From b7c6029766ed066a2616343d82027472881ab0a3 Mon Sep 17 00:00:00 2001
From: Alex Stapleton <alexs@prol.etari.at>
Date: Mon, 25 Aug 2014 10:57:42 +0100
Subject: DH backend interfaces

---
 docs/hazmat/backends/interfaces.rst            | 85 ++++++++++++++++++++++++++
 src/cryptography/hazmat/backends/interfaces.py | 52 ++++++++++++++++
 2 files changed, 137 insertions(+)

diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst
index 8866cf71..4da0d753 100644
--- a/docs/hazmat/backends/interfaces.rst
+++ b/docs/hazmat/backends/interfaces.rst
@@ -518,3 +518,88 @@ A specific ``backend`` may provide one or more of these interfaces.
 
         :returns: An instance of
             :class:`~cryptography.x509.CertificateSigningRequest`.
+
+
+.. class:: DHBackend
+
+    .. versionadded:: 0.9
+
+    A backend with methods for doing Diffie-Hellman key exchange.
+
+    .. method:: generate_dh_parameters(key_size)
+
+        :param int key_size: The bit length of the prime modulus to generate.
+
+        :return: A new instance of a
+            :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHParameters`
+            provider.
+
+        :raises ValueError: If ``key_size`` is not at least 512.
+
+    .. method:: generate_dh_private_key(parameters)
+
+        :param parameters: A
+            :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHParameters`
+            provider.
+
+        :return: A new instance of a
+            :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey`
+            provider.
+
+    .. method:: generate_dh_private_key_and_parameters(self, key_size)
+
+        :param int key_size: The bit length of the prime modulus to generate.
+
+        :return: A new instance of a
+            :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey`
+            provider.
+
+        :raises ValueError: If ``key_size`` is not at least 512.
+
+    .. method:: load_dh_private_numbers(numbers)
+
+        :param numbers: A
+            :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateNumbers`
+            instance.
+
+        :return: A new instance of a
+            :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey`
+            provider.
+
+        :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised
+            when any backend specific criteria are not met.
+
+    .. method:: load_dh_public_numbers(numbers)
+
+        :param numbers: A
+            :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicNumbers`
+            instance.
+
+        :return: A new instance of a
+            :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKey`
+            provider.
+
+        :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised
+            when any backend specific criteria are not met.
+
+    .. method:: load_dh_parameter_numbers(numbers)
+
+        :param numbers: A
+            :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHParameterNumbers`
+            instance.
+
+        :return: A new instance of a
+            :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHParameters`
+            provider.
+
+        :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised
+            when any backend specific criteria are not met.
+
+    .. method:: dh_parameters_supported(p, g)
+
+        :param int p: The p value of the DH key.
+
+        :param int g: The g value of the DH key.
+
+        :returns: ``True`` if the given values of ``p`` and ``g`` are supported
+            by this backend, otherwise ``False``.
diff --git a/src/cryptography/hazmat/backends/interfaces.py b/src/cryptography/hazmat/backends/interfaces.py
index 5224f5c7..eca7ddf4 100644
--- a/src/cryptography/hazmat/backends/interfaces.py
+++ b/src/cryptography/hazmat/backends/interfaces.py
@@ -273,3 +273,55 @@ class X509Backend(object):
         """
         Load an X.509 CSR from PEM encoded data.
         """
+
+
+@six.add_metaclass(abc.ABCMeta)
+class DHBackend(object):
+    @abc.abstractmethod
+    def generate_dh_parameters(self, key_size):
+        """
+        Generate a DHParameters instance with a modulus of key_size bits.
+        """
+
+    @abc.abstractmethod
+    def generate_dh_private_key(self, parameters):
+        """
+        Generate a DHPrivateKey instance with parameters as a DHParameters
+        object.
+        """
+
+    @abc.abstractmethod
+    def generate_dh_private_key_and_parameters(self, key_size):
+        """
+        Generate a DHPrivateKey instance using key size only.
+        """
+
+    @abc.abstractmethod
+    def load_dh_private_numbers(self, numbers):
+        """
+        Returns a DHPrivateKey provider.
+        """
+
+    @abc.abstractmethod
+    def load_dh_public_numbers(self, numbers):
+        """
+        Returns a DHPublicKey provider.
+        """
+
+    @abc.abstractmethod
+    def load_dh_parameter_numbers(self, numbers):
+        """
+        Returns a DHParameters provider.
+        """
+
+    @abc.abstractmethod
+    def dh_exchange_algorithm_supported(self, exchange_algorithm):
+        """
+        Returns whether the exchange algorithm is supported by this backend.
+        """
+
+    @abc.abstractmethod
+    def dh_parameters_supported(self, p, g):
+        """
+        Returns whether the backend supports DH with these parameter values.
+        """
-- 
cgit v1.2.3