diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-11-14 08:01:31 -1000 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-11-14 08:01:31 -1000 |
| commit | af3d95fdf57e42a1bacb4cd66b58b5b5701d094c (patch) | |
| tree | 374a8d414b7c1fdae7d2ff6b81980e541b59ae12 /src/cryptography/hazmat/primitives/kdf/pbkdf2.py | |
| parent | d9f137db78d451ecb6ef7925b7dec0139ca59898 (diff) | |
| parent | 62143e47077b8df78e926da5c8f027d8f01ab281 (diff) | |
| download | cryptography-af3d95fdf57e42a1bacb4cd66b58b5b5701d094c.tar.gz cryptography-af3d95fdf57e42a1bacb4cd66b58b5b5701d094c.tar.bz2 cryptography-af3d95fdf57e42a1bacb4cd66b58b5b5701d094c.zip | |
Merge pull request #1468 from dstufft/move-to-src
Move the cryptography package into a src/ subdirectory
Diffstat (limited to 'src/cryptography/hazmat/primitives/kdf/pbkdf2.py')
| -rw-r--r-- | src/cryptography/hazmat/primitives/kdf/pbkdf2.py | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/primitives/kdf/pbkdf2.py b/src/cryptography/hazmat/primitives/kdf/pbkdf2.py new file mode 100644 index 00000000..97b6408c --- /dev/null +++ b/src/cryptography/hazmat/primitives/kdf/pbkdf2.py @@ -0,0 +1,66 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + +from cryptography import utils +from cryptography.exceptions import ( + AlreadyFinalized, InvalidKey, UnsupportedAlgorithm, _Reasons +) +from cryptography.hazmat.backends.interfaces import PBKDF2HMACBackend +from cryptography.hazmat.primitives import constant_time, interfaces + + +@utils.register_interface(interfaces.KeyDerivationFunction) +class PBKDF2HMAC(object): + def __init__(self, algorithm, length, salt, iterations, backend): + if not isinstance(backend, PBKDF2HMACBackend): + raise UnsupportedAlgorithm( + "Backend object does not implement PBKDF2HMACBackend.", + _Reasons.BACKEND_MISSING_INTERFACE + ) + + if not backend.pbkdf2_hmac_supported(algorithm): + raise UnsupportedAlgorithm( + "{0} is not supported for PBKDF2 by this backend.".format( + algorithm.name), + _Reasons.UNSUPPORTED_HASH + ) + self._used = False + self._algorithm = algorithm + self._length = length + if not isinstance(salt, bytes): + raise TypeError("salt must be bytes.") + self._salt = salt + self._iterations = iterations + self._backend = backend + + def derive(self, key_material): + if self._used: + raise AlreadyFinalized("PBKDF2 instances can only be used once.") + self._used = True + + if not isinstance(key_material, bytes): + raise TypeError("key_material must be bytes.") + return self._backend.derive_pbkdf2_hmac( + self._algorithm, + self._length, + self._salt, + self._iterations, + key_material + ) + + def verify(self, key_material, expected_key): + derived_key = self.derive(key_material) + if not constant_time.bytes_eq(derived_key, expected_key): + raise InvalidKey("Keys do not match.") |