| David Reid | 30722b9 | 2013-11-07 13:03:39 -0800 | [diff] [blame] | 1 | .. hazmat:: |
| 2 | |
| Paul Kehrer | 45efdbc | 2015-02-12 10:58:22 -0600 | [diff] [blame] | 3 | .. module:: cryptography.hazmat.primitives.interfaces |
| 4 | |
| David Reid | 30722b9 | 2013-11-07 13:03:39 -0800 | [diff] [blame] | 5 | Interfaces |
| 6 | ========== |
| 7 | |
| 8 | |
| 9 | ``cryptography`` uses `Abstract Base Classes`_ as interfaces to describe the |
| David Reid | bd18bcd | 2013-11-07 13:13:30 -0800 | [diff] [blame] | 10 | properties and methods of most primitive constructs. Backends may also use |
| 11 | this information to influence their operation. Interfaces should also be used |
| David Reid | 30722b9 | 2013-11-07 13:03:39 -0800 | [diff] [blame] | 12 | to document argument and return types. |
| 13 | |
| Alex Gaynor | e9df294 | 2014-12-12 10:56:26 -0800 | [diff] [blame] | 14 | .. _`Abstract Base Classes`: https://docs.python.org/3/library/abc.html |
| David Reid | 30722b9 | 2013-11-07 13:03:39 -0800 | [diff] [blame] | 15 | |
| 16 | |
| Alex Stapleton | c5fffd3 | 2014-03-18 15:29:00 +0000 | [diff] [blame] | 17 | Asymmetric interfaces |
| Alex Gaynor | 645315b | 2014-06-23 11:55:55 -0700 | [diff] [blame] | 18 | --------------------- |
| 19 | |
| 20 | .. class:: AsymmetricSignatureContext |
| 21 | |
| 22 | .. versionadded:: 0.2 |
| 23 | |
| 24 | .. method:: update(data) |
| 25 | |
| 26 | :param bytes data: The data you want to sign. |
| 27 | |
| 28 | .. method:: finalize() |
| 29 | |
| 30 | :return bytes signature: The signature. |
| 31 | |
| 32 | |
| 33 | .. class:: AsymmetricVerificationContext |
| 34 | |
| 35 | .. versionadded:: 0.2 |
| 36 | |
| 37 | .. method:: update(data) |
| 38 | |
| 39 | :param bytes data: The data you wish to verify using the signature. |
| 40 | |
| 41 | .. method:: verify() |
| 42 | |
| 43 | :raises cryptography.exceptions.InvalidSignature: If the signature does |
| 44 | not validate. |
| 45 | |
| 46 | |
| Paul Kehrer | 64ddb7a | 2015-02-14 19:20:28 -0600 | [diff] [blame^] | 47 | In 0.8 the asymmetric padding interface was moved to the |
| 48 | :mod:`cryptography.hazmat.primitives.asymmetric.padding` module. |
| Alex Gaynor | 645315b | 2014-06-23 11:55:55 -0700 | [diff] [blame] | 49 | |
| Paul Kehrer | d2fa7d2 | 2015-02-12 00:15:02 -0600 | [diff] [blame] | 50 | DSA |
| 51 | ~~~ |
| 52 | |
| 53 | In 0.8 the DSA key interfaces were moved to the |
| 54 | :mod:`cryptography.hazmat.primitives.asymmetric.dsa` module. |
| 55 | |
| Alex Gaynor | 645315b | 2014-06-23 11:55:55 -0700 | [diff] [blame] | 56 | |
| 57 | RSA |
| 58 | ~~~ |
| Paul Kehrer | ac42323 | 2014-01-25 14:13:09 -0600 | [diff] [blame] | 59 | |
| Alex Stapleton | f79c231 | 2014-12-30 12:50:14 +0000 | [diff] [blame] | 60 | In 0.8 the RSA key interfaces were moved to the |
| 61 | :mod:`cryptography.hazmat.primitives.asymmetric.rsa` module. |
| Paul Kehrer | f0a48c6 | 2014-06-07 17:04:13 -0500 | [diff] [blame] | 62 | |
| Alex Stapleton | 085f378 | 2014-04-01 16:18:17 +0100 | [diff] [blame] | 63 | |
| Alex Gaynor | 645315b | 2014-06-23 11:55:55 -0700 | [diff] [blame] | 64 | Elliptic Curve |
| 65 | ~~~~~~~~~~~~~~ |
| 66 | |
| Paul Kehrer | 3bc87ab | 2015-02-12 00:01:53 -0600 | [diff] [blame] | 67 | In 0.8 the EC key interfaces were moved to the |
| 68 | :mod:`cryptography.hazmat.primitives.asymmetric.ec` module. |
| Paul Kehrer | e025be2 | 2014-09-24 11:26:48 -0500 | [diff] [blame] | 69 | |
| 70 | |
| Alex Stapleton | c5fffd3 | 2014-03-18 15:29:00 +0000 | [diff] [blame] | 71 | Key derivation functions |
| Alex Gaynor | 645315b | 2014-06-23 11:55:55 -0700 | [diff] [blame] | 72 | ------------------------ |
| Alex Gaynor | b2774f5 | 2014-01-27 11:05:29 -0800 | [diff] [blame] | 73 | |
| 74 | .. class:: KeyDerivationFunction |
| 75 | |
| Alex Gaynor | 8454c51 | 2014-01-28 07:01:54 -0800 | [diff] [blame] | 76 | .. versionadded:: 0.2 |
| 77 | |
| Alex Gaynor | b2774f5 | 2014-01-27 11:05:29 -0800 | [diff] [blame] | 78 | .. method:: derive(key_material) |
| 79 | |
| Alex Gaynor | e85e356 | 2014-11-22 23:26:30 -0800 | [diff] [blame] | 80 | :param bytes key_material: The input key material. Depending on what |
| Alex Gaynor | 5484f72 | 2014-01-28 05:46:15 -0800 | [diff] [blame] | 81 | key derivation function you are using this |
| Alex Gaynor | e85e356 | 2014-11-22 23:26:30 -0800 | [diff] [blame] | 82 | could be either random bytes, or a user |
| Alex Gaynor | b2774f5 | 2014-01-27 11:05:29 -0800 | [diff] [blame] | 83 | supplied password. |
| Alex Gaynor | 5484f72 | 2014-01-28 05:46:15 -0800 | [diff] [blame] | 84 | :return: The new key. |
| Alex Gaynor | e19e89f | 2014-01-28 06:58:43 -0800 | [diff] [blame] | 85 | :raises cryptography.exceptions.AlreadyFinalized: This is raised when |
| 86 | :meth:`derive` or |
| 87 | :meth:`verify` is |
| 88 | called more than |
| 89 | once. |
| Alex Gaynor | b2774f5 | 2014-01-27 11:05:29 -0800 | [diff] [blame] | 90 | |
| Alex Gaynor | 5484f72 | 2014-01-28 05:46:15 -0800 | [diff] [blame] | 91 | This generates and returns a new key from the supplied key material. |
| Alex Gaynor | b2774f5 | 2014-01-27 11:05:29 -0800 | [diff] [blame] | 92 | |
| 93 | .. method:: verify(key_material, expected_key) |
| 94 | |
| Alex Gaynor | e85e356 | 2014-11-22 23:26:30 -0800 | [diff] [blame] | 95 | :param bytes key_material: The input key material. This is the same as |
| Alex Gaynor | b2774f5 | 2014-01-27 11:05:29 -0800 | [diff] [blame] | 96 | ``key_material`` in :meth:`derive`. |
| Alex Gaynor | e85e356 | 2014-11-22 23:26:30 -0800 | [diff] [blame] | 97 | :param bytes expected_key: The expected result of deriving a new key, |
| Alex Gaynor | 5484f72 | 2014-01-28 05:46:15 -0800 | [diff] [blame] | 98 | this is the same as the return value of |
| 99 | :meth:`derive`. |
| Alex Gaynor | b2774f5 | 2014-01-27 11:05:29 -0800 | [diff] [blame] | 100 | :raises cryptography.exceptions.InvalidKey: This is raised when the |
| 101 | derived key does not match |
| 102 | the expected key. |
| Alex Gaynor | e19e89f | 2014-01-28 06:58:43 -0800 | [diff] [blame] | 103 | :raises cryptography.exceptions.AlreadyFinalized: This is raised when |
| 104 | :meth:`derive` or |
| 105 | :meth:`verify` is |
| 106 | called more than |
| 107 | once. |
| Alex Gaynor | b2774f5 | 2014-01-27 11:05:29 -0800 | [diff] [blame] | 108 | |
| Alex Gaynor | 5484f72 | 2014-01-28 05:46:15 -0800 | [diff] [blame] | 109 | This checks whether deriving a new key from the supplied |
| 110 | ``key_material`` generates the same key as the ``expected_key``, and |
| 111 | raises an exception if they do not match. This can be used for |
| 112 | something like checking whether a user's password attempt matches the |
| 113 | stored derived key. |
| Alex Gaynor | b2774f5 | 2014-01-27 11:05:29 -0800 | [diff] [blame] | 114 | |
| Ayrx | c812170 | 2014-04-15 19:02:05 +0800 | [diff] [blame] | 115 | |
| Terry Chia | cc5e445 | 2014-10-12 15:35:21 +0800 | [diff] [blame] | 116 | `Message Authentication Code`_ |
| 117 | ------------------------------ |
| Ayrx | c812170 | 2014-04-15 19:02:05 +0800 | [diff] [blame] | 118 | |
| 119 | .. class:: CMACContext |
| 120 | |
| Alex Gaynor | 7d15688 | 2014-10-20 10:40:34 -0700 | [diff] [blame] | 121 | :class:`CMACContext` has been deprecated in favor of :class:`MACContext`. |
| Terry Chia | c7c82f3 | 2014-10-20 12:15:22 +0800 | [diff] [blame] | 122 | |
| Ayrx | c812170 | 2014-04-15 19:02:05 +0800 | [diff] [blame] | 123 | .. versionadded:: 0.4 |
| 124 | |
| 125 | .. method:: update(data) |
| 126 | |
| Alex Gaynor | e85e356 | 2014-11-22 23:26:30 -0800 | [diff] [blame] | 127 | :param bytes data: The data you want to authenticate. |
| Ayrx | c812170 | 2014-04-15 19:02:05 +0800 | [diff] [blame] | 128 | |
| 129 | .. method:: finalize() |
| 130 | |
| Ayrx | 7964c17 | 2014-04-15 21:50:58 +0800 | [diff] [blame] | 131 | :return: The message authentication code. |
| Ayrx | c812170 | 2014-04-15 19:02:05 +0800 | [diff] [blame] | 132 | |
| 133 | .. method:: copy() |
| 134 | |
| 135 | :return: A :class:`~cryptography.hazmat.primitives.interfaces.CMACContext` |
| 136 | that is a copy of the current context. |
| 137 | |
| Terry Chia | cc5e445 | 2014-10-12 15:35:21 +0800 | [diff] [blame] | 138 | .. class:: MACContext |
| 139 | |
| 140 | .. versionadded:: 0.7 |
| 141 | |
| 142 | .. method:: update(data) |
| 143 | |
| Alex Gaynor | e85e356 | 2014-11-22 23:26:30 -0800 | [diff] [blame] | 144 | :param bytes data: The data you want to authenticate. |
| Terry Chia | cc5e445 | 2014-10-12 15:35:21 +0800 | [diff] [blame] | 145 | |
| 146 | .. method:: finalize() |
| 147 | |
| 148 | :return: The message authentication code. |
| 149 | |
| 150 | .. method:: copy() |
| 151 | |
| Alex Gaynor | 7d15688 | 2014-10-20 10:40:34 -0700 | [diff] [blame] | 152 | :return: A |
| 153 | :class:`~cryptography.hazmat.primitives.interfaces.MACContext` that |
| 154 | is a copy of the current context. |
| Terry Chia | cc5e445 | 2014-10-12 15:35:21 +0800 | [diff] [blame] | 155 | |
| Alex Gaynor | 7d15688 | 2014-10-20 10:40:34 -0700 | [diff] [blame] | 156 | .. method:: verify(signature) |
| Terry Chia | cc5e445 | 2014-10-12 15:35:21 +0800 | [diff] [blame] | 157 | |
| Alex Gaynor | e85e356 | 2014-11-22 23:26:30 -0800 | [diff] [blame] | 158 | :param bytes signature: The signature to verify. |
| Terry Chia | cc5e445 | 2014-10-12 15:35:21 +0800 | [diff] [blame] | 159 | |
| 160 | :raises cryptography.exceptions.InvalidSignature: This is raised when |
| 161 | the provided signature does not match the expected signature. |
| Ayrx | c812170 | 2014-04-15 19:02:05 +0800 | [diff] [blame] | 162 | |
| Paul Kehrer | 05c122b | 2014-11-24 08:41:05 -1000 | [diff] [blame] | 163 | |
| Ayrx | 83cd3f8 | 2014-04-15 21:56:32 +0800 | [diff] [blame] | 164 | .. _`CMAC`: https://en.wikipedia.org/wiki/CMAC |