
549
550 A :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` that
551 will be used by this context.
552
553 .. method:: update(data)
554
555 :param data bytes: The data you want to hash.
556
557 .. method:: finalize()
558
559 :return: The final digest as bytes.
560
561 .. method:: copy()
562
563 :return: A :class:`~cryptography.hazmat.primitives.interfaces.HashContext`
564 that is a copy of the current context.
565
566
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]567Key derivation functions
Alex Gaynor645315b2014-06-23 11:55:55 -0700[diff] [blame^]568------------------------
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]569
570.. class:: KeyDerivationFunction
571
Alex Gaynor8454c512014-01-28 07:01:54 -0800[diff] [blame]572 .. versionadded:: 0.2
573
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]574 .. method:: derive(key_material)
575
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]576 :param key_material bytes: The input key material. Depending on what
577 key derivation function you are using this
578 could be either random material, or a user
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]579 supplied password.
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]580 :return: The new key.
Alex Gaynore19e89f2014-01-28 06:58:43 -0800[diff] [blame]581 :raises cryptography.exceptions.AlreadyFinalized: This is raised when
582 :meth:`derive` or
583 :meth:`verify` is
584 called more than
585 once.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]586
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]587 This generates and returns a new key from the supplied key material.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]588
589 .. method:: verify(key_material, expected_key)
590
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]591 :param key_material bytes: The input key material. This is the same as
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]592 ``key_material`` in :meth:`derive`.
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]593 :param expected_key bytes: The expected result of deriving a new key,
594 this is the same as the return value of
595 :meth:`derive`.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]596 :raises cryptography.exceptions.InvalidKey: This is raised when the
597 derived key does not match
598 the expected key.
Alex Gaynore19e89f2014-01-28 06:58:43 -0800[diff] [blame]599 :raises cryptography.exceptions.AlreadyFinalized: This is raised when
600 :meth:`derive` or
601 :meth:`verify` is
602 called more than
603 once.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]604
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]605 This checks whether deriving a new key from the supplied
606 ``key_material`` generates the same key as the ``expected_key``, and
607 raises an exception if they do not match. This can be used for
608 something like checking whether a user's password attempt matches the
609 stored derived key.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]610
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]611
Ayrx83cd3f82014-04-15 21:56:32 +0800[diff] [blame]612`CMAC`_
Alex Gaynor645315b2014-06-23 11:55:55 -0700[diff] [blame^]613-------
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]614
615.. class:: CMACContext
616
617 .. versionadded:: 0.4
618
619 .. method:: update(data)
620
621 :param data bytes: The data you want to authenticate.
622
623 .. method:: finalize()
624
Ayrx7964c172014-04-15 21:50:58 +0800[diff] [blame]625 :return: The message authentication code.
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]626
627 .. method:: copy()
628
629 :return: A :class:`~cryptography.hazmat.primitives.interfaces.CMACContext`
630 that is a copy of the current context.
631
632
Paul Kehrer8e9c9842014-02-13 12:23:27 -0600[diff] [blame]633.. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
634.. _`Chinese remainder theorem`: https://en.wikipedia.org/wiki/Chinese_remainder_theorem
Mohammed Attia604c78f2014-03-04 03:56:08 +0200[diff] [blame]635.. _`DSA`: https://en.wikipedia.org/wiki/Digital_Signature_Algorithm
Ayrx83cd3f82014-04-15 21:56:32 +0800[diff] [blame]636.. _`CMAC`: https://en.wikipedia.org/wiki/CMAC
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]637.. _`ECDSA`: http://en.wikipedia.org/wiki/ECDSA
638.. _`EdDSA`: http://en.wikipedia.org/wiki/EdDSA