Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / f2fb02a2c42395d5b3b0f161a127234452a2a976 / . / docs / hazmat / backends / interfaces.rst
blob: a18a3d57e2b1d9f7a42a6b07869354c548145cc1 [file] [log] [blame]
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]1.. hazmat::
2
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]3Backend interfaces
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]4==================
5
Alex Gaynorf8796b12013-12-13 20:28:55 -0800[diff] [blame]6.. currentmodule:: cryptography.hazmat.backends.interfaces
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]7
8
Alex Gaynor969f18e2014-05-17 20:07:35 -0700[diff] [blame]9Backend implementations may provide a number of interfaces to support
10operations such as :doc:`/hazmat/primitives/symmetric-encryption`,
David Reid6b9df812013-11-18 14:13:02 -0800[diff] [blame]11:doc:`/hazmat/primitives/cryptographic-hashes`, and
Ayrxfa4a6b22014-04-16 23:03:14 +0800[diff] [blame]12:doc:`/hazmat/primitives/mac/hmac`.
David Reid6b9df812013-11-18 14:13:02 -0800[diff] [blame]13
14A specific ``backend`` may provide one or more of these interfaces.
15
16
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]17.. class:: CipherBackend
18
Alex Stapleton63b3de22014-02-08 09:43:16 +0000[diff] [blame]19 A backend that provides methods for using ciphers for encryption
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]20 and decryption.
21
Alex Gaynor585c99c2014-02-04 16:10:10 -0800[diff] [blame]22 The following backends implement this interface:
23
24 * :doc:`/hazmat/backends/openssl`
25 * :doc:`/hazmat/backends/commoncrypto`
26
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]27 .. method:: cipher_supported(cipher, mode)
28
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]29 Check if a ``cipher`` and ``mode`` combination is supported by
30 this backend.
31
32 :param cipher: An instance of a
33 :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm`
34 provider.
35 :param mode: An instance of a
36 :class:`~cryptography.hazmat.primitives.interfaces.Mode` provider.
37
38 :returns: ``True`` if the specified ``cipher`` and ``mode`` combination
39 is supported by this backend, otherwise ``False``
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]40
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]41
42 .. method:: create_symmetric_encryption_ctx(cipher, mode)
43
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]44 Create a
Paul Kehrer446cc2a2014-01-29 14:39:30 -0600[diff] [blame]45 :class:`~cryptography.hazmat.primitives.interfaces.CipherContext` that
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]46 can be used for encrypting data with the symmetric ``cipher`` using
47 the given ``mode``.
48
49 :param cipher: An instance of a
50 :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm`
51 provider.
52 :param mode: An instance of a
53 :class:`~cryptography.hazmat.primitives.interfaces.Mode` provider.
54
55 :returns:
56 :class:`~cryptography.hazmat.primitives.interfaces.CipherContext`
57
Paul Kehrera07925a2013-12-06 11:49:42 -0600[diff] [blame]58 :raises ValueError: When tag is not None in an AEAD mode
59
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]60
61 .. method:: create_symmetric_decryption_ctx(cipher, mode)
62
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]63 Create a
Paul Kehrer446cc2a2014-01-29 14:39:30 -0600[diff] [blame]64 :class:`~cryptography.hazmat.primitives.interfaces.CipherContext` that
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]65 can be used for decrypting data with the symmetric ``cipher`` using
66 the given ``mode``.
67
68 :param cipher: An instance of a
69 :class:`~cryptography.hazmat.primitives.interfaces.CipherAlgorithm`
70 provider.
71 :param mode: An instance of a
72 :class:`~cryptography.hazmat.primitives.interfaces.Mode` provider.
73
74 :returns:
75 :class:`~cryptography.hazmat.primitives.interfaces.CipherContext`
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]76
Paul Kehrera07925a2013-12-06 11:49:42 -0600[diff] [blame]77 :raises ValueError: When tag is None in an AEAD mode
78
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]79
80.. class:: HashBackend
81
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]82 A backend with methods for using cryptographic hash functions.
83
Alex Gaynor585c99c2014-02-04 16:10:10 -0800[diff] [blame]84 The following backends implement this interface:
85
86 * :doc:`/hazmat/backends/openssl`
87 * :doc:`/hazmat/backends/commoncrypto`
88
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]89 .. method:: hash_supported(algorithm)
90
David Reid6624a442013-11-18 12:44:30 -0800[diff] [blame]91 Check if the specified ``algorithm`` is supported by this backend.
92
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]93 :param algorithm: An instance of a
94 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
95 provider.
96
97 :returns: ``True`` if the specified ``algorithm`` is supported by this
98 backend, otherwise ``False``.
99
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]100
101 .. method:: create_hash_ctx(algorithm)
102
David Reid6624a442013-11-18 12:44:30 -0800[diff] [blame]103 Create a
Paul Kehrer446cc2a2014-01-29 14:39:30 -0600[diff] [blame]104 :class:`~cryptography.hazmat.primitives.interfaces.HashContext` that
David Reid6624a442013-11-18 12:44:30 -0800[diff] [blame]105 uses the specified ``algorithm`` to calculate a message digest.
106
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]107 :param algorithm: An instance of a
108 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
109 provider.
110
111 :returns:
112 :class:`~cryptography.hazmat.primitives.interfaces.HashContext`
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]113
114
115.. class:: HMACBackend
116
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]117 A backend with methods for using cryptographic hash functions as message
118 authentication codes.
119
Alex Gaynor585c99c2014-02-04 16:10:10 -0800[diff] [blame]120 The following backends implement this interface:
121
122 * :doc:`/hazmat/backends/openssl`
123 * :doc:`/hazmat/backends/commoncrypto`
124
Paul Kehrer90ae8662013-12-23 17:21:00 -0600[diff] [blame]125 .. method:: hmac_supported(algorithm)
126
127 Check if the specified ``algorithm`` is supported by this backend.
128
129 :param algorithm: An instance of a
130 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
131 provider.
132
133 :returns: ``True`` if the specified ``algorithm`` is supported for HMAC
134 by this backend, otherwise ``False``.
135
David Reid2a746ce2013-11-15 15:32:14 -0800[diff] [blame]136 .. method:: create_hmac_ctx(algorithm)
137
David Reid6624a442013-11-18 12:44:30 -0800[diff] [blame]138 Create a
Paul Kehrer446cc2a2014-01-29 14:39:30 -0600[diff] [blame]139 :class:`~cryptography.hazmat.primitives.interfaces.HashContext` that
Paul Kehrer4f776c42013-12-23 17:25:54 -0600[diff] [blame]140 uses the specified ``algorithm`` to calculate a hash-based message
141 authentication code.
David Reid6624a442013-11-18 12:44:30 -0800[diff] [blame]142
David Reid5973f4c2013-11-18 11:29:44 -0800[diff] [blame]143 :param algorithm: An instance of a
144 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
145 provider.
146
147 :returns:
148 :class:`~cryptography.hazmat.primitives.interfaces.HashContext`
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]149
150
Paul Kehrer98e40e62014-01-28 15:07:49 -0600[diff] [blame]151.. class:: PBKDF2HMACBackend
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]152
Paul Kehrer5d1af212014-01-28 12:19:32 -0600[diff] [blame]153 .. versionadded:: 0.2
154
Paul Kehrer98e40e62014-01-28 15:07:49 -0600[diff] [blame]155 A backend with methods for using PBKDF2 using HMAC as a PRF.
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]156
Alex Gaynor585c99c2014-02-04 16:10:10 -0800[diff] [blame]157 The following backends implement this interface:
158
159 * :doc:`/hazmat/backends/openssl`
160 * :doc:`/hazmat/backends/commoncrypto`
161
Paul Kehrer98e40e62014-01-28 15:07:49 -0600[diff] [blame]162 .. method:: pbkdf2_hmac_supported(algorithm)
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]163
164 Check if the specified ``algorithm`` is supported by this backend.
165
Paul Kehrer589b9082014-01-28 21:25:41 -0600[diff] [blame]166 :param algorithm: An instance of a
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]167 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
168 provider.
169
170 :returns: ``True`` if the specified ``algorithm`` is supported for
Paul Kehrer98e40e62014-01-28 15:07:49 -0600[diff] [blame]171 PBKDF2 HMAC by this backend, otherwise ``False``.
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]172
Paul Kehrer98e40e62014-01-28 15:07:49 -0600[diff] [blame]173 .. method:: derive_pbkdf2_hmac(self, algorithm, length, salt, iterations,
174 key_material)
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]175
176 :param algorithm: An instance of a
177 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
178 provider.
179
180 :param int length: The desired length of the derived key. Maximum is
Paul Kehrer98e40e62014-01-28 15:07:49 -0600[diff] [blame]181 (2\ :sup:`32` - 1) * ``algorithm.digest_size``
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]182
Paul Kehrerb6d764c2014-01-27 22:32:11 -0600[diff] [blame]183 :param bytes salt: A salt.
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]184
185 :param int iterations: The number of iterations to perform of the hash
Paul Kehrerc58b4782014-01-29 13:56:25 -0600[diff] [blame]186 function. This can be used to control the length of time the
187 operation takes. Higher numbers help mitigate brute force attacks
188 against derived keys.
Paul Kehrer1050ddf2014-01-27 21:04:03 -0600[diff] [blame]189
190 :param bytes key_material: The key material to use as a basis for
191 the derived key. This is typically a password.
192
193 :return bytes: Derived key.
Alex Stapleton209a1322014-02-07 20:26:44 +0000[diff] [blame]194
195
196.. class:: RSABackend
197
198 .. versionadded:: 0.2
199
200 A backend with methods for using RSA.
201
Alex Stapletone009ad22014-02-08 17:23:46 +0000[diff] [blame]202 .. method:: generate_rsa_private_key(public_exponent, key_size)
Alex Stapleton209a1322014-02-07 20:26:44 +0000[diff] [blame]203
204 :param int public_exponent: The public exponent of the new key.
205 Often one of the small Fermat primes 3, 5, 17, 257 or 65537.
206
Alex Stapletone009ad22014-02-08 17:23:46 +0000[diff] [blame]207 :param int key_size: The length in bits of the modulus. Should be
Alex Stapleton209a1322014-02-07 20:26:44 +0000[diff] [blame]208 at least 2048.
209
210 :return: A new instance of a
211 :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey`
212 provider.
213
214 :raises ValueError: If the public_exponent is not valid.
Paul Kehrer2b3f0fc2014-02-17 19:20:14 -0600[diff] [blame]215
Paul Kehrer3292c992014-02-17 21:12:38 -0600[diff] [blame]216 .. method:: create_rsa_signature_ctx(private_key, padding, algorithm)
Paul Kehrer2b3f0fc2014-02-17 19:20:14 -0600[diff] [blame]217
Paul Kehrerf2fb02a2014-06-19 10:16:42 -0600[diff] [blame^]218 .. deprecated:: 0.5
219
Paul Kehrerdd3780a2014-02-18 13:17:53 -0600[diff] [blame]220 :param private_key: An instance of an
Paul Kehrer2b3f0fc2014-02-17 19:20:14 -0600[diff] [blame]221 :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey`
222 provider.
223
Paul Kehrerdd3780a2014-02-18 13:17:53 -0600[diff] [blame]224 :param padding: An instance of an
Paul Kehrer2b3f0fc2014-02-17 19:20:14 -0600[diff] [blame]225 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
226 provider.
227
228 :param algorithm: An instance of a
229 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
230 provider.
231
232 :returns:
Paul Kehrerdd3780a2014-02-18 13:17:53 -0600[diff] [blame]233 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
Paul Kehrer2b3f0fc2014-02-17 19:20:14 -0600[diff] [blame]234
Paul Kehrerdd3780a2014-02-18 13:17:53 -0600[diff] [blame]235 .. method:: create_rsa_verification_ctx(public_key, signature, padding, algorithm)
Paul Kehrer2b3f0fc2014-02-17 19:20:14 -0600[diff] [blame]236
Paul Kehrerf2fb02a2014-06-19 10:16:42 -0600[diff] [blame^]237 .. deprecated:: 0.5
238
Paul Kehrer2b3f0fc2014-02-17 19:20:14 -0600[diff] [blame]239 :param public_key: An instance of a
240 :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`
241 provider.
242
243 :param bytes signature: The signature to verify.
244
Paul Kehrerdd3780a2014-02-18 13:17:53 -0600[diff] [blame]245 :param padding: An instance of an
Paul Kehrer2b3f0fc2014-02-17 19:20:14 -0600[diff] [blame]246 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
247 provider.
248
249 :param algorithm: An instance of a
250 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
251 provider.
252
253 :returns:
Paul Kehrer430202d2014-02-18 13:36:53 -0600[diff] [blame]254 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
Alex Stapleton2fb76a32014-02-15 11:10:57 +0000[diff] [blame]255
Paul Kehrer06c77932014-03-09 22:22:14 -0400[diff] [blame]256 .. method:: mgf1_hash_supported(algorithm)
257
258 Check if the specified ``algorithm`` is supported for use with
259 :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1`
260 inside :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`
261 padding.
262
263 :param algorithm: An instance of a
264 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
265 provider.
266
267 :returns: ``True`` if the specified ``algorithm`` is supported by this
268 backend, otherwise ``False``.
269
Paul Kehrerc333dbc2014-05-24 18:35:02 -0500[diff] [blame]270 .. method:: rsa_padding_supported(padding)
271
272 Check if the specified ``padding`` is supported by the backend.
273
274 :param padding: An instance of an
275 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
276 provider.
277
278 :returns: ``True`` if the specified ``padding`` is supported by this
279 backend, otherwise ``False``.
280
Paul Kehrer342d2e42014-05-25 22:01:20 -0500[diff] [blame]281 .. method:: generate_rsa_parameters_supported(public_exponent, key_size)
282
283 Check if the specified parameters are supported for key generation by
284 the backend.
285
Paul Kehrer1b760f12014-05-26 08:54:38 -0500[diff] [blame]286 :param int public_exponent: The public exponent.
Paul Kehrer342d2e42014-05-25 22:01:20 -0500[diff] [blame]287
Paul Kehrer1b760f12014-05-26 08:54:38 -0500[diff] [blame]288 :param int key_size: The bit length of the generated modulus.
Paul Kehrer342d2e42014-05-25 22:01:20 -0500[diff] [blame]289
Paul Kehrer4c0a3742014-04-05 19:51:00 -0500[diff] [blame]290 .. method:: decrypt_rsa(private_key, ciphertext, padding)
291
Paul Kehrerf2fb02a2014-06-19 10:16:42 -0600[diff] [blame^]292 .. deprecated:: 0.5
293
Paul Kehrer4c0a3742014-04-05 19:51:00 -0500[diff] [blame]294 :param private_key: An instance of an
295 :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey`
296 provider.
297
298 :param bytes ciphertext: The ciphertext to decrypt.
299
300 :param padding: An instance of an
301 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
302 provider.
303
Paul Kehrerc929e402014-05-09 11:09:13 -0500[diff] [blame]304 :return bytes: The decrypted data.
305
306 :raises cryptography.exceptions.UnsupportedAlgorithm: If an unsupported
307 MGF, hash function, or padding is chosen.
308
309 :raises ValueError: When decryption fails or key size does not match
310 ciphertext length.
311
Paul Kehrer4e602f32014-04-24 12:07:54 -0500[diff] [blame]312 .. method:: encrypt_rsa(public_key, plaintext, padding)
313
Paul Kehrerf2fb02a2014-06-19 10:16:42 -0600[diff] [blame^]314 .. deprecated:: 0.5
315
Paul Kehrer4e602f32014-04-24 12:07:54 -0500[diff] [blame]316 :param public_key: An instance of an
317 :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`
318 provider.
319
320 :param bytes plaintext: The plaintext to encrypt.
321
322 :param padding: An instance of an
323 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
324 provider.
325
Paul Kehrerc929e402014-05-09 11:09:13 -0500[diff] [blame]326 :return bytes: The encrypted data.
327
328 :raises cryptography.exceptions.UnsupportedAlgorithm: If an unsupported
329 MGF, hash function, or padding is chosen.
330
331 :raises ValueError: When plaintext is too long for the key size.
David Reid576a1532014-05-28 14:00:41 -0700[diff] [blame]332
David Reida674afe2014-05-30 14:15:29 -0700[diff] [blame]333 .. method:: load_rsa_private_numbers(numbers):
David Reid68b509a2014-05-08 10:31:51 -0700[diff] [blame]334
335 :param numbers: An instance of
David Reida674afe2014-05-30 14:15:29 -0700[diff] [blame]336 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers`.
David Reid68b509a2014-05-08 10:31:51 -0700[diff] [blame]337
338 :returns: A provider of
David Reida674afe2014-05-30 14:15:29 -0700[diff] [blame]339 :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey`.
340
David Reidc57a3762014-06-03 13:27:50 -0700[diff] [blame]341 :raises ValueError: This is raised when the values of ``p``, ``q``,
342 ``private_exponent``, ``public_exponent``, or ``modulus`` do not
343 match the bounds specified in :rfc:`3447`.
344
David Reidda76ae02014-06-03 14:01:18 -0700[diff] [blame]345 :raises cryptography.exceptions.UnsupportedAlgorithm: This raised when
346 any backend specific criteria are not met.
347
David Reida674afe2014-05-30 14:15:29 -0700[diff] [blame]348 .. method:: load_rsa_public_numbers(numbers):
349
350 :param numbers: An instance of
351 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers`.
352
353 :returns: A provider of
354 :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`.
David Reid68b509a2014-05-08 10:31:51 -0700[diff] [blame]355
David Reidc57a3762014-06-03 13:27:50 -0700[diff] [blame]356 :raises ValueError: This is raised when the values of
357 ``public_exponent`` or ``modulus`` do not match the bounds
358 specified in :rfc:`3447`.
359
David Reidda76ae02014-06-03 14:01:18 -0700[diff] [blame]360 :raises cryptography.exceptions.UnsupportedAlgorithm: This raised when
361 any backend specific criteria are not met.
362
Alex Stapleton2fb76a32014-02-15 11:10:57 +0000[diff] [blame]363
Alex Stapleton458c09b2014-04-23 20:58:37 +0100[diff] [blame]364.. class:: TraditionalOpenSSLSerializationBackend
Alex Stapleton2fb76a32014-02-15 11:10:57 +0000[diff] [blame]365
366 .. versionadded:: 0.3
367
368 A backend with methods for working with OpenSSL's "traditional" PKCS #1
369 style key serialization.
370
371 .. method:: load_openssl_pem_private_key(data, password)
Alex Gaynorc6a6f312014-03-06 14:22:56 -0800[diff] [blame]372
Alex Stapleton2fb76a32014-02-15 11:10:57 +0000[diff] [blame]373 :param bytes data: PEM data to deserialize.
374
375 :param bytes password: The password to use if this data is encrypted.
376 Should be None if the data is not encrypted.
377
Alex Stapleton458c09b2014-04-23 20:58:37 +0100[diff] [blame]378 :return: A new instance of the appropriate private key or public key
379 that the serialized data contains.
Alex Stapleton2fb76a32014-02-15 11:10:57 +0000[diff] [blame]380
381 :raises ValueError: If the data could not be deserialized correctly.
382
383 :raises cryptography.exceptions.UnsupportedAlgorithm: If the data is
384 encrypted with an unsupported algorithm.
Mohammed Attia29474ac2014-04-02 04:03:09 +0200[diff] [blame]385
386
387.. class:: DSABackend
388
389 .. versionadded:: 0.4
390
391 A backend with methods for using DSA.
392
393 .. method:: generate_dsa_parameters(key_size)
394
Alex Gaynorc9dc0a02014-04-24 13:38:12 -0700[diff] [blame]395 :param int key_size: The length of the modulus in bits. It should be
396 either 1024, 2048 or 3072. For keys generated in 2014 this should
Mohammed Attia29474ac2014-04-02 04:03:09 +0200[diff] [blame]397 be at least 2048.
Alex Gaynorc9dc0a02014-04-24 13:38:12 -0700[diff] [blame]398 Note that some applications (such as SSH) have not yet gained
399 support for larger key sizes specified in FIPS 186-3 and are still
400 restricted to only the 1024-bit keys specified in FIPS 186-2.
Mohammed Attia29474ac2014-04-02 04:03:09 +0200[diff] [blame]401
402 :return: A new instance of a
403 :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`
404 provider.
405
406 .. method:: generate_dsa_private_key(parameters)
407
408 :param parameters: A
409 :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters`
410 provider.
411
412 :return: A new instance of a
413 :class:`~cryptography.hazmat.primitives.interfaces.DSAPrivateKey`
414 provider.
415
Alex Gaynor239d5182014-04-24 13:42:58 -0700[diff] [blame]416 :raises ValueError: This is raised if the key size is not one of 1024,
417 2048, or 3072. It is also raised when OpenSSL is older than version
418 1.0.0 and the key size is larger than 1024; older OpenSSL versions
419 do not support keys larger than 1024 bits.
Ayrx97a72fd2014-04-15 19:02:51 +0800[diff] [blame]420
Paul Kehrer0b3ff3b2014-05-01 15:34:42 -0500[diff] [blame]421 .. method:: create_dsa_signature_ctx(private_key, algorithm)
422
423 :param private_key: An instance of a
424 :class:`~cryptography.hazmat.primitives.interfaces.DSAPrivateKey`
425 provider.
426
427 :param algorithm: An instance of a
428 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
429 provider
430
431 :returns:
432 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricSignatureContext`
433
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]434 .. method:: create_dsa_verification_ctx(public_key, signature, algorithm)
435
436 :param public_key: An instance of a
437 :class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey`
438 provider.
439
Paul Kehrer21babbb2014-05-01 11:33:22 -0500[diff] [blame]440 :param bytes signature: The signature to verify. DER encoded as
441 specified in :rfc:`6979`.
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]442
443 :param algorithm: An instance of a
444 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
445 provider.
446
447 :returns:
448 :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext`
449
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]450 .. method:: dsa_hash_supported(algorithm):
Paul Kehrer43dc2762014-04-30 16:24:39 -0500[diff] [blame]451
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]452 :param algorithm: An instance of a
453 :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
454 provider.
455
456 :returns: ``True`` if the specified ``algorithm`` is supported by this
457 backend, otherwise ``False``.
458
Paul Kehrer21babbb2014-05-01 11:33:22 -0500[diff] [blame]459 .. method:: dsa_parameters_supported(p, q, g):
Paul Kehrerb4037872014-04-30 16:32:23 -0500[diff] [blame]460
461 :param int p: The p value of a DSA key.
462
463 :param int q: The q value of a DSA key.
464
Paul Kehrer21babbb2014-05-01 11:33:22 -0500[diff] [blame]465 :param int g: The g value of a DSA key.
466
467 :returns: ``True`` if the given values of ``p``, ``q``, and ``g`` are
468 supported by this backend, otherwise ``False``.
Paul Kehrerb4037872014-04-30 16:32:23 -0500[diff] [blame]469
Ayrx97a72fd2014-04-15 19:02:51 +0800[diff] [blame]470
471.. class:: CMACBackend
472
473 .. versionadded:: 0.4
474
475 A backend with methods for using CMAC
476
Ayrx6cf29f22014-04-16 23:47:36 +0800[diff] [blame]477 .. method:: cmac_algorithm_supported(algorithm)
Ayrx97a72fd2014-04-15 19:02:51 +0800[diff] [blame]478
Ayrx6cf29f22014-04-16 23:47:36 +0800[diff] [blame]479 :param algorithm: An instance of a
480 :class:`~cryptography.hazmat.primitives.interfaces.BlockCipherAlgorithm`
481 provider.
482 :return: Returns True if the block cipher is supported for CMAC by this backend
Ayrx97a72fd2014-04-15 19:02:51 +0800[diff] [blame]483
484 .. method:: create_cmac_ctx(algorithm)
485
486 Create a
487 :class:`~cryptography.hazmat.primitives.interfaces.CMACContext` that
488 uses the specified ``algorithm`` to calculate a message authentication code.
489
490 :param algorithm: An instance of a
491 :class:`~cryptography.hazmat.primitives.interfaces.BlockCipherAlgorithm`
492 provider.
493
494 :returns:
495 :class:`~cryptography.hazmat.primitives.interfaces.CMACContext`
Paul Kehrer286c7dc2014-05-31 12:05:38 -0500[diff] [blame]496
497
498.. class:: PKCS8SerializationBackend
499
500 .. versionadded:: 0.5
501
502 A backend with methods for working with PKCS #8 key serialization.
503
504 .. method:: load_pkcs8_pem_private_key(data, password)
505
506 :param bytes data: PEM data to deserialize.
507
508 :param bytes password: The password to use if this data is encrypted.
509 Should be None if the data is not encrypted.
510
511 :return: A new instance of the appropriate private key or public key
512 that the serialized data contains.
513
514 :raises ValueError: If the data could not be deserialized correctly.
515
516 :raises cryptography.exceptions.UnsupportedAlgorithm: If the data is
517 encrypted with an unsupported algorithm.
Alex Stapleton13f1d8d2014-05-17 16:50:11 +0100[diff] [blame]518
519
520.. class:: EllipticCurveBackend
521
522 .. versionadded:: 0.5
523
524 .. method:: elliptic_curve_supported(curve)
525
526 :param curve: An instance of a
527 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurve`
528 provider.
529
530 :returns: True if the elliptic curve is supported by this backend.
531
532 .. method:: elliptic_curve_signature_algorithm_supported(signature_algorithm, curve)
533
534 :param signature_algorithm: An instance of a
535 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurveSignatureAlgorithm`
536 provider.
537
538 :param curve: An instance of a
539 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurve`
540 provider.
541
542 :returns: True if the signature algorithm and curve are supported by this backend.
543
544 .. method:: generate_elliptic_curve_private_key(curve)
545
546 :param curve: An instance of a
547 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurve`
548 provider.
549
550 .. method:: elliptic_curve_private_key_from_numbers(numbers)
551
552 :param numbers: An instance of a
553 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePrivateNumbers`
554 provider.
555
556 :returns: An instance of a
557 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePrivateKey`
558 provider.
559
560 .. method:: elliptic_curve_public_key_from_numbers(numbers)
561
562 :param numbers: An instance of a
563 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePublicNumbers`
564 provider.
565
566 :returns: An instance of a
567 :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePublicKey`
568 provider.