Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 414e2f7410f7aeded99be1740f252a49956cd496 / . / docs / hazmat / backends / interfaces.rst
blob: a32829fcd108fded4a38dba1763cfe132f1e30c1 [file] [log] [blame]
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]1.. hazmat::
2
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]3Backend interfaces
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]4==================
5
Alex Gaynorf8796b12013-12-13 20:28:55 -0800[diff] [blame]6.. currentmodule:: cryptography.hazmat.backends.interfaces
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]7
8
Alex Gaynor969f18e2014-05-17 20:07:35 -0700[diff] [blame]9Backend implementations may provide a number of interfaces to support
10operations such as :doc:`/hazmat/primitives/symmetric-encryption`,
David Reid6b9df812013-11-18 14:13:02 -0800[diff] [blame]11:doc:`/hazmat/primitives/cryptographic-hashes`, and
Ayrxfa4a6b22014-04-16 23:03:14 +0800[diff] [blame]12:doc:`/hazmat/primitives/mac/hmac`.
David Reid6b9df812013-11-18 14:13:02 -0800[diff] [blame]13
14A specific ``backend`` may provide one or more of these interfaces.
15
16
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]17.. class:: CipherBackend
18
Alex Stapleton63b3de22014-02-08 09:43:16 +0000[diff] [blame]19 A backend that provides methods for using ciphers for encryption
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]20 and decryption.
21
Alex Gaynor585c99c2014-02-04 16:10:10 -0800[diff] [blame]22 The following backends implement this interface:
23
24 * :doc:`/hazmat/backends/openssl`
25 * :doc:`/hazmat/backends/commoncrypto`
26
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]27 .. method:: cipher_supported(cipher, mode)
28
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]29 Check if a ``cipher`` and ``mode`` combination is supported by
30 this backend.
31
32 :param cipher: An instance of a
33 :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm`
34 provider.
35 :param mode: An instance of a
36 :class:`~cryptography.hazmat.primitives.interfaces.Mode` provider.
37
38 :returns: ``True`` if the specified ``cipher`` and ``mode`` combination
39 is supported by this backend, otherwise ``False``
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]40
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]41
42 .. method:: create_symmetric_encryption_ctx(cipher, mode)
43
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]44 Create a
Paul Kehrer446cc2a2014-01-29 14:39:30 -0600[diff] [blame]45 :class:`~cryptography.hazmat.primitives.interfaces.CipherContext` that
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]46 can be used for encrypting data with the symmetric ``cipher`` using
47 the given ``mode``.
48
49 :param cipher: An instance of a
50 :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm`
51 provider.
52 :param mode: An instance of a
53 :class:`~cryptography.hazmat.primitives.interfaces.Mode` provider.
54
55 :returns:
56 :class:`~cryptography.hazmat.primitives.interfaces.CipherContext`
57
Paul Kehrera07925a2013-12-06 11:49:42 -0600[diff] [blame]58 :raises ValueError: When tag is not None in an AEAD mode
59
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]60
61 .. method:: create_symmetric_decryption_ctx(cipher, mode)
62
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]63 Create a
Paul Kehrer446cc2a2014-01-29 14:39:30 -0600[diff] [blame]64 :class:`~cryptography.hazmat.primitives.interfaces.CipherContext` that
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]65 can be used for decrypting data with the symmetric ``cipher`` using
66 the given ``mode``.
67
68 :param cipher: An instance of a
69 :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm`
70 provider.
71 :param mode: An instance of a
72 :class:`~cryptography.hazmat.primitives.interfaces.Mode` provider.
73
74 :returns:
75 :class:`~cryptography.hazmat.primitives.interfaces.CipherContext`
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]76
Paul Kehrera07925a2013-12-06 11:49:42 -0600[diff] [blame]77 :raises ValueError: When tag is None in an AEAD mode
78
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]79
80.. class:: HashBackend
81
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]82 A backend with methods for using cryptographic hash functions.
83
Alex Gaynor585c99c2014-02-04 16:10:10 -0800[diff] [blame]84 The following backends implement this interface:
85
86 * :doc:`/hazmat/backends/openssl`
87 * :doc:`/hazmat/backends/commoncrypto`
88
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]89 .. method:: hash_supported(algorithm)
90
David Reid6624a442013-11-18 12:44:30 -0800[diff] [blame]91 Check if the specified ``algorithm`` is supported by this backend.
92
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]93 :param algorithm: An instance of a
94 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
95 provider.
96
97 :returns: ``True`` if the specified ``algorithm`` is supported by this
98 backend, otherwise ``False``.
99
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]100
101 .. method:: create_hash_ctx(algorithm)
102
David Reid6624a442013-11-18 12:44:30 -0800[diff] [blame]103 Create a
Paul Kehrer446cc2a2014-01-29 14:39:30 -0600[diff] [blame]104 :class:`~cryptography.hazmat.primitives.interfaces.HashContext` that
David Reid6624a442013-11-18 12:44:30 -0800[diff] [blame]105 uses the specified ``algorithm`` to calculate a message digest.
106
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]107 :param algorithm: An instance of a
108 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
109 provider.
110
111 :returns:
112 :class:`~cryptography.hazmat.primitives.interfaces.HashContext`
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]113
114
115.. class:: HMACBackend
116
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]117 A backend with methods for using cryptographic hash functions as message
118 authentication codes.
119
Alex Gaynor585c99c2014-02-04 16:10:10 -0800[diff] [blame]120 The following backends implement this interface:
121
122 * :doc:`/hazmat/backends/openssl`
123 * :doc:`/hazmat/backends/commoncrypto`
124
Paul Kehrer90ae8662013-12-23 17:21:00 -0600[diff] [blame]125 .. method:: hmac_supported(algorithm)
126
127 Check if the specified ``algorithm`` is supported by this backend.
128
129 :param algorithm: An instance of a
130 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
131 provider.
132
133 :returns: ``True`` if the specified ``algorithm`` is supported for HMAC
134 by this backend, otherwise ``False``.
135
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]136 .. method:: create_hmac_ctx(algorithm)
137
David Reid6624a442013-11-18 12:44:30 -0800[diff] [blame]138 Create a
Paul Kehrer446cc2a2014-01-29 14:39:30 -0600[diff] [blame]139 :class:`~cryptography.hazmat.primitives.interfaces.HashContext` that
Paul Kehrer4f776c42013-12-23 17:25:54 -0600[diff] [blame]140 uses the specified ``algorithm`` to calculate a hash-based message
141 authentication code.
David Reid6624a442013-11-18 12:44:30 -0800[diff] [blame]142
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]143 :param algorithm: An instance of a
144 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
145 provider.
146
147 :returns:
148 :class:`~cryptography.hazmat.primitives.interfaces.HashContext`
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]149
150
Paul Kehrer98e40e62014-01-28 15:07:49 -0600[diff] [blame]151.. class:: PBKDF2HMACBackend
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]152
Paul Kehrer5d1af212014-01-28 12:19:32 -0600[diff] [blame]153 .. versionadded:: 0.2
154
Paul Kehrer98e40e62014-01-28 15:07:49 -0600[diff] [blame]155 A backend with methods for using PBKDF2 using HMAC as a PRF.
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]156
Alex Gaynor585c99c2014-02-04 16:10:10 -0800[diff] [blame]157 The following backends implement this interface:
158
159 * :doc:`/hazmat/backends/openssl`
160 * :doc:`/hazmat/backends/commoncrypto`
161
Paul Kehrer98e40e62014-01-28 15:07:49 -0600[diff] [blame]162 .. method:: pbkdf2_hmac_supported(algorithm)
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]163
164 Check if the specified ``algorithm`` is supported by this backend.
165
Paul Kehrer589b9082014-01-28 21:25:41 -0600[diff] [blame]166 :param algorithm: An instance of a
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]167 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
168 provider.
169
170 :returns: ``True`` if the specified ``algorithm`` is supported for
Paul Kehrer98e40e62014-01-28 15:07:49 -0600[diff] [blame]171 PBKDF2 HMAC by this backend, otherwise ``False``.
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]172
Paul Kehrer98e40e62014-01-28 15:07:49 -0600[diff] [blame]173 .. method:: derive_pbkdf2_hmac(self, algorithm, length, salt, iterations,
174 key_material)
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]175
176 :param algorithm: An instance of a
177 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
178 provider.
179
180 :param int length: The desired length of the derived key. Maximum is
Paul Kehrer98e40e62014-01-28 15:07:49 -0600[diff] [blame]181 (2\ :sup:`32` - 1) * ``algorithm.digest_size``
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]182
Paul Kehrerb6d764c2014-01-27 22:32:11 -0600[diff] [blame]183 :param bytes salt: A salt.
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]184
185 :param int iterations: The number of iterations to perform of the hash
Paul Kehrerc58b4782014-01-29 13:56:25 -0600[diff] [blame]186 function. This can be used to control the length of time the
187 operation takes. Higher numbers help mitigate brute force attacks
188 against derived keys.
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]189
190 :param bytes key_material: The key material to use as a basis for
191 the derived key. This is typically a password.
192
193 :return bytes: Derived key.
Alex Stapleton209a1322014-02-07 20:26:44 +0000[diff] [blame]194
195
196.. class:: RSABackend
197
198 .. versionadded:: 0.2
199
200 A backend with methods for using RSA.
201
Alex Stapletone009ad22014-02-08 17:23:46 +0000[diff] [blame]202 .. method:: generate_rsa_private_key(public_exponent, key_size)
Alex Stapleton209a1322014-02-07 20:26:44 +0000[diff] [blame]203
204 :param int public_exponent: The public exponent of the new key.
205 Often one of the small Fermat primes 3, 5, 17, 257 or 65537.
206
Alex Stapletone009ad22014-02-08 17:23:46 +0000[diff] [blame]207 :param int key_size: The length in bits of the modulus. Should be
Alex Stapleton209a1322014-02-07 20:26:44 +0000[diff] [blame]208 at least 2048.
209
210 :return: A new instance of a
211 :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey`
212 provider.
213
214 :raises ValueError: If the public_exponent is not valid.
Paul Kehrer2b3f0fc2014-02-17 19:20:14 -0600[diff] [blame]215
Paul Kehrer3292c992014-02-17 21:12:38 -0600[diff] [blame]216 .. method:: create_rsa_signature_ctx(private_key, padding, algorithm)
Paul Kehrer2b3f0fc2014-02-17 19:20:14 -0600[diff] [blame]217
Paul Kehrerdd3780a2014-02-18 13:17:53 -0600[diff] [blame]218 :param private_key: An instance of an
Paul Kehrer2b3f0fc2014-02-17 19:20:14 -0600[diff] [blame]219 :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey`
220 provider.
221
Paul Kehrerdd3780a2014-02-18 13:17:53 -0600[diff] [blame]222 :param padding: An instance of an
Paul Kehrer2b3f0fc2014-02-17 19:20:14 -0600[diff] [blame]223 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
224 provider.
225
226 :param algorithm: An instance of a
227 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
228 provider.
229
230 :returns:
Paul Kehrerdd3780a2014-02-18 13:17:53 -0600[diff] [blame]231 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
Paul Kehrer2b3f0fc2014-02-17 19:20:14 -0600[diff] [blame]232
Paul Kehrerdd3780a2014-02-18 13:17:53 -0600[diff] [blame]233 .. method:: create_rsa_verification_ctx(public_key, signature, padding, algorithm)
Paul Kehrer2b3f0fc2014-02-17 19:20:14 -0600[diff] [blame]234
235 :param public_key: An instance of a
236 :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`
237 provider.
238
239 :param bytes signature: The signature to verify.
240
Paul Kehrerdd3780a2014-02-18 13:17:53 -0600[diff] [blame]241 :param padding: An instance of an
Paul Kehrer2b3f0fc2014-02-17 19:20:14 -0600[diff] [blame]242 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
243 provider.
244
245 :param algorithm: An instance of a
246 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
247 provider.
248
249 :returns:
Paul Kehrer430202d2014-02-18 13:36:53 -0600[diff] [blame]250 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
Alex Stapleton2fb76a32014-02-15 11:10:57 +0000[diff] [blame]251
Paul Kehrer06c77932014-03-09 22:22:14 -0400[diff] [blame]252 .. method:: mgf1_hash_supported(algorithm)
253
254 Check if the specified ``algorithm`` is supported for use with
255 :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1`
256 inside :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`
257 padding.
258
259 :param algorithm: An instance of a
260 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
261 provider.
262
263 :returns: ``True`` if the specified ``algorithm`` is supported by this
264 backend, otherwise ``False``.
265
Paul Kehrerc333dbc2014-05-24 18:35:02 -0500[diff] [blame]266 .. method:: rsa_padding_supported(padding)
267
268 Check if the specified ``padding`` is supported by the backend.
269
270 :param padding: An instance of an
271 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
272 provider.
273
274 :returns: ``True`` if the specified ``padding`` is supported by this
275 backend, otherwise ``False``.
276
Paul Kehrer342d2e42014-05-25 22:01:20 -0500[diff] [blame]277 .. method:: generate_rsa_parameters_supported(public_exponent, key_size)
278
279 Check if the specified parameters are supported for key generation by
280 the backend.
281
Paul Kehrer1b760f12014-05-26 08:54:38 -0500[diff] [blame]282 :param int public_exponent: The public exponent.
Paul Kehrer342d2e42014-05-25 22:01:20 -0500[diff] [blame]283
Paul Kehrer1b760f12014-05-26 08:54:38 -0500[diff] [blame]284 :param int key_size: The bit length of the generated modulus.
Paul Kehrer342d2e42014-05-25 22:01:20 -0500[diff] [blame]285
Paul Kehrer4c0a3742014-04-05 19:51:00 -0500[diff] [blame]286 .. method:: decrypt_rsa(private_key, ciphertext, padding)
287
288 :param private_key: An instance of an
289 :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey`
290 provider.
291
292 :param bytes ciphertext: The ciphertext to decrypt.
293
294 :param padding: An instance of an
295 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
296 provider.
297
Paul Kehrerc929e402014-05-09 11:09:13 -0500[diff] [blame]298 :return bytes: The decrypted data.
299
300 :raises cryptography.exceptions.UnsupportedAlgorithm: If an unsupported
301 MGF, hash function, or padding is chosen.
302
303 :raises ValueError: When decryption fails or key size does not match
304 ciphertext length.
305
Paul Kehrer4e602f32014-04-24 12:07:54 -0500[diff] [blame]306 .. method:: encrypt_rsa(public_key, plaintext, padding)
307
308 :param public_key: An instance of an
309 :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`
310 provider.
311
312 :param bytes plaintext: The plaintext to encrypt.
313
314 :param padding: An instance of an
315 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
316 provider.
317
Paul Kehrerc929e402014-05-09 11:09:13 -0500[diff] [blame]318 :return bytes: The encrypted data.
319
320 :raises cryptography.exceptions.UnsupportedAlgorithm: If an unsupported
321 MGF, hash function, or padding is chosen.
322
323 :raises ValueError: When plaintext is too long for the key size.
David Reid576a1532014-05-28 14:00:41 -0700[diff] [blame]324
David Reida674afe2014-05-30 14:15:29 -0700[diff] [blame]325 .. method:: load_rsa_private_numbers(numbers):
David Reid68b509a2014-05-08 10:31:51 -0700[diff] [blame]326
327 :param numbers: An instance of
David Reida674afe2014-05-30 14:15:29 -0700[diff] [blame]328 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers`.
David Reid68b509a2014-05-08 10:31:51 -0700[diff] [blame]329
330 :returns: A provider of
David Reida674afe2014-05-30 14:15:29 -0700[diff] [blame]331 :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey`.
332
333 .. method:: load_rsa_public_numbers(numbers):
334
335 :param numbers: An instance of
336 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers`.
337
338 :returns: A provider of
339 :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`.
David Reid68b509a2014-05-08 10:31:51 -0700[diff] [blame]340
Alex Stapleton2fb76a32014-02-15 11:10:57 +0000[diff] [blame]341
Alex Stapleton458c09b2014-04-23 20:58:37 +0100[diff] [blame]342.. class:: TraditionalOpenSSLSerializationBackend
Alex Stapleton2fb76a32014-02-15 11:10:57 +0000[diff] [blame]343
344 .. versionadded:: 0.3
345
346 A backend with methods for working with OpenSSL's "traditional" PKCS #1
347 style key serialization.
348
349 .. method:: load_openssl_pem_private_key(data, password)
Alex Gaynorc6a6f312014-03-06 14:22:56 -0800[diff] [blame]350
Alex Stapleton2fb76a32014-02-15 11:10:57 +0000[diff] [blame]351 :param bytes data: PEM data to deserialize.
352
353 :param bytes password: The password to use if this data is encrypted.
354 Should be None if the data is not encrypted.
355
Alex Stapleton458c09b2014-04-23 20:58:37 +0100[diff] [blame]356 :return: A new instance of the appropriate private key or public key
357 that the serialized data contains.
Alex Stapleton2fb76a32014-02-15 11:10:57 +0000[diff] [blame]358
359 :raises ValueError: If the data could not be deserialized correctly.
360
361 :raises cryptography.exceptions.UnsupportedAlgorithm: If the data is
362 encrypted with an unsupported algorithm.
Mohammed Attia29474ac2014-04-02 04:03:09 +0200[diff] [blame]363
364
365.. class:: DSABackend
366
367 .. versionadded:: 0.4
368
369 A backend with methods for using DSA.
370
371 .. method:: generate_dsa_parameters(key_size)
372
Alex Gaynorc9dc0a02014-04-24 13:38:12 -0700[diff] [blame]373 :param int key_size: The length of the modulus in bits. It should be
374 either 1024, 2048 or 3072. For keys generated in 2014 this should
Mohammed Attia29474ac2014-04-02 04:03:09 +0200[diff] [blame]375 be at least 2048.
Alex Gaynorc9dc0a02014-04-24 13:38:12 -0700[diff] [blame]376 Note that some applications (such as SSH) have not yet gained
377 support for larger key sizes specified in FIPS 186-3 and are still
378 restricted to only the 1024-bit keys specified in FIPS 186-2.
Mohammed Attia29474ac2014-04-02 04:03:09 +0200[diff] [blame]379
380 :return: A new instance of a
381 :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`
382 provider.
383
384 .. method:: generate_dsa_private_key(parameters)
385
386 :param parameters: A
387 :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`
388 provider.
389
390 :return: A new instance of a
391 :class:`~cryptography.hazmat.primitives.interfaces.DSAPrivateKey`
392 provider.
393
Alex Gaynor239d5182014-04-24 13:42:58 -0700[diff] [blame]394 :raises ValueError: This is raised if the key size is not one of 1024,
395 2048, or 3072. It is also raised when OpenSSL is older than version
396 1.0.0 and the key size is larger than 1024; older OpenSSL versions
397 do not support keys larger than 1024 bits.
Ayrx97a72fd2014-04-15 19:02:51 +0800[diff] [blame]398
Paul Kehrer0b3ff3b2014-05-01 15:34:42 -0500[diff] [blame]399 .. method:: create_dsa_signature_ctx(private_key, algorithm)
400
401 :param private_key: An instance of a
402 :class:`~cryptography.hazmat.primitives.interfaces.DSAPrivateKey`
403 provider.
404
405 :param algorithm: An instance of a
406 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
407 provider
408
409 :returns:
410 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
411
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]412 .. method:: create_dsa_verification_ctx(public_key, signature, algorithm)
413
414 :param public_key: An instance of a
415 :class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey`
416 provider.
417
Paul Kehrer21babbb2014-05-01 11:33:22 -0500[diff] [blame]418 :param bytes signature: The signature to verify. DER encoded as
419 specified in :rfc:`6979`.
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]420
421 :param algorithm: An instance of a
422 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
423 provider.
424
425 :returns:
426 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
427
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]428 .. method:: dsa_hash_supported(algorithm):
Paul Kehrer43dc2762014-04-30 16:24:39 -0500[diff] [blame]429
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]430 :param algorithm: An instance of a
431 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
432 provider.
433
434 :returns: ``True`` if the specified ``algorithm`` is supported by this
435 backend, otherwise ``False``.
436
Paul Kehrer21babbb2014-05-01 11:33:22 -0500[diff] [blame]437 .. method:: dsa_parameters_supported(p, q, g):
Paul Kehrerb4037872014-04-30 16:32:23 -0500[diff] [blame]438
439 :param int p: The p value of a DSA key.
440
441 :param int q: The q value of a DSA key.
442
Paul Kehrer21babbb2014-05-01 11:33:22 -0500[diff] [blame]443 :param int g: The g value of a DSA key.
444
445 :returns: ``True`` if the given values of ``p``, ``q``, and ``g`` are
446 supported by this backend, otherwise ``False``.
Paul Kehrerb4037872014-04-30 16:32:23 -0500[diff] [blame]447
Ayrx97a72fd2014-04-15 19:02:51 +0800[diff] [blame]448
449.. class:: CMACBackend
450
451 .. versionadded:: 0.4
452
453 A backend with methods for using CMAC
454
Ayrx6cf29f22014-04-16 23:47:36 +0800[diff] [blame]455 .. method:: cmac_algorithm_supported(algorithm)
Ayrx97a72fd2014-04-15 19:02:51 +0800[diff] [blame]456
Ayrx6cf29f22014-04-16 23:47:36 +0800[diff] [blame]457 :param algorithm: An instance of a
458 :class:`~cryptography.hazmat.primitives.interfaces.BlockCipherAlgorithm`
459 provider.
460 :return: Returns True if the block cipher is supported for CMAC by this backend
Ayrx97a72fd2014-04-15 19:02:51 +0800[diff] [blame]461
462 .. method:: create_cmac_ctx(algorithm)
463
464 Create a
465 :class:`~cryptography.hazmat.primitives.interfaces.CMACContext` that
466 uses the specified ``algorithm`` to calculate a message authentication code.
467
468 :param algorithm: An instance of a
469 :class:`~cryptography.hazmat.primitives.interfaces.BlockCipherAlgorithm`
470 provider.
471
472 :returns:
473 :class:`~cryptography.hazmat.primitives.interfaces.CMACContext`
Paul Kehrer286c7dc2014-05-31 12:05:38 -0500[diff] [blame]474
475
476.. class:: PKCS8SerializationBackend
477
478 .. versionadded:: 0.5
479
480 A backend with methods for working with PKCS #8 key serialization.
481
482 .. method:: load_pkcs8_pem_private_key(data, password)
483
484 :param bytes data: PEM data to deserialize.
485
486 :param bytes password: The password to use if this data is encrypted.
487 Should be None if the data is not encrypted.
488
489 :return: A new instance of the appropriate private key or public key
490 that the serialized data contains.
491
492 :raises ValueError: If the data could not be deserialized correctly.
493
494 :raises cryptography.exceptions.UnsupportedAlgorithm: If the data is
495 encrypted with an unsupported algorithm.
Alex Stapleton13f1d8d2014-05-17 16:50:11 +0100[diff] [blame]496
497
498.. class:: EllipticCurveBackend
499
500 .. versionadded:: 0.5
501
502 .. method:: elliptic_curve_supported(curve)
503
504 :param curve: An instance of a
505 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurve`
506 provider.
507
508 :returns: True if the elliptic curve is supported by this backend.
509
510 .. method:: elliptic_curve_signature_algorithm_supported(signature_algorithm, curve)
511
512 :param signature_algorithm: An instance of a
513 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurveSignatureAlgorithm`
514 provider.
515
516 :param curve: An instance of a
517 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurve`
518 provider.
519
520 :returns: True if the signature algorithm and curve are supported by this backend.
521
522 .. method:: generate_elliptic_curve_private_key(curve)
523
524 :param curve: An instance of a
525 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurve`
526 provider.
527
528 .. method:: elliptic_curve_private_key_from_numbers(numbers)
529
530 :param numbers: An instance of a
531 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePrivateNumbers`
532 provider.
533
534 :returns: An instance of a
535 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePrivateKey`
536 provider.
537
538 .. method:: elliptic_curve_public_key_from_numbers(numbers)
539
540 :param numbers: An instance of a
541 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePublicNumbers`
542 provider.
543
544 :returns: An instance of a
545 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePublicKey`
546 provider.