Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / ef0fcf26c920c011948f078481739f4e2c31535f / . / docs / hazmat / primitives / hmac.rst
blob: 7d87ca7e67eb7dcc559d5650de887cd684c3549b [file] [log] [blame]
Alex Gaynoraf82d5e2013-10-29 17:07:24 -0700[diff] [blame]1.. hazmat::
Paul Kehrer0317b042013-10-28 17:34:27 -0500[diff] [blame]2
3Hash-based Message Authentication Codes
4=======================================
5
Alex Gaynor4658ce12013-10-29 15:26:50 -0700[diff] [blame]6.. currentmodule:: cryptography.hazmat.primitives.hmac
7
Paul Kehrer0317b042013-10-28 17:34:27 -0500[diff] [blame]8.. testsetup::
9
10 import binascii
11 key = binascii.unhexlify(b"0" * 32)
12
13Hash-based message authentication codes (or HMACs) are a tool for calculating
14message authentication codes using a cryptographic hash function coupled with a
15secret key. You can use an HMAC to verify integrity as well as authenticate a
16message.
17
David Reidef0fcf22013-11-06 11:12:45 -0800[diff] [blame^]18.. class:: HMAC(key, algorithm, backend)
Paul Kehrer0317b042013-10-28 17:34:27 -0500[diff] [blame]19
David Reid6753e392013-11-01 15:32:03 -0700[diff] [blame]20 HMAC objects take a ``key`` and a provider of
21 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`.
Paul Kehrer50a88152013-10-29 10:46:05 -0500[diff] [blame]22 The ``key`` should be randomly generated bytes and is recommended to be
23 equal in length to the ``digest_size`` of the hash function chosen.
24 You must keep the ``key`` secret.
Paul Kehrer0317b042013-10-28 17:34:27 -0500[diff] [blame]25
Alex Gaynor58ecc8d2013-11-03 21:21:00 -0800[diff] [blame]26 This is an implementation of :rfc:`2104`.
27
Paul Kehrer0317b042013-10-28 17:34:27 -0500[diff] [blame]28 .. doctest::
29
David Reidef0fcf22013-11-06 11:12:45 -0800[diff] [blame^]30 >>> from cryptography.hazmat.bindings import default_backend
Paul Kehrerbf8962a2013-10-28 17:44:42 -0500[diff] [blame]31 >>> from cryptography.hazmat.primitives import hashes, hmac
David Reidef0fcf22013-11-06 11:12:45 -0800[diff] [blame^]32 >>> h = hmac.HMAC(key, hashes.SHA256(), default_backend())
Paul Kehrer0317b042013-10-28 17:34:27 -0500[diff] [blame]33 >>> h.update(b"message to hash")
David Reid6753e392013-11-01 15:32:03 -0700[diff] [blame]34 >>> h.finalize()
35 '#F\xdaI\x8b"e\xc4\xf1\xbb\x9a\x8fc\xff\xf5\xdex.\xbc\xcd/+\x8a\x86\x1d\x84\'\xc3\xa6\x1d\xd8J'
Paul Kehrer0317b042013-10-28 17:34:27 -0500[diff] [blame]36
Paul Kehrer2824ab72013-10-28 11:06:55 -0500[diff] [blame]37 .. method:: update(msg)
Paul Kehrer0317b042013-10-28 17:34:27 -0500[diff] [blame]38
Paul Kehrer50a88152013-10-29 10:46:05 -0500[diff] [blame]39 :param bytes msg: The bytes to hash and authenticate.
David Reid2cce6182013-11-13 13:49:41 -0800[diff] [blame]40 :raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize`
Paul Kehrer0317b042013-10-28 17:34:27 -0500[diff] [blame]41
42 .. method:: copy()
43
David Reid2cce6182013-11-13 13:49:41 -0800[diff] [blame]44 Copy this :class:`HMAC` instance, usually so that we may call
45 :meth:`finalize` and get an intermediate digest value while we continue
46 to call :meth:`update` on the original.
47
48 :return: A new instance of :class:`HMAC` which can be updated
49 and finalized independently of the original instance.
50 :raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize`
Paul Kehrer0317b042013-10-28 17:34:27 -0500[diff] [blame]51
David Reid6753e392013-11-01 15:32:03 -0700[diff] [blame]52 .. method:: finalize()
53
54 Finalize the current context and return the message digest as bytes.
55
David Reid2cce6182013-11-13 13:49:41 -0800[diff] [blame]56 Once ``finalize`` is called this object can no longer be used and
57 :meth:`update`, :meth:`copy`, and :meth:`finalize` will raise
58 :class:`~cryptography.exceptions.AlreadyFinalized`.
Paul Kehrer0317b042013-10-28 17:34:27 -0500[diff] [blame]59
60 :return bytes: The message digest as bytes.
David Reid2cce6182013-11-13 13:49:41 -0800[diff] [blame]61 :raises cryptography.exceptions.AlreadyFinalized: