| David Reid | 2a746ce | 2013-11-15 15:32:14 -0800 | [diff] [blame] | 1 | .. hazmat:: |
| 2 | |
| 3 | Backend Interfaces |
| 4 | ================== |
| 5 | |
| Alex Gaynor | f8796b1 | 2013-12-13 20:28:55 -0800 | [diff] [blame] | 6 | .. currentmodule:: cryptography.hazmat.backends.interfaces |
| David Reid | 2a746ce | 2013-11-15 15:32:14 -0800 | [diff] [blame] | 7 | |
| 8 | |
| David Reid | 6b9df81 | 2013-11-18 14:13:02 -0800 | [diff] [blame] | 9 | Backend implementations may provide a number of interfaces to support operations |
| 10 | such as :doc:`/hazmat/primitives/symmetric-encryption`, |
| 11 | :doc:`/hazmat/primitives/cryptographic-hashes`, and |
| 12 | :doc:`/hazmat/primitives/hmac`. |
| 13 | |
| 14 | A specific ``backend`` may provide one or more of these interfaces. |
| 15 | |
| 16 | |
| David Reid | 2a746ce | 2013-11-15 15:32:14 -0800 | [diff] [blame] | 17 | .. class:: CipherBackend |
| 18 | |
| David Reid | 5973f4c | 2013-11-18 11:29:44 -0800 | [diff] [blame] | 19 | A backend which provides methods for using ciphers for encryption |
| 20 | and decryption. |
| 21 | |
| David Reid | 2a746ce | 2013-11-15 15:32:14 -0800 | [diff] [blame] | 22 | .. method:: cipher_supported(cipher, mode) |
| 23 | |
| David Reid | 5973f4c | 2013-11-18 11:29:44 -0800 | [diff] [blame] | 24 | Check if a ``cipher`` and ``mode`` combination is supported by |
| 25 | this backend. |
| 26 | |
| 27 | :param cipher: An instance of a |
| 28 | :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm` |
| 29 | provider. |
| 30 | :param mode: An instance of a |
| 31 | :class:`~cryptography.hazmat.primitives.interfaces.Mode` provider. |
| 32 | |
| 33 | :returns: ``True`` if the specified ``cipher`` and ``mode`` combination |
| 34 | is supported by this backend, otherwise ``False`` |
| David Reid | 2a746ce | 2013-11-15 15:32:14 -0800 | [diff] [blame] | 35 | |
| 36 | .. method:: register_cipher_adapter(cipher_cls, mode_cls, adapter) |
| 37 | |
| David Reid | 5973f4c | 2013-11-18 11:29:44 -0800 | [diff] [blame] | 38 | Register an adapter which can be used to create a backend specific |
| 39 | object from instances of the |
| 40 | :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm` and |
| 41 | the :class:`~cryptography.hazmat.primitives.interfaces.Mode` primitives. |
| 42 | |
| 43 | :param cipher_cls: A class whose instances provide |
| 44 | :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm` |
| 45 | :param mode_cls: A class whose instances provide: |
| 46 | :class:`~cryptography.hazmat.primitives.interfaces.Mode` |
| 47 | :param adapter: A ``function`` that takes 3 arguments, ``backend`` (a |
| 48 | :class:`CipherBackend` provider), ``cipher`` (a |
| 49 | :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm` |
| 50 | provider ), and ``mode`` (a |
| 51 | :class:`~cryptography.hazmat.primitives.interfaces.Mode` provider). |
| 52 | It returns a backend specific object which may be used to construct |
| 53 | a :class:`~cryptogrpahy.hazmat.primitives.interfaces.CipherContext`. |
| 54 | |
| David Reid | 2a746ce | 2013-11-15 15:32:14 -0800 | [diff] [blame] | 55 | |
| 56 | .. method:: create_symmetric_encryption_ctx(cipher, mode) |
| 57 | |
| David Reid | 5973f4c | 2013-11-18 11:29:44 -0800 | [diff] [blame] | 58 | Create a |
| 59 | :class:`~cryptogrpahy.hazmat.primitives.interfaces.CipherContext` that |
| 60 | can be used for encrypting data with the symmetric ``cipher`` using |
| 61 | the given ``mode``. |
| 62 | |
| 63 | :param cipher: An instance of a |
| 64 | :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm` |
| 65 | provider. |
| 66 | :param mode: An instance of a |
| 67 | :class:`~cryptography.hazmat.primitives.interfaces.Mode` provider. |
| 68 | |
| 69 | :returns: |
| 70 | :class:`~cryptography.hazmat.primitives.interfaces.CipherContext` |
| 71 | |
| Paul Kehrer | a07925a | 2013-12-06 11:49:42 -0600 | [diff] [blame] | 72 | :raises ValueError: When tag is not None in an AEAD mode |
| 73 | |
| David Reid | 2a746ce | 2013-11-15 15:32:14 -0800 | [diff] [blame] | 74 | |
| 75 | .. method:: create_symmetric_decryption_ctx(cipher, mode) |
| 76 | |
| David Reid | 5973f4c | 2013-11-18 11:29:44 -0800 | [diff] [blame] | 77 | Create a |
| 78 | :class:`~cryptogrpahy.hazmat.primitives.interfaces.CipherContext` that |
| 79 | can be used for decrypting data with the symmetric ``cipher`` using |
| 80 | the given ``mode``. |
| 81 | |
| 82 | :param cipher: An instance of a |
| 83 | :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm` |
| 84 | provider. |
| 85 | :param mode: An instance of a |
| 86 | :class:`~cryptography.hazmat.primitives.interfaces.Mode` provider. |
| 87 | |
| 88 | :returns: |
| 89 | :class:`~cryptography.hazmat.primitives.interfaces.CipherContext` |
| David Reid | 2a746ce | 2013-11-15 15:32:14 -0800 | [diff] [blame] | 90 | |
| Paul Kehrer | a07925a | 2013-12-06 11:49:42 -0600 | [diff] [blame] | 91 | :raises ValueError: When tag is None in an AEAD mode |
| 92 | |
| David Reid | 2a746ce | 2013-11-15 15:32:14 -0800 | [diff] [blame] | 93 | |
| 94 | .. class:: HashBackend |
| 95 | |
| David Reid | 5973f4c | 2013-11-18 11:29:44 -0800 | [diff] [blame] | 96 | A backend with methods for using cryptographic hash functions. |
| 97 | |
| David Reid | 2a746ce | 2013-11-15 15:32:14 -0800 | [diff] [blame] | 98 | .. method:: hash_supported(algorithm) |
| 99 | |
| David Reid | 6624a44 | 2013-11-18 12:44:30 -0800 | [diff] [blame] | 100 | Check if the specified ``algorithm`` is supported by this backend. |
| 101 | |
| David Reid | 5973f4c | 2013-11-18 11:29:44 -0800 | [diff] [blame] | 102 | :param algorithm: An instance of a |
| 103 | :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` |
| 104 | provider. |
| 105 | |
| 106 | :returns: ``True`` if the specified ``algorithm`` is supported by this |
| 107 | backend, otherwise ``False``. |
| 108 | |
| David Reid | 2a746ce | 2013-11-15 15:32:14 -0800 | [diff] [blame] | 109 | |
| 110 | .. method:: create_hash_ctx(algorithm) |
| 111 | |
| David Reid | 6624a44 | 2013-11-18 12:44:30 -0800 | [diff] [blame] | 112 | Create a |
| 113 | :class:`~cryptogrpahy.hazmat.primitives.interfaces.HashContext` that |
| 114 | uses the specified ``algorithm`` to calculate a message digest. |
| 115 | |
| David Reid | 5973f4c | 2013-11-18 11:29:44 -0800 | [diff] [blame] | 116 | :param algorithm: An instance of a |
| 117 | :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` |
| 118 | provider. |
| 119 | |
| 120 | :returns: |
| 121 | :class:`~cryptography.hazmat.primitives.interfaces.HashContext` |
| David Reid | 2a746ce | 2013-11-15 15:32:14 -0800 | [diff] [blame] | 122 | |
| 123 | |
| 124 | .. class:: HMACBackend |
| 125 | |
| David Reid | 5973f4c | 2013-11-18 11:29:44 -0800 | [diff] [blame] | 126 | A backend with methods for using cryptographic hash functions as message |
| 127 | authentication codes. |
| 128 | |
| David Reid | 2a746ce | 2013-11-15 15:32:14 -0800 | [diff] [blame] | 129 | .. method:: create_hmac_ctx(algorithm) |
| 130 | |
| David Reid | 6624a44 | 2013-11-18 12:44:30 -0800 | [diff] [blame] | 131 | Create a |
| 132 | :class:`~cryptogrpahy.hazmat.primitives.interfaces.HashContext` that |
| 133 | uses the specified ``algorithm`` to calculate a hash-based message |
| 134 | authentication code. |
| 135 | |
| David Reid | 5973f4c | 2013-11-18 11:29:44 -0800 | [diff] [blame] | 136 | :param algorithm: An instance of a |
| 137 | :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` |
| 138 | provider. |
| 139 | |
| 140 | :returns: |
| 141 | :class:`~cryptography.hazmat.primitives.interfaces.HashContext` |