Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / c5fffd3b33ace832697e2086411dc4e4f1ab03d0 / . / docs / hazmat / primitives / interfaces.rst
blob: 9a1f33071bf615e77932ab58b93ae93dfed39cae [file] [log] [blame]
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]1.. hazmat::
2
3Interfaces
4==========
5
6
7``cryptography`` uses `Abstract Base Classes`_ as interfaces to describe the
David Reidbd18bcd2013-11-07 13:13:30 -0800[diff] [blame]8properties and methods of most primitive constructs. Backends may also use
9this information to influence their operation. Interfaces should also be used
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]10to document argument and return types.
11
David Reid9ed25e42013-11-07 13:15:27 -0800[diff] [blame]12.. _`Abstract Base Classes`: http://docs.python.org/3.2/library/abc.html
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]13
14
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame^]15Symmetric ciphers
David Reid0a394df2013-11-15 16:19:50 -0800[diff] [blame]16~~~~~~~~~~~~~~~~~
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]17
18.. currentmodule:: cryptography.hazmat.primitives.interfaces
19
David Reid0a394df2013-11-15 16:19:50 -0800[diff] [blame]20
21.. class:: CipherAlgorithm
22
23 A named symmetric encryption algorithm.
24
25 .. attribute:: name
26
27 :type: str
28
29 The standard name for the mode, for example, "AES", "Camellia", or
30 "Blowfish".
31
32 .. attribute:: key_size
33
34 :type: int
35
36 The number of bits in the key being used.
37
38
David Reid668d4802013-12-17 11:53:43 -0800[diff] [blame]39.. class:: BlockCipherAlgorithm
40
41 A block cipher algorithm.
42
43 .. attribute:: block_size
44
45 :type: int
46
47 The number of bits in a block.
48
49
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame^]50Cipher modes
David Reid0a394df2013-11-15 16:19:50 -0800[diff] [blame]51------------
52
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]53Interfaces used by the symmetric cipher modes described in
54:ref:`Symmetric Encryption Modes <symmetric-encryption-modes>`.
55
56.. class:: Mode
57
58 A named cipher mode.
59
60 .. attribute:: name
61
62 :type: str
63
64 This should be the standard shorthand name for the mode, for example
65 Cipher-Block Chaining mode is "CBC".
66
67 The name may be used by a backend to influence the operation of a
68 cipher in conjunction with the algorithm's name.
69
Alex Gaynor9626b5a2013-11-19 16:49:26 -0800[diff] [blame]70 .. method:: validate_for_algorithm(algorithm)
71
72 :param CipherAlgorithm algorithm:
73
74 Checks that the combination of this mode with the provided algorithm
75 meets any necessary invariants. This should raise an exception if they
76 are not met.
77
78 For example, the :class:`~cryptography.hazmat.primitives.modes.CBC`
79 mode uses this method to check that the provided initialization
80 vector's length matches the block size of the algorithm.
81
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]82
83.. class:: ModeWithInitializationVector
84
85 A cipher mode with an initialization vector.
86
87 .. attribute:: initialization_vector
88
89 :type: bytes
90
91 Exact requirements of the initialization are described by the
92 documentation of individual modes.
93
94
95.. class:: ModeWithNonce
96
97 A cipher mode with a nonce.
98
99 .. attribute:: nonce
100
101 :type: bytes
102
103 Exact requirements of the nonce are described by the documentation of
104 individual modes.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]105
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame^]106Asymmetric interfaces
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]107~~~~~~~~~~~~~~~~~~~~~
108
109.. class:: RSAPrivateKey
110
Paul Kehrer46688b12014-01-26 13:23:13 -0600[diff] [blame]111 .. versionadded:: 0.2
Paul Kehrer82629f42014-01-26 12:25:02 -0600[diff] [blame]112
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]113 An `RSA`_ private key.
114
Paul Kehrer0e94fbe2014-01-26 11:47:21 -0600[diff] [blame]115 .. method:: public_key()
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]116
Paul Kehrer359b9462014-01-26 12:03:05 -0600[diff] [blame]117 :return: :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]118
119 An RSA public key object corresponding to the values of the private key.
120
121 .. attribute:: modulus
122
Paul Kehrerd527b302014-01-26 11:41:38 -0600[diff] [blame]123 :type: int
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]124
Paul Kehrer0e94fbe2014-01-26 11:47:21 -0600[diff] [blame]125 The public modulus.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]126
127 .. attribute:: public_exponent
128
129 :type: int
130
Paul Kehrer0e94fbe2014-01-26 11:47:21 -0600[diff] [blame]131 The public exponent.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]132
Alex Gaynor2649a692014-02-03 07:14:16 -0800[diff] [blame]133 .. attribute:: private_exponent
134
135 :type: int
136
137 The private exponent.
138
Alex Stapletonee3e6bf2014-02-02 21:13:48 +0000[diff] [blame]139 .. attribute:: key_size
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]140
141 :type: int
142
143 The bit length of the modulus.
144
145 .. attribute:: p
146
Paul Kehrerd527b302014-01-26 11:41:38 -0600[diff] [blame]147 :type: int
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]148
Alex Gaynor2a918742014-01-26 16:53:44 -0600[diff] [blame]149 ``p``, one of the two primes composing the :attr:`modulus`.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]150
151 .. attribute:: q
152
Paul Kehrerd527b302014-01-26 11:41:38 -0600[diff] [blame]153 :type: int
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]154
Alex Gaynor2a918742014-01-26 16:53:44 -0600[diff] [blame]155 ``q``, one of the two primes composing the :attr:`modulus`.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]156
157 .. attribute:: d
158
Paul Kehrerd527b302014-01-26 11:41:38 -0600[diff] [blame]159 :type: int
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]160
Alex Gaynor2649a692014-02-03 07:14:16 -0800[diff] [blame]161 The private exponent. Alias for :attr:`private_exponent`.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]162
Paul Kehrer8e9c9842014-02-13 12:23:27 -0600[diff] [blame]163 .. attribute:: dmp1
164
165 :type: int
166
167 A `Chinese remainder theorem`_ coefficient used to speed up RSA
168 operations. Calculated as: d mod (p-1)
169
170 .. attribute:: dmq1
171
172 :type: int
173
174 A `Chinese remainder theorem`_ coefficient used to speed up RSA
175 operations. Calculated as: d mod (q-1)
176
177 .. attribute:: iqmp
178
179 :type: int
180
181 A `Chinese remainder theorem`_ coefficient used to speed up RSA
182 operations. Calculated as: q\ :sup:`-1` mod p
183
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]184 .. attribute:: n
185
Paul Kehrerd527b302014-01-26 11:41:38 -0600[diff] [blame]186 :type: int
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]187
Alex Gaynor2a918742014-01-26 16:53:44 -0600[diff] [blame]188 The public modulus. Alias for :attr:`modulus`.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]189
190 .. attribute:: e
191
192 :type: int
193
Alex Gaynor2a918742014-01-26 16:53:44 -0600[diff] [blame]194 The public exponent. Alias for :attr:`public_exponent`.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]195
196
197.. class:: RSAPublicKey
198
Paul Kehrer46688b12014-01-26 13:23:13 -0600[diff] [blame]199 .. versionadded:: 0.2
Paul Kehrer82629f42014-01-26 12:25:02 -0600[diff] [blame]200
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]201 An `RSA`_ public key.
202
203 .. attribute:: modulus
204
Paul Kehrerd527b302014-01-26 11:41:38 -0600[diff] [blame]205 :type: int
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]206
Paul Kehrer0e94fbe2014-01-26 11:47:21 -0600[diff] [blame]207 The public modulus.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]208
Alex Stapletonee3e6bf2014-02-02 21:13:48 +0000[diff] [blame]209 .. attribute:: key_size
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]210
211 :type: int
212
213 The bit length of the modulus.
214
215 .. attribute:: public_exponent
216
217 :type: int
218
Paul Kehrer0e94fbe2014-01-26 11:47:21 -0600[diff] [blame]219 The public exponent.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]220
221 .. attribute:: n
222
Paul Kehrerd527b302014-01-26 11:41:38 -0600[diff] [blame]223 :type: int
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]224
Alex Gaynor2a918742014-01-26 16:53:44 -0600[diff] [blame]225 The public modulus. Alias for :attr:`modulus`.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]226
227 .. attribute:: e
228
229 :type: int
230
Alex Gaynor2a918742014-01-26 16:53:44 -0600[diff] [blame]231 The public exponent. Alias for :attr:`public_exponent`.
232
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]233
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]234.. class:: DSAParameters
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]235
236 .. versionadded:: 0.3
237
238 `DSA`_ parameters.
239
240 .. attribute:: modulus
241
242 :type: int
243
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]244 The prime modulus that is used in generating the DSA key pair and used
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]245 in the DSA signing and verification processes.
246
247 .. attribute:: subgroup_order
248
249 :type: int
250
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]251 The subgroup order that is used in generating the DSA key pair
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]252 by the generator and used in the DSA signing and verification
253 processes.
254
255 .. attribute:: generator
256
257 :type: int
258
Mohammed Attiacb9a6c22014-03-04 04:16:35 +0200[diff] [blame]259 The generator that is used in generating the DSA key pair and used
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]260 in the DSA signing and verification processes.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]261
262 .. attribute:: p
263
264 :type: int
265
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]266 The prime modulus that is used in generating the DSA key pair and used
Mohammed Attia70324512014-03-04 03:34:39 +0200[diff] [blame]267 in the DSA signing and verification processes. Alias for :attr:`modulus`.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]268
269 .. attribute:: q
270
271 :type: int
272
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]273 The subgroup order that is used in generating the DSA key pair
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]274 by the generator and used in the DSA signing and verification
Mohammed Attia70324512014-03-04 03:34:39 +0200[diff] [blame]275 processes. Alias for :attr:`subgroup_order`.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]276
277 .. attribute:: g
278
279 :type: int
280
Mohammed Attiacb9a6c22014-03-04 04:16:35 +0200[diff] [blame]281 The generator that is used in generating the DSA key pair and used
Mohammed Attia70324512014-03-04 03:34:39 +0200[diff] [blame]282 in the DSA signing and verification processes. Alias for :attr:`generator`.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]283
284
285.. class:: DSAPrivateKey
286
287 .. versionadded:: 0.3
288
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]289 A `DSA`_ private key.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]290
291 .. method:: public_key()
292
293 :return: :class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey`
294
295 An DSA public key object corresponding to the values of the private key.
296
297 .. method:: parameters()
298
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]299 :return: :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]300
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]301 The DSAParameters object associated with this private key.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]302
303 .. attribute:: key_size
304
305 :type: int
306
307 The bit length of the modulus.
308
309 .. attribute:: x
310
311 :type: int
312
313 The private key.
314
315 .. attribute:: y
316
317 :type: int
318
319 The public key.
320
321
322.. class:: DSAPublicKey
323
324 .. versionadded:: 0.3
325
Mohammed Attiaedacb142014-03-17 12:28:23 +0200[diff] [blame]326 A `DSA`_ public key.
327
328 .. attribute:: key_size
329
330 :type: int
331
332 The bit length of the modulus.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]333
334 .. method:: parameters()
335
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]336 :return: :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]337
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]338 The DSAParameters object associated with this public key.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]339
340 .. attribute:: y
341
342 :type: int
343
344 The public key.
345
346
Paul Kehrereda558c2014-02-17 21:18:13 -0600[diff] [blame]347.. class:: AsymmetricSignatureContext
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]348
349 .. versionadded:: 0.2
350
351 .. method:: update(data)
352
Paul Kehrereda558c2014-02-17 21:18:13 -0600[diff] [blame]353 :param bytes data: The data you want to sign.
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]354
355 .. method:: finalize()
356
357 :return bytes signature: The signature.
358
359
Paul Kehrer430202d2014-02-18 13:36:53 -0600[diff] [blame]360.. class:: AsymmetricVerificationContext
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]361
362 .. versionadded:: 0.2
363
364 .. method:: update(data)
365
Paul Kehrereda558c2014-02-17 21:18:13 -0600[diff] [blame]366 :param bytes data: The data you wish to verify using the signature.
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]367
Paul Kehrerdd3780a2014-02-18 13:17:53 -0600[diff] [blame]368 .. method:: verify()
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]369
Paul Kehrerfef1fbd2014-02-26 23:39:37 -0400[diff] [blame]370 :raises cryptography.exceptions.InvalidSignature: If the signature does
371 not validate.
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]372
373
374.. class:: AsymmetricPadding
375
Paul Kehrer19f32d52014-02-17 19:23:06 -0600[diff] [blame]376 .. versionadded:: 0.2
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]377
378 .. attribute:: name
379
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame^]380Hash algorithms
Paul Kehrere51a2db2014-01-29 11:49:35 -0600[diff] [blame]381~~~~~~~~~~~~~~~
382
383.. class:: HashAlgorithm
384
Paul Kehrere51a2db2014-01-29 11:49:35 -0600[diff] [blame]385 .. attribute:: name
386
387 :type: str
388
Paul Kehrer4c75a8c2014-01-29 12:20:37 -0600[diff] [blame]389 The standard name for the hash algorithm, for example: ``"sha256"`` or
390 ``"whirlpool"``.
Paul Kehrere51a2db2014-01-29 11:49:35 -0600[diff] [blame]391
392 .. attribute:: digest_size
393
394 :type: int
395
396 The size of the resulting digest in bytes.
397
398 .. attribute:: block_size
399
400 :type: int
401
402 The internal block size of the hash algorithm in bytes.
403
404
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame^]405Key derivation functions
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]406~~~~~~~~~~~~~~~~~~~~~~~~
407
408.. class:: KeyDerivationFunction
409
Alex Gaynor8454c512014-01-28 07:01:54 -0800[diff] [blame]410 .. versionadded:: 0.2
411
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]412 .. method:: derive(key_material)
413
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]414 :param key_material bytes: The input key material. Depending on what
415 key derivation function you are using this
416 could be either random material, or a user
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]417 supplied password.
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]418 :return: The new key.
Alex Gaynore19e89f2014-01-28 06:58:43 -0800[diff] [blame]419 :raises cryptography.exceptions.AlreadyFinalized: This is raised when
420 :meth:`derive` or
421 :meth:`verify` is
422 called more than
423 once.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]424
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]425 This generates and returns a new key from the supplied key material.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]426
427 .. method:: verify(key_material, expected_key)
428
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]429 :param key_material bytes: The input key material. This is the same as
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]430 ``key_material`` in :meth:`derive`.
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]431 :param expected_key bytes: The expected result of deriving a new key,
432 this is the same as the return value of
433 :meth:`derive`.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]434 :raises cryptography.exceptions.InvalidKey: This is raised when the
435 derived key does not match
436 the expected key.
Alex Gaynore19e89f2014-01-28 06:58:43 -0800[diff] [blame]437 :raises cryptography.exceptions.AlreadyFinalized: This is raised when
438 :meth:`derive` or
439 :meth:`verify` is
440 called more than
441 once.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]442
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]443 This checks whether deriving a new key from the supplied
444 ``key_material`` generates the same key as the ``expected_key``, and
445 raises an exception if they do not match. This can be used for
446 something like checking whether a user's password attempt matches the
447 stored derived key.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]448
Paul Kehrer8e9c9842014-02-13 12:23:27 -0600[diff] [blame]449.. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
450.. _`Chinese remainder theorem`: https://en.wikipedia.org/wiki/Chinese_remainder_theorem
Mohammed Attia604c78f2014-03-04 03:56:08 +0200[diff] [blame]451.. _`DSA`: https://en.wikipedia.org/wiki/Digital_Signature_Algorithm