Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / e85e35690b0b566ecc61e3099496a9082bb70b23 / . / docs / hazmat / primitives / interfaces.rst
blob: e9e4e77e9c1521361ee8bbe293874ecccce79029 [file] [log] [blame]
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]1.. hazmat::
2
3Interfaces
4==========
5
6
7``cryptography`` uses `Abstract Base Classes`_ as interfaces to describe the
David Reidbd18bcd2013-11-07 13:13:30 -0800[diff] [blame]8properties and methods of most primitive constructs. Backends may also use
9this information to influence their operation. Interfaces should also be used
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]10to document argument and return types.
11
David Reid9ed25e42013-11-07 13:15:27 -0800[diff] [blame]12.. _`Abstract Base Classes`: http://docs.python.org/3.2/library/abc.html
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]13
14
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]15Symmetric ciphers
Alex Gaynor645315b2014-06-23 11:55:55 -0700[diff] [blame]16-----------------
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]17
18.. currentmodule:: cryptography.hazmat.primitives.interfaces
19
David Reid0a394df2013-11-15 16:19:50 -0800[diff] [blame]20
21.. class:: CipherAlgorithm
22
23 A named symmetric encryption algorithm.
24
25 .. attribute:: name
26
27 :type: str
28
29 The standard name for the mode, for example, "AES", "Camellia", or
30 "Blowfish".
31
32 .. attribute:: key_size
33
34 :type: int
35
36 The number of bits in the key being used.
37
38
David Reid668d4802013-12-17 11:53:43 -0800[diff] [blame]39.. class:: BlockCipherAlgorithm
40
41 A block cipher algorithm.
42
43 .. attribute:: block_size
44
45 :type: int
46
47 The number of bits in a block.
48
49
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]50Cipher modes
Alex Gaynor645315b2014-06-23 11:55:55 -0700[diff] [blame]51~~~~~~~~~~~~
David Reid0a394df2013-11-15 16:19:50 -0800[diff] [blame]52
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]53Interfaces used by the symmetric cipher modes described in
54:ref:`Symmetric Encryption Modes <symmetric-encryption-modes>`.
55
56.. class:: Mode
57
58 A named cipher mode.
59
60 .. attribute:: name
61
62 :type: str
63
64 This should be the standard shorthand name for the mode, for example
65 Cipher-Block Chaining mode is "CBC".
66
67 The name may be used by a backend to influence the operation of a
68 cipher in conjunction with the algorithm's name.
69
Alex Gaynor9626b5a2013-11-19 16:49:26 -0800[diff] [blame]70 .. method:: validate_for_algorithm(algorithm)
71
72 :param CipherAlgorithm algorithm:
73
74 Checks that the combination of this mode with the provided algorithm
75 meets any necessary invariants. This should raise an exception if they
76 are not met.
77
78 For example, the :class:`~cryptography.hazmat.primitives.modes.CBC`
79 mode uses this method to check that the provided initialization
80 vector's length matches the block size of the algorithm.
81
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]82
83.. class:: ModeWithInitializationVector
84
85 A cipher mode with an initialization vector.
86
87 .. attribute:: initialization_vector
88
89 :type: bytes
90
91 Exact requirements of the initialization are described by the
92 documentation of individual modes.
93
94
95.. class:: ModeWithNonce
96
97 A cipher mode with a nonce.
98
99 .. attribute:: nonce
100
101 :type: bytes
102
103 Exact requirements of the nonce are described by the documentation of
104 individual modes.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]105
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]106Asymmetric interfaces
Alex Gaynor645315b2014-06-23 11:55:55 -0700[diff] [blame]107---------------------
108
109.. class:: AsymmetricSignatureContext
110
111 .. versionadded:: 0.2
112
113 .. method:: update(data)
114
115 :param bytes data: The data you want to sign.
116
117 .. method:: finalize()
118
119 :return bytes signature: The signature.
120
121
122.. class:: AsymmetricVerificationContext
123
124 .. versionadded:: 0.2
125
126 .. method:: update(data)
127
128 :param bytes data: The data you wish to verify using the signature.
129
130 .. method:: verify()
131
132 :raises cryptography.exceptions.InvalidSignature: If the signature does
133 not validate.
134
135
136.. class:: AsymmetricPadding
137
138 .. versionadded:: 0.2
139
140 .. attribute:: name
141
142
143RSA
144~~~
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]145
146.. class:: RSAPrivateKey
147
Paul Kehrer46688b12014-01-26 13:23:13 -0600[diff] [blame]148 .. versionadded:: 0.2
Paul Kehrer82629f42014-01-26 12:25:02 -0600[diff] [blame]149
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]150 An `RSA`_ private key.
151
Paul Kehrerf2fb02a2014-06-19 10:16:42 -0600[diff] [blame]152 .. method:: signer(padding, algorithm)
Paul Kehrer01cdfb22014-04-15 11:27:03 -0400[diff] [blame]153
154 .. versionadded:: 0.3
155
156 Sign data which can be verified later by others using the public key.
157
158 :param padding: An instance of a
159 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
160 provider.
161
162 :param algorithm: An instance of a
163 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
164 provider.
165
Paul Kehrer01cdfb22014-04-15 11:27:03 -0400[diff] [blame]166 :returns:
167 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
168
Paul Kehrerf2fb02a2014-06-19 10:16:42 -0600[diff] [blame]169 .. method:: decrypt(ciphertext, padding)
Paul Kehrer27f9ca62014-04-15 17:59:27 -0400[diff] [blame]170
171 .. versionadded:: 0.4
172
Alex Gaynore85e3562014-11-22 23:26:30 -0800[diff] [blame^]173 Decrypt data that was encrypted with the public key.
Paul Kehrer27f9ca62014-04-15 17:59:27 -0400[diff] [blame]174
175 :param bytes ciphertext: The ciphertext to decrypt.
176
Alex Gaynore85e3562014-11-22 23:26:30 -0800[diff] [blame^]177 :param padding: An instance of an
Paul Kehrer27f9ca62014-04-15 17:59:27 -0400[diff] [blame]178 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
179 provider.
180
Paul Kehrer27f9ca62014-04-15 17:59:27 -0400[diff] [blame]181 :return bytes: Decrypted data.
182
Paul Kehrer0e94fbe2014-01-26 11:47:21 -0600[diff] [blame]183 .. method:: public_key()
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]184
Paul Kehrer359b9462014-01-26 12:03:05 -0600[diff] [blame]185 :return: :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]186
187 An RSA public key object corresponding to the values of the private key.
188
Alex Stapletonee3e6bf2014-02-02 21:13:48 +0000[diff] [blame]189 .. attribute:: key_size
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]190
191 :type: int
192
193 The bit length of the modulus.
194
Paul Kehrerf0a48c62014-06-07 17:04:13 -0500[diff] [blame]195.. class:: RSAPrivateKeyWithNumbers
196
197 .. versionadded:: 0.5
198
199 Extends :class:`RSAPrivateKey`.
200
201 .. method:: private_numbers()
202
203 Create a
204 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers`
205 object.
206
207 :returns: An
208 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers`
209 instance.
210
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]211
212.. class:: RSAPublicKey
213
Paul Kehrer46688b12014-01-26 13:23:13 -0600[diff] [blame]214 .. versionadded:: 0.2
Paul Kehrer82629f42014-01-26 12:25:02 -0600[diff] [blame]215
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]216 An `RSA`_ public key.
217
Paul Kehrerf2fb02a2014-06-19 10:16:42 -0600[diff] [blame]218 .. method:: verifier(signature, padding, algorithm)
Paul Kehrer01cdfb22014-04-15 11:27:03 -0400[diff] [blame]219
220 .. versionadded:: 0.3
221
222 Verify data was signed by the private key associated with this public
223 key.
224
225 :param bytes signature: The signature to verify.
226
227 :param padding: An instance of a
228 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
229 provider.
230
231 :param algorithm: An instance of a
232 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
233 provider.
234
Paul Kehrer01cdfb22014-04-15 11:27:03 -0400[diff] [blame]235 :returns:
236 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
237
Paul Kehrerf2fb02a2014-06-19 10:16:42 -0600[diff] [blame]238 .. method:: encrypt(plaintext, padding)
Paul Kehrer4e602f32014-04-24 12:07:54 -0500[diff] [blame]239
240 .. versionadded:: 0.4
241
242 Encrypt data with the public key.
243
244 :param bytes plaintext: The plaintext to encrypt.
245
246 :param padding: An instance of a
247 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
248 provider.
249
Paul Kehrer4e602f32014-04-24 12:07:54 -0500[diff] [blame]250 :return bytes: Encrypted data.
Paul Kehrer01cdfb22014-04-15 11:27:03 -0400[diff] [blame]251
Alex Stapletonee3e6bf2014-02-02 21:13:48 +0000[diff] [blame]252 .. attribute:: key_size
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]253
254 :type: int
255
256 The bit length of the modulus.
257
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]258
Paul Kehrerf0a48c62014-06-07 17:04:13 -0500[diff] [blame]259.. class:: RSAPublicKeyWithNumbers
260
261 .. versionadded:: 0.5
262
263 Extends :class:`RSAPublicKey`.
264
265 .. method:: public_numbers()
266
267 Create a
268 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicNumbers`
269 object.
270
271 :returns: An
272 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicNumbers`
273 instance.
274
275
Alex Gaynor645315b2014-06-23 11:55:55 -0700[diff] [blame]276DSA
277~~~
278
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]279.. class:: DSAParameters
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]280
281 .. versionadded:: 0.3
282
283 `DSA`_ parameters.
284
Paul Kehrerdacb5f92014-06-27 09:15:07 -0600[diff] [blame]285 .. method:: generate_private_key()
286
287 .. versionadded:: 0.5
288
289 Generate a DSA private key. This method can be used to generate many
290 new private keys from a single set of parameters.
291
292 :return: A
293 :class:`~cryptography.hazmat.primitives.interfaces.DSAPrivateKey`
294 provider.
295
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]296
Paul Kehrer98429642014-06-22 16:37:21 -0600[diff] [blame]297.. class:: DSAParametersWithNumbers
298
299 .. versionadded:: 0.5
300
301 Extends :class:`DSAParameters`.
302
303 .. method:: parameter_numbers()
304
305 Create a
306 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameterNumbers`
307 object.
308
309 :returns: A
310 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameterNumbers`
311 instance.
312
313
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]314.. class:: DSAPrivateKey
315
316 .. versionadded:: 0.3
317
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]318 A `DSA`_ private key.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]319
320 .. method:: public_key()
321
322 :return: :class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey`
323
324 An DSA public key object corresponding to the values of the private key.
325
326 .. method:: parameters()
327
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]328 :return: :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]329
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]330 The DSAParameters object associated with this private key.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]331
Paul Kehrer0b3ff3b2014-05-01 15:34:42 -0500[diff] [blame]332 .. method:: signer(algorithm, backend)
333
334 .. versionadded:: 0.4
335
336 Sign data which can be verified later by others using the public key.
Alex Gaynor93f135a2014-11-17 09:20:58 -0800[diff] [blame]337 The signature is formatted as DER-encoded bytes, as specified in
338 :rfc:`6979`.
Paul Kehrer0b3ff3b2014-05-01 15:34:42 -0500[diff] [blame]339
340 :param algorithm: An instance of a
341 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
342 provider.
343
344 :param backend: A
345 :class:`~cryptography.hazmat.backends.interfaces.DSABackend`
346 provider.
347
348 :returns:
349 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
350
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]351 .. attribute:: key_size
352
353 :type: int
354
355 The bit length of the modulus.
356
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]357
Paul Kehrer98429642014-06-22 16:37:21 -0600[diff] [blame]358.. class:: DSAPrivateKeyWithNumbers
359
360 .. versionadded:: 0.5
361
362 Extends :class:`DSAPrivateKey`.
363
364 .. method:: private_numbers()
365
366 Create a
367 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateNumbers`
368 object.
369
370 :returns: A
371 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateNumbers`
372 instance.
373
374
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]375.. class:: DSAPublicKey
376
377 .. versionadded:: 0.3
378
Mohammed Attiaedacb142014-03-17 12:28:23 +0200[diff] [blame]379 A `DSA`_ public key.
380
381 .. attribute:: key_size
382
383 :type: int
384
385 The bit length of the modulus.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]386
387 .. method:: parameters()
388
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]389 :return: :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]390
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]391 The DSAParameters object associated with this public key.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]392
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]393 .. method:: verifier(signature, algorithm, backend)
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]394
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]395 .. versionadded:: 0.4
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]396
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]397 Verify data was signed by the private key associated with this public
398 key.
399
Paul Kehrere0aeaf82014-05-01 11:58:23 -0500[diff] [blame]400 :param bytes signature: The signature to verify. DER encoded as
401 specified in :rfc:`6979`.
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]402
403 :param algorithm: An instance of a
404 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
405 provider.
406
407 :param backend: A
408 :class:`~cryptography.hazmat.backends.interfaces.DSABackend`
409 provider.
410
411 :returns:
412 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]413
414
Paul Kehrer98429642014-06-22 16:37:21 -0600[diff] [blame]415.. class:: DSAPublicKeyWithNumbers
416
417 .. versionadded:: 0.5
418
419 Extends :class:`DSAPublicKey`.
420
Paul Kehrer5cfd2112014-09-24 14:51:01 -0500[diff] [blame]421 .. method:: public_numbers()
Paul Kehrer98429642014-06-22 16:37:21 -0600[diff] [blame]422
423 Create a
424 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicNumbers`
425 object.
426
427 :returns: A
428 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicNumbers`
429 instance.
430
431
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]432.. class:: EllipticCurve
433
Alex Stapleton20c99032014-05-03 21:06:46 +0100[diff] [blame]434 .. versionadded:: 0.5
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]435
436 A named elliptic curve.
437
438 .. attribute:: name
439
440 :type: string
441
442 The name of the curve. Usually the name used for the ASN.1 OID such as
Alex Stapleton6e526742014-05-23 22:06:06 +0100[diff] [blame]443 ``secp256k1``.
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]444
445 .. attribute:: key_size
446
447 :type: int
448
Alex Stapletond4365692014-05-26 09:25:25 +0100[diff] [blame]449 The bit length of the curve's base point.
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]450
451
Alex Gaynor645315b2014-06-23 11:55:55 -0700[diff] [blame]452Elliptic Curve
453~~~~~~~~~~~~~~
454
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]455.. class:: EllipticCurveSignatureAlgorithm
456
Alex Stapleton20c99032014-05-03 21:06:46 +0100[diff] [blame]457 .. versionadded:: 0.5
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]458
459 A signature algorithm for use with elliptic curve keys.
460
Alex Stapleton80228a12014-04-20 16:44:26 +0100[diff] [blame]461 .. attribute:: algorithm
462
463 :type: :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
464
465 The digest algorithm to be used with the signature scheme.
466
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]467
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]468.. class:: EllipticCurvePrivateKey
469
Alex Stapleton20c99032014-05-03 21:06:46 +0100[diff] [blame]470 .. versionadded:: 0.5
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]471
472 An elliptic curve private key for use with an algorithm such as `ECDSA`_ or
473 `EdDSA`_.
474
Alex Gaynor93f135a2014-11-17 09:20:58 -0800[diff] [blame]475 .. method:: signer(signature_algorithm)
476
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]477 Sign data which can be verified later by others using the public key.
Alex Gaynor93f135a2014-11-17 09:20:58 -0800[diff] [blame]478 The signature is formatted as DER-encoded bytes, as specified in
479 :rfc:`6979`.
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]480
481 :param signature_algorithm: An instance of a
482 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurveSignatureAlgorithm`
483 provider.
484
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]485 :returns:
486 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
487
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]488
489 :type: :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurve`
490
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]491 .. method:: public_key()
492
493 :return: :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePublicKey`
494
495 The EllipticCurvePublicKey object for this private key.
496
497
Paul Kehrere025be22014-09-24 11:26:48 -0500[diff] [blame]498.. class:: EllipticCurvePrivateKeyWithNumbers
499
500 .. versionadded:: 0.6
501
502 Extends :class:`EllipticCurvePrivateKey`.
503
504 .. method:: private_numbers()
505
506 Create a
507 :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateNumbers`
508 object.
509
510 :returns: An
511 :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateNumbers`
512 instance.
513
514
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]515.. class:: EllipticCurvePublicKey
516
Alex Stapleton20c99032014-05-03 21:06:46 +0100[diff] [blame]517 .. versionadded:: 0.5
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]518
519 An elliptic curve public key.
520
Alex Gaynore85e3562014-11-22 23:26:30 -0800[diff] [blame^]521 .. method:: verifier(signature, signature_algorithm)
522
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]523 Verify data was signed by the private key associated with this public
524 key.
525
Alex Gaynor93f135a2014-11-17 09:20:58 -0800[diff] [blame]526 :param bytes signature: The signature to verify. DER encoded as
527 specified in :rfc:`6979`.
Alex Stapleton80228a12014-04-20 16:44:26 +0100[diff] [blame]528
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]529 :param signature_algorithm: An instance of a
530 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurveSignatureAlgorithm`
531 provider.
532
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]533 :returns:
534 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
535
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]536 .. attribute:: curve
537
538 :type: :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurve`
539
540 The elliptic curve for this key.
541
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]542
Paul Kehrere025be22014-09-24 11:26:48 -0500[diff] [blame]543.. class:: EllipticCurvePublicKeyWithNumbers
544
545 .. versionadded:: 0.6
546
547 Extends :class:`EllipticCurvePublicKey`.
548
Paul Kehrer5cfd2112014-09-24 14:51:01 -0500[diff] [blame]549 .. method:: public_numbers()
Paul Kehrere025be22014-09-24 11:26:48 -0500[diff] [blame]550
551 Create a
552 :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers`
553 object.
554
555 :returns: An
556 :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers`
557 instance.
558
559
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]560Hash algorithms
Alex Gaynor645315b2014-06-23 11:55:55 -0700[diff] [blame]561---------------
Paul Kehrere51a2db2014-01-29 11:49:35 -0600[diff] [blame]562
563.. class:: HashAlgorithm
564
Paul Kehrere51a2db2014-01-29 11:49:35 -0600[diff] [blame]565 .. attribute:: name
566
567 :type: str
568
Paul Kehrer4c75a8c2014-01-29 12:20:37 -0600[diff] [blame]569 The standard name for the hash algorithm, for example: ``"sha256"`` or
570 ``"whirlpool"``.
Paul Kehrere51a2db2014-01-29 11:49:35 -0600[diff] [blame]571
572 .. attribute:: digest_size
573
574 :type: int
575
576 The size of the resulting digest in bytes.
577
578 .. attribute:: block_size
579
580 :type: int
581
582 The internal block size of the hash algorithm in bytes.
583
584
Ayrxa0f98502014-04-15 19:17:03 +0800[diff] [blame]585.. class:: HashContext
586
587 .. attribute:: algorithm
588
589 A :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` that
590 will be used by this context.
591
592 .. method:: update(data)
593
Alex Gaynore85e3562014-11-22 23:26:30 -0800[diff] [blame^]594 :param bytes data: The data you want to hash.
Ayrxa0f98502014-04-15 19:17:03 +0800[diff] [blame]595
596 .. method:: finalize()
597
598 :return: The final digest as bytes.
599
600 .. method:: copy()
601
602 :return: A :class:`~cryptography.hazmat.primitives.interfaces.HashContext`
603 that is a copy of the current context.
604
605
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]606Key derivation functions
Alex Gaynor645315b2014-06-23 11:55:55 -0700[diff] [blame]607------------------------
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]608
609.. class:: KeyDerivationFunction
610
Alex Gaynor8454c512014-01-28 07:01:54 -0800[diff] [blame]611 .. versionadded:: 0.2
612
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]613 .. method:: derive(key_material)
614
Alex Gaynore85e3562014-11-22 23:26:30 -0800[diff] [blame^]615 :param bytes key_material: The input key material. Depending on what
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]616 key derivation function you are using this
Alex Gaynore85e3562014-11-22 23:26:30 -0800[diff] [blame^]617 could be either random bytes, or a user
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]618 supplied password.
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]619 :return: The new key.
Alex Gaynore19e89f2014-01-28 06:58:43 -0800[diff] [blame]620 :raises cryptography.exceptions.AlreadyFinalized: This is raised when
621 :meth:`derive` or
622 :meth:`verify` is
623 called more than
624 once.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]625
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]626 This generates and returns a new key from the supplied key material.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]627
628 .. method:: verify(key_material, expected_key)
629
Alex Gaynore85e3562014-11-22 23:26:30 -0800[diff] [blame^]630 :param bytes key_material: The input key material. This is the same as
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]631 ``key_material`` in :meth:`derive`.
Alex Gaynore85e3562014-11-22 23:26:30 -0800[diff] [blame^]632 :param bytes expected_key: The expected result of deriving a new key,
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]633 this is the same as the return value of
634 :meth:`derive`.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]635 :raises cryptography.exceptions.InvalidKey: This is raised when the
636 derived key does not match
637 the expected key.
Alex Gaynore19e89f2014-01-28 06:58:43 -0800[diff] [blame]638 :raises cryptography.exceptions.AlreadyFinalized: This is raised when
639 :meth:`derive` or
640 :meth:`verify` is
641 called more than
642 once.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]643
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]644 This checks whether deriving a new key from the supplied
645 ``key_material`` generates the same key as the ``expected_key``, and
646 raises an exception if they do not match. This can be used for
647 something like checking whether a user's password attempt matches the
648 stored derived key.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]649
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]650
Terry Chiacc5e4452014-10-12 15:35:21 +0800[diff] [blame]651`Message Authentication Code`_
652------------------------------
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]653
654.. class:: CMACContext
655
Alex Gaynor7d156882014-10-20 10:40:34 -0700[diff] [blame]656 :class:`CMACContext` has been deprecated in favor of :class:`MACContext`.
Terry Chiac7c82f32014-10-20 12:15:22 +0800[diff] [blame]657
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]658 .. versionadded:: 0.4
659
660 .. method:: update(data)
661
Alex Gaynore85e3562014-11-22 23:26:30 -0800[diff] [blame^]662 :param bytes data: The data you want to authenticate.
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]663
664 .. method:: finalize()
665
Ayrx7964c172014-04-15 21:50:58 +0800[diff] [blame]666 :return: The message authentication code.
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]667
668 .. method:: copy()
669
670 :return: A :class:`~cryptography.hazmat.primitives.interfaces.CMACContext`
671 that is a copy of the current context.
672
Terry Chiacc5e4452014-10-12 15:35:21 +0800[diff] [blame]673.. class:: MACContext
674
675 .. versionadded:: 0.7
676
677 .. method:: update(data)
678
Alex Gaynore85e3562014-11-22 23:26:30 -0800[diff] [blame^]679 :param bytes data: The data you want to authenticate.
Terry Chiacc5e4452014-10-12 15:35:21 +0800[diff] [blame]680
681 .. method:: finalize()
682
683 :return: The message authentication code.
684
685 .. method:: copy()
686
Alex Gaynor7d156882014-10-20 10:40:34 -0700[diff] [blame]687 :return: A
688 :class:`~cryptography.hazmat.primitives.interfaces.MACContext` that
689 is a copy of the current context.
Terry Chiacc5e4452014-10-12 15:35:21 +0800[diff] [blame]690
Alex Gaynor7d156882014-10-20 10:40:34 -0700[diff] [blame]691 .. method:: verify(signature)
Terry Chiacc5e4452014-10-12 15:35:21 +0800[diff] [blame]692
Alex Gaynore85e3562014-11-22 23:26:30 -0800[diff] [blame^]693 :param bytes signature: The signature to verify.
Terry Chiacc5e4452014-10-12 15:35:21 +0800[diff] [blame]694
695 :raises cryptography.exceptions.InvalidSignature: This is raised when
696 the provided signature does not match the expected signature.
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]697
Paul Kehrer8e9c9842014-02-13 12:23:27 -0600[diff] [blame]698.. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
699.. _`Chinese remainder theorem`: https://en.wikipedia.org/wiki/Chinese_remainder_theorem
Mohammed Attia604c78f2014-03-04 03:56:08 +0200[diff] [blame]700.. _`DSA`: https://en.wikipedia.org/wiki/Digital_Signature_Algorithm
Ayrx83cd3f82014-04-15 21:56:32 +0800[diff] [blame]701.. _`CMAC`: https://en.wikipedia.org/wiki/CMAC
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]702.. _`ECDSA`: http://en.wikipedia.org/wiki/ECDSA
703.. _`EdDSA`: http://en.wikipedia.org/wiki/EdDSA