Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 85936b2fbf496b8a93b71557573583985276bc29 / . / docs / hazmat / backends / interfaces.rst
blob: c7d5667d6d86fc00cba5971e70a6e206d2136aec [file] [log] [blame]
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]1.. hazmat::
2
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]3Backend interfaces
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]4==================
5
Alex Gaynorf8796b12013-12-13 20:28:55 -0800[diff] [blame]6.. currentmodule:: cryptography.hazmat.backends.interfaces
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]7
8
Alex Gaynor969f18e2014-05-17 20:07:35 -0700[diff] [blame]9Backend implementations may provide a number of interfaces to support
10operations such as :doc:`/hazmat/primitives/symmetric-encryption`,
David Reid6b9df812013-11-18 14:13:02 -0800[diff] [blame]11:doc:`/hazmat/primitives/cryptographic-hashes`, and
Ayrxfa4a6b22014-04-16 23:03:14 +0800[diff] [blame]12:doc:`/hazmat/primitives/mac/hmac`.
David Reid6b9df812013-11-18 14:13:02 -0800[diff] [blame]13
14A specific ``backend`` may provide one or more of these interfaces.
15
16
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]17.. class:: CipherBackend
18
Alex Stapleton63b3de22014-02-08 09:43:16 +0000[diff] [blame]19 A backend that provides methods for using ciphers for encryption
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]20 and decryption.
21
Alex Gaynor585c99c2014-02-04 16:10:10 -0800[diff] [blame]22 The following backends implement this interface:
23
24 * :doc:`/hazmat/backends/openssl`
25 * :doc:`/hazmat/backends/commoncrypto`
26
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]27 .. method:: cipher_supported(cipher, mode)
28
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]29 Check if a ``cipher`` and ``mode`` combination is supported by
30 this backend.
31
32 :param cipher: An instance of a
33 :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm`
34 provider.
35 :param mode: An instance of a
36 :class:`~cryptography.hazmat.primitives.interfaces.Mode` provider.
37
38 :returns: ``True`` if the specified ``cipher`` and ``mode`` combination
39 is supported by this backend, otherwise ``False``
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]40
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]41
42 .. method:: create_symmetric_encryption_ctx(cipher, mode)
43
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]44 Create a
Paul Kehrer446cc2a2014-01-29 14:39:30 -0600[diff] [blame]45 :class:`~cryptography.hazmat.primitives.interfaces.CipherContext` that
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]46 can be used for encrypting data with the symmetric ``cipher`` using
47 the given ``mode``.
48
49 :param cipher: An instance of a
50 :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm`
51 provider.
52 :param mode: An instance of a
53 :class:`~cryptography.hazmat.primitives.interfaces.Mode` provider.
54
55 :returns:
56 :class:`~cryptography.hazmat.primitives.interfaces.CipherContext`
57
Paul Kehrera07925a2013-12-06 11:49:42 -0600[diff] [blame]58 :raises ValueError: When tag is not None in an AEAD mode
59
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]60
61 .. method:: create_symmetric_decryption_ctx(cipher, mode)
62
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]63 Create a
Paul Kehrer446cc2a2014-01-29 14:39:30 -0600[diff] [blame]64 :class:`~cryptography.hazmat.primitives.interfaces.CipherContext` that
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]65 can be used for decrypting data with the symmetric ``cipher`` using
66 the given ``mode``.
67
68 :param cipher: An instance of a
69 :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm`
70 provider.
71 :param mode: An instance of a
72 :class:`~cryptography.hazmat.primitives.interfaces.Mode` provider.
73
74 :returns:
75 :class:`~cryptography.hazmat.primitives.interfaces.CipherContext`
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]76
Paul Kehrera07925a2013-12-06 11:49:42 -0600[diff] [blame]77 :raises ValueError: When tag is None in an AEAD mode
78
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]79
80.. class:: HashBackend
81
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]82 A backend with methods for using cryptographic hash functions.
83
Alex Gaynor585c99c2014-02-04 16:10:10 -0800[diff] [blame]84 The following backends implement this interface:
85
86 * :doc:`/hazmat/backends/openssl`
87 * :doc:`/hazmat/backends/commoncrypto`
88
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]89 .. method:: hash_supported(algorithm)
90
David Reid6624a442013-11-18 12:44:30 -0800[diff] [blame]91 Check if the specified ``algorithm`` is supported by this backend.
92
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]93 :param algorithm: An instance of a
94 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
95 provider.
96
97 :returns: ``True`` if the specified ``algorithm`` is supported by this
98 backend, otherwise ``False``.
99
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]100
101 .. method:: create_hash_ctx(algorithm)
102
David Reid6624a442013-11-18 12:44:30 -0800[diff] [blame]103 Create a
Paul Kehrer446cc2a2014-01-29 14:39:30 -0600[diff] [blame]104 :class:`~cryptography.hazmat.primitives.interfaces.HashContext` that
David Reid6624a442013-11-18 12:44:30 -0800[diff] [blame]105 uses the specified ``algorithm`` to calculate a message digest.
106
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]107 :param algorithm: An instance of a
108 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
109 provider.
110
111 :returns:
112 :class:`~cryptography.hazmat.primitives.interfaces.HashContext`
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]113
114
115.. class:: HMACBackend
116
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]117 A backend with methods for using cryptographic hash functions as message
118 authentication codes.
119
Alex Gaynor585c99c2014-02-04 16:10:10 -0800[diff] [blame]120 The following backends implement this interface:
121
122 * :doc:`/hazmat/backends/openssl`
123 * :doc:`/hazmat/backends/commoncrypto`
124
Paul Kehrer90ae8662013-12-23 17:21:00 -0600[diff] [blame]125 .. method:: hmac_supported(algorithm)
126
127 Check if the specified ``algorithm`` is supported by this backend.
128
129 :param algorithm: An instance of a
130 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
131 provider.
132
133 :returns: ``True`` if the specified ``algorithm`` is supported for HMAC
134 by this backend, otherwise ``False``.
135
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]136 .. method:: create_hmac_ctx(algorithm)
137
David Reid6624a442013-11-18 12:44:30 -0800[diff] [blame]138 Create a
Paul Kehrer446cc2a2014-01-29 14:39:30 -0600[diff] [blame]139 :class:`~cryptography.hazmat.primitives.interfaces.HashContext` that
Paul Kehrer4f776c42013-12-23 17:25:54 -0600[diff] [blame]140 uses the specified ``algorithm`` to calculate a hash-based message
141 authentication code.
David Reid6624a442013-11-18 12:44:30 -0800[diff] [blame]142
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]143 :param algorithm: An instance of a
144 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
145 provider.
146
147 :returns:
148 :class:`~cryptography.hazmat.primitives.interfaces.HashContext`
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]149
150
Paul Kehrer98e40e62014-01-28 15:07:49 -0600[diff] [blame]151.. class:: PBKDF2HMACBackend
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]152
Paul Kehrer5d1af212014-01-28 12:19:32 -0600[diff] [blame]153 .. versionadded:: 0.2
154
Paul Kehrer98e40e62014-01-28 15:07:49 -0600[diff] [blame]155 A backend with methods for using PBKDF2 using HMAC as a PRF.
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]156
Alex Gaynor585c99c2014-02-04 16:10:10 -0800[diff] [blame]157 The following backends implement this interface:
158
159 * :doc:`/hazmat/backends/openssl`
160 * :doc:`/hazmat/backends/commoncrypto`
161
Paul Kehrer98e40e62014-01-28 15:07:49 -0600[diff] [blame]162 .. method:: pbkdf2_hmac_supported(algorithm)
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]163
164 Check if the specified ``algorithm`` is supported by this backend.
165
Paul Kehrer589b9082014-01-28 21:25:41 -0600[diff] [blame]166 :param algorithm: An instance of a
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]167 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
168 provider.
169
170 :returns: ``True`` if the specified ``algorithm`` is supported for
Paul Kehrer98e40e62014-01-28 15:07:49 -0600[diff] [blame]171 PBKDF2 HMAC by this backend, otherwise ``False``.
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]172
Paul Kehrer98e40e62014-01-28 15:07:49 -0600[diff] [blame]173 .. method:: derive_pbkdf2_hmac(self, algorithm, length, salt, iterations,
174 key_material)
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]175
176 :param algorithm: An instance of a
177 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
178 provider.
179
180 :param int length: The desired length of the derived key. Maximum is
Paul Kehrer98e40e62014-01-28 15:07:49 -0600[diff] [blame]181 (2\ :sup:`32` - 1) * ``algorithm.digest_size``
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]182
Paul Kehrerb6d764c2014-01-27 22:32:11 -0600[diff] [blame]183 :param bytes salt: A salt.
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]184
185 :param int iterations: The number of iterations to perform of the hash
Paul Kehrerc58b4782014-01-29 13:56:25 -0600[diff] [blame]186 function. This can be used to control the length of time the
187 operation takes. Higher numbers help mitigate brute force attacks
188 against derived keys.
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]189
190 :param bytes key_material: The key material to use as a basis for
191 the derived key. This is typically a password.
192
193 :return bytes: Derived key.
Alex Stapleton209a1322014-02-07 20:26:44 +0000[diff] [blame]194
195
196.. class:: RSABackend
197
198 .. versionadded:: 0.2
199
200 A backend with methods for using RSA.
201
Alex Stapletone009ad22014-02-08 17:23:46 +0000[diff] [blame]202 .. method:: generate_rsa_private_key(public_exponent, key_size)
Alex Stapleton209a1322014-02-07 20:26:44 +0000[diff] [blame]203
204 :param int public_exponent: The public exponent of the new key.
205 Often one of the small Fermat primes 3, 5, 17, 257 or 65537.
206
Alex Stapletone009ad22014-02-08 17:23:46 +0000[diff] [blame]207 :param int key_size: The length in bits of the modulus. Should be
Alex Stapleton209a1322014-02-07 20:26:44 +0000[diff] [blame]208 at least 2048.
209
210 :return: A new instance of a
211 :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey`
212 provider.
213
214 :raises ValueError: If the public_exponent is not valid.
Paul Kehrer2b3f0fc2014-02-17 19:20:14 -0600[diff] [blame]215
Paul Kehrer3292c992014-02-17 21:12:38 -0600[diff] [blame]216 .. method:: create_rsa_signature_ctx(private_key, padding, algorithm)
Paul Kehrer2b3f0fc2014-02-17 19:20:14 -0600[diff] [blame]217
Paul Kehrerdd3780a2014-02-18 13:17:53 -0600[diff] [blame]218 :param private_key: An instance of an
Paul Kehrer2b3f0fc2014-02-17 19:20:14 -0600[diff] [blame]219 :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey`
220 provider.
221
Paul Kehrerdd3780a2014-02-18 13:17:53 -0600[diff] [blame]222 :param padding: An instance of an
Paul Kehrer2b3f0fc2014-02-17 19:20:14 -0600[diff] [blame]223 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
224 provider.
225
226 :param algorithm: An instance of a
227 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
228 provider.
229
230 :returns:
Paul Kehrerdd3780a2014-02-18 13:17:53 -0600[diff] [blame]231 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
Paul Kehrer2b3f0fc2014-02-17 19:20:14 -0600[diff] [blame]232
Paul Kehrerdd3780a2014-02-18 13:17:53 -0600[diff] [blame]233 .. method:: create_rsa_verification_ctx(public_key, signature, padding, algorithm)
Paul Kehrer2b3f0fc2014-02-17 19:20:14 -0600[diff] [blame]234
235 :param public_key: An instance of a
236 :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`
237 provider.
238
239 :param bytes signature: The signature to verify.
240
Paul Kehrerdd3780a2014-02-18 13:17:53 -0600[diff] [blame]241 :param padding: An instance of an
Paul Kehrer2b3f0fc2014-02-17 19:20:14 -0600[diff] [blame]242 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
243 provider.
244
245 :param algorithm: An instance of a
246 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
247 provider.
248
249 :returns:
Paul Kehrer430202d2014-02-18 13:36:53 -0600[diff] [blame]250 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
Alex Stapleton2fb76a32014-02-15 11:10:57 +0000[diff] [blame]251
Paul Kehrer06c77932014-03-09 22:22:14 -0400[diff] [blame]252 .. method:: mgf1_hash_supported(algorithm)
253
254 Check if the specified ``algorithm`` is supported for use with
255 :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1`
256 inside :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`
257 padding.
258
259 :param algorithm: An instance of a
260 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
261 provider.
262
263 :returns: ``True`` if the specified ``algorithm`` is supported by this
264 backend, otherwise ``False``.
265
Paul Kehrerc333dbc2014-05-24 18:35:02 -0500[diff] [blame]266 .. method:: rsa_padding_supported(padding)
267
268 Check if the specified ``padding`` is supported by the backend.
269
270 :param padding: An instance of an
271 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
272 provider.
273
274 :returns: ``True`` if the specified ``padding`` is supported by this
275 backend, otherwise ``False``.
276
Paul Kehrer342d2e42014-05-25 22:01:20 -0500[diff] [blame]277 .. method:: generate_rsa_parameters_supported(public_exponent, key_size)
278
279 Check if the specified parameters are supported for key generation by
280 the backend.
281
Paul Kehrer1b760f12014-05-26 08:54:38 -0500[diff] [blame]282 :param int public_exponent: The public exponent.
Paul Kehrer342d2e42014-05-25 22:01:20 -0500[diff] [blame]283
Paul Kehrer1b760f12014-05-26 08:54:38 -0500[diff] [blame]284 :param int key_size: The bit length of the generated modulus.
Paul Kehrer342d2e42014-05-25 22:01:20 -0500[diff] [blame]285
Paul Kehrer4c0a3742014-04-05 19:51:00 -0500[diff] [blame]286 .. method:: decrypt_rsa(private_key, ciphertext, padding)
287
288 :param private_key: An instance of an
289 :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey`
290 provider.
291
292 :param bytes ciphertext: The ciphertext to decrypt.
293
294 :param padding: An instance of an
295 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
296 provider.
297
Paul Kehrerc929e402014-05-09 11:09:13 -0500[diff] [blame]298 :return bytes: The decrypted data.
299
300 :raises cryptography.exceptions.UnsupportedAlgorithm: If an unsupported
301 MGF, hash function, or padding is chosen.
302
303 :raises ValueError: When decryption fails or key size does not match
304 ciphertext length.
305
Paul Kehrer4e602f32014-04-24 12:07:54 -0500[diff] [blame]306 .. method:: encrypt_rsa(public_key, plaintext, padding)
307
308 :param public_key: An instance of an
309 :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`
310 provider.
311
312 :param bytes plaintext: The plaintext to encrypt.
313
314 :param padding: An instance of an
315 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
316 provider.
317
Paul Kehrerc929e402014-05-09 11:09:13 -0500[diff] [blame]318 :return bytes: The encrypted data.
319
320 :raises cryptography.exceptions.UnsupportedAlgorithm: If an unsupported
321 MGF, hash function, or padding is chosen.
322
323 :raises ValueError: When plaintext is too long for the key size.
David Reid576a1532014-05-28 14:00:41 -0700[diff] [blame]324
David Reid68b509a2014-05-08 10:31:51 -0700[diff] [blame]325 .. method:: load_rsa_numbers(numbers):
326
327 :param numbers: An instance of
328 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers` or
329 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicNumbers`.
330
331 :returns: A provider of
332 :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey` or
333 :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`
334 depending on if it's input was an
335 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers` or
336 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicNumbers`.
337
Alex Stapleton2fb76a32014-02-15 11:10:57 +0000[diff] [blame]338
Alex Stapleton458c09b2014-04-23 20:58:37 +0100[diff] [blame]339.. class:: TraditionalOpenSSLSerializationBackend
Alex Stapleton2fb76a32014-02-15 11:10:57 +0000[diff] [blame]340
341 .. versionadded:: 0.3
342
343 A backend with methods for working with OpenSSL's "traditional" PKCS #1
344 style key serialization.
345
346 .. method:: load_openssl_pem_private_key(data, password)
Alex Gaynorc6a6f312014-03-06 14:22:56 -0800[diff] [blame]347
Alex Stapleton2fb76a32014-02-15 11:10:57 +0000[diff] [blame]348 :param bytes data: PEM data to deserialize.
349
350 :param bytes password: The password to use if this data is encrypted.
351 Should be None if the data is not encrypted.
352
Alex Stapleton458c09b2014-04-23 20:58:37 +0100[diff] [blame]353 :return: A new instance of the appropriate private key or public key
354 that the serialized data contains.
Alex Stapleton2fb76a32014-02-15 11:10:57 +0000[diff] [blame]355
356 :raises ValueError: If the data could not be deserialized correctly.
357
358 :raises cryptography.exceptions.UnsupportedAlgorithm: If the data is
359 encrypted with an unsupported algorithm.
Mohammed Attia29474ac2014-04-02 04:03:09 +0200[diff] [blame]360
361
362.. class:: DSABackend
363
364 .. versionadded:: 0.4
365
366 A backend with methods for using DSA.
367
368 .. method:: generate_dsa_parameters(key_size)
369
Alex Gaynorc9dc0a02014-04-24 13:38:12 -0700[diff] [blame]370 :param int key_size: The length of the modulus in bits. It should be
371 either 1024, 2048 or 3072. For keys generated in 2014 this should
Mohammed Attia29474ac2014-04-02 04:03:09 +0200[diff] [blame]372 be at least 2048.
Alex Gaynorc9dc0a02014-04-24 13:38:12 -0700[diff] [blame]373 Note that some applications (such as SSH) have not yet gained
374 support for larger key sizes specified in FIPS 186-3 and are still
375 restricted to only the 1024-bit keys specified in FIPS 186-2.
Mohammed Attia29474ac2014-04-02 04:03:09 +0200[diff] [blame]376
377 :return: A new instance of a
378 :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`
379 provider.
380
381 .. method:: generate_dsa_private_key(parameters)
382
383 :param parameters: A
384 :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`
385 provider.
386
387 :return: A new instance of a
388 :class:`~cryptography.hazmat.primitives.interfaces.DSAPrivateKey`
389 provider.
390
Alex Gaynor239d5182014-04-24 13:42:58 -0700[diff] [blame]391 :raises ValueError: This is raised if the key size is not one of 1024,
392 2048, or 3072. It is also raised when OpenSSL is older than version
393 1.0.0 and the key size is larger than 1024; older OpenSSL versions
394 do not support keys larger than 1024 bits.
Ayrx97a72fd2014-04-15 19:02:51 +0800[diff] [blame]395
Paul Kehrer0b3ff3b2014-05-01 15:34:42 -0500[diff] [blame]396 .. method:: create_dsa_signature_ctx(private_key, algorithm)
397
398 :param private_key: An instance of a
399 :class:`~cryptography.hazmat.primitives.interfaces.DSAPrivateKey`
400 provider.
401
402 :param algorithm: An instance of a
403 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
404 provider
405
406 :returns:
407 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
408
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]409 .. method:: create_dsa_verification_ctx(public_key, signature, algorithm)
410
411 :param public_key: An instance of a
412 :class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey`
413 provider.
414
Paul Kehrer21babbb2014-05-01 11:33:22 -0500[diff] [blame]415 :param bytes signature: The signature to verify. DER encoded as
416 specified in :rfc:`6979`.
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]417
418 :param algorithm: An instance of a
419 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
420 provider.
421
422 :returns:
423 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
424
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]425 .. method:: dsa_hash_supported(algorithm):
Paul Kehrer43dc2762014-04-30 16:24:39 -0500[diff] [blame]426
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]427 :param algorithm: An instance of a
428 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
429 provider.
430
431 :returns: ``True`` if the specified ``algorithm`` is supported by this
432 backend, otherwise ``False``.
433
Paul Kehrer21babbb2014-05-01 11:33:22 -0500[diff] [blame]434 .. method:: dsa_parameters_supported(p, q, g):
Paul Kehrerb4037872014-04-30 16:32:23 -0500[diff] [blame]435
436 :param int p: The p value of a DSA key.
437
438 :param int q: The q value of a DSA key.
439
Paul Kehrer21babbb2014-05-01 11:33:22 -0500[diff] [blame]440 :param int g: The g value of a DSA key.
441
442 :returns: ``True`` if the given values of ``p``, ``q``, and ``g`` are
443 supported by this backend, otherwise ``False``.
Paul Kehrerb4037872014-04-30 16:32:23 -0500[diff] [blame]444
Ayrx97a72fd2014-04-15 19:02:51 +0800[diff] [blame]445
446.. class:: CMACBackend
447
448 .. versionadded:: 0.4
449
450 A backend with methods for using CMAC
451
Ayrx6cf29f22014-04-16 23:47:36 +0800[diff] [blame]452 .. method:: cmac_algorithm_supported(algorithm)
Ayrx97a72fd2014-04-15 19:02:51 +0800[diff] [blame]453
Ayrx6cf29f22014-04-16 23:47:36 +0800[diff] [blame]454 :param algorithm: An instance of a
455 :class:`~cryptography.hazmat.primitives.interfaces.BlockCipherAlgorithm`
456 provider.
457 :return: Returns True if the block cipher is supported for CMAC by this backend
Ayrx97a72fd2014-04-15 19:02:51 +0800[diff] [blame]458
459 .. method:: create_cmac_ctx(algorithm)
460
461 Create a
462 :class:`~cryptography.hazmat.primitives.interfaces.CMACContext` that
463 uses the specified ``algorithm`` to calculate a message authentication code.
464
465 :param algorithm: An instance of a
466 :class:`~cryptography.hazmat.primitives.interfaces.BlockCipherAlgorithm`
467 provider.
468
469 :returns:
470 :class:`~cryptography.hazmat.primitives.interfaces.CMACContext`
Paul Kehrer286c7dc2014-05-31 12:05:38 -0500[diff] [blame]471
472
473.. class:: PKCS8SerializationBackend
474
475 .. versionadded:: 0.5
476
477 A backend with methods for working with PKCS #8 key serialization.
478
479 .. method:: load_pkcs8_pem_private_key(data, password)
480
481 :param bytes data: PEM data to deserialize.
482
483 :param bytes password: The password to use if this data is encrypted.
484 Should be None if the data is not encrypted.
485
486 :return: A new instance of the appropriate private key or public key
487 that the serialized data contains.
488
489 :raises ValueError: If the data could not be deserialized correctly.
490
491 :raises cryptography.exceptions.UnsupportedAlgorithm: If the data is
492 encrypted with an unsupported algorithm.
Alex Stapleton13f1d8d2014-05-17 16:50:11 +0100[diff] [blame]493
494
495.. class:: EllipticCurveBackend
496
497 .. versionadded:: 0.5
498
499 .. method:: elliptic_curve_supported(curve)
500
501 :param curve: An instance of a
502 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurve`
503 provider.
504
505 :returns: True if the elliptic curve is supported by this backend.
506
507 .. method:: elliptic_curve_signature_algorithm_supported(signature_algorithm, curve)
508
509 :param signature_algorithm: An instance of a
510 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurveSignatureAlgorithm`
511 provider.
512
513 :param curve: An instance of a
514 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurve`
515 provider.
516
517 :returns: True if the signature algorithm and curve are supported by this backend.
518
519 .. method:: generate_elliptic_curve_private_key(curve)
520
521 :param curve: An instance of a
522 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurve`
523 provider.
524
525 .. method:: elliptic_curve_private_key_from_numbers(numbers)
526
527 :param numbers: An instance of a
528 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePrivateNumbers`
529 provider.
530
531 :returns: An instance of a
532 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePrivateKey`
533 provider.
534
535 .. method:: elliptic_curve_public_key_from_numbers(numbers)
536
537 :param numbers: An instance of a
538 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePublicNumbers`
539 provider.
540
541 :returns: An instance of a
542 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePublicKey`
543 provider.