@@ -30,6 +30,103 @@ Different KDFs are suitable for different tasks such as:
3030Variable cost algorithms
3131~~~~~~~~~~~~~~~~~~~~~~~~
3232
33+ Argon2id
34+ --------
35+
36+ .. currentmodule :: cryptography.hazmat.primitives.kdf.argon2
37+
38+ .. class :: Argon2id(salt, length, iterations, lanes, memory_cost, ad=None, secret=None)
39+
40+ .. versionadded :: 44.0.0
41+
42+ Argon2id is a KDF designed for password storage. It is designed to be
43+ resistant to hardware attacks and is described in :rfc: `9106 `.
44+
45+ This class conforms to the
46+ :class: `~cryptography.hazmat.primitives.kdf.KeyDerivationFunction `
47+ interface.
48+
49+ .. doctest ::
50+
51+ >>> import os
52+ >>> from cryptography.hazmat.primitives.kdf.argon2 import Argon2id
53+ >>> salt = os.urandom(16 )
54+ >>> # derive
55+ >>> kdf = Argon2id(
56+ ... salt= salt,
57+ ... length= 32 ,
58+ ... iterations= 1 ,
59+ ... lanes= 4 ,
60+ ... memory_cost= 64 * 1024 ,
61+ ... ad= None ,
62+ ... secret= None ,
63+ ... )
64+ >>> key = kdf.derive(b " my great password"
65+ >>> # verify
66+ >>> kdf = Argon2id(
67+ ... salt= salt,
68+ ... length= 32 ,
69+ ... iterations= 1 ,
70+ ... lanes= 4 ,
71+ ... memory_cost= 64 * 1024 ,
72+ ... ad= None ,
73+ ... secret= None ,
74+ ... )
75+ >>> kdf.verify(b " my great password"
76+
77+ :param bytes salt: A salt.
78+ :param int length: The desired length of the derived key in bytes.
79+ :param int iterations: Also known as passes, this is used to tune
80+ the running time independently of the memory size.
81+ :param int lanes: The number of lanes (parallel threads) to use. Also
82+ known as parallelism.
83+ :param int memory_cost: The amount of memory to use in kibibytes.
84+ 1 kibibyte (KiB) is 1024 bytes.
85+ :param bytes ad: Optional associated data.
86+ :param bytes secret: Optional secret data.
87+
88+ :rfc: `9106 ` has recommendations for `parameter choice `_.
89+
90+ :raises cryptography.exceptions.UnsupportedAlgorithm: If Argon2id is not
91+ supported by the OpenSSL version ``cryptography `` is using.
92+
93+ .. method :: derive(key_material)
94+
95+ :param key_material: The input key material.
96+ :type key_material: :term: `bytes-like `
97+ :return bytes: the derived key.
98+ :raises TypeError: This exception is raised if ``key_material `` is not
99+ ``bytes ``.
100+ :raises cryptography.exceptions.AlreadyFinalized: This is raised when
101+ :meth: `derive ` or
102+ :meth: `verify ` is
103+ called more than
104+ once.
105+
106+ This generates and returns a new key from the supplied password.
107+
108+ .. method :: verify(key_material, expected_key)
109+
110+ :param bytes key_material: The input key material. This is the same as
111+ ``key_material `` in :meth: `derive `.
112+ :param bytes expected_key: The expected result of deriving a new key,
113+ this is the same as the return value of
114+ :meth: `derive `.
115+ :raises cryptography.exceptions.InvalidKey: This is raised when the
116+ derived key does not match
117+ the expected key.
118+ :raises cryptography.exceptions.AlreadyFinalized: This is raised when
119+ :meth: `derive ` or
120+ :meth: `verify ` is
121+ called more than
122+ once.
123+
124+ This checks whether deriving a new key from the supplied
125+ ``key_material `` generates the same key as the ``expected_key ``, and
126+ raises an exception if they do not match. This can be used for
127+ checking whether the password a user provides matches the stored derived
128+ key.
129+
33130
34131PBKDF2
35132------
@@ -1039,3 +1136,4 @@ Interface
10391136.. _`recommends` : https://datatracker.ietf.org/doc/html/rfc7914#section-2
10401137.. _`The scrypt paper` : https://www.tarsnap.com/scrypt/scrypt.pdf
10411138.. _`understanding HKDF` : https://soatok.blog/2021/11/17/understanding-hkdf/
1139+ .. _`parameter choice` : https://datatracker.ietf.org/doc/html/rfc9106#section-4
0 commit comments