Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 98429643e0453b6ad7f9daa872cccad5f410149a / . / docs / hazmat / primitives / interfaces.rst
blob: b8aca0c28bea287284a6b081ac211aebf3da1130 [file] [log] [blame]
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]1.. hazmat::
2
3Interfaces
4==========
5
6
7``cryptography`` uses `Abstract Base Classes`_ as interfaces to describe the
David Reidbd18bcd2013-11-07 13:13:30 -0800[diff] [blame]8properties and methods of most primitive constructs. Backends may also use
9this information to influence their operation. Interfaces should also be used
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]10to document argument and return types.
11
David Reid9ed25e42013-11-07 13:15:27 -0800[diff] [blame]12.. _`Abstract Base Classes`: http://docs.python.org/3.2/library/abc.html
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]13
14
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]15Symmetric ciphers
David Reid0a394df2013-11-15 16:19:50 -0800[diff] [blame]16~~~~~~~~~~~~~~~~~
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]17
18.. currentmodule:: cryptography.hazmat.primitives.interfaces
19
David Reid0a394df2013-11-15 16:19:50 -0800[diff] [blame]20
21.. class:: CipherAlgorithm
22
23 A named symmetric encryption algorithm.
24
25 .. attribute:: name
26
27 :type: str
28
29 The standard name for the mode, for example, "AES", "Camellia", or
30 "Blowfish".
31
32 .. attribute:: key_size
33
34 :type: int
35
36 The number of bits in the key being used.
37
38
David Reid668d4802013-12-17 11:53:43 -0800[diff] [blame]39.. class:: BlockCipherAlgorithm
40
41 A block cipher algorithm.
42
43 .. attribute:: block_size
44
45 :type: int
46
47 The number of bits in a block.
48
49
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]50Cipher modes
David Reid0a394df2013-11-15 16:19:50 -0800[diff] [blame]51------------
52
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]53Interfaces used by the symmetric cipher modes described in
54:ref:`Symmetric Encryption Modes <symmetric-encryption-modes>`.
55
56.. class:: Mode
57
58 A named cipher mode.
59
60 .. attribute:: name
61
62 :type: str
63
64 This should be the standard shorthand name for the mode, for example
65 Cipher-Block Chaining mode is "CBC".
66
67 The name may be used by a backend to influence the operation of a
68 cipher in conjunction with the algorithm's name.
69
Alex Gaynor9626b5a2013-11-19 16:49:26 -0800[diff] [blame]70 .. method:: validate_for_algorithm(algorithm)
71
72 :param CipherAlgorithm algorithm:
73
74 Checks that the combination of this mode with the provided algorithm
75 meets any necessary invariants. This should raise an exception if they
76 are not met.
77
78 For example, the :class:`~cryptography.hazmat.primitives.modes.CBC`
79 mode uses this method to check that the provided initialization
80 vector's length matches the block size of the algorithm.
81
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]82
83.. class:: ModeWithInitializationVector
84
85 A cipher mode with an initialization vector.
86
87 .. attribute:: initialization_vector
88
89 :type: bytes
90
91 Exact requirements of the initialization are described by the
92 documentation of individual modes.
93
94
95.. class:: ModeWithNonce
96
97 A cipher mode with a nonce.
98
99 .. attribute:: nonce
100
101 :type: bytes
102
103 Exact requirements of the nonce are described by the documentation of
104 individual modes.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]105
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]106Asymmetric interfaces
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]107~~~~~~~~~~~~~~~~~~~~~
108
109.. class:: RSAPrivateKey
110
Paul Kehrer46688b12014-01-26 13:23:13 -0600[diff] [blame]111 .. versionadded:: 0.2
Paul Kehrer82629f42014-01-26 12:25:02 -0600[diff] [blame]112
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]113 An `RSA`_ private key.
114
Paul Kehrerf2fb02a2014-06-19 10:16:42 -0600[diff] [blame]115 .. method:: signer(padding, algorithm)
Paul Kehrer01cdfb22014-04-15 11:27:03 -0400[diff] [blame]116
117 .. versionadded:: 0.3
118
119 Sign data which can be verified later by others using the public key.
120
121 :param padding: An instance of a
122 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
123 provider.
124
125 :param algorithm: An instance of a
126 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
127 provider.
128
Paul Kehrer01cdfb22014-04-15 11:27:03 -0400[diff] [blame]129 :returns:
130 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
131
Paul Kehrerf2fb02a2014-06-19 10:16:42 -0600[diff] [blame]132 .. method:: decrypt(ciphertext, padding)
Paul Kehrer27f9ca62014-04-15 17:59:27 -0400[diff] [blame]133
134 .. versionadded:: 0.4
135
136 Decrypt data that was encrypted via the public key.
137
138 :param bytes ciphertext: The ciphertext to decrypt.
139
140 :param padding: An instance of a
141 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
142 provider.
143
Paul Kehrer27f9ca62014-04-15 17:59:27 -0400[diff] [blame]144 :return bytes: Decrypted data.
145
Paul Kehrer0e94fbe2014-01-26 11:47:21 -0600[diff] [blame]146 .. method:: public_key()
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]147
Paul Kehrer359b9462014-01-26 12:03:05 -0600[diff] [blame]148 :return: :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]149
150 An RSA public key object corresponding to the values of the private key.
151
Alex Stapletonee3e6bf2014-02-02 21:13:48 +0000[diff] [blame]152 .. attribute:: key_size
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]153
154 :type: int
155
156 The bit length of the modulus.
157
Paul Kehrerf0a48c62014-06-07 17:04:13 -0500[diff] [blame]158.. class:: RSAPrivateKeyWithNumbers
159
160 .. versionadded:: 0.5
161
162 Extends :class:`RSAPrivateKey`.
163
164 .. method:: private_numbers()
165
166 Create a
167 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers`
168 object.
169
170 :returns: An
171 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers`
172 instance.
173
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]174
175.. class:: RSAPublicKey
176
Paul Kehrer46688b12014-01-26 13:23:13 -0600[diff] [blame]177 .. versionadded:: 0.2
Paul Kehrer82629f42014-01-26 12:25:02 -0600[diff] [blame]178
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]179 An `RSA`_ public key.
180
Paul Kehrerf2fb02a2014-06-19 10:16:42 -0600[diff] [blame]181 .. method:: verifier(signature, padding, algorithm)
Paul Kehrer01cdfb22014-04-15 11:27:03 -0400[diff] [blame]182
183 .. versionadded:: 0.3
184
185 Verify data was signed by the private key associated with this public
186 key.
187
188 :param bytes signature: The signature to verify.
189
190 :param padding: An instance of a
191 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
192 provider.
193
194 :param algorithm: An instance of a
195 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
196 provider.
197
Paul Kehrer01cdfb22014-04-15 11:27:03 -0400[diff] [blame]198 :returns:
199 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
200
Paul Kehrerf2fb02a2014-06-19 10:16:42 -0600[diff] [blame]201 .. method:: encrypt(plaintext, padding)
Paul Kehrer4e602f32014-04-24 12:07:54 -0500[diff] [blame]202
203 .. versionadded:: 0.4
204
205 Encrypt data with the public key.
206
207 :param bytes plaintext: The plaintext to encrypt.
208
209 :param padding: An instance of a
210 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
211 provider.
212
Paul Kehrer4e602f32014-04-24 12:07:54 -0500[diff] [blame]213 :return bytes: Encrypted data.
Paul Kehrer01cdfb22014-04-15 11:27:03 -0400[diff] [blame]214
Alex Stapletonee3e6bf2014-02-02 21:13:48 +0000[diff] [blame]215 .. attribute:: key_size
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]216
217 :type: int
218
219 The bit length of the modulus.
220
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]221
Paul Kehrerf0a48c62014-06-07 17:04:13 -0500[diff] [blame]222.. class:: RSAPublicKeyWithNumbers
223
224 .. versionadded:: 0.5
225
226 Extends :class:`RSAPublicKey`.
227
228 .. method:: public_numbers()
229
230 Create a
231 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicNumbers`
232 object.
233
234 :returns: An
235 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicNumbers`
236 instance.
237
238
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]239.. class:: DSAParameters
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]240
241 .. versionadded:: 0.3
242
243 `DSA`_ parameters.
244
245 .. attribute:: modulus
246
247 :type: int
248
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]249 The prime modulus that is used in generating the DSA key pair and used
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]250 in the DSA signing and verification processes.
251
252 .. attribute:: subgroup_order
253
254 :type: int
255
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]256 The subgroup order that is used in generating the DSA key pair
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]257 by the generator and used in the DSA signing and verification
258 processes.
259
260 .. attribute:: generator
261
262 :type: int
263
Mohammed Attiacb9a6c22014-03-04 04:16:35 +0200[diff] [blame]264 The generator that is used in generating the DSA key pair and used
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]265 in the DSA signing and verification processes.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]266
267 .. attribute:: p
268
269 :type: int
270
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]271 The prime modulus that is used in generating the DSA key pair and used
Mohammed Attia70324512014-03-04 03:34:39 +0200[diff] [blame]272 in the DSA signing and verification processes. Alias for :attr:`modulus`.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]273
274 .. attribute:: q
275
276 :type: int
277
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]278 The subgroup order that is used in generating the DSA key pair
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]279 by the generator and used in the DSA signing and verification
Mohammed Attia70324512014-03-04 03:34:39 +0200[diff] [blame]280 processes. Alias for :attr:`subgroup_order`.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]281
282 .. attribute:: g
283
284 :type: int
285
Mohammed Attiacb9a6c22014-03-04 04:16:35 +0200[diff] [blame]286 The generator that is used in generating the DSA key pair and used
Mohammed Attia70324512014-03-04 03:34:39 +0200[diff] [blame]287 in the DSA signing and verification processes. Alias for :attr:`generator`.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]288
289
Paul Kehrer98429642014-06-22 16:37:21 -0600[diff] [blame^]290.. class:: DSAParametersWithNumbers
291
292 .. versionadded:: 0.5
293
294 Extends :class:`DSAParameters`.
295
296 .. method:: parameter_numbers()
297
298 Create a
299 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameterNumbers`
300 object.
301
302 :returns: A
303 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameterNumbers`
304 instance.
305
306
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]307.. class:: DSAPrivateKey
308
309 .. versionadded:: 0.3
310
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]311 A `DSA`_ private key.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]312
313 .. method:: public_key()
314
315 :return: :class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey`
316
317 An DSA public key object corresponding to the values of the private key.
318
319 .. method:: parameters()
320
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]321 :return: :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]322
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]323 The DSAParameters object associated with this private key.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]324
Paul Kehrer0b3ff3b2014-05-01 15:34:42 -0500[diff] [blame]325 .. method:: signer(algorithm, backend)
326
327 .. versionadded:: 0.4
328
329 Sign data which can be verified later by others using the public key.
330
331 :param algorithm: An instance of a
332 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
333 provider.
334
335 :param backend: A
336 :class:`~cryptography.hazmat.backends.interfaces.DSABackend`
337 provider.
338
339 :returns:
340 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
341
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]342 .. attribute:: key_size
343
344 :type: int
345
346 The bit length of the modulus.
347
348 .. attribute:: x
349
350 :type: int
351
352 The private key.
353
354 .. attribute:: y
355
356 :type: int
357
358 The public key.
359
360
Paul Kehrer98429642014-06-22 16:37:21 -0600[diff] [blame^]361.. class:: DSAPrivateKeyWithNumbers
362
363 .. versionadded:: 0.5
364
365 Extends :class:`DSAPrivateKey`.
366
367 .. method:: private_numbers()
368
369 Create a
370 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateNumbers`
371 object.
372
373 :returns: A
374 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateNumbers`
375 instance.
376
377
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]378.. class:: DSAPublicKey
379
380 .. versionadded:: 0.3
381
Mohammed Attiaedacb142014-03-17 12:28:23 +0200[diff] [blame]382 A `DSA`_ public key.
383
384 .. attribute:: key_size
385
386 :type: int
387
388 The bit length of the modulus.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]389
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]390 .. attribute:: y
391
392 :type: int
393
394 The public key.
395
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]396 .. method:: parameters()
397
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]398 :return: :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]399
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]400 The DSAParameters object associated with this public key.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]401
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]402 .. method:: verifier(signature, algorithm, backend)
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]403
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]404 .. versionadded:: 0.4
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]405
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]406 Verify data was signed by the private key associated with this public
407 key.
408
Paul Kehrere0aeaf82014-05-01 11:58:23 -0500[diff] [blame]409 :param bytes signature: The signature to verify. DER encoded as
410 specified in :rfc:`6979`.
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]411
412 :param algorithm: An instance of a
413 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
414 provider.
415
416 :param backend: A
417 :class:`~cryptography.hazmat.backends.interfaces.DSABackend`
418 provider.
419
420 :returns:
421 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]422
423
Paul Kehrer98429642014-06-22 16:37:21 -0600[diff] [blame^]424.. class:: DSAPublicKeyWithNumbers
425
426 .. versionadded:: 0.5
427
428 Extends :class:`DSAPublicKey`.
429
430 .. method:: private_numbers()
431
432 Create a
433 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicNumbers`
434 object.
435
436 :returns: A
437 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicNumbers`
438 instance.
439
440
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]441.. class:: EllipticCurve
442
Alex Stapleton20c99032014-05-03 21:06:46 +0100[diff] [blame]443 .. versionadded:: 0.5
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]444
445 A named elliptic curve.
446
447 .. attribute:: name
448
449 :type: string
450
451 The name of the curve. Usually the name used for the ASN.1 OID such as
Alex Stapleton6e526742014-05-23 22:06:06 +0100[diff] [blame]452 ``secp256k1``.
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]453
454 .. attribute:: key_size
455
456 :type: int
457
Alex Stapletond4365692014-05-26 09:25:25 +0100[diff] [blame]458 The bit length of the curve's base point.
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]459
460
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]461.. class:: EllipticCurveSignatureAlgorithm
462
Alex Stapleton20c99032014-05-03 21:06:46 +0100[diff] [blame]463 .. versionadded:: 0.5
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]464
465 A signature algorithm for use with elliptic curve keys.
466
Alex Stapleton80228a12014-04-20 16:44:26 +0100[diff] [blame]467 .. attribute:: algorithm
468
469 :type: :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
470
471 The digest algorithm to be used with the signature scheme.
472
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]473
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]474.. class:: EllipticCurvePrivateKey
475
Alex Stapleton20c99032014-05-03 21:06:46 +0100[diff] [blame]476 .. versionadded:: 0.5
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]477
478 An elliptic curve private key for use with an algorithm such as `ECDSA`_ or
479 `EdDSA`_.
480
Alex Stapleton33c9d832014-05-23 21:31:51 +0100[diff] [blame]481 .. classmethod:: signer(signature_algorithm)
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]482 Sign data which can be verified later by others using the public key.
483
484 :param signature_algorithm: An instance of a
485 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurveSignatureAlgorithm`
486 provider.
487
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]488 :returns:
489 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
490
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]491
492 :type: :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurve`
493
494 The elliptic curve for this key.
495
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]496 .. method:: public_key()
497
498 :return: :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePublicKey`
499
500 The EllipticCurvePublicKey object for this private key.
501
502
503.. class:: EllipticCurvePublicKey
504
Alex Stapleton20c99032014-05-03 21:06:46 +0100[diff] [blame]505 .. versionadded:: 0.5
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]506
507 An elliptic curve public key.
508
Alex Stapletone47bafb2014-05-17 13:19:15 +0100[diff] [blame]509 .. classmethod:: verifier(signature, signature_algorithm)
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]510 Verify data was signed by the private key associated with this public
511 key.
512
Alex Stapleton80228a12014-04-20 16:44:26 +0100[diff] [blame]513 :param bytes signature: The signature to verify.
514
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]515 :param signature_algorithm: An instance of a
516 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurveSignatureAlgorithm`
517 provider.
518
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]519 :returns:
520 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
521
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]522 .. attribute:: curve
523
524 :type: :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurve`
525
526 The elliptic curve for this key.
527
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]528
Paul Kehrereda558c2014-02-17 21:18:13 -0600[diff] [blame]529.. class:: AsymmetricSignatureContext
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]530
531 .. versionadded:: 0.2
532
533 .. method:: update(data)
534
Paul Kehrereda558c2014-02-17 21:18:13 -0600[diff] [blame]535 :param bytes data: The data you want to sign.
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]536
537 .. method:: finalize()
538
539 :return bytes signature: The signature.
540
541
Paul Kehrer430202d2014-02-18 13:36:53 -0600[diff] [blame]542.. class:: AsymmetricVerificationContext
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]543
544 .. versionadded:: 0.2
545
546 .. method:: update(data)
547
Paul Kehrereda558c2014-02-17 21:18:13 -0600[diff] [blame]548 :param bytes data: The data you wish to verify using the signature.
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]549
Paul Kehrerdd3780a2014-02-18 13:17:53 -0600[diff] [blame]550 .. method:: verify()
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]551
Paul Kehrerfef1fbd2014-02-26 23:39:37 -0400[diff] [blame]552 :raises cryptography.exceptions.InvalidSignature: If the signature does
553 not validate.
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]554
555
556.. class:: AsymmetricPadding
557
Paul Kehrer19f32d52014-02-17 19:23:06 -0600[diff] [blame]558 .. versionadded:: 0.2
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]559
560 .. attribute:: name
561
David Reid3e0c21e2014-05-13 14:30:45 -0700[diff] [blame]562
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]563Hash algorithms
Paul Kehrere51a2db2014-01-29 11:49:35 -0600[diff] [blame]564~~~~~~~~~~~~~~~
565
566.. class:: HashAlgorithm
567
Paul Kehrere51a2db2014-01-29 11:49:35 -0600[diff] [blame]568 .. attribute:: name
569
570 :type: str
571
Paul Kehrer4c75a8c2014-01-29 12:20:37 -0600[diff] [blame]572 The standard name for the hash algorithm, for example: ``"sha256"`` or
573 ``"whirlpool"``.
Paul Kehrere51a2db2014-01-29 11:49:35 -0600[diff] [blame]574
575 .. attribute:: digest_size
576
577 :type: int
578
579 The size of the resulting digest in bytes.
580
581 .. attribute:: block_size
582
583 :type: int
584
585 The internal block size of the hash algorithm in bytes.
586
587
Ayrxa0f98502014-04-15 19:17:03 +0800[diff] [blame]588.. class:: HashContext
589
590 .. attribute:: algorithm
591
592 A :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` that
593 will be used by this context.
594
595 .. method:: update(data)
596
597 :param data bytes: The data you want to hash.
598
599 .. method:: finalize()
600
601 :return: The final digest as bytes.
602
603 .. method:: copy()
604
605 :return: A :class:`~cryptography.hazmat.primitives.interfaces.HashContext`
606 that is a copy of the current context.
607
608
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]609Key derivation functions
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]610~~~~~~~~~~~~~~~~~~~~~~~~
611
612.. class:: KeyDerivationFunction
613
Alex Gaynor8454c512014-01-28 07:01:54 -0800[diff] [blame]614 .. versionadded:: 0.2
615
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]616 .. method:: derive(key_material)
617
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]618 :param key_material bytes: The input key material. Depending on what
619 key derivation function you are using this
620 could be either random material, or a user
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]621 supplied password.
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]622 :return: The new key.
Alex Gaynore19e89f2014-01-28 06:58:43 -0800[diff] [blame]623 :raises cryptography.exceptions.AlreadyFinalized: This is raised when
624 :meth:`derive` or
625 :meth:`verify` is
626 called more than
627 once.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]628
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]629 This generates and returns a new key from the supplied key material.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]630
631 .. method:: verify(key_material, expected_key)
632
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]633 :param key_material bytes: The input key material. This is the same as
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]634 ``key_material`` in :meth:`derive`.
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]635 :param expected_key bytes: The expected result of deriving a new key,
636 this is the same as the return value of
637 :meth:`derive`.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]638 :raises cryptography.exceptions.InvalidKey: This is raised when the
639 derived key does not match
640 the expected key.
Alex Gaynore19e89f2014-01-28 06:58:43 -0800[diff] [blame]641 :raises cryptography.exceptions.AlreadyFinalized: This is raised when
642 :meth:`derive` or
643 :meth:`verify` is
644 called more than
645 once.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]646
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]647 This checks whether deriving a new key from the supplied
648 ``key_material`` generates the same key as the ``expected_key``, and
649 raises an exception if they do not match. This can be used for
650 something like checking whether a user's password attempt matches the
651 stored derived key.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]652
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]653
Ayrx83cd3f82014-04-15 21:56:32 +0800[diff] [blame]654`CMAC`_
655~~~~~~~
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]656
657.. class:: CMACContext
658
659 .. versionadded:: 0.4
660
661 .. method:: update(data)
662
663 :param data bytes: The data you want to authenticate.
664
665 .. method:: finalize()
666
Ayrx7964c172014-04-15 21:50:58 +0800[diff] [blame]667 :return: The message authentication code.
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]668
669 .. method:: copy()
670
671 :return: A :class:`~cryptography.hazmat.primitives.interfaces.CMACContext`
672 that is a copy of the current context.
673
674
Paul Kehrer8e9c9842014-02-13 12:23:27 -0600[diff] [blame]675.. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
676.. _`Chinese remainder theorem`: https://en.wikipedia.org/wiki/Chinese_remainder_theorem
Mohammed Attia604c78f2014-03-04 03:56:08 +0200[diff] [blame]677.. _`DSA`: https://en.wikipedia.org/wiki/Digital_Signature_Algorithm
Ayrx83cd3f82014-04-15 21:56:32 +0800[diff] [blame]678.. _`CMAC`: https://en.wikipedia.org/wiki/CMAC
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]679.. _`ECDSA`: http://en.wikipedia.org/wiki/ECDSA
680.. _`EdDSA`: http://en.wikipedia.org/wiki/EdDSA