Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / ddadf40234e97cd5b7e5f7b3a3a03d38900cb291 / . / docs / hazmat / primitives / interfaces.rst
blob: 34e4e938f2291178441c99c4a53931552609519c [file] [log] [blame]
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]1.. hazmat::
2
3Interfaces
4==========
5
6
7``cryptography`` uses `Abstract Base Classes`_ as interfaces to describe the
David Reidbd18bcd2013-11-07 13:13:30 -0800[diff] [blame]8properties and methods of most primitive constructs. Backends may also use
9this information to influence their operation. Interfaces should also be used
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]10to document argument and return types.
11
David Reid9ed25e42013-11-07 13:15:27 -0800[diff] [blame]12.. _`Abstract Base Classes`: http://docs.python.org/3.2/library/abc.html
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]13
14
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]15Symmetric ciphers
David Reid0a394df2013-11-15 16:19:50 -0800[diff] [blame]16~~~~~~~~~~~~~~~~~
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]17
18.. currentmodule:: cryptography.hazmat.primitives.interfaces
19
David Reid0a394df2013-11-15 16:19:50 -0800[diff] [blame]20
21.. class:: CipherAlgorithm
22
23 A named symmetric encryption algorithm.
24
25 .. attribute:: name
26
27 :type: str
28
29 The standard name for the mode, for example, "AES", "Camellia", or
30 "Blowfish".
31
32 .. attribute:: key_size
33
34 :type: int
35
36 The number of bits in the key being used.
37
38
David Reid668d4802013-12-17 11:53:43 -0800[diff] [blame]39.. class:: BlockCipherAlgorithm
40
41 A block cipher algorithm.
42
43 .. attribute:: block_size
44
45 :type: int
46
47 The number of bits in a block.
48
49
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]50Cipher modes
David Reid0a394df2013-11-15 16:19:50 -0800[diff] [blame]51------------
52
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]53Interfaces used by the symmetric cipher modes described in
54:ref:`Symmetric Encryption Modes <symmetric-encryption-modes>`.
55
56.. class:: Mode
57
58 A named cipher mode.
59
60 .. attribute:: name
61
62 :type: str
63
64 This should be the standard shorthand name for the mode, for example
65 Cipher-Block Chaining mode is "CBC".
66
67 The name may be used by a backend to influence the operation of a
68 cipher in conjunction with the algorithm's name.
69
Alex Gaynor9626b5a2013-11-19 16:49:26 -0800[diff] [blame]70 .. method:: validate_for_algorithm(algorithm)
71
72 :param CipherAlgorithm algorithm:
73
74 Checks that the combination of this mode with the provided algorithm
75 meets any necessary invariants. This should raise an exception if they
76 are not met.
77
78 For example, the :class:`~cryptography.hazmat.primitives.modes.CBC`
79 mode uses this method to check that the provided initialization
80 vector's length matches the block size of the algorithm.
81
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]82
83.. class:: ModeWithInitializationVector
84
85 A cipher mode with an initialization vector.
86
87 .. attribute:: initialization_vector
88
89 :type: bytes
90
91 Exact requirements of the initialization are described by the
92 documentation of individual modes.
93
94
95.. class:: ModeWithNonce
96
97 A cipher mode with a nonce.
98
99 .. attribute:: nonce
100
101 :type: bytes
102
103 Exact requirements of the nonce are described by the documentation of
104 individual modes.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]105
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]106Asymmetric interfaces
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]107~~~~~~~~~~~~~~~~~~~~~
108
109.. class:: RSAPrivateKey
110
Paul Kehrer46688b12014-01-26 13:23:13 -0600[diff] [blame]111 .. versionadded:: 0.2
Paul Kehrer82629f42014-01-26 12:25:02 -0600[diff] [blame]112
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]113 An `RSA`_ private key.
114
Paul Kehrer01cdfb22014-04-15 11:27:03 -0400[diff] [blame]115 .. method:: signer(padding, algorithm, backend)
116
117 .. versionadded:: 0.3
118
119 Sign data which can be verified later by others using the public key.
120
121 :param padding: An instance of a
122 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
123 provider.
124
125 :param algorithm: An instance of a
126 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
127 provider.
128
129 :param backend: A
130 :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
131 provider.
132
133 :returns:
134 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
135
Paul Kehrer27f9ca62014-04-15 17:59:27 -0400[diff] [blame]136 .. method:: decrypt(ciphertext, padding, backend)
137
138 .. versionadded:: 0.4
139
140 Decrypt data that was encrypted via the public key.
141
142 :param bytes ciphertext: The ciphertext to decrypt.
143
144 :param padding: An instance of a
145 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
146 provider.
147
148 :param backend: A
149 :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
150 provider.
151
152 :return bytes: Decrypted data.
153
Paul Kehrer0e94fbe2014-01-26 11:47:21 -0600[diff] [blame]154 .. method:: public_key()
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]155
Paul Kehrer359b9462014-01-26 12:03:05 -0600[diff] [blame]156 :return: :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]157
158 An RSA public key object corresponding to the values of the private key.
159
Alex Stapletonee3e6bf2014-02-02 21:13:48 +0000[diff] [blame]160 .. attribute:: key_size
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]161
162 :type: int
163
164 The bit length of the modulus.
165
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]166
167.. class:: RSAPublicKey
168
Paul Kehrer46688b12014-01-26 13:23:13 -0600[diff] [blame]169 .. versionadded:: 0.2
Paul Kehrer82629f42014-01-26 12:25:02 -0600[diff] [blame]170
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]171 An `RSA`_ public key.
172
Paul Kehrer01cdfb22014-04-15 11:27:03 -0400[diff] [blame]173 .. method:: verifier(signature, padding, algorithm, backend)
174
175 .. versionadded:: 0.3
176
177 Verify data was signed by the private key associated with this public
178 key.
179
180 :param bytes signature: The signature to verify.
181
182 :param padding: An instance of a
183 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
184 provider.
185
186 :param algorithm: An instance of a
187 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
188 provider.
189
190 :param backend: A
191 :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
192 provider.
193
194 :returns:
195 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
196
Paul Kehrer4e602f32014-04-24 12:07:54 -0500[diff] [blame]197 .. method:: encrypt(plaintext, padding, backend)
198
199 .. versionadded:: 0.4
200
201 Encrypt data with the public key.
202
203 :param bytes plaintext: The plaintext to encrypt.
204
205 :param padding: An instance of a
206 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
207 provider.
208
209 :param backend: A
210 :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
211 provider.
212
213 :return bytes: Encrypted data.
Paul Kehrer01cdfb22014-04-15 11:27:03 -0400[diff] [blame]214
Alex Stapletonee3e6bf2014-02-02 21:13:48 +0000[diff] [blame]215 .. attribute:: key_size
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]216
217 :type: int
218
219 The bit length of the modulus.
220
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]221
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]222.. class:: DSAParameters
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]223
224 .. versionadded:: 0.3
225
226 `DSA`_ parameters.
227
228 .. attribute:: modulus
229
230 :type: int
231
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]232 The prime modulus that is used in generating the DSA key pair and used
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]233 in the DSA signing and verification processes.
234
235 .. attribute:: subgroup_order
236
237 :type: int
238
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]239 The subgroup order that is used in generating the DSA key pair
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]240 by the generator and used in the DSA signing and verification
241 processes.
242
243 .. attribute:: generator
244
245 :type: int
246
Mohammed Attiacb9a6c22014-03-04 04:16:35 +0200[diff] [blame]247 The generator that is used in generating the DSA key pair and used
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]248 in the DSA signing and verification processes.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]249
250 .. attribute:: p
251
252 :type: int
253
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]254 The prime modulus that is used in generating the DSA key pair and used
Mohammed Attia70324512014-03-04 03:34:39 +0200[diff] [blame]255 in the DSA signing and verification processes. Alias for :attr:`modulus`.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]256
257 .. attribute:: q
258
259 :type: int
260
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]261 The subgroup order that is used in generating the DSA key pair
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]262 by the generator and used in the DSA signing and verification
Mohammed Attia70324512014-03-04 03:34:39 +0200[diff] [blame]263 processes. Alias for :attr:`subgroup_order`.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]264
265 .. attribute:: g
266
267 :type: int
268
Mohammed Attiacb9a6c22014-03-04 04:16:35 +0200[diff] [blame]269 The generator that is used in generating the DSA key pair and used
Mohammed Attia70324512014-03-04 03:34:39 +0200[diff] [blame]270 in the DSA signing and verification processes. Alias for :attr:`generator`.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]271
272
273.. class:: DSAPrivateKey
274
275 .. versionadded:: 0.3
276
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]277 A `DSA`_ private key.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]278
279 .. method:: public_key()
280
281 :return: :class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey`
282
283 An DSA public key object corresponding to the values of the private key.
284
285 .. method:: parameters()
286
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]287 :return: :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]288
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]289 The DSAParameters object associated with this private key.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]290
Paul Kehrer0b3ff3b2014-05-01 15:34:42 -0500[diff] [blame]291 .. method:: signer(algorithm, backend)
292
293 .. versionadded:: 0.4
294
295 Sign data which can be verified later by others using the public key.
296
297 :param algorithm: An instance of a
298 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
299 provider.
300
301 :param backend: A
302 :class:`~cryptography.hazmat.backends.interfaces.DSABackend`
303 provider.
304
305 :returns:
306 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
307
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]308 .. attribute:: key_size
309
310 :type: int
311
312 The bit length of the modulus.
313
314 .. attribute:: x
315
316 :type: int
317
318 The private key.
319
320 .. attribute:: y
321
322 :type: int
323
324 The public key.
325
326
327.. class:: DSAPublicKey
328
329 .. versionadded:: 0.3
330
Mohammed Attiaedacb142014-03-17 12:28:23 +0200[diff] [blame]331 A `DSA`_ public key.
332
333 .. attribute:: key_size
334
335 :type: int
336
337 The bit length of the modulus.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]338
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]339 .. attribute:: y
340
341 :type: int
342
343 The public key.
344
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]345 .. method:: parameters()
346
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]347 :return: :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]348
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]349 The DSAParameters object associated with this public key.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]350
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]351 .. method:: verifier(signature, algorithm, backend)
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]352
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]353 .. versionadded:: 0.4
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]354
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]355 Verify data was signed by the private key associated with this public
356 key.
357
Paul Kehrere0aeaf82014-05-01 11:58:23 -0500[diff] [blame]358 :param bytes signature: The signature to verify. DER encoded as
359 specified in :rfc:`6979`.
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]360
361 :param algorithm: An instance of a
362 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
363 provider.
364
365 :param backend: A
366 :class:`~cryptography.hazmat.backends.interfaces.DSABackend`
367 provider.
368
369 :returns:
370 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]371
372
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]373.. class:: EllipticCurve
374
Alex Stapleton20c99032014-05-03 21:06:46 +0100[diff] [blame]375 .. versionadded:: 0.5
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]376
377 A named elliptic curve.
378
379 .. attribute:: name
380
381 :type: string
382
383 The name of the curve. Usually the name used for the ASN.1 OID such as
Alex Stapleton6e526742014-05-23 22:06:06 +0100[diff] [blame]384 ``secp256k1``.
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]385
386 .. attribute:: key_size
387
388 :type: int
389
Alex Stapletond4365692014-05-26 09:25:25 +0100[diff] [blame]390 The bit length of the curve's base point.
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]391
392
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]393.. class:: EllipticCurveSignatureAlgorithm
394
Alex Stapleton20c99032014-05-03 21:06:46 +0100[diff] [blame]395 .. versionadded:: 0.5
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]396
397 A signature algorithm for use with elliptic curve keys.
398
Alex Stapleton80228a12014-04-20 16:44:26 +0100[diff] [blame]399 .. attribute:: algorithm
400
401 :type: :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
402
403 The digest algorithm to be used with the signature scheme.
404
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]405
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]406.. class:: EllipticCurvePrivateKey
407
Alex Stapleton20c99032014-05-03 21:06:46 +0100[diff] [blame]408 .. versionadded:: 0.5
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]409
410 An elliptic curve private key for use with an algorithm such as `ECDSA`_ or
411 `EdDSA`_.
412
Alex Stapleton33c9d832014-05-23 21:31:51 +0100[diff] [blame]413 .. classmethod:: signer(signature_algorithm)
Alex Stapleton24258ec2014-05-24 12:15:59 +0100[diff] [blame]414
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]415 Sign data which can be verified later by others using the public key.
416
417 :param signature_algorithm: An instance of a
418 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurveSignatureAlgorithm`
419 provider.
420
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]421 :returns:
422 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
423
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]424 .. attribute:: curve
425
426 :type: :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurve`
427
428 The elliptic curve for this key.
429
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]430 .. method:: public_key()
431
432 :return: :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePublicKey`
433
434 The EllipticCurvePublicKey object for this private key.
435
436
437.. class:: EllipticCurvePublicKey
438
Alex Stapleton20c99032014-05-03 21:06:46 +0100[diff] [blame]439 .. versionadded:: 0.5
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]440
441 An elliptic curve public key.
442
Alex Stapleton33c9d832014-05-23 21:31:51 +0100[diff] [blame]443 .. classmethod:: verifier(signer, signature_algorithm)
Alex Stapleton24258ec2014-05-24 12:15:59 +0100[diff] [blame]444
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]445 Verify data was signed by the private key associated with this public
446 key.
447
Alex Stapleton80228a12014-04-20 16:44:26 +0100[diff] [blame]448 :param bytes signature: The signature to verify.
449
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]450 :param signature_algorithm: An instance of a
451 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurveSignatureAlgorithm`
452 provider.
453
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]454 :returns:
455 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
456
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]457 .. attribute:: curve
458
459 :type: :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurve`
460
461 The elliptic curve for this key.
462
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]463
Paul Kehrereda558c2014-02-17 21:18:13 -0600[diff] [blame]464.. class:: AsymmetricSignatureContext
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]465
466 .. versionadded:: 0.2
467
468 .. method:: update(data)
469
Paul Kehrereda558c2014-02-17 21:18:13 -0600[diff] [blame]470 :param bytes data: The data you want to sign.
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]471
472 .. method:: finalize()
473
474 :return bytes signature: The signature.
475
476
Paul Kehrer430202d2014-02-18 13:36:53 -0600[diff] [blame]477.. class:: AsymmetricVerificationContext
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]478
479 .. versionadded:: 0.2
480
481 .. method:: update(data)
482
Paul Kehrereda558c2014-02-17 21:18:13 -0600[diff] [blame]483 :param bytes data: The data you wish to verify using the signature.
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]484
Paul Kehrerdd3780a2014-02-18 13:17:53 -0600[diff] [blame]485 .. method:: verify()
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]486
Paul Kehrerfef1fbd2014-02-26 23:39:37 -0400[diff] [blame]487 :raises cryptography.exceptions.InvalidSignature: If the signature does
488 not validate.
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]489
490
491.. class:: AsymmetricPadding
492
Paul Kehrer19f32d52014-02-17 19:23:06 -0600[diff] [blame]493 .. versionadded:: 0.2
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]494
495 .. attribute:: name
496
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]497Hash algorithms
Paul Kehrere51a2db2014-01-29 11:49:35 -0600[diff] [blame]498~~~~~~~~~~~~~~~
499
500.. class:: HashAlgorithm
501
Paul Kehrere51a2db2014-01-29 11:49:35 -0600[diff] [blame]502 .. attribute:: name
503
504 :type: str
505
Paul Kehrer4c75a8c2014-01-29 12:20:37 -0600[diff] [blame]506 The standard name for the hash algorithm, for example: ``"sha256"`` or
507 ``"whirlpool"``.
Paul Kehrere51a2db2014-01-29 11:49:35 -0600[diff] [blame]508
509 .. attribute:: digest_size
510
511 :type: int
512
513 The size of the resulting digest in bytes.
514
515 .. attribute:: block_size
516
517 :type: int
518
519 The internal block size of the hash algorithm in bytes.
520
521
Ayrxa0f98502014-04-15 19:17:03 +0800[diff] [blame]522.. class:: HashContext
523
524 .. attribute:: algorithm
525
526 A :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` that
527 will be used by this context.
528
529 .. method:: update(data)
530
531 :param data bytes: The data you want to hash.
532
533 .. method:: finalize()
534
535 :return: The final digest as bytes.
536
537 .. method:: copy()
538
539 :return: A :class:`~cryptography.hazmat.primitives.interfaces.HashContext`
540 that is a copy of the current context.
541
542
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]543Key derivation functions
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]544~~~~~~~~~~~~~~~~~~~~~~~~
545
546.. class:: KeyDerivationFunction
547
Alex Gaynor8454c512014-01-28 07:01:54 -0800[diff] [blame]548 .. versionadded:: 0.2
549
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]550 .. method:: derive(key_material)
551
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]552 :param key_material bytes: The input key material. Depending on what
553 key derivation function you are using this
554 could be either random material, or a user
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]555 supplied password.
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]556 :return: The new key.
Alex Gaynore19e89f2014-01-28 06:58:43 -0800[diff] [blame]557 :raises cryptography.exceptions.AlreadyFinalized: This is raised when
558 :meth:`derive` or
559 :meth:`verify` is
560 called more than
561 once.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]562
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]563 This generates and returns a new key from the supplied key material.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]564
565 .. method:: verify(key_material, expected_key)
566
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]567 :param key_material bytes: The input key material. This is the same as
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]568 ``key_material`` in :meth:`derive`.
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]569 :param expected_key bytes: The expected result of deriving a new key,
570 this is the same as the return value of
571 :meth:`derive`.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]572 :raises cryptography.exceptions.InvalidKey: This is raised when the
573 derived key does not match
574 the expected key.
Alex Gaynore19e89f2014-01-28 06:58:43 -0800[diff] [blame]575 :raises cryptography.exceptions.AlreadyFinalized: This is raised when
576 :meth:`derive` or
577 :meth:`verify` is
578 called more than
579 once.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]580
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]581 This checks whether deriving a new key from the supplied
582 ``key_material`` generates the same key as the ``expected_key``, and
583 raises an exception if they do not match. This can be used for
584 something like checking whether a user's password attempt matches the
585 stored derived key.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]586
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]587
Ayrx83cd3f82014-04-15 21:56:32 +0800[diff] [blame]588`CMAC`_
589~~~~~~~
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]590
591.. class:: CMACContext
592
593 .. versionadded:: 0.4
594
595 .. method:: update(data)
596
597 :param data bytes: The data you want to authenticate.
598
599 .. method:: finalize()
600
Ayrx7964c172014-04-15 21:50:58 +0800[diff] [blame]601 :return: The message authentication code.
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]602
603 .. method:: copy()
604
605 :return: A :class:`~cryptography.hazmat.primitives.interfaces.CMACContext`
606 that is a copy of the current context.
607
608
Paul Kehrer8e9c9842014-02-13 12:23:27 -0600[diff] [blame]609.. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
610.. _`Chinese remainder theorem`: https://en.wikipedia.org/wiki/Chinese_remainder_theorem
Mohammed Attia604c78f2014-03-04 03:56:08 +0200[diff] [blame]611.. _`DSA`: https://en.wikipedia.org/wiki/Digital_Signature_Algorithm
Ayrx83cd3f82014-04-15 21:56:32 +0800[diff] [blame]612.. _`CMAC`: https://en.wikipedia.org/wiki/CMAC
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]613.. _`ECDSA`: http://en.wikipedia.org/wiki/ECDSA
614.. _`EdDSA`: http://en.wikipedia.org/wiki/EdDSA