| .. hazmat:: |
| |
| Backend Interfaces |
| ================== |
| |
| .. currentmodule:: cryptography.hazmat.backends.interfaces |
| |
| |
| Backend implementations may provide a number of interfaces to support operations |
| such as :doc:`/hazmat/primitives/symmetric-encryption`, |
| :doc:`/hazmat/primitives/cryptographic-hashes`, and |
| :doc:`/hazmat/primitives/hmac`. |
| |
| A specific ``backend`` may provide one or more of these interfaces. |
| |
| |
| .. class:: CipherBackend |
| |
| A backend which provides methods for using ciphers for encryption |
| and decryption. |
| |
| .. method:: cipher_supported(cipher, mode) |
| |
| Check if a ``cipher`` and ``mode`` combination is supported by |
| this backend. |
| |
| :param cipher: An instance of a |
| :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm` |
| provider. |
| :param mode: An instance of a |
| :class:`~cryptography.hazmat.primitives.interfaces.Mode` provider. |
| |
| :returns: ``True`` if the specified ``cipher`` and ``mode`` combination |
| is supported by this backend, otherwise ``False`` |
| |
| |
| .. method:: create_symmetric_encryption_ctx(cipher, mode) |
| |
| Create a |
| :class:`~cryptogrpahy.hazmat.primitives.interfaces.CipherContext` that |
| can be used for encrypting data with the symmetric ``cipher`` using |
| the given ``mode``. |
| |
| :param cipher: An instance of a |
| :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm` |
| provider. |
| :param mode: An instance of a |
| :class:`~cryptography.hazmat.primitives.interfaces.Mode` provider. |
| |
| :returns: |
| :class:`~cryptography.hazmat.primitives.interfaces.CipherContext` |
| |
| :raises ValueError: When tag is not None in an AEAD mode |
| |
| |
| .. method:: create_symmetric_decryption_ctx(cipher, mode) |
| |
| Create a |
| :class:`~cryptogrpahy.hazmat.primitives.interfaces.CipherContext` that |
| can be used for decrypting data with the symmetric ``cipher`` using |
| the given ``mode``. |
| |
| :param cipher: An instance of a |
| :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm` |
| provider. |
| :param mode: An instance of a |
| :class:`~cryptography.hazmat.primitives.interfaces.Mode` provider. |
| |
| :returns: |
| :class:`~cryptography.hazmat.primitives.interfaces.CipherContext` |
| |
| :raises ValueError: When tag is None in an AEAD mode |
| |
| |
| .. class:: HashBackend |
| |
| A backend with methods for using cryptographic hash functions. |
| |
| .. method:: hash_supported(algorithm) |
| |
| Check if the specified ``algorithm`` is supported by this backend. |
| |
| :param algorithm: An instance of a |
| :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` |
| provider. |
| |
| :returns: ``True`` if the specified ``algorithm`` is supported by this |
| backend, otherwise ``False``. |
| |
| |
| .. method:: create_hash_ctx(algorithm) |
| |
| Create a |
| :class:`~cryptogrpahy.hazmat.primitives.interfaces.HashContext` that |
| uses the specified ``algorithm`` to calculate a message digest. |
| |
| :param algorithm: An instance of a |
| :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` |
| provider. |
| |
| :returns: |
| :class:`~cryptography.hazmat.primitives.interfaces.HashContext` |
| |
| |
| .. class:: HMACBackend |
| |
| A backend with methods for using cryptographic hash functions as message |
| authentication codes. |
| |
| .. method:: hmac_supported(algorithm) |
| |
| Check if the specified ``algorithm`` is supported by this backend. |
| |
| :param algorithm: An instance of a |
| :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` |
| provider. |
| |
| :returns: ``True`` if the specified ``algorithm`` is supported for HMAC |
| by this backend, otherwise ``False``. |
| |
| .. method:: create_hmac_ctx(algorithm) |
| |
| Create a |
| :class:`~cryptogrpahy.hazmat.primitives.interfaces.HashContext` that |
| uses the specified ``algorithm`` to calculate a hash-based message |
| authentication code. |
| |
| :param algorithm: An instance of a |
| :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` |
| provider. |
| |
| :returns: |
| :class:`~cryptography.hazmat.primitives.interfaces.HashContext` |
| |
| |
| |
| .. class:: PBKDF2Backend |
| |
| A backend with methods for using PBKDF2. |
| |
| .. method:: pbkdf2_hash_supported(algorithm) |
| |
| Check if the specified ``algorithm`` is supported by this backend. |
| |
| :param algorithm: An instance of a |
| :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` |
| provider. |
| |
| :returns: ``True`` if the specified ``algorithm`` is supported for |
| PBKDF2 by this backend, otherwise ``False``. |
| |
| .. method:: derive_pbkdf2(self, algorithm, length, salt, iterations, |
| key_material) |
| |
| :param algorithm: An instance of a |
| :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` |
| provider. |
| |
| :param int length: The desired length of the derived key. Maximum is |
| 2\ :sup:`31` - 1. |
| |
| :param bytes salt: A salt. `RFC 2898`_ recommends 64-bits or longer. |
| |
| :param int iterations: The number of iterations to perform of the hash |
| function. |
| |
| :param bytes key_material: The key material to use as a basis for |
| the derived key. This is typically a password. |
| |
| :return bytes: Derived key. |
| |
| .. _`RFC 2898`: https://www.ietf.org/rfc/rfc2898.txt |