diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2014-01-27 11:05:29 -0800 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2014-01-27 11:05:29 -0800 |
| commit | b2774f53bc5840ae7c414ee78bef654a2ae89f01 (patch) | |
| tree | 6fdba6fac20984321a0269d3edb165f076bfbf1f | |
| parent | 6b4f32311e038a60ed496e2f44558b8803f9e033 (diff) | |
| download | cryptography-b2774f53bc5840ae7c414ee78bef654a2ae89f01.tar.gz cryptography-b2774f53bc5840ae7c414ee78bef654a2ae89f01.tar.bz2 cryptography-b2774f53bc5840ae7c414ee78bef654a2ae89f01.zip | |
Begin designing the KDF interfaces. Fixes #511
| -rw-r--r-- | cryptography/exceptions.py | 4 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/interfaces.py | 16 | ||||
| -rw-r--r-- | docs/exceptions.rst | 6 | ||||
| -rw-r--r-- | docs/hazmat/primitives/interfaces.rst | 30 |
4 files changed, 56 insertions, 0 deletions
diff --git a/cryptography/exceptions.py b/cryptography/exceptions.py index 2654b453..e2542a1f 100644 --- a/cryptography/exceptions.py +++ b/cryptography/exceptions.py @@ -38,3 +38,7 @@ class InvalidSignature(Exception): class InternalError(Exception): pass + + +class InvalidKey(Exception): + pass diff --git a/cryptography/hazmat/primitives/interfaces.py b/cryptography/hazmat/primitives/interfaces.py index 293fcd78..1a27644f 100644 --- a/cryptography/hazmat/primitives/interfaces.py +++ b/cryptography/hazmat/primitives/interfaces.py @@ -257,3 +257,19 @@ class RSAPublicKey(six.with_metaclass(abc.ABCMeta)): """ The public exponent of the RSA key. Alias for public_exponent. """ + + +class KeyDerivationFunction(six.with_metaclass(abc.ABCMeta)): + @abc.abstractmethod + def derive(self, key_material): + """ + Deterministically generates and returns a new key based on the existing + key material. + """ + + @abc.abstractmethod + def verify(self, key_material, expected_key): + """ + Checks whether the key generated by the key material matches the + expected derived key. Raises an exception if they do not match. + """ diff --git a/docs/exceptions.rst b/docs/exceptions.rst index 1fbd3267..f9e29f3c 100644 --- a/docs/exceptions.rst +++ b/docs/exceptions.rst @@ -30,3 +30,9 @@ Exceptions This is raised when a backend doesn't support the requested algorithm (or combination of algorithms). + + +.. class:: InvalidKey + + This is raised when the verify method of a key derivation function does not + compare equal. diff --git a/docs/hazmat/primitives/interfaces.rst b/docs/hazmat/primitives/interfaces.rst index bf78e367..ac48dd2c 100644 --- a/docs/hazmat/primitives/interfaces.rst +++ b/docs/hazmat/primitives/interfaces.rst @@ -204,4 +204,34 @@ Asymmetric Interfaces The public exponent. Alias for :attr:`public_exponent`. +Key Derivation Functions +~~~~~~~~~~~~~~~~~~~~~~~~ + +.. class:: KeyDerivationFunction + + .. method:: derive(key_material) + + :param key_material bytes: The raw key material. Depending on what key + derivation function you are using this could + be either random material, or a user + supplied password. + :return: The resulting key. + + The generates and returns a new key from the supplied key material. + + .. method:: verify(key_material, expected_key) + + :param key_material bytes: The raw key material. This is the same as + ``key_material`` in :meth:`derive`. + :param expected_key bytes: What the expected result of deriving a new + key is. + :raises cryptography.exceptions.InvalidKey: This is raised when the + derived key does not match + the expected key. + + This checks whether deriving a key from the supplied ``key_material`` + generates the same key as the ``expected_key``, and raises an exception + if they do not match. This can be used for something like checking + whether a user's password attempt matches the stored derived key. + .. _`RSA`: http://en.wikipedia.org/wiki/RSA_(cryptosystem) |