diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-07-16 17:34:42 +0200 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2017-07-16 11:34:42 -0400 |
| commit | 165743ee63d05b343bf7e6b6b0afe0c23be71ca2 (patch) | |
| tree | 85ebacc097353917b1a838403cd929ff94f4ec26 /docs/hazmat/primitives/aead.rst | |
| parent | 1a2e817f14a9c72eac90c747a4f30ef71260ea0a (diff) | |
| download | cryptography-165743ee63d05b343bf7e6b6b0afe0c23be71ca2.tar.gz cryptography-165743ee63d05b343bf7e6b6b0afe0c23be71ca2.tar.bz2 cryptography-165743ee63d05b343bf7e6b6b0afe0c23be71ca2.zip | |
move tag_length to the AESCCM constructor (#3783)
* move tag_length to the AESCCM constructor
* review feedback
Diffstat (limited to 'docs/hazmat/primitives/aead.rst')
| -rw-r--r-- | docs/hazmat/primitives/aead.rst | 18 |
1 files changed, 7 insertions, 11 deletions
diff --git a/docs/hazmat/primitives/aead.rst b/docs/hazmat/primitives/aead.rst index 94b08f0a..6b13edc1 100644 --- a/docs/hazmat/primitives/aead.rst +++ b/docs/hazmat/primitives/aead.rst @@ -78,7 +78,7 @@ also support providing integrity for associated data which is not encrypted. when the ciphertext has been changed, but will also occur when the key, nonce, or associated data are wrong. -.. class:: AESCCM(key) +.. class:: AESCCM(key, tag_length=16) .. versionadded:: 2.0 @@ -93,6 +93,10 @@ also support providing integrity for associated data which is not encrypted. cipher utilizing Counter with CBC-MAC (CCM) (specified in :rfc:`3610`). :param bytes key: A 128, 192, or 256-bit key. This **must** be kept secret. + :param int tag_length: The length of the authentication tag. This + defaults to 16 bytes and it is **strongly** recommended that you + do not make it shorter unless absolutely necessary. Valid tag + lengths are 4, 6, 8, 12, 14, and 16. :raises cryptography.exceptions.UnsupportedAlgorithm: If the version of OpenSSL does not support AES-CCM. @@ -119,7 +123,7 @@ also support providing integrity for associated data which is not encrypted. :returns bytes: The generated key. - .. method:: encrypt(nonce, data, associated_data, tag_length=16) + .. method:: encrypt(nonce, data, associated_data) .. warning:: @@ -138,13 +142,9 @@ also support providing integrity for associated data which is not encrypted. :param bytes data: The data to encrypt. :param bytes associated_data: Additional data that should be authenticated with the key, but is not encrypted. Can be ``None``. - :param int tag_length: The length of the authentication tag. This - defaults to 16 bytes and it is **strongly** recommended that you - do not make it shorter unless absolutely necessary. Valid tag - lengths are 4, 6, 8, 12, 14, and 16. :returns bytes: The ciphertext bytes with the tag appended. - .. method:: decrypt(nonce, data, associated_data, tag_length=16) + .. method:: decrypt(nonce, data, associated_data) Decrypts the ``data`` and authenticates the ``associated_data``. If you called encrypt with ``associated_data`` you must pass the same @@ -156,10 +156,6 @@ also support providing integrity for associated data which is not encrypted. :param bytes data: The data to decrypt (with tag appended). :param bytes associated_data: Additional data to authenticate. Can be ``None`` if none was passed during encryption. - :param int tag_length: The length of the authentication tag. This - defaults to 16 bytes. You only need to change this if your existing - ciphertext has a shorter tag. Valid tag lengths are 4, 6, 8, 12, - 14, and 16. :returns bytes: The original plaintext. :raises cryptography.exceptions.InvalidTag: If the authentication tag doesn't validate this exception will be raised. This will occur |