Merge branch 'master' into fernet
diff --git a/.travis/install.sh b/.travis/install.sh
index fdd7190..4aa3979 100755
--- a/.travis/install.sh
+++ b/.travis/install.sh
@@ -5,24 +5,8 @@
if [[ "${OPENSSL}" == "0.9.8" ]]; then
sudo add-apt-repository "deb http://archive.ubuntu.com/ubuntu/ lucid main"
-fi
-
-if [[ "${TOX_ENV}" == "pypy" ]]; then
- sudo add-apt-repository -y ppa:pypy/ppa
-fi
-
-sudo apt-get -y update
-
-if [[ "${OPENSSL}" == "0.9.8" ]]; then
+ sudo apt-get -y update
sudo apt-get install -y --force-yes libssl-dev/lucid
fi
-if [[ "${TOX_ENV}" == "pypy" ]]; then
- sudo apt-get install -y pypy
-
- # This is required because we need to get rid of the Travis installed PyPy
- # or it'll take precedence over the PPA installed one.
- sudo rm -rf /usr/local/pypy/bin
-fi
-
pip install tox coveralls
diff --git a/cryptography/hazmat/bindings/interfaces.py b/cryptography/hazmat/bindings/interfaces.py
new file mode 100644
index 0000000..912476b
--- /dev/null
+++ b/cryptography/hazmat/bindings/interfaces.py
@@ -0,0 +1,66 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+import abc
+
+import six
+
+
+class CipherBackend(six.with_metaclass(abc.ABCMeta)):
+ @abc.abstractmethod
+ def cipher_supported(self, cipher, mode):
+ """
+ Return True if the given cipher and mode are supported.
+ """
+
+ @abc.abstractmethod
+ def register_cipher_adapter(self, cipher, mode, adapter):
+ """
+ Register an adapter for a cipher and mode to a backend specific object.
+ """
+
+ @abc.abstractmethod
+ def create_symmetric_encryption_ctx(self, cipher, mode):
+ """
+ Get a CipherContext that can be used for encryption.
+ """
+
+ @abc.abstractmethod
+ def create_symmetric_decryption_ctx(self, cipher, mode):
+ """
+ Get a CipherContext that can be used for decryption.
+ """
+
+
+class HashBackend(six.with_metaclass(abc.ABCMeta)):
+ @abc.abstractmethod
+ def hash_supported(self, algorithm):
+ """
+ Return True if the hash algorithm is supported by this backend.
+ """
+
+ @abc.abstractmethod
+ def create_hash_ctx(self, algorithm):
+ """
+ Create a HashContext for calculating a message digest.
+ """
+
+
+class HMACBackend(six.with_metaclass(abc.ABCMeta)):
+ @abc.abstractmethod
+ def create_hmac_ctx(self, key, algorithm):
+ """
+ Create a HashContext for calculating a message authentication code.
+ """
diff --git a/cryptography/hazmat/bindings/openssl/backend.py b/cryptography/hazmat/bindings/openssl/backend.py
index 92cd386..db4d18e 100644
--- a/cryptography/hazmat/bindings/openssl/backend.py
+++ b/cryptography/hazmat/bindings/openssl/backend.py
@@ -20,6 +20,9 @@
from cryptography import utils
from cryptography.exceptions import UnsupportedAlgorithm
+from cryptography.hazmat.bindings.interfaces import (
+ CipherBackend, HashBackend, HMACBackend
+)
from cryptography.hazmat.primitives import interfaces
from cryptography.hazmat.primitives.ciphers.algorithms import (
AES, Blowfish, Camellia, CAST5, TripleDES, ARC4,
@@ -29,6 +32,9 @@
)
+@utils.register_interface(CipherBackend)
+@utils.register_interface(HashBackend)
+@utils.register_interface(HMACBackend)
class Backend(object):
"""
OpenSSL API wrapper.
diff --git a/docs/cryptography-docs.py b/docs/cryptography-docs.py
index 4ed5526..ea7e8ee 100644
--- a/docs/cryptography-docs.py
+++ b/docs/cryptography-docs.py
@@ -31,10 +31,14 @@
pass
-def visit_hazmat_node(self, node):
+def html_visit_hazmat_node(self, node):
return self.visit_admonition(node, "danger")
+def latex_visit_hazmat_node(self, node):
+ return self.visit_admonition(node)
+
+
def depart_hazmat_node(self, node):
return self.depart_admonition(node)
@@ -42,6 +46,7 @@
def setup(app):
app.add_node(
Hazmat,
- html=(visit_hazmat_node, depart_hazmat_node)
+ html=(html_visit_hazmat_node, depart_hazmat_node),
+ latex=(latex_visit_hazmat_node, depart_hazmat_node),
)
app.add_directive("hazmat", HazmatDirective)
diff --git a/docs/hazmat/bindings/index.rst b/docs/hazmat/bindings/index.rst
index 19e0399..11355bf 100644
--- a/docs/hazmat/bindings/index.rst
+++ b/docs/hazmat/bindings/index.rst
@@ -7,3 +7,4 @@
:maxdepth: 1
openssl
+ interfaces
diff --git a/docs/hazmat/bindings/interfaces.rst b/docs/hazmat/bindings/interfaces.rst
new file mode 100644
index 0000000..c55d86d
--- /dev/null
+++ b/docs/hazmat/bindings/interfaces.rst
@@ -0,0 +1,137 @@
+.. hazmat::
+
+Backend Interfaces
+==================
+
+.. currentmodule:: cryptography.hazmat.bindings.interfaces
+
+
+Backend implementations may provide a number of interfaces to support operations
+such as :doc:`/hazmat/primitives/symmetric-encryption`,
+:doc:`/hazmat/primitives/cryptographic-hashes`, and
+:doc:`/hazmat/primitives/hmac`.
+
+A specific ``backend`` may provide one or more of these interfaces.
+
+
+.. class:: CipherBackend
+
+ A backend which provides methods for using ciphers for encryption
+ and decryption.
+
+ .. method:: cipher_supported(cipher, mode)
+
+ Check if a ``cipher`` and ``mode`` combination is supported by
+ this backend.
+
+ :param cipher: An instance of a
+ :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm`
+ provider.
+ :param mode: An instance of a
+ :class:`~cryptography.hazmat.primitives.interfaces.Mode` provider.
+
+ :returns: ``True`` if the specified ``cipher`` and ``mode`` combination
+ is supported by this backend, otherwise ``False``
+
+ .. method:: register_cipher_adapter(cipher_cls, mode_cls, adapter)
+
+ Register an adapter which can be used to create a backend specific
+ object from instances of the
+ :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm` and
+ the :class:`~cryptography.hazmat.primitives.interfaces.Mode` primitives.
+
+ :param cipher_cls: A class whose instances provide
+ :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm`
+ :param mode_cls: A class whose instances provide:
+ :class:`~cryptography.hazmat.primitives.interfaces.Mode`
+ :param adapter: A ``function`` that takes 3 arguments, ``backend`` (a
+ :class:`CipherBackend` provider), ``cipher`` (a
+ :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm`
+ provider ), and ``mode`` (a
+ :class:`~cryptography.hazmat.primitives.interfaces.Mode` provider).
+ It returns a backend specific object which may be used to construct
+ a :class:`~cryptogrpahy.hazmat.primitives.interfaces.CipherContext`.
+
+
+ .. method:: create_symmetric_encryption_ctx(cipher, mode)
+
+ Create a
+ :class:`~cryptogrpahy.hazmat.primitives.interfaces.CipherContext` that
+ can be used for encrypting data with the symmetric ``cipher`` using
+ the given ``mode``.
+
+ :param cipher: An instance of a
+ :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm`
+ provider.
+ :param mode: An instance of a
+ :class:`~cryptography.hazmat.primitives.interfaces.Mode` provider.
+
+ :returns:
+ :class:`~cryptography.hazmat.primitives.interfaces.CipherContext`
+
+
+ .. method:: create_symmetric_decryption_ctx(cipher, mode)
+
+ Create a
+ :class:`~cryptogrpahy.hazmat.primitives.interfaces.CipherContext` that
+ can be used for decrypting data with the symmetric ``cipher`` using
+ the given ``mode``.
+
+ :param cipher: An instance of a
+ :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm`
+ provider.
+ :param mode: An instance of a
+ :class:`~cryptography.hazmat.primitives.interfaces.Mode` provider.
+
+ :returns:
+ :class:`~cryptography.hazmat.primitives.interfaces.CipherContext`
+
+
+.. class:: HashBackend
+
+ A backend with methods for using cryptographic hash functions.
+
+ .. method:: hash_supported(algorithm)
+
+ Check if the specified ``algorithm`` is supported by this backend.
+
+ :param algorithm: An instance of a
+ :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
+ provider.
+
+ :returns: ``True`` if the specified ``algorithm`` is supported by this
+ backend, otherwise ``False``.
+
+
+ .. method:: create_hash_ctx(algorithm)
+
+ Create a
+ :class:`~cryptogrpahy.hazmat.primitives.interfaces.HashContext` that
+ uses the specified ``algorithm`` to calculate a message digest.
+
+ :param algorithm: An instance of a
+ :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
+ provider.
+
+ :returns:
+ :class:`~cryptography.hazmat.primitives.interfaces.HashContext`
+
+
+.. class:: HMACBackend
+
+ A backend with methods for using cryptographic hash functions as message
+ authentication codes.
+
+ .. method:: create_hmac_ctx(algorithm)
+
+ Create a
+ :class:`~cryptogrpahy.hazmat.primitives.interfaces.HashContext` that
+ uses the specified ``algorithm`` to calculate a hash-based message
+ authentication code.
+
+ :param algorithm: An instance of a
+ :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
+ provider.
+
+ :returns:
+ :class:`~cryptography.hazmat.primitives.interfaces.HashContext`