| Alex Gaynor | 5f3db27 | 2013-10-29 10:56:35 -0700 | [diff] [blame] | 1 | .. danger:: |
| 2 | |
| 3 | This is a "Hazardous Materials" module. You should **ONLY** use it if |
| 4 | you're 100% absolutely sure that you know what you're doing because this |
| 5 | module is full of land mines, dragons, and dinosaurs with laser guns. |
| 6 | |
| 7 | |
| 8 | Padding |
| 9 | ======= |
| 10 | |
| Alex Gaynor | b2d5efd | 2013-10-29 11:15:30 -0700 | [diff] [blame] | 11 | .. currentmodule:: cryptography.hazmat.primitives.padding |
| Alex Gaynor | 5f3db27 | 2013-10-29 10:56:35 -0700 | [diff] [blame] | 12 | |
| 13 | Padding is a way to take data that may or may not be be a multiple of the block |
| 14 | size for a cipher and extend it out so that it is. This is required for many |
| 15 | block cipher modes as they require the data to be encrypted to be an exact |
| 16 | multiple of the block size. |
| 17 | |
| 18 | |
| Alex Gaynor | b2d5efd | 2013-10-29 11:15:30 -0700 | [diff] [blame] | 19 | .. class:: PKCS7(block_size) |
| Alex Gaynor | 5f3db27 | 2013-10-29 10:56:35 -0700 | [diff] [blame] | 20 | |
| 21 | PKCS7 padding is a generalization of PKCS5 padding (also known as standard |
| 22 | padding). PKCS7 padding works by appending ``N`` bytes with the value of |
| 23 | ``chr(N)``, where ``N`` is the number of bytes required to make the final |
| 24 | block of data the same size as the block size. A simple example of padding |
| 25 | is: |
| 26 | |
| 27 | .. doctest:: |
| 28 | |
| Alex Gaynor | 0708278 | 2013-10-29 11:18:23 -0700 | [diff] [blame] | 29 | >>> from cryptography.hazmat.primitives import padding |
| Alex Gaynor | 60ad3e1 | 2013-10-29 14:26:11 -0700 | [diff] [blame] | 30 | >>> padder = padding.PKCS7(128).padder() |
| Alex Gaynor | 22e2eae | 2013-10-29 11:42:14 -0700 | [diff] [blame] | 31 | >>> padder.update(b"1111111111") |
| 32 | '' |
| 33 | >>> padder.finalize() |
| Alex Gaynor | 5f3db27 | 2013-10-29 10:56:35 -0700 | [diff] [blame] | 34 | '1111111111\x06\x06\x06\x06\x06\x06' |
| 35 | |
| 36 | :param block_size: The size of the block in bits that the data is being |
| 37 | padded to. |
| 38 | |
| Alex Gaynor | b2d5efd | 2013-10-29 11:15:30 -0700 | [diff] [blame] | 39 | .. method:: padder() |
| 40 | |
| 41 | :returns: A padding |
| 42 | :class:`~cryptography.hazmat.primitives.interfaces.PaddingContext` |
| 43 | provider. |
| 44 | |
| 45 | .. method:: unpadder() |
| 46 | |
| 47 | :returns: An unpadding |
| 48 | :class:`~cryptography.hazmat.primitives.interfaces.PaddingContext` |
| 49 | provider. |
| 50 | |
| 51 | |
| 52 | .. currentmodule:: cryptography.hazmat.primitives.interfaces |
| 53 | |
| 54 | .. class:: PaddingContext |
| 55 | |
| 56 | When calling ``padder()`` or ``unpadder()`` you will receive an a return |
| 57 | object conforming to the ``PaddingContext`` interface. You can then call |
| 58 | ``update(data)`` with data until you have fed everything into the context. |
| 59 | Once that is done call ``finalize()`` to finish the operation and obtain |
| 60 | the remainder of the data. |
| 61 | |
| 62 | .. method:: update(data) |
| 63 | |
| 64 | :param bytes data: The data you wish to pass into the context. |
| 65 | :return bytes: Returns the data that was padded or unpadded. |
| 66 | |
| 67 | .. method:: finalize() |
| 68 | |
| 69 | :return bytes: Returns the remainder of the data. |