Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 13f1d8dfd7c216177c605341aa9a180ff813bd19 / . / docs / hazmat / backends / interfaces.rst
blob: c1ce621af3f4a661a4bff91f55fcd5f0f6b53015 [file] [log] [blame]
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]1.. hazmat::
2
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]3Backend interfaces
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]4==================
5
Alex Gaynorf8796b12013-12-13 20:28:55 -0800[diff] [blame]6.. currentmodule:: cryptography.hazmat.backends.interfaces
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]7
8
Alex Gaynor969f18e2014-05-17 20:07:35 -0700[diff] [blame]9Backend implementations may provide a number of interfaces to support
10operations such as :doc:`/hazmat/primitives/symmetric-encryption`,
David Reid6b9df812013-11-18 14:13:02 -0800[diff] [blame]11:doc:`/hazmat/primitives/cryptographic-hashes`, and
Ayrxfa4a6b22014-04-16 23:03:14 +0800[diff] [blame]12:doc:`/hazmat/primitives/mac/hmac`.
David Reid6b9df812013-11-18 14:13:02 -0800[diff] [blame]13
14A specific ``backend`` may provide one or more of these interfaces.
15
16
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]17.. class:: CipherBackend
18
Alex Stapleton63b3de22014-02-08 09:43:16 +0000[diff] [blame]19 A backend that provides methods for using ciphers for encryption
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]20 and decryption.
21
Alex Gaynor585c99c2014-02-04 16:10:10 -0800[diff] [blame]22 The following backends implement this interface:
23
24 * :doc:`/hazmat/backends/openssl`
25 * :doc:`/hazmat/backends/commoncrypto`
26
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]27 .. method:: cipher_supported(cipher, mode)
28
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]29 Check if a ``cipher`` and ``mode`` combination is supported by
30 this backend.
31
32 :param cipher: An instance of a
33 :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm`
34 provider.
35 :param mode: An instance of a
36 :class:`~cryptography.hazmat.primitives.interfaces.Mode` provider.
37
38 :returns: ``True`` if the specified ``cipher`` and ``mode`` combination
39 is supported by this backend, otherwise ``False``
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]40
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]41
42 .. method:: create_symmetric_encryption_ctx(cipher, mode)
43
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]44 Create a
Paul Kehrer446cc2a2014-01-29 14:39:30 -0600[diff] [blame]45 :class:`~cryptography.hazmat.primitives.interfaces.CipherContext` that
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]46 can be used for encrypting data with the symmetric ``cipher`` using
47 the given ``mode``.
48
49 :param cipher: An instance of a
50 :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm`
51 provider.
52 :param mode: An instance of a
53 :class:`~cryptography.hazmat.primitives.interfaces.Mode` provider.
54
55 :returns:
56 :class:`~cryptography.hazmat.primitives.interfaces.CipherContext`
57
Paul Kehrera07925a2013-12-06 11:49:42 -0600[diff] [blame]58 :raises ValueError: When tag is not None in an AEAD mode
59
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]60
61 .. method:: create_symmetric_decryption_ctx(cipher, mode)
62
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]63 Create a
Paul Kehrer446cc2a2014-01-29 14:39:30 -0600[diff] [blame]64 :class:`~cryptography.hazmat.primitives.interfaces.CipherContext` that
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]65 can be used for decrypting data with the symmetric ``cipher`` using
66 the given ``mode``.
67
68 :param cipher: An instance of a
69 :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm`
70 provider.
71 :param mode: An instance of a
72 :class:`~cryptography.hazmat.primitives.interfaces.Mode` provider.
73
74 :returns:
75 :class:`~cryptography.hazmat.primitives.interfaces.CipherContext`
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]76
Paul Kehrera07925a2013-12-06 11:49:42 -0600[diff] [blame]77 :raises ValueError: When tag is None in an AEAD mode
78
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]79
80.. class:: HashBackend
81
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]82 A backend with methods for using cryptographic hash functions.
83
Alex Gaynor585c99c2014-02-04 16:10:10 -0800[diff] [blame]84 The following backends implement this interface:
85
86 * :doc:`/hazmat/backends/openssl`
87 * :doc:`/hazmat/backends/commoncrypto`
88
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]89 .. method:: hash_supported(algorithm)
90
David Reid6624a442013-11-18 12:44:30 -0800[diff] [blame]91 Check if the specified ``algorithm`` is supported by this backend.
92
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]93 :param algorithm: An instance of a
94 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
95 provider.
96
97 :returns: ``True`` if the specified ``algorithm`` is supported by this
98 backend, otherwise ``False``.
99
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]100
101 .. method:: create_hash_ctx(algorithm)
102
David Reid6624a442013-11-18 12:44:30 -0800[diff] [blame]103 Create a
Paul Kehrer446cc2a2014-01-29 14:39:30 -0600[diff] [blame]104 :class:`~cryptography.hazmat.primitives.interfaces.HashContext` that
David Reid6624a442013-11-18 12:44:30 -0800[diff] [blame]105 uses the specified ``algorithm`` to calculate a message digest.
106
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]107 :param algorithm: An instance of a
108 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
109 provider.
110
111 :returns:
112 :class:`~cryptography.hazmat.primitives.interfaces.HashContext`
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]113
114
115.. class:: HMACBackend
116
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]117 A backend with methods for using cryptographic hash functions as message
118 authentication codes.
119
Alex Gaynor585c99c2014-02-04 16:10:10 -0800[diff] [blame]120 The following backends implement this interface:
121
122 * :doc:`/hazmat/backends/openssl`
123 * :doc:`/hazmat/backends/commoncrypto`
124
Paul Kehrer90ae8662013-12-23 17:21:00 -0600[diff] [blame]125 .. method:: hmac_supported(algorithm)
126
127 Check if the specified ``algorithm`` is supported by this backend.
128
129 :param algorithm: An instance of a
130 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
131 provider.
132
133 :returns: ``True`` if the specified ``algorithm`` is supported for HMAC
134 by this backend, otherwise ``False``.
135
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]136 .. method:: create_hmac_ctx(algorithm)
137
David Reid6624a442013-11-18 12:44:30 -0800[diff] [blame]138 Create a
Paul Kehrer446cc2a2014-01-29 14:39:30 -0600[diff] [blame]139 :class:`~cryptography.hazmat.primitives.interfaces.HashContext` that
Paul Kehrer4f776c42013-12-23 17:25:54 -0600[diff] [blame]140 uses the specified ``algorithm`` to calculate a hash-based message
141 authentication code.
David Reid6624a442013-11-18 12:44:30 -0800[diff] [blame]142
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]143 :param algorithm: An instance of a
144 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
145 provider.
146
147 :returns:
148 :class:`~cryptography.hazmat.primitives.interfaces.HashContext`
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]149
150
Paul Kehrer98e40e62014-01-28 15:07:49 -0600[diff] [blame]151.. class:: PBKDF2HMACBackend
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]152
Paul Kehrer5d1af212014-01-28 12:19:32 -0600[diff] [blame]153 .. versionadded:: 0.2
154
Paul Kehrer98e40e62014-01-28 15:07:49 -0600[diff] [blame]155 A backend with methods for using PBKDF2 using HMAC as a PRF.
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]156
Alex Gaynor585c99c2014-02-04 16:10:10 -0800[diff] [blame]157 The following backends implement this interface:
158
159 * :doc:`/hazmat/backends/openssl`
160 * :doc:`/hazmat/backends/commoncrypto`
161
Paul Kehrer98e40e62014-01-28 15:07:49 -0600[diff] [blame]162 .. method:: pbkdf2_hmac_supported(algorithm)
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]163
164 Check if the specified ``algorithm`` is supported by this backend.
165
Paul Kehrer589b9082014-01-28 21:25:41 -0600[diff] [blame]166 :param algorithm: An instance of a
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]167 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
168 provider.
169
170 :returns: ``True`` if the specified ``algorithm`` is supported for
Paul Kehrer98e40e62014-01-28 15:07:49 -0600[diff] [blame]171 PBKDF2 HMAC by this backend, otherwise ``False``.
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]172
Paul Kehrer98e40e62014-01-28 15:07:49 -0600[diff] [blame]173 .. method:: derive_pbkdf2_hmac(self, algorithm, length, salt, iterations,
174 key_material)
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]175
176 :param algorithm: An instance of a
177 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
178 provider.
179
180 :param int length: The desired length of the derived key. Maximum is
Paul Kehrer98e40e62014-01-28 15:07:49 -0600[diff] [blame]181 (2\ :sup:`32` - 1) * ``algorithm.digest_size``
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]182
Paul Kehrerb6d764c2014-01-27 22:32:11 -0600[diff] [blame]183 :param bytes salt: A salt.
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]184
185 :param int iterations: The number of iterations to perform of the hash
Paul Kehrerc58b4782014-01-29 13:56:25 -0600[diff] [blame]186 function. This can be used to control the length of time the
187 operation takes. Higher numbers help mitigate brute force attacks
188 against derived keys.
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]189
190 :param bytes key_material: The key material to use as a basis for
191 the derived key. This is typically a password.
192
193 :return bytes: Derived key.
Alex Stapleton209a1322014-02-07 20:26:44 +0000[diff] [blame]194
195
196.. class:: RSABackend
197
198 .. versionadded:: 0.2
199
200 A backend with methods for using RSA.
201
Alex Stapletone009ad22014-02-08 17:23:46 +0000[diff] [blame]202 .. method:: generate_rsa_private_key(public_exponent, key_size)
Alex Stapleton209a1322014-02-07 20:26:44 +0000[diff] [blame]203
204 :param int public_exponent: The public exponent of the new key.
205 Often one of the small Fermat primes 3, 5, 17, 257 or 65537.
206
Alex Stapletone009ad22014-02-08 17:23:46 +0000[diff] [blame]207 :param int key_size: The length in bits of the modulus. Should be
Alex Stapleton209a1322014-02-07 20:26:44 +0000[diff] [blame]208 at least 2048.
209
210 :return: A new instance of a
211 :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey`
212 provider.
213
214 :raises ValueError: If the public_exponent is not valid.
Paul Kehrer2b3f0fc2014-02-17 19:20:14 -0600[diff] [blame]215
Paul Kehrer3292c992014-02-17 21:12:38 -0600[diff] [blame]216 .. method:: create_rsa_signature_ctx(private_key, padding, algorithm)
Paul Kehrer2b3f0fc2014-02-17 19:20:14 -0600[diff] [blame]217
Paul Kehrerdd3780a2014-02-18 13:17:53 -0600[diff] [blame]218 :param private_key: An instance of an
Paul Kehrer2b3f0fc2014-02-17 19:20:14 -0600[diff] [blame]219 :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey`
220 provider.
221
Paul Kehrerdd3780a2014-02-18 13:17:53 -0600[diff] [blame]222 :param padding: An instance of an
Paul Kehrer2b3f0fc2014-02-17 19:20:14 -0600[diff] [blame]223 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
224 provider.
225
226 :param algorithm: An instance of a
227 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
228 provider.
229
230 :returns:
Paul Kehrerdd3780a2014-02-18 13:17:53 -0600[diff] [blame]231 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
Paul Kehrer2b3f0fc2014-02-17 19:20:14 -0600[diff] [blame]232
Paul Kehrerdd3780a2014-02-18 13:17:53 -0600[diff] [blame]233 .. method:: create_rsa_verification_ctx(public_key, signature, padding, algorithm)
Paul Kehrer2b3f0fc2014-02-17 19:20:14 -0600[diff] [blame]234
235 :param public_key: An instance of a
236 :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`
237 provider.
238
239 :param bytes signature: The signature to verify.
240
Paul Kehrerdd3780a2014-02-18 13:17:53 -0600[diff] [blame]241 :param padding: An instance of an
Paul Kehrer2b3f0fc2014-02-17 19:20:14 -0600[diff] [blame]242 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
243 provider.
244
245 :param algorithm: An instance of a
246 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
247 provider.
248
249 :returns:
Paul Kehrer430202d2014-02-18 13:36:53 -0600[diff] [blame]250 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
Alex Stapleton2fb76a32014-02-15 11:10:57 +0000[diff] [blame]251
Paul Kehrer06c77932014-03-09 22:22:14 -0400[diff] [blame]252 .. method:: mgf1_hash_supported(algorithm)
253
254 Check if the specified ``algorithm`` is supported for use with
255 :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1`
256 inside :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`
257 padding.
258
259 :param algorithm: An instance of a
260 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
261 provider.
262
263 :returns: ``True`` if the specified ``algorithm`` is supported by this
264 backend, otherwise ``False``.
265
Paul Kehrerc333dbc2014-05-24 18:35:02 -0500[diff] [blame]266 .. method:: rsa_padding_supported(padding)
267
268 Check if the specified ``padding`` is supported by the backend.
269
270 :param padding: An instance of an
271 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
272 provider.
273
274 :returns: ``True`` if the specified ``padding`` is supported by this
275 backend, otherwise ``False``.
276
Paul Kehrer342d2e42014-05-25 22:01:20 -0500[diff] [blame]277 .. method:: generate_rsa_parameters_supported(public_exponent, key_size)
278
279 Check if the specified parameters are supported for key generation by
280 the backend.
281
Paul Kehrer1b760f12014-05-26 08:54:38 -0500[diff] [blame]282 :param int public_exponent: The public exponent.
Paul Kehrer342d2e42014-05-25 22:01:20 -0500[diff] [blame]283
Paul Kehrer1b760f12014-05-26 08:54:38 -0500[diff] [blame]284 :param int key_size: The bit length of the generated modulus.
Paul Kehrer342d2e42014-05-25 22:01:20 -0500[diff] [blame]285
Paul Kehrer4c0a3742014-04-05 19:51:00 -0500[diff] [blame]286 .. method:: decrypt_rsa(private_key, ciphertext, padding)
287
288 :param private_key: An instance of an
289 :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey`
290 provider.
291
292 :param bytes ciphertext: The ciphertext to decrypt.
293
294 :param padding: An instance of an
295 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
296 provider.
297
Paul Kehrerc929e402014-05-09 11:09:13 -0500[diff] [blame]298 :return bytes: The decrypted data.
299
300 :raises cryptography.exceptions.UnsupportedAlgorithm: If an unsupported
301 MGF, hash function, or padding is chosen.
302
303 :raises ValueError: When decryption fails or key size does not match
304 ciphertext length.
305
Paul Kehrer4e602f32014-04-24 12:07:54 -0500[diff] [blame]306 .. method:: encrypt_rsa(public_key, plaintext, padding)
307
308 :param public_key: An instance of an
309 :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`
310 provider.
311
312 :param bytes plaintext: The plaintext to encrypt.
313
314 :param padding: An instance of an
315 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
316 provider.
317
Paul Kehrerc929e402014-05-09 11:09:13 -0500[diff] [blame]318 :return bytes: The encrypted data.
319
320 :raises cryptography.exceptions.UnsupportedAlgorithm: If an unsupported
321 MGF, hash function, or padding is chosen.
322
323 :raises ValueError: When plaintext is too long for the key size.
Alex Stapleton2fb76a32014-02-15 11:10:57 +0000[diff] [blame]324
Alex Stapleton458c09b2014-04-23 20:58:37 +0100[diff] [blame]325.. class:: TraditionalOpenSSLSerializationBackend
Alex Stapleton2fb76a32014-02-15 11:10:57 +0000[diff] [blame]326
327 .. versionadded:: 0.3
328
329 A backend with methods for working with OpenSSL's "traditional" PKCS #1
330 style key serialization.
331
332 .. method:: load_openssl_pem_private_key(data, password)
Alex Gaynorc6a6f312014-03-06 14:22:56 -0800[diff] [blame]333
Alex Stapleton2fb76a32014-02-15 11:10:57 +0000[diff] [blame]334 :param bytes data: PEM data to deserialize.
335
336 :param bytes password: The password to use if this data is encrypted.
337 Should be None if the data is not encrypted.
338
Alex Stapleton458c09b2014-04-23 20:58:37 +0100[diff] [blame]339 :return: A new instance of the appropriate private key or public key
340 that the serialized data contains.
Alex Stapleton2fb76a32014-02-15 11:10:57 +0000[diff] [blame]341
342 :raises ValueError: If the data could not be deserialized correctly.
343
344 :raises cryptography.exceptions.UnsupportedAlgorithm: If the data is
345 encrypted with an unsupported algorithm.
Mohammed Attia29474ac2014-04-02 04:03:09 +0200[diff] [blame]346
347
348.. class:: DSABackend
349
350 .. versionadded:: 0.4
351
352 A backend with methods for using DSA.
353
354 .. method:: generate_dsa_parameters(key_size)
355
Alex Gaynorc9dc0a02014-04-24 13:38:12 -0700[diff] [blame]356 :param int key_size: The length of the modulus in bits. It should be
357 either 1024, 2048 or 3072. For keys generated in 2014 this should
Mohammed Attia29474ac2014-04-02 04:03:09 +0200[diff] [blame]358 be at least 2048.
Alex Gaynorc9dc0a02014-04-24 13:38:12 -0700[diff] [blame]359 Note that some applications (such as SSH) have not yet gained
360 support for larger key sizes specified in FIPS 186-3 and are still
361 restricted to only the 1024-bit keys specified in FIPS 186-2.
Mohammed Attia29474ac2014-04-02 04:03:09 +0200[diff] [blame]362
363 :return: A new instance of a
364 :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`
365 provider.
366
367 .. method:: generate_dsa_private_key(parameters)
368
369 :param parameters: A
370 :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`
371 provider.
372
373 :return: A new instance of a
374 :class:`~cryptography.hazmat.primitives.interfaces.DSAPrivateKey`
375 provider.
376
Alex Gaynor239d5182014-04-24 13:42:58 -0700[diff] [blame]377 :raises ValueError: This is raised if the key size is not one of 1024,
378 2048, or 3072. It is also raised when OpenSSL is older than version
379 1.0.0 and the key size is larger than 1024; older OpenSSL versions
380 do not support keys larger than 1024 bits.
Ayrx97a72fd2014-04-15 19:02:51 +0800[diff] [blame]381
Paul Kehrer0b3ff3b2014-05-01 15:34:42 -0500[diff] [blame]382 .. method:: create_dsa_signature_ctx(private_key, algorithm)
383
384 :param private_key: An instance of a
385 :class:`~cryptography.hazmat.primitives.interfaces.DSAPrivateKey`
386 provider.
387
388 :param algorithm: An instance of a
389 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
390 provider
391
392 :returns:
393 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
394
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]395 .. method:: create_dsa_verification_ctx(public_key, signature, algorithm)
396
397 :param public_key: An instance of a
398 :class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey`
399 provider.
400
Paul Kehrer21babbb2014-05-01 11:33:22 -0500[diff] [blame]401 :param bytes signature: The signature to verify. DER encoded as
402 specified in :rfc:`6979`.
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]403
404 :param algorithm: An instance of a
405 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
406 provider.
407
408 :returns:
409 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
410
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]411 .. method:: dsa_hash_supported(algorithm):
Paul Kehrer43dc2762014-04-30 16:24:39 -0500[diff] [blame]412
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]413 :param algorithm: An instance of a
414 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
415 provider.
416
417 :returns: ``True`` if the specified ``algorithm`` is supported by this
418 backend, otherwise ``False``.
419
Paul Kehrer21babbb2014-05-01 11:33:22 -0500[diff] [blame]420 .. method:: dsa_parameters_supported(p, q, g):
Paul Kehrerb4037872014-04-30 16:32:23 -0500[diff] [blame]421
422 :param int p: The p value of a DSA key.
423
424 :param int q: The q value of a DSA key.
425
Paul Kehrer21babbb2014-05-01 11:33:22 -0500[diff] [blame]426 :param int g: The g value of a DSA key.
427
428 :returns: ``True`` if the given values of ``p``, ``q``, and ``g`` are
429 supported by this backend, otherwise ``False``.
Paul Kehrerb4037872014-04-30 16:32:23 -0500[diff] [blame]430
Ayrx97a72fd2014-04-15 19:02:51 +0800[diff] [blame]431
432.. class:: CMACBackend
433
434 .. versionadded:: 0.4
435
436 A backend with methods for using CMAC
437
Ayrx6cf29f22014-04-16 23:47:36 +0800[diff] [blame]438 .. method:: cmac_algorithm_supported(algorithm)
Ayrx97a72fd2014-04-15 19:02:51 +0800[diff] [blame]439
Ayrx6cf29f22014-04-16 23:47:36 +0800[diff] [blame]440 :param algorithm: An instance of a
441 :class:`~cryptography.hazmat.primitives.interfaces.BlockCipherAlgorithm`
442 provider.
443 :return: Returns True if the block cipher is supported for CMAC by this backend
Ayrx97a72fd2014-04-15 19:02:51 +0800[diff] [blame]444
445 .. method:: create_cmac_ctx(algorithm)
446
447 Create a
448 :class:`~cryptography.hazmat.primitives.interfaces.CMACContext` that
449 uses the specified ``algorithm`` to calculate a message authentication code.
450
451 :param algorithm: An instance of a
452 :class:`~cryptography.hazmat.primitives.interfaces.BlockCipherAlgorithm`
453 provider.
454
455 :returns:
456 :class:`~cryptography.hazmat.primitives.interfaces.CMACContext`
Paul Kehrer286c7dc2014-05-31 12:05:38 -0500[diff] [blame]457
458
459.. class:: PKCS8SerializationBackend
460
461 .. versionadded:: 0.5
462
463 A backend with methods for working with PKCS #8 key serialization.
464
465 .. method:: load_pkcs8_pem_private_key(data, password)
466
467 :param bytes data: PEM data to deserialize.
468
469 :param bytes password: The password to use if this data is encrypted.
470 Should be None if the data is not encrypted.
471
472 :return: A new instance of the appropriate private key or public key
473 that the serialized data contains.
474
475 :raises ValueError: If the data could not be deserialized correctly.
476
477 :raises cryptography.exceptions.UnsupportedAlgorithm: If the data is
478 encrypted with an unsupported algorithm.
Alex Stapleton13f1d8d2014-05-17 16:50:11 +0100[diff] [blame^]479
480
481.. class:: EllipticCurveBackend
482
483 .. versionadded:: 0.5
484
485 .. method:: elliptic_curve_supported(curve)
486
487 :param curve: An instance of a
488 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurve`
489 provider.
490
491 :returns: True if the elliptic curve is supported by this backend.
492
493 .. method:: elliptic_curve_signature_algorithm_supported(signature_algorithm, curve)
494
495 :param signature_algorithm: An instance of a
496 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurveSignatureAlgorithm`
497 provider.
498
499 :param curve: An instance of a
500 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurve`
501 provider.
502
503 :returns: True if the signature algorithm and curve are supported by this backend.
504
505 .. method:: generate_elliptic_curve_private_key(curve)
506
507 :param curve: An instance of a
508 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurve`
509 provider.
510
511 .. method:: elliptic_curve_private_key_from_numbers(numbers)
512
513 :param numbers: An instance of a
514 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePrivateNumbers`
515 provider.
516
517 :returns: An instance of a
518 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePrivateKey`
519 provider.
520
521 .. method:: elliptic_curve_public_key_from_numbers(numbers)
522
523 :param numbers: An instance of a
524 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePublicNumbers`
525 provider.
526
527 :returns: An instance of a
528 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePublicKey`
529 provider.