Merge pull request #513 from alex/kdf-interface

Begin designing the KDF interfaces. Fixes #511

2 files changed, 20 insertions, 0 deletions

diff --git a/cryptography/exceptions.py b/cryptography/exceptions.py
index 2654b453..e2542a1f 100644
--- a/cryptography/exceptions.py
+++ b/cryptography/exceptions.py
@@ -38,3 +38,7 @@ class InvalidSignature(Exception):
 
 class InternalError(Exception):
     pass
+
+
+class InvalidKey(Exception):
+    pass
diff --git a/cryptography/hazmat/primitives/interfaces.py b/cryptography/hazmat/primitives/interfaces.py
index 293fcd78..1a27644f 100644
--- a/cryptography/hazmat/primitives/interfaces.py
+++ b/cryptography/hazmat/primitives/interfaces.py
@@ -257,3 +257,19 @@ class RSAPublicKey(six.with_metaclass(abc.ABCMeta)):
         """
         The public exponent of the RSA key. Alias for public_exponent.
         """
+
+
+class KeyDerivationFunction(six.with_metaclass(abc.ABCMeta)):
+    @abc.abstractmethod
+    def derive(self, key_material):
+        """
+        Deterministically generates and returns a new key based on the existing
+        key material.
+        """
+
+    @abc.abstractmethod
+    def verify(self, key_material, expected_key):
+        """
+        Checks whether the key generated by the key material matches the
+        expected derived key. Raises an exception if they do not match.
+        """