Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 99c1b803aeb2260d8dbc131aca608276a714285c / . / docs / hazmat / primitives / interfaces.rst
blob: 67c6b3d599c35ba9d2644a7caea5c2f856471eaa [file] [log] [blame]
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]1.. hazmat::
2
Paul Kehrer45efdbc2015-02-12 10:58:22 -0600[diff] [blame]3.. module:: cryptography.hazmat.primitives.interfaces
4
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]5Interfaces
6==========
7
8
9``cryptography`` uses `Abstract Base Classes`_ as interfaces to describe the
David Reidbd18bcd2013-11-07 13:13:30 -0800[diff] [blame]10properties and methods of most primitive constructs. Backends may also use
11this information to influence their operation. Interfaces should also be used
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]12to document argument and return types.
13
Alex Gaynore9df2942014-12-12 10:56:26 -0800[diff] [blame]14.. _`Abstract Base Classes`: https://docs.python.org/3/library/abc.html
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]15
16
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]17Asymmetric interfaces
Alex Gaynor645315b2014-06-23 11:55:55 -0700[diff] [blame]18---------------------
19
20.. class:: AsymmetricSignatureContext
21
22 .. versionadded:: 0.2
23
24 .. method:: update(data)
25
26 :param bytes data: The data you want to sign.
27
28 .. method:: finalize()
29
30 :return bytes signature: The signature.
31
32
33.. class:: AsymmetricVerificationContext
34
35 .. versionadded:: 0.2
36
37 .. method:: update(data)
38
39 :param bytes data: The data you wish to verify using the signature.
40
41 .. method:: verify()
42
43 :raises cryptography.exceptions.InvalidSignature: If the signature does
44 not validate.
45
46
47.. class:: AsymmetricPadding
48
49 .. versionadded:: 0.2
50
51 .. attribute:: name
52
Paul Kehrerd2fa7d22015-02-12 00:15:02 -0600[diff] [blame]53DSA
54~~~
55
56In 0.8 the DSA key interfaces were moved to the
57:mod:`cryptography.hazmat.primitives.asymmetric.dsa` module.
58
Alex Gaynor645315b2014-06-23 11:55:55 -0700[diff] [blame]59
60RSA
61~~~
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]62
Alex Stapletonf79c2312014-12-30 12:50:14 +0000[diff] [blame]63In 0.8 the RSA key interfaces were moved to the
64:mod:`cryptography.hazmat.primitives.asymmetric.rsa` module.
Paul Kehrerf0a48c62014-06-07 17:04:13 -0500[diff] [blame]65
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]66
Alex Gaynor645315b2014-06-23 11:55:55 -0700[diff] [blame]67Elliptic Curve
68~~~~~~~~~~~~~~
69
Paul Kehrer3bc87ab2015-02-12 00:01:53 -0600[diff] [blame]70In 0.8 the EC key interfaces were moved to the
71:mod:`cryptography.hazmat.primitives.asymmetric.ec` module.
Paul Kehrere025be22014-09-24 11:26:48 -0500[diff] [blame]72
73
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]74Key derivation functions
Alex Gaynor645315b2014-06-23 11:55:55 -0700[diff] [blame]75------------------------
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]76
77.. class:: KeyDerivationFunction
78
Alex Gaynor8454c512014-01-28 07:01:54 -0800[diff] [blame]79 .. versionadded:: 0.2
80
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]81 .. method:: derive(key_material)
82
Alex Gaynore85e3562014-11-22 23:26:30 -0800[diff] [blame]83 :param bytes key_material: The input key material. Depending on what
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]84 key derivation function you are using this
Alex Gaynore85e3562014-11-22 23:26:30 -0800[diff] [blame]85 could be either random bytes, or a user
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]86 supplied password.
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]87 :return: The new key.
Alex Gaynore19e89f2014-01-28 06:58:43 -0800[diff] [blame]88 :raises cryptography.exceptions.AlreadyFinalized: This is raised when
89 :meth:`derive` or
90 :meth:`verify` is
91 called more than
92 once.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]93
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]94 This generates and returns a new key from the supplied key material.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]95
96 .. method:: verify(key_material, expected_key)
97
Alex Gaynore85e3562014-11-22 23:26:30 -0800[diff] [blame]98 :param bytes key_material: The input key material. This is the same as
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]99 ``key_material`` in :meth:`derive`.
Alex Gaynore85e3562014-11-22 23:26:30 -0800[diff] [blame]100 :param bytes expected_key: The expected result of deriving a new key,
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]101 this is the same as the return value of
102 :meth:`derive`.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]103 :raises cryptography.exceptions.InvalidKey: This is raised when the
104 derived key does not match
105 the expected key.
Alex Gaynore19e89f2014-01-28 06:58:43 -0800[diff] [blame]106 :raises cryptography.exceptions.AlreadyFinalized: This is raised when
107 :meth:`derive` or
108 :meth:`verify` is
109 called more than
110 once.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]111
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]112 This checks whether deriving a new key from the supplied
113 ``key_material`` generates the same key as the ``expected_key``, and
114 raises an exception if they do not match. This can be used for
115 something like checking whether a user's password attempt matches the
116 stored derived key.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]117
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]118
Terry Chiacc5e4452014-10-12 15:35:21 +0800[diff] [blame]119`Message Authentication Code`_
120------------------------------
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]121
122.. class:: CMACContext
123
Alex Gaynor7d156882014-10-20 10:40:34 -0700[diff] [blame]124 :class:`CMACContext` has been deprecated in favor of :class:`MACContext`.
Terry Chiac7c82f32014-10-20 12:15:22 +0800[diff] [blame]125
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]126 .. versionadded:: 0.4
127
128 .. method:: update(data)
129
Alex Gaynore85e3562014-11-22 23:26:30 -0800[diff] [blame]130 :param bytes data: The data you want to authenticate.
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]131
132 .. method:: finalize()
133
Ayrx7964c172014-04-15 21:50:58 +0800[diff] [blame]134 :return: The message authentication code.
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]135
136 .. method:: copy()
137
138 :return: A :class:`~cryptography.hazmat.primitives.interfaces.CMACContext`
139 that is a copy of the current context.
140
Terry Chiacc5e4452014-10-12 15:35:21 +0800[diff] [blame]141.. class:: MACContext
142
143 .. versionadded:: 0.7
144
145 .. method:: update(data)
146
Alex Gaynore85e3562014-11-22 23:26:30 -0800[diff] [blame]147 :param bytes data: The data you want to authenticate.
Terry Chiacc5e4452014-10-12 15:35:21 +0800[diff] [blame]148
149 .. method:: finalize()
150
151 :return: The message authentication code.
152
153 .. method:: copy()
154
Alex Gaynor7d156882014-10-20 10:40:34 -0700[diff] [blame]155 :return: A
156 :class:`~cryptography.hazmat.primitives.interfaces.MACContext` that
157 is a copy of the current context.
Terry Chiacc5e4452014-10-12 15:35:21 +0800[diff] [blame]158
Alex Gaynor7d156882014-10-20 10:40:34 -0700[diff] [blame]159 .. method:: verify(signature)
Terry Chiacc5e4452014-10-12 15:35:21 +0800[diff] [blame]160
Alex Gaynore85e3562014-11-22 23:26:30 -0800[diff] [blame]161 :param bytes signature: The signature to verify.
Terry Chiacc5e4452014-10-12 15:35:21 +0800[diff] [blame]162
163 :raises cryptography.exceptions.InvalidSignature: This is raised when
164 the provided signature does not match the expected signature.
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]165
Paul Kehrer05c122b2014-11-24 08:41:05 -1000[diff] [blame]166
Ayrx83cd3f82014-04-15 21:56:32 +0800[diff] [blame]167.. _`CMAC`: https://en.wikipedia.org/wiki/CMAC