| Alex Gaynor | af82d5e | 2013-10-29 17:07:24 -0700 | [diff] [blame^] | 1 | .. hazmat:: |
| Alex Gaynor | 5f3db27 | 2013-10-29 10:56:35 -0700 | [diff] [blame] | 2 | |
| 3 | Padding |
| 4 | ======= |
| 5 | |
| Alex Gaynor | b2d5efd | 2013-10-29 11:15:30 -0700 | [diff] [blame] | 6 | .. currentmodule:: cryptography.hazmat.primitives.padding |
| Alex Gaynor | 5f3db27 | 2013-10-29 10:56:35 -0700 | [diff] [blame] | 7 | |
| 8 | Padding is a way to take data that may or may not be be a multiple of the block |
| 9 | size for a cipher and extend it out so that it is. This is required for many |
| 10 | block cipher modes as they require the data to be encrypted to be an exact |
| 11 | multiple of the block size. |
| 12 | |
| 13 | |
| Alex Gaynor | b2d5efd | 2013-10-29 11:15:30 -0700 | [diff] [blame] | 14 | .. class:: PKCS7(block_size) |
| Alex Gaynor | 5f3db27 | 2013-10-29 10:56:35 -0700 | [diff] [blame] | 15 | |
| 16 | PKCS7 padding is a generalization of PKCS5 padding (also known as standard |
| 17 | padding). PKCS7 padding works by appending ``N`` bytes with the value of |
| 18 | ``chr(N)``, where ``N`` is the number of bytes required to make the final |
| 19 | block of data the same size as the block size. A simple example of padding |
| 20 | is: |
| 21 | |
| 22 | .. doctest:: |
| 23 | |
| Alex Gaynor | 0708278 | 2013-10-29 11:18:23 -0700 | [diff] [blame] | 24 | >>> from cryptography.hazmat.primitives import padding |
| Alex Gaynor | 60ad3e1 | 2013-10-29 14:26:11 -0700 | [diff] [blame] | 25 | >>> padder = padding.PKCS7(128).padder() |
| Alex Gaynor | 22e2eae | 2013-10-29 11:42:14 -0700 | [diff] [blame] | 26 | >>> padder.update(b"1111111111") |
| 27 | '' |
| 28 | >>> padder.finalize() |
| Alex Gaynor | 5f3db27 | 2013-10-29 10:56:35 -0700 | [diff] [blame] | 29 | '1111111111\x06\x06\x06\x06\x06\x06' |
| 30 | |
| 31 | :param block_size: The size of the block in bits that the data is being |
| 32 | padded to. |
| 33 | |
| Alex Gaynor | b2d5efd | 2013-10-29 11:15:30 -0700 | [diff] [blame] | 34 | .. method:: padder() |
| 35 | |
| 36 | :returns: A padding |
| 37 | :class:`~cryptography.hazmat.primitives.interfaces.PaddingContext` |
| 38 | provider. |
| 39 | |
| 40 | .. method:: unpadder() |
| 41 | |
| 42 | :returns: An unpadding |
| 43 | :class:`~cryptography.hazmat.primitives.interfaces.PaddingContext` |
| 44 | provider. |
| 45 | |
| 46 | |
| 47 | .. currentmodule:: cryptography.hazmat.primitives.interfaces |
| 48 | |
| 49 | .. class:: PaddingContext |
| 50 | |
| 51 | When calling ``padder()`` or ``unpadder()`` you will receive an a return |
| 52 | object conforming to the ``PaddingContext`` interface. You can then call |
| 53 | ``update(data)`` with data until you have fed everything into the context. |
| 54 | Once that is done call ``finalize()`` to finish the operation and obtain |
| 55 | the remainder of the data. |
| 56 | |
| 57 | .. method:: update(data) |
| 58 | |
| 59 | :param bytes data: The data you wish to pass into the context. |
| 60 | :return bytes: Returns the data that was padded or unpadded. |
| 61 | |
| 62 | .. method:: finalize() |
| 63 | |
| 64 | :return bytes: Returns the remainder of the data. |