@@ -30,6 +30,105 @@ Different KDFs are suitable for different tasks such as:
3030Variable cost algorithms
3131~~~~~~~~~~~~~~~~~~~~~~~~
3232
33+ Argon2id
34+ --------
35+
36+ .. currentmodule :: cryptography.hazmat.primitives.kdf.argon2
37+
38+ .. class :: Argon2id(*, salt, length, iterations, lanes, memory_cost, ad=None, secret=None)
39+
40+ .. versionadded :: 44.0.0
41+
42+ Argon2id is a KDF designed for password storage. It is designed to be
43+ resistant to hardware attacks and is described in :rfc: `9106 `.
44+
45+ This class conforms to the
46+ :class: `~cryptography.hazmat.primitives.kdf.KeyDerivationFunction `
47+ interface.
48+
49+ .. doctest ::
50+
51+ >>> import os
52+ >>> from cryptography.hazmat.primitives.kdf.argon2 import Argon2id
53+ >>> salt = os.urandom(16 )
54+ >>> # derive
55+ >>> kdf = Argon2id(
56+ ... salt= salt,
57+ ... length= 32 ,
58+ ... iterations= 1 ,
59+ ... lanes= 4 ,
60+ ... memory_cost= 64 * 1024 ,
61+ ... ad= None ,
62+ ... secret= None ,
63+ ... )
64+ >>> key = kdf.derive(b " my great password"
65+ >>> # verify
66+ >>> kdf = Argon2id(
67+ ... salt= salt,
68+ ... length= 32 ,
69+ ... iterations= 1 ,
70+ ... lanes= 4 ,
71+ ... memory_cost= 64 * 1024 ,
72+ ... ad= None ,
73+ ... secret= None ,
74+ ... )
75+ >>> kdf.verify(b " my great password"
76+
77+ **All arguments to the constructor are keyword-only. **
78+
79+ :param bytes salt: A salt.
80+ :param int length: The desired length of the derived key in bytes.
81+ :param int iterations: Also known as passes, this is used to tune
82+ the running time independently of the memory size.
83+ :param int lanes: The number of lanes (parallel threads) to use. Also
84+ known as parallelism.
85+ :param int memory_cost: The amount of memory to use in kibibytes.
86+ 1 kibibyte (KiB) is 1024 bytes.
87+ :param bytes ad: Optional associated data.
88+ :param bytes secret: Optional secret data.
89+
90+ :rfc: `9106 ` has recommendations for `parameter choice `_.
91+
92+ :raises cryptography.exceptions.UnsupportedAlgorithm: If Argon2id is not
93+ supported by the OpenSSL version ``cryptography `` is using.
94+
95+ .. method :: derive(key_material)
96+
97+ :param key_material: The input key material.
98+ :type key_material: :term: `bytes-like `
99+ :return bytes: the derived key.
100+ :raises TypeError: This exception is raised if ``key_material `` is not
101+ ``bytes ``.
102+ :raises cryptography.exceptions.AlreadyFinalized: This is raised when
103+ :meth: `derive ` or
104+ :meth: `verify ` is
105+ called more than
106+ once.
107+
108+ This generates and returns a new key from the supplied password.
109+
110+ .. method :: verify(key_material, expected_key)
111+
112+ :param bytes key_material: The input key material. This is the same as
113+ ``key_material `` in :meth: `derive `.
114+ :param bytes expected_key: The expected result of deriving a new key,
115+ this is the same as the return value of
116+ :meth: `derive `.
117+ :raises cryptography.exceptions.InvalidKey: This is raised when the
118+ derived key does not match
119+ the expected key.
120+ :raises cryptography.exceptions.AlreadyFinalized: This is raised when
121+ :meth: `derive ` or
122+ :meth: `verify ` is
123+ called more than
124+ once.
125+
126+ This checks whether deriving a new key from the supplied
127+ ``key_material `` generates the same key as the ``expected_key ``, and
128+ raises an exception if they do not match. This can be used for
129+ checking whether the password a user provides matches the stored derived
130+ key.
131+
33132
34133PBKDF2
35134------
@@ -1039,3 +1138,4 @@ Interface
10391138.. _`recommends` : https://datatracker.ietf.org/doc/html/rfc7914#section-2
10401139.. _`The scrypt paper` : https://www.tarsnap.com/scrypt/scrypt.pdf
10411140.. _`understanding HKDF` : https://soatok.blog/2021/11/17/understanding-hkdf/
1141+ .. _`parameter choice` : https://datatracker.ietf.org/doc/html/rfc9106#section-4
0 commit comments