docs/hazmat/primitives/mac/index.rst


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

.. hazmat::

Message authentication codes
============================

While cryptography supports both the CMAC and HMAC algorithms, we strongly
recommend that HMAC should be used unless you have a good reason otherwise.

For more information on why HMAC is preferred, see `Use cases for CMAC vs.
HMAC?`_

HMAC and CMAC both use the ``MACContext`` interface:

.. currentmodule:: cryptography.hazmat.primitives.mac

.. class:: MACContext

    .. versionadded:: 0.7

    .. method:: update(data)

        :param bytes data: The data you want to authenticate.

    .. method:: finalize()

        :return: The message authentication code.

    .. method:: copy()

        :return: A
            :class:`~cryptography.hazmat.primitives.mac.MACContext` that
            is a copy of the current context.

    .. method:: verify(signature)

        :param bytes signature: The signature to verify.

        :raises cryptography.exceptions.InvalidSignature: This is raised when
            the provided signature does not match the expected signature.


.. _`CMAC`: https://en.wikipedia.org/wiki/CMAC
.. _`Use cases for CMAC vs. HMAC?`: https://crypto.stackexchange.com/questions/15721/use-cases-for-cmac-vs-hmac

.. toctree::
    :maxdepth: 1

    cmac
    hmac