Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 71acc67e71013f8660a16d78520da22ec379e259 / . / docs / hazmat / primitives / interfaces.rst
blob: cc2a3000f8a4c85ebd3961a8e6708a2c007a31d4 [file] [log] [blame]
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]1.. hazmat::
2
3Interfaces
4==========
5
6
7``cryptography`` uses `Abstract Base Classes`_ as interfaces to describe the
David Reidbd18bcd2013-11-07 13:13:30 -0800[diff] [blame]8properties and methods of most primitive constructs. Backends may also use
9this information to influence their operation. Interfaces should also be used
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]10to document argument and return types.
11
David Reid9ed25e42013-11-07 13:15:27 -0800[diff] [blame]12.. _`Abstract Base Classes`: http://docs.python.org/3.2/library/abc.html
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]13
14
David Reid0a394df2013-11-15 16:19:50 -0800[diff] [blame]15Symmetric Ciphers
16~~~~~~~~~~~~~~~~~
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]17
18.. currentmodule:: cryptography.hazmat.primitives.interfaces
19
David Reid0a394df2013-11-15 16:19:50 -0800[diff] [blame]20
21.. class:: CipherAlgorithm
22
23 A named symmetric encryption algorithm.
24
25 .. attribute:: name
26
27 :type: str
28
29 The standard name for the mode, for example, "AES", "Camellia", or
30 "Blowfish".
31
32 .. attribute:: key_size
33
34 :type: int
35
36 The number of bits in the key being used.
37
38
David Reid668d4802013-12-17 11:53:43 -0800[diff] [blame]39.. class:: BlockCipherAlgorithm
40
41 A block cipher algorithm.
42
43 .. attribute:: block_size
44
45 :type: int
46
47 The number of bits in a block.
48
49
David Reid0a394df2013-11-15 16:19:50 -0800[diff] [blame]50Cipher Modes
51------------
52
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]53Interfaces used by the symmetric cipher modes described in
54:ref:`Symmetric Encryption Modes <symmetric-encryption-modes>`.
55
56.. class:: Mode
57
58 A named cipher mode.
59
60 .. attribute:: name
61
62 :type: str
63
64 This should be the standard shorthand name for the mode, for example
65 Cipher-Block Chaining mode is "CBC".
66
67 The name may be used by a backend to influence the operation of a
68 cipher in conjunction with the algorithm's name.
69
Alex Gaynor9626b5a2013-11-19 16:49:26 -0800[diff] [blame]70 .. method:: validate_for_algorithm(algorithm)
71
72 :param CipherAlgorithm algorithm:
73
74 Checks that the combination of this mode with the provided algorithm
75 meets any necessary invariants. This should raise an exception if they
76 are not met.
77
78 For example, the :class:`~cryptography.hazmat.primitives.modes.CBC`
79 mode uses this method to check that the provided initialization
80 vector's length matches the block size of the algorithm.
81
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]82
83.. class:: ModeWithInitializationVector
84
85 A cipher mode with an initialization vector.
86
87 .. attribute:: initialization_vector
88
89 :type: bytes
90
91 Exact requirements of the initialization are described by the
92 documentation of individual modes.
93
94
95.. class:: ModeWithNonce
96
97 A cipher mode with a nonce.
98
99 .. attribute:: nonce
100
101 :type: bytes
102
103 Exact requirements of the nonce are described by the documentation of
104 individual modes.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]105
106Asymmetric Interfaces
107~~~~~~~~~~~~~~~~~~~~~
108
109.. class:: RSAPrivateKey
110
Paul Kehrer46688b12014-01-26 13:23:13 -0600[diff] [blame]111 .. versionadded:: 0.2
Paul Kehrer82629f42014-01-26 12:25:02 -0600[diff] [blame]112
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]113 An `RSA`_ private key.
114
Paul Kehrer0e94fbe2014-01-26 11:47:21 -0600[diff] [blame]115 .. method:: public_key()
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]116
Paul Kehrer359b9462014-01-26 12:03:05 -0600[diff] [blame]117 :return: :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]118
119 An RSA public key object corresponding to the values of the private key.
120
121 .. attribute:: modulus
122
Paul Kehrerd527b302014-01-26 11:41:38 -0600[diff] [blame]123 :type: int
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]124
Paul Kehrer0e94fbe2014-01-26 11:47:21 -0600[diff] [blame]125 The public modulus.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]126
127 .. attribute:: public_exponent
128
129 :type: int
130
Paul Kehrer0e94fbe2014-01-26 11:47:21 -0600[diff] [blame]131 The public exponent.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]132
Alex Gaynor2649a692014-02-03 07:14:16 -0800[diff] [blame]133 .. attribute:: private_exponent
134
135 :type: int
136
137 The private exponent.
138
Alex Stapletonee3e6bf2014-02-02 21:13:48 +0000[diff] [blame]139 .. attribute:: key_size
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]140
141 :type: int
142
143 The bit length of the modulus.
144
145 .. attribute:: p
146
Paul Kehrerd527b302014-01-26 11:41:38 -0600[diff] [blame]147 :type: int
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]148
Alex Gaynor2a918742014-01-26 16:53:44 -0600[diff] [blame]149 ``p``, one of the two primes composing the :attr:`modulus`.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]150
151 .. attribute:: q
152
Paul Kehrerd527b302014-01-26 11:41:38 -0600[diff] [blame]153 :type: int
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]154
Alex Gaynor2a918742014-01-26 16:53:44 -0600[diff] [blame]155 ``q``, one of the two primes composing the :attr:`modulus`.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]156
157 .. attribute:: d
158
Paul Kehrerd527b302014-01-26 11:41:38 -0600[diff] [blame]159 :type: int
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]160
Alex Gaynor2649a692014-02-03 07:14:16 -0800[diff] [blame]161 The private exponent. Alias for :attr:`private_exponent`.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]162
Paul Kehrer8e9c9842014-02-13 12:23:27 -0600[diff] [blame]163 .. attribute:: dmp1
164
165 :type: int
166
167 A `Chinese remainder theorem`_ coefficient used to speed up RSA
168 operations. Calculated as: d mod (p-1)
169
170 .. attribute:: dmq1
171
172 :type: int
173
174 A `Chinese remainder theorem`_ coefficient used to speed up RSA
175 operations. Calculated as: d mod (q-1)
176
177 .. attribute:: iqmp
178
179 :type: int
180
181 A `Chinese remainder theorem`_ coefficient used to speed up RSA
182 operations. Calculated as: q\ :sup:`-1` mod p
183
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]184 .. attribute:: n
185
Paul Kehrerd527b302014-01-26 11:41:38 -0600[diff] [blame]186 :type: int
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]187
Alex Gaynor2a918742014-01-26 16:53:44 -0600[diff] [blame]188 The public modulus. Alias for :attr:`modulus`.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]189
190 .. attribute:: e
191
192 :type: int
193
Alex Gaynor2a918742014-01-26 16:53:44 -0600[diff] [blame]194 The public exponent. Alias for :attr:`public_exponent`.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]195
196
197.. class:: RSAPublicKey
198
Paul Kehrer46688b12014-01-26 13:23:13 -0600[diff] [blame]199 .. versionadded:: 0.2
Paul Kehrer82629f42014-01-26 12:25:02 -0600[diff] [blame]200
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]201 An `RSA`_ public key.
202
203 .. attribute:: modulus
204
Paul Kehrerd527b302014-01-26 11:41:38 -0600[diff] [blame]205 :type: int
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]206
Paul Kehrer0e94fbe2014-01-26 11:47:21 -0600[diff] [blame]207 The public modulus.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]208
Alex Stapletonee3e6bf2014-02-02 21:13:48 +0000[diff] [blame]209 .. attribute:: key_size
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]210
211 :type: int
212
213 The bit length of the modulus.
214
215 .. attribute:: public_exponent
216
217 :type: int
218
Paul Kehrer0e94fbe2014-01-26 11:47:21 -0600[diff] [blame]219 The public exponent.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]220
221 .. attribute:: n
222
Paul Kehrerd527b302014-01-26 11:41:38 -0600[diff] [blame]223 :type: int
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]224
Alex Gaynor2a918742014-01-26 16:53:44 -0600[diff] [blame]225 The public modulus. Alias for :attr:`modulus`.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]226
227 .. attribute:: e
228
229 :type: int
230
Alex Gaynor2a918742014-01-26 16:53:44 -0600[diff] [blame]231 The public exponent. Alias for :attr:`public_exponent`.
232
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]233
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame^]234.. class:: DSAParameters
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]235
236 .. versionadded:: 0.3
237
238 `DSA`_ parameters.
239
240 .. attribute:: modulus
241
242 :type: int
243
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]244 The prime modulus that is used in generating the DSA key pair and used
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]245 in the DSA signing and verification processes.
246
247 .. attribute:: subgroup_order
248
249 :type: int
250
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]251 The subgroup order that is used in generating the DSA key pair
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]252 by the generator and used in the DSA signing and verification
253 processes.
254
255 .. attribute:: generator
256
257 :type: int
258
Mohammed Attiacb9a6c22014-03-04 04:16:35 +0200[diff] [blame]259 The generator that is used in generating the DSA key pair and used
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]260 in the DSA signing and verification processes.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]261
262 .. attribute:: p
263
264 :type: int
265
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]266 The prime modulus that is used in generating the DSA key pair and used
Mohammed Attia70324512014-03-04 03:34:39 +0200[diff] [blame]267 in the DSA signing and verification processes. Alias for :attr:`modulus`.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]268
269 .. attribute:: q
270
271 :type: int
272
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]273 The subgroup order that is used in generating the DSA key pair
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]274 by the generator and used in the DSA signing and verification
Mohammed Attia70324512014-03-04 03:34:39 +0200[diff] [blame]275 processes. Alias for :attr:`subgroup_order`.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]276
277 .. attribute:: g
278
279 :type: int
280
Mohammed Attiacb9a6c22014-03-04 04:16:35 +0200[diff] [blame]281 The generator that is used in generating the DSA key pair and used
Mohammed Attia70324512014-03-04 03:34:39 +0200[diff] [blame]282 in the DSA signing and verification processes. Alias for :attr:`generator`.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]283
284
285.. class:: DSAPrivateKey
286
287 .. versionadded:: 0.3
288
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]289 A `DSA`_ private key.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]290
291 .. method:: public_key()
292
293 :return: :class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey`
294
295 An DSA public key object corresponding to the values of the private key.
296
297 .. method:: parameters()
298
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame^]299 :return: :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]300
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame^]301 The DSAParameters object associated with this private key.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]302
303 .. attribute:: key_size
304
305 :type: int
306
307 The bit length of the modulus.
308
309 .. attribute:: x
310
311 :type: int
312
313 The private key.
314
315 .. attribute:: y
316
317 :type: int
318
319 The public key.
320
321
322.. class:: DSAPublicKey
323
324 .. versionadded:: 0.3
325
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]326 A `DSA`_ private key.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]327
328 .. method:: parameters()
329
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame^]330 :return: :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]331
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame^]332 The DSAParameters object associated with this public key.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]333
334 .. attribute:: y
335
336 :type: int
337
338 The public key.
339
340
Paul Kehrereda558c2014-02-17 21:18:13 -0600[diff] [blame]341.. class:: AsymmetricSignatureContext
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]342
343 .. versionadded:: 0.2
344
345 .. method:: update(data)
346
Paul Kehrereda558c2014-02-17 21:18:13 -0600[diff] [blame]347 :param bytes data: The data you want to sign.
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]348
349 .. method:: finalize()
350
351 :return bytes signature: The signature.
352
353
Paul Kehrer430202d2014-02-18 13:36:53 -0600[diff] [blame]354.. class:: AsymmetricVerificationContext
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]355
356 .. versionadded:: 0.2
357
358 .. method:: update(data)
359
Paul Kehrereda558c2014-02-17 21:18:13 -0600[diff] [blame]360 :param bytes data: The data you wish to verify using the signature.
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]361
Paul Kehrerdd3780a2014-02-18 13:17:53 -0600[diff] [blame]362 .. method:: verify()
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]363
Paul Kehrerfef1fbd2014-02-26 23:39:37 -0400[diff] [blame]364 :raises cryptography.exceptions.InvalidSignature: If the signature does
365 not validate.
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]366
367
368.. class:: AsymmetricPadding
369
Paul Kehrer19f32d52014-02-17 19:23:06 -0600[diff] [blame]370 .. versionadded:: 0.2
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]371
372 .. attribute:: name
373
Paul Kehrere51a2db2014-01-29 11:49:35 -0600[diff] [blame]374Hash Algorithms
375~~~~~~~~~~~~~~~
376
377.. class:: HashAlgorithm
378
Paul Kehrere51a2db2014-01-29 11:49:35 -0600[diff] [blame]379 .. attribute:: name
380
381 :type: str
382
Paul Kehrer4c75a8c2014-01-29 12:20:37 -0600[diff] [blame]383 The standard name for the hash algorithm, for example: ``"sha256"`` or
384 ``"whirlpool"``.
Paul Kehrere51a2db2014-01-29 11:49:35 -0600[diff] [blame]385
386 .. attribute:: digest_size
387
388 :type: int
389
390 The size of the resulting digest in bytes.
391
392 .. attribute:: block_size
393
394 :type: int
395
396 The internal block size of the hash algorithm in bytes.
397
398
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]399Key Derivation Functions
400~~~~~~~~~~~~~~~~~~~~~~~~
401
402.. class:: KeyDerivationFunction
403
Alex Gaynor8454c512014-01-28 07:01:54 -0800[diff] [blame]404 .. versionadded:: 0.2
405
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]406 .. method:: derive(key_material)
407
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]408 :param key_material bytes: The input key material. Depending on what
409 key derivation function you are using this
410 could be either random material, or a user
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]411 supplied password.
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]412 :return: The new key.
Alex Gaynore19e89f2014-01-28 06:58:43 -0800[diff] [blame]413 :raises cryptography.exceptions.AlreadyFinalized: This is raised when
414 :meth:`derive` or
415 :meth:`verify` is
416 called more than
417 once.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]418
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]419 This generates and returns a new key from the supplied key material.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]420
421 .. method:: verify(key_material, expected_key)
422
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]423 :param key_material bytes: The input key material. This is the same as
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]424 ``key_material`` in :meth:`derive`.
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]425 :param expected_key bytes: The expected result of deriving a new key,
426 this is the same as the return value of
427 :meth:`derive`.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]428 :raises cryptography.exceptions.InvalidKey: This is raised when the
429 derived key does not match
430 the expected key.
Alex Gaynore19e89f2014-01-28 06:58:43 -0800[diff] [blame]431 :raises cryptography.exceptions.AlreadyFinalized: This is raised when
432 :meth:`derive` or
433 :meth:`verify` is
434 called more than
435 once.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]436
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]437 This checks whether deriving a new key from the supplied
438 ``key_material`` generates the same key as the ``expected_key``, and
439 raises an exception if they do not match. This can be used for
440 something like checking whether a user's password attempt matches the
441 stored derived key.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]442
Paul Kehrer8e9c9842014-02-13 12:23:27 -0600[diff] [blame]443.. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
444.. _`Chinese remainder theorem`: https://en.wikipedia.org/wiki/Chinese_remainder_theorem
Mohammed Attia604c78f2014-03-04 03:56:08 +0200[diff] [blame]445.. _`DSA`: https://en.wikipedia.org/wiki/Digital_Signature_Algorithm