Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 12a4e0fd70476a3b54193a12aa760b100baaa019 / . / docs / hazmat / primitives / interfaces.rst
blob: 8e6c2548742b08b94551cb621228e62ed1c3a5c6 [file] [log] [blame]
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]1.. hazmat::
2
3Interfaces
4==========
5
6
7``cryptography`` uses `Abstract Base Classes`_ as interfaces to describe the
David Reidbd18bcd2013-11-07 13:13:30 -0800[diff] [blame]8properties and methods of most primitive constructs. Backends may also use
9this information to influence their operation. Interfaces should also be used
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]10to document argument and return types.
11
David Reid9ed25e42013-11-07 13:15:27 -0800[diff] [blame]12.. _`Abstract Base Classes`: http://docs.python.org/3.2/library/abc.html
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]13
14
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]15Symmetric ciphers
David Reid0a394df2013-11-15 16:19:50 -0800[diff] [blame]16~~~~~~~~~~~~~~~~~
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]17
18.. currentmodule:: cryptography.hazmat.primitives.interfaces
19
David Reid0a394df2013-11-15 16:19:50 -0800[diff] [blame]20
21.. class:: CipherAlgorithm
22
23 A named symmetric encryption algorithm.
24
25 .. attribute:: name
26
27 :type: str
28
29 The standard name for the mode, for example, "AES", "Camellia", or
30 "Blowfish".
31
32 .. attribute:: key_size
33
34 :type: int
35
36 The number of bits in the key being used.
37
38
David Reid668d4802013-12-17 11:53:43 -0800[diff] [blame]39.. class:: BlockCipherAlgorithm
40
41 A block cipher algorithm.
42
43 .. attribute:: block_size
44
45 :type: int
46
47 The number of bits in a block.
48
49
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]50Cipher modes
David Reid0a394df2013-11-15 16:19:50 -0800[diff] [blame]51------------
52
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]53Interfaces used by the symmetric cipher modes described in
54:ref:`Symmetric Encryption Modes <symmetric-encryption-modes>`.
55
56.. class:: Mode
57
58 A named cipher mode.
59
60 .. attribute:: name
61
62 :type: str
63
64 This should be the standard shorthand name for the mode, for example
65 Cipher-Block Chaining mode is "CBC".
66
67 The name may be used by a backend to influence the operation of a
68 cipher in conjunction with the algorithm's name.
69
Alex Gaynor9626b5a2013-11-19 16:49:26 -0800[diff] [blame]70 .. method:: validate_for_algorithm(algorithm)
71
72 :param CipherAlgorithm algorithm:
73
74 Checks that the combination of this mode with the provided algorithm
75 meets any necessary invariants. This should raise an exception if they
76 are not met.
77
78 For example, the :class:`~cryptography.hazmat.primitives.modes.CBC`
79 mode uses this method to check that the provided initialization
80 vector's length matches the block size of the algorithm.
81
David Reid30722b92013-11-07 13:03:39 -0800[diff] [blame]82
83.. class:: ModeWithInitializationVector
84
85 A cipher mode with an initialization vector.
86
87 .. attribute:: initialization_vector
88
89 :type: bytes
90
91 Exact requirements of the initialization are described by the
92 documentation of individual modes.
93
94
95.. class:: ModeWithNonce
96
97 A cipher mode with a nonce.
98
99 .. attribute:: nonce
100
101 :type: bytes
102
103 Exact requirements of the nonce are described by the documentation of
104 individual modes.
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]105
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]106Asymmetric interfaces
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]107~~~~~~~~~~~~~~~~~~~~~
108
109.. class:: RSAPrivateKey
110
Paul Kehrer46688b12014-01-26 13:23:13 -0600[diff] [blame]111 .. versionadded:: 0.2
Paul Kehrer82629f42014-01-26 12:25:02 -0600[diff] [blame]112
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]113 An `RSA`_ private key.
114
Paul Kehrer01cdfb22014-04-15 11:27:03 -0400[diff] [blame]115 .. method:: signer(padding, algorithm, backend)
116
117 .. versionadded:: 0.3
118
119 Sign data which can be verified later by others using the public key.
120
121 :param padding: An instance of a
122 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
123 provider.
124
125 :param algorithm: An instance of a
126 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
127 provider.
128
129 :param backend: A
130 :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
131 provider.
132
133 :returns:
134 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
135
Paul Kehrer27f9ca62014-04-15 17:59:27 -0400[diff] [blame]136 .. method:: decrypt(ciphertext, padding, backend)
137
138 .. versionadded:: 0.4
139
140 Decrypt data that was encrypted via the public key.
141
142 :param bytes ciphertext: The ciphertext to decrypt.
143
144 :param padding: An instance of a
145 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
146 provider.
147
148 :param backend: A
149 :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
150 provider.
151
152 :return bytes: Decrypted data.
153
Paul Kehrer0e94fbe2014-01-26 11:47:21 -0600[diff] [blame]154 .. method:: public_key()
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]155
Paul Kehrer359b9462014-01-26 12:03:05 -0600[diff] [blame]156 :return: :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]157
158 An RSA public key object corresponding to the values of the private key.
159
Alex Stapletonee3e6bf2014-02-02 21:13:48 +0000[diff] [blame]160 .. attribute:: key_size
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]161
162 :type: int
163
164 The bit length of the modulus.
165
Paul Kehrerf0a48c62014-06-07 17:04:13 -0500[diff] [blame]166.. class:: RSAPrivateKeyWithNumbers
167
168 .. versionadded:: 0.5
169
170 Extends :class:`RSAPrivateKey`.
171
172 .. method:: private_numbers()
173
174 Create a
175 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers`
176 object.
177
178 :returns: An
179 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers`
180 instance.
181
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]182
183.. class:: RSAPublicKey
184
Paul Kehrer46688b12014-01-26 13:23:13 -0600[diff] [blame]185 .. versionadded:: 0.2
Paul Kehrer82629f42014-01-26 12:25:02 -0600[diff] [blame]186
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]187 An `RSA`_ public key.
188
Paul Kehrer01cdfb22014-04-15 11:27:03 -0400[diff] [blame]189 .. method:: verifier(signature, padding, algorithm, backend)
190
191 .. versionadded:: 0.3
192
193 Verify data was signed by the private key associated with this public
194 key.
195
196 :param bytes signature: The signature to verify.
197
198 :param padding: An instance of a
199 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
200 provider.
201
202 :param algorithm: An instance of a
203 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
204 provider.
205
206 :param backend: A
207 :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
208 provider.
209
210 :returns:
211 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
212
Paul Kehrer4e602f32014-04-24 12:07:54 -0500[diff] [blame]213 .. method:: encrypt(plaintext, padding, backend)
214
215 .. versionadded:: 0.4
216
217 Encrypt data with the public key.
218
219 :param bytes plaintext: The plaintext to encrypt.
220
221 :param padding: An instance of a
222 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
223 provider.
224
225 :param backend: A
226 :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
227 provider.
228
229 :return bytes: Encrypted data.
Paul Kehrer01cdfb22014-04-15 11:27:03 -0400[diff] [blame]230
Alex Stapletonee3e6bf2014-02-02 21:13:48 +0000[diff] [blame]231 .. attribute:: key_size
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]232
233 :type: int
234
235 The bit length of the modulus.
236
Paul Kehrerac423232014-01-25 14:13:09 -0600[diff] [blame]237
Paul Kehrerf0a48c62014-06-07 17:04:13 -0500[diff] [blame]238.. class:: RSAPublicKeyWithNumbers
239
240 .. versionadded:: 0.5
241
242 Extends :class:`RSAPublicKey`.
243
244 .. method:: public_numbers()
245
246 Create a
247 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicNumbers`
248 object.
249
250 :returns: An
251 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicNumbers`
252 instance.
253
254
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]255.. class:: DSAParameters
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]256
257 .. versionadded:: 0.3
258
259 `DSA`_ parameters.
260
261 .. attribute:: modulus
262
263 :type: int
264
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]265 The prime modulus that is used in generating the DSA key pair and used
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]266 in the DSA signing and verification processes.
267
268 .. attribute:: subgroup_order
269
270 :type: int
271
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]272 The subgroup order that is used in generating the DSA key pair
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]273 by the generator and used in the DSA signing and verification
274 processes.
275
276 .. attribute:: generator
277
278 :type: int
279
Mohammed Attiacb9a6c22014-03-04 04:16:35 +0200[diff] [blame]280 The generator that is used in generating the DSA key pair and used
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]281 in the DSA signing and verification processes.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]282
283 .. attribute:: p
284
285 :type: int
286
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]287 The prime modulus that is used in generating the DSA key pair and used
Mohammed Attia70324512014-03-04 03:34:39 +0200[diff] [blame]288 in the DSA signing and verification processes. Alias for :attr:`modulus`.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]289
290 .. attribute:: q
291
292 :type: int
293
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]294 The subgroup order that is used in generating the DSA key pair
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]295 by the generator and used in the DSA signing and verification
Mohammed Attia70324512014-03-04 03:34:39 +0200[diff] [blame]296 processes. Alias for :attr:`subgroup_order`.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]297
298 .. attribute:: g
299
300 :type: int
301
Mohammed Attiacb9a6c22014-03-04 04:16:35 +0200[diff] [blame]302 The generator that is used in generating the DSA key pair and used
Mohammed Attia70324512014-03-04 03:34:39 +0200[diff] [blame]303 in the DSA signing and verification processes. Alias for :attr:`generator`.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]304
305
306.. class:: DSAPrivateKey
307
308 .. versionadded:: 0.3
309
Mohammed Attia7a1738a2014-03-04 19:17:24 +0200[diff] [blame]310 A `DSA`_ private key.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]311
312 .. method:: public_key()
313
314 :return: :class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey`
315
316 An DSA public key object corresponding to the values of the private key.
317
318 .. method:: parameters()
319
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]320 :return: :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]321
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]322 The DSAParameters object associated with this private key.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]323
Paul Kehrer0b3ff3b2014-05-01 15:34:42 -0500[diff] [blame]324 .. method:: signer(algorithm, backend)
325
326 .. versionadded:: 0.4
327
328 Sign data which can be verified later by others using the public key.
329
330 :param algorithm: An instance of a
331 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
332 provider.
333
334 :param backend: A
335 :class:`~cryptography.hazmat.backends.interfaces.DSABackend`
336 provider.
337
338 :returns:
339 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
340
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]341 .. attribute:: key_size
342
343 :type: int
344
345 The bit length of the modulus.
346
347 .. attribute:: x
348
349 :type: int
350
351 The private key.
352
353 .. attribute:: y
354
355 :type: int
356
357 The public key.
358
359
360.. class:: DSAPublicKey
361
362 .. versionadded:: 0.3
363
Mohammed Attiaedacb142014-03-17 12:28:23 +0200[diff] [blame]364 A `DSA`_ public key.
365
366 .. attribute:: key_size
367
368 :type: int
369
370 The bit length of the modulus.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]371
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]372 .. attribute:: y
373
374 :type: int
375
376 The public key.
377
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]378 .. method:: parameters()
379
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]380 :return: :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]381
Mohammed Attia71acc672014-03-04 19:20:45 +0200[diff] [blame]382 The DSAParameters object associated with this public key.
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]383
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]384 .. method:: verifier(signature, algorithm, backend)
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]385
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]386 .. versionadded:: 0.4
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]387
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]388 Verify data was signed by the private key associated with this public
389 key.
390
Paul Kehrere0aeaf82014-05-01 11:58:23 -0500[diff] [blame]391 :param bytes signature: The signature to verify. DER encoded as
392 specified in :rfc:`6979`.
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]393
394 :param algorithm: An instance of a
395 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
396 provider.
397
398 :param backend: A
399 :class:`~cryptography.hazmat.backends.interfaces.DSABackend`
400 provider.
401
402 :returns:
403 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
Mohammed Attiab4167152014-03-04 03:29:56 +0200[diff] [blame]404
405
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]406.. class:: EllipticCurve
407
Alex Stapleton20c99032014-05-03 21:06:46 +0100[diff] [blame]408 .. versionadded:: 0.5
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]409
410 A named elliptic curve.
411
412 .. attribute:: name
413
414 :type: string
415
416 The name of the curve. Usually the name used for the ASN.1 OID such as
Alex Stapleton6e526742014-05-23 22:06:06 +0100[diff] [blame]417 ``secp256k1``.
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]418
419 .. attribute:: key_size
420
421 :type: int
422
Alex Stapletond4365692014-05-26 09:25:25 +0100[diff] [blame]423 The bit length of the curve's base point.
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]424
425
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]426.. class:: EllipticCurveSignatureAlgorithm
427
Alex Stapleton20c99032014-05-03 21:06:46 +0100[diff] [blame]428 .. versionadded:: 0.5
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]429
430 A signature algorithm for use with elliptic curve keys.
431
Alex Stapleton80228a12014-04-20 16:44:26 +0100[diff] [blame]432 .. attribute:: algorithm
433
434 :type: :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
435
436 The digest algorithm to be used with the signature scheme.
437
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]438
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]439.. class:: EllipticCurvePrivateKey
440
Alex Stapleton20c99032014-05-03 21:06:46 +0100[diff] [blame]441 .. versionadded:: 0.5
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]442
443 An elliptic curve private key for use with an algorithm such as `ECDSA`_ or
444 `EdDSA`_.
445
Alex Stapleton33c9d832014-05-23 21:31:51 +0100[diff] [blame]446 .. classmethod:: signer(signature_algorithm)
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]447 Sign data which can be verified later by others using the public key.
448
449 :param signature_algorithm: An instance of a
450 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurveSignatureAlgorithm`
451 provider.
452
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]453 :returns:
454 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
455
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]456
457 :type: :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurve`
458
459 The elliptic curve for this key.
460
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]461 .. method:: public_key()
462
463 :return: :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePublicKey`
464
465 The EllipticCurvePublicKey object for this private key.
466
467
468.. class:: EllipticCurvePublicKey
469
Alex Stapleton20c99032014-05-03 21:06:46 +0100[diff] [blame]470 .. versionadded:: 0.5
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]471
472 An elliptic curve public key.
473
Alex Stapletone47bafb2014-05-17 13:19:15 +0100[diff] [blame]474 .. classmethod:: verifier(signature, signature_algorithm)
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]475 Verify data was signed by the private key associated with this public
476 key.
477
Alex Stapleton80228a12014-04-20 16:44:26 +0100[diff] [blame]478 :param bytes signature: The signature to verify.
479
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]480 :param signature_algorithm: An instance of a
481 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurveSignatureAlgorithm`
482 provider.
483
Alex Stapletona1853f92014-04-18 11:38:28 +0100[diff] [blame]484 :returns:
485 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
486
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]487 .. attribute:: curve
488
489 :type: :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurve`
490
491 The elliptic curve for this key.
492
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]493
Paul Kehrereda558c2014-02-17 21:18:13 -0600[diff] [blame]494.. class:: AsymmetricSignatureContext
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]495
496 .. versionadded:: 0.2
497
498 .. method:: update(data)
499
Paul Kehrereda558c2014-02-17 21:18:13 -0600[diff] [blame]500 :param bytes data: The data you want to sign.
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]501
502 .. method:: finalize()
503
504 :return bytes signature: The signature.
505
506
Paul Kehrer430202d2014-02-18 13:36:53 -0600[diff] [blame]507.. class:: AsymmetricVerificationContext
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]508
509 .. versionadded:: 0.2
510
511 .. method:: update(data)
512
Paul Kehrereda558c2014-02-17 21:18:13 -0600[diff] [blame]513 :param bytes data: The data you wish to verify using the signature.
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]514
Paul Kehrerdd3780a2014-02-18 13:17:53 -0600[diff] [blame]515 .. method:: verify()
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]516
Paul Kehrerfef1fbd2014-02-26 23:39:37 -0400[diff] [blame]517 :raises cryptography.exceptions.InvalidSignature: If the signature does
518 not validate.
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]519
520
521.. class:: AsymmetricPadding
522
Paul Kehrer19f32d52014-02-17 19:23:06 -0600[diff] [blame]523 .. versionadded:: 0.2
Paul Kehrere0f0f342014-02-17 19:20:51 -0600[diff] [blame]524
525 .. attribute:: name
526
David Reid3e0c21e2014-05-13 14:30:45 -0700[diff] [blame]527
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]528Hash algorithms
Paul Kehrere51a2db2014-01-29 11:49:35 -0600[diff] [blame]529~~~~~~~~~~~~~~~
530
531.. class:: HashAlgorithm
532
Paul Kehrere51a2db2014-01-29 11:49:35 -0600[diff] [blame]533 .. attribute:: name
534
535 :type: str
536
Paul Kehrer4c75a8c2014-01-29 12:20:37 -0600[diff] [blame]537 The standard name for the hash algorithm, for example: ``"sha256"`` or
538 ``"whirlpool"``.
Paul Kehrere51a2db2014-01-29 11:49:35 -0600[diff] [blame]539
540 .. attribute:: digest_size
541
542 :type: int
543
544 The size of the resulting digest in bytes.
545
546 .. attribute:: block_size
547
548 :type: int
549
550 The internal block size of the hash algorithm in bytes.
551
552
Ayrxa0f98502014-04-15 19:17:03 +0800[diff] [blame]553.. class:: HashContext
554
555 .. attribute:: algorithm
556
557 A :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` that
558 will be used by this context.
559
560 .. method:: update(data)
561
562 :param data bytes: The data you want to hash.
563
564 .. method:: finalize()
565
566 :return: The final digest as bytes.
567
568 .. method:: copy()
569
570 :return: A :class:`~cryptography.hazmat.primitives.interfaces.HashContext`
571 that is a copy of the current context.
572
573
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]574Key derivation functions
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]575~~~~~~~~~~~~~~~~~~~~~~~~
576
577.. class:: KeyDerivationFunction
578
Alex Gaynor8454c512014-01-28 07:01:54 -0800[diff] [blame]579 .. versionadded:: 0.2
580
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]581 .. method:: derive(key_material)
582
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]583 :param key_material bytes: The input key material. Depending on what
584 key derivation function you are using this
585 could be either random material, or a user
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]586 supplied password.
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]587 :return: The new key.
Alex Gaynore19e89f2014-01-28 06:58:43 -0800[diff] [blame]588 :raises cryptography.exceptions.AlreadyFinalized: This is raised when
589 :meth:`derive` or
590 :meth:`verify` is
591 called more than
592 once.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]593
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]594 This generates and returns a new key from the supplied key material.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]595
596 .. method:: verify(key_material, expected_key)
597
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]598 :param key_material bytes: The input key material. This is the same as
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]599 ``key_material`` in :meth:`derive`.
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]600 :param expected_key bytes: The expected result of deriving a new key,
601 this is the same as the return value of
602 :meth:`derive`.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]603 :raises cryptography.exceptions.InvalidKey: This is raised when the
604 derived key does not match
605 the expected key.
Alex Gaynore19e89f2014-01-28 06:58:43 -0800[diff] [blame]606 :raises cryptography.exceptions.AlreadyFinalized: This is raised when
607 :meth:`derive` or
608 :meth:`verify` is
609 called more than
610 once.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]611
Alex Gaynor5484f722014-01-28 05:46:15 -0800[diff] [blame]612 This checks whether deriving a new key from the supplied
613 ``key_material`` generates the same key as the ``expected_key``, and
614 raises an exception if they do not match. This can be used for
615 something like checking whether a user's password attempt matches the
616 stored derived key.
Alex Gaynorb2774f52014-01-27 11:05:29 -0800[diff] [blame]617
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]618
Ayrx83cd3f82014-04-15 21:56:32 +0800[diff] [blame]619`CMAC`_
620~~~~~~~
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]621
622.. class:: CMACContext
623
624 .. versionadded:: 0.4
625
626 .. method:: update(data)
627
628 :param data bytes: The data you want to authenticate.
629
630 .. method:: finalize()
631
Ayrx7964c172014-04-15 21:50:58 +0800[diff] [blame]632 :return: The message authentication code.
Ayrxc8121702014-04-15 19:02:05 +0800[diff] [blame]633
634 .. method:: copy()
635
636 :return: A :class:`~cryptography.hazmat.primitives.interfaces.CMACContext`
637 that is a copy of the current context.
638
639
Paul Kehrer8e9c9842014-02-13 12:23:27 -0600[diff] [blame]640.. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
641.. _`Chinese remainder theorem`: https://en.wikipedia.org/wiki/Chinese_remainder_theorem
Mohammed Attia604c78f2014-03-04 03:56:08 +0200[diff] [blame]642.. _`DSA`: https://en.wikipedia.org/wiki/Digital_Signature_Algorithm
Ayrx83cd3f82014-04-15 21:56:32 +0800[diff] [blame]643.. _`CMAC`: https://en.wikipedia.org/wiki/CMAC
Alex Stapleton085f3782014-04-01 16:18:17 +0100[diff] [blame]644.. _`ECDSA`: http://en.wikipedia.org/wiki/ECDSA
645.. _`EdDSA`: http://en.wikipedia.org/wiki/EdDSA