Skip to content

Latest commit

 

History

History
130 lines (96 loc) · 4.56 KB

padding.rst

File metadata and controls

130 lines (96 loc) · 4.56 KB
Raw

Symmetric Padding

cryptography.hazmat.primitives.padding

Padding is a way to take data that may or may not be a multiple of the block size for a cipher and extend it out so that it is. This is required for many block cipher modes as they require the data to be encrypted to be an exact multiple of the block size.

PKCS7 padding is a generalization of PKCS5 padding (also known as standard padding). PKCS7 padding works by appending N bytes with the value of chr(N), where N is the number of bytes required to make the final block of data the same size as the block size. A simple example of padding is:

>>> from cryptography.hazmat.primitives import padding >>> padder = padding.PKCS7(128).padder() >>> padded_data = padder.update(b"11111111111111112222222222") >>> padded_data b'1111111111111111' >>> padded_data += padder.finalize() >>> padded_data b'11111111111111112222222222x06x06x06x06x06x06' >>> unpadder = padding.PKCS7(128).unpadder() >>> data = unpadder.update(padded_data) >>> data b'1111111111111111' >>> data + unpadder.finalize() b'11111111111111112222222222'

param block_size

The size of the block in bits that the data is being padded to.

raises ValueError

Raised if block size is not a multiple of 8 or is not between 0 and 2040 inclusive.

padder()

returns

A padding ~cryptography.hazmat.primitives.padding.PaddingContext instance.

unpadder()

returns

An unpadding ~cryptography.hazmat.primitives.padding.PaddingContext instance.

1.3

ANSI X9.23 padding works by appending N-1 bytes with the value of 0 and a last byte with the value of chr(N), where N is the number of bytes required to make the final block of data the same size as the block size. A simple example of padding is:

>>> padder = padding.ANSIX923(128).padder() >>> padded_data = padder.update(b"11111111111111112222222222") >>> padded_data b'1111111111111111' >>> padded_data += padder.finalize() >>> padded_data b'11111111111111112222222222x00x00x00x00x00x06' >>> unpadder = padding.ANSIX923(128).unpadder() >>> data = unpadder.update(padded_data) >>> data b'1111111111111111' >>> data + unpadder.finalize() b'11111111111111112222222222'

param block_size

The size of the block in bits that the data is being padded to.

raises ValueError

Raised if block size is not a multiple of 8 or is not between 0 and 2040 inclusive.

padder()

returns

A padding ~cryptography.hazmat.primitives.padding.PaddingContext instance.

unpadder()

returns

An unpadding ~cryptography.hazmat.primitives.padding.PaddingContext instance.

When calling padder() or unpadder() the result will conform to the PaddingContext interface. You can then call update(data) with data until you have fed everything into the context. Once that is done call finalize() to finish the operation and obtain the remainder of the data.

update(data)

param data

The data you wish to pass into the context.

type data

bytes-like

return bytes

Returns the data that was padded or unpadded.

raises TypeError

Raised if data is not bytes.

raises cryptography.exceptions.AlreadyFinalized

See finalize.

raises TypeError

This exception is raised if data is not bytes.

finalize()

Finalize the current context and return the rest of the data.

After finalize has been called this object can no longer be used; update and finalize will raise an ~cryptography.exceptions.AlreadyFinalized exception.

return bytes

Returns the remainder of the data.

raises TypeError

Raised if data is not bytes.

raises ValueError

When trying to remove padding from incorrectly padded data.