From a9f2fecf500460a2755d6a563828eed67cec28b8 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 10 Jul 2014 10:31:19 -0500 Subject: these functions were removed before 0.5 release --- .../hazmat/primitives/asymmetric/serialization.rst | 38 ---------------------- 1 file changed, 38 deletions(-) (limited to 'docs/hazmat') diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst index 874fce83..0525ed74 100644 --- a/docs/hazmat/primitives/asymmetric/serialization.rst +++ b/docs/hazmat/primitives/asymmetric/serialization.rst @@ -98,41 +98,3 @@ header that mentions the type of the serialized key. e.g. :raises UnsupportedAlgorithm: If the serialized key is of a type that is not supported by the backend or if the key is encrypted with a symmetric cipher that is not supported by the backend. - - -RSA Numbers -~~~~~~~~~~~ - -.. function:: load_rsa_private_numbers(numbers, backend) - - .. versionadded:: 0.5 - - Create a private key instance using the given backend and numbers. - - :param numbers: An instance of - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers`. - - :param backend: A - :class:`~cryptography.hazmat.backends.interfaces.RSABackend` provider. - - :returns: A new instance of a private key. - - :raises UnsupportedAlgorithm: If the given backend does not support loading - numbers. - -.. function:: load_rsa_public_numbers(numbers, backend) - - .. versionadded:: 0.5 - - Create a public key instance using the given backend and numbers. - - :param numbers: An instance of - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicNumbers`. - - :param backend: A - :class:`~cryptography.hazmat.backends.interfaces.RSABackend` provider. - - :returns: A new instance of a public key. - - :raises UnsupportedAlgorithm: If the given backend does not support loading - numbers. -- cgit v1.2.3 From bdcca520d5a91f0b021e495782a1ff115a34c859 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 10 Jul 2014 10:37:47 -0500 Subject: document methods on RSA/DSA Numbers classes --- docs/hazmat/primitives/asymmetric/dsa.rst | 30 ++++++++++++++++++++++++++++++ docs/hazmat/primitives/asymmetric/rsa.rst | 19 +++++++++++++++++++ 2 files changed, 49 insertions(+) (limited to 'docs/hazmat') diff --git a/docs/hazmat/primitives/asymmetric/dsa.rst b/docs/hazmat/primitives/asymmetric/dsa.rst index 55f36b51..e411931b 100644 --- a/docs/hazmat/primitives/asymmetric/dsa.rst +++ b/docs/hazmat/primitives/asymmetric/dsa.rst @@ -119,6 +119,16 @@ Numbers The generator. + .. method:: parameters(backend) + + :param backend: A + :class:`~cryptography.hazmat.backends.interfaces.DSABackend` + provider. + + :returns: A new instance of a + :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters` + provider. + .. class:: DSAPublicNumbers(y, parameter_numbers) .. versionadded:: 0.5 @@ -138,6 +148,16 @@ Numbers The :class:`~cryptography.hazmat.primitives.dsa.DSAParameterNumbers` associated with the public key. + .. method:: public_key(backend) + + :param backend: A + :class:`~cryptography.hazmat.backends.interfaces.DSABackend` + provider. + + :returns: A new instance of a + :class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey` + provider. + .. class:: DSAPrivateNumbers(x, public_numbers) .. versionadded:: 0.5 @@ -162,6 +182,16 @@ Numbers The :class:`~cryptography.hazmat.primitives.dsa.DSAPublicNumbers` associated with the private key. + .. method:: private_key(backend) + + :param backend: A + :class:`~cryptography.hazmat.backends.interfaces.DSABackend` + provider. + + :returns: A new instance of a + :class:`~cryptography.hazmat.primitives.interfaces.DSAPrivateKey` + provider. + Deprecated Concrete Classes ~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst index 7250066a..a9637523 100644 --- a/docs/hazmat/primitives/asymmetric/rsa.rst +++ b/docs/hazmat/primitives/asymmetric/rsa.rst @@ -153,6 +153,15 @@ is unavailable. The public exponent. + .. method:: public_key(backend) + + :param backend: A + :class:`~cryptography.hazmat.backends.interfaces.RSABackend` + provider. + + :returns: A new instance of a + :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey` + provider. .. class:: RSAPrivateNumbers(p, q, d, dmp1, dmq1, iqmp, public_numbers) @@ -213,6 +222,16 @@ is unavailable. A `Chinese remainder theorem`_ coefficient used to speed up RSA operations. Calculated as: q\ :sup:`-1` mod p + .. method:: private_key(backend) + + :param backend: A new instance of a + :class:`~cryptography.hazmat.backends.interfaces.RSABackend` + provider. + + :returns: A + :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey` + provider. + Handling partial RSA private keys ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- cgit v1.2.3 From 9883e4e970cd8ed3bcdb58ee4679fb166fb0c391 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 10 Jul 2014 12:53:00 -0700 Subject: Document what the PEM headers look like in more cases --- docs/hazmat/primitives/asymmetric/serialization.rst | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) (limited to 'docs/hazmat') diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst index 0525ed74..2a70146f 100644 --- a/docs/hazmat/primitives/asymmetric/serialization.rst +++ b/docs/hazmat/primitives/asymmetric/serialization.rst @@ -28,9 +28,11 @@ methods. PKCS #8 Format ~~~~~~~~~~~~~~ -PKCS #8 is a serialization format originally standardized by RSA and -currently maintained by the IETF in :rfc:`5208`. It supports password based -encryption and additional key metadata attributes. +PKCS #8 is a serialization format originally standardized by RSA and currently +maintained by the IETF in :rfc:`5208`. It supports password based encryption +and additional key metadata attributes. These keys are recognizable because +they all begin with ``-----BEGIN PRIVATE KEY-----`` or with ``-----BEGIN +ENCRYPTED PRIVATE KEY-----`` if they have a password. .. function:: load_pkcs8_private_key(data, password, backend) @@ -44,6 +46,7 @@ encryption and additional key metadata attributes. :param bytes password: The password to use to decrypt the data. Should be ``None`` if the private key is not encrypted. + :param backend: A :class:`~cryptography.hazmat.backends.interfaces.PKCS8SerializationBackend` provider. @@ -65,11 +68,11 @@ encryption and additional key metadata attributes. Traditional OpenSSL Format ~~~~~~~~~~~~~~~~~~~~~~~~~~ -The "traditional" PKCS #1 based serialization format used by OpenSSL. -It supports password based symmetric key encryption. Commonly found in -OpenSSL based TLS applications. It is usually found in PEM format with a -header that mentions the type of the serialized key. e.g. -``-----BEGIN RSA PRIVATE KEY-----``. +The "traditional" PKCS #1 based serialization format used by OpenSSL. It +supports password based symmetric key encryption. Commonly found in OpenSSL +based TLS applications. It is usually found in PEM format with a header that +mentions the type of the serialized key. e.g. ``-----BEGIN RSA PRIVATE +KEY-----`` or ``-----BEGIN DSA PRIVATE KEY-----``. .. function:: load_pem_traditional_openssl_private_key(data, password, backend) @@ -82,6 +85,7 @@ header that mentions the type of the serialized key. e.g. :param bytes password: The password to use to decrypt the data. Should be ``None`` if the private key is not encrypted. + :param backend: A :class:`~cryptography.hazmat.backends.interfaces.TraditionalOpenSSLSerializationBackend` provider. -- cgit v1.2.3 From 192f1f714d2b35b9b38916aebf6132ad58e076da Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 10 Jul 2014 13:20:29 -0700 Subject: Mention both RFCs --- docs/hazmat/primitives/asymmetric/serialization.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'docs/hazmat') diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst index 2a70146f..739bfb88 100644 --- a/docs/hazmat/primitives/asymmetric/serialization.rst +++ b/docs/hazmat/primitives/asymmetric/serialization.rst @@ -29,10 +29,10 @@ PKCS #8 Format ~~~~~~~~~~~~~~ PKCS #8 is a serialization format originally standardized by RSA and currently -maintained by the IETF in :rfc:`5208`. It supports password based encryption -and additional key metadata attributes. These keys are recognizable because -they all begin with ``-----BEGIN PRIVATE KEY-----`` or with ``-----BEGIN -ENCRYPTED PRIVATE KEY-----`` if they have a password. +maintained by the IETF in :rfc:`5208` and :rfc:`5958`. It supports password +based encryption and additional key metadata attributes. These keys are +recognizable because they all begin with ``-----BEGIN PRIVATE KEY-----`` or +with ``-----BEGIN ENCRYPTED PRIVATE KEY-----`` if they have a password. .. function:: load_pkcs8_private_key(data, password, backend) -- cgit v1.2.3 From 3ed90bb71a7d9339bafd1ac2c13a53c2aef22a96 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 11 Jul 2014 12:42:02 -0700 Subject: Fixed example in the serialization docs --- docs/hazmat/primitives/asymmetric/serialization.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'docs/hazmat') diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst index 739bfb88..c092fab0 100644 --- a/docs/hazmat/primitives/asymmetric/serialization.rst +++ b/docs/hazmat/primitives/asymmetric/serialization.rst @@ -16,10 +16,11 @@ methods. .. code-block:: pycon + >>> from cryptography.hazmat.primitives import interfaces >>> key = load_pkcs8_private_key(pem_data, None, backend) - >>> if isinstance(key, rsa.RSAPrivateKey): + >>> if isinstance(key, interfaces.RSAPrivateKey): >>> signature = sign_with_rsa_key(key, message) - >>> elif isinstance(key, dsa.DSAPrivateKey): + >>> elif isinstance(key, interfaces.DSAPrivateKey): >>> signature = sign_with_dsa_key(key, message) >>> else: >>> raise TypeError -- cgit v1.2.3 From 814c57538b7cabba28024fb26c35dc29ab30dfc1 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 11 Jul 2014 13:02:50 -0700 Subject: Fixed name of the function --- docs/hazmat/primitives/asymmetric/serialization.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'docs/hazmat') diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst index c092fab0..93bcffd0 100644 --- a/docs/hazmat/primitives/asymmetric/serialization.rst +++ b/docs/hazmat/primitives/asymmetric/serialization.rst @@ -17,7 +17,8 @@ methods. .. code-block:: pycon >>> from cryptography.hazmat.primitives import interfaces - >>> key = load_pkcs8_private_key(pem_data, None, backend) + >>> from cryptography.hazmat.primitives.serialization import load_pem_pkcs8_private_key + >>> key = load_pem_pkcs8_private_key(pem_data, password=None, backend=backend) >>> if isinstance(key, interfaces.RSAPrivateKey): >>> signature = sign_with_rsa_key(key, message) >>> elif isinstance(key, interfaces.DSAPrivateKey): @@ -36,7 +37,7 @@ recognizable because they all begin with ``-----BEGIN PRIVATE KEY-----`` or with ``-----BEGIN ENCRYPTED PRIVATE KEY-----`` if they have a password. -.. function:: load_pkcs8_private_key(data, password, backend) +.. function:: load_pem_pkcs8_private_key(data, password, backend) .. versionadded:: 0.5 -- cgit v1.2.3 From 58a3f9197288447e6ee8d96d75afea77829dde8c Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 11 Jul 2014 16:20:50 -0700 Subject: Turn this into a doctest block --- .../hazmat/primitives/asymmetric/serialization.rst | 42 ++++++++++++++++++---- 1 file changed, 35 insertions(+), 7 deletions(-) (limited to 'docs/hazmat') diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst index 93bcffd0..5438c249 100644 --- a/docs/hazmat/primitives/asymmetric/serialization.rst +++ b/docs/hazmat/primitives/asymmetric/serialization.rst @@ -5,6 +5,33 @@ Key Serialization .. currentmodule:: cryptography.hazmat.primitives.serialization +.. testsetup:: + + pem_data = b""" + -----BEGIN RSA PRIVATE KEY----- + MIICXgIBAAKBgQDn09PV9KPE7Q+N5K5UtNLT1DLl8z/pKM2pP5tXqWx2OsEw00lC + kDHdHESwzS050s/8rtkERKKyusCzCm9+vC1pQzUlmtibfF4PQAQc1pJL6KHqlidg + Hw49atYmnC25CaeXt65pAYXoIacOZ8k5X7FW3Eagex8nG0iMw4ObOtg6CwIDAQAB + AoGBAL31l/4YYN1rNrSZLrQgGyUSGsbLxJHEKolFon95R3O1fzoH117gkstQb4TE + Cwv3jw/JIfBaYUq8tku/AE9D2Jx51x7kYaCuQIMTavKIgkXKfxTQCQDjSEfkvXMW + 4WOIj5sYdSCNbzLbaeFsWG32bSsBTy/sSheDIlCEFnqDuqwBAkEA+wYfJEMDf5nS + VCQd9VKGM4HVeTWBioaWBFCflFdhc1Vb65dsNDp8iIMZgAHC2LEX5dMUmgqXk7AT + lwFlIeW4CwJBAOxsSfuIVMuPKyx1xQ6ebpC7zeVxIOdswcM8ain91MSGDdKZw6pF + ioFh3kUbKHw4yqqHbdRmUDAJ1mcgGJQOxgECQQCmQaGylKfmhWymyd0FtIip6J4I + z4ViyEznwrZOu6kRiEF/QiUqWmpMx/fFrmTsvC5Fy43jkIxgBsiSxRvEXa+NAkB+ + 5m0bhwTEslchKSGZhC6inzuYAQ4BSh4C1mXBnk5bIf0/Ymtk9KiwY8CzZS1o5+7Y + c5LfI/+8mTss5UxsBDYBAkEA6NqhcsNWndIJZiWUU4u+RjFUQXqH8WCyJmEDCNxs + 7SGRS1DTUGX4Y70m9dQpguy6Zg+gpHC+o+ERZR06uEQr+w== + -----END RSA PRIVATE KEY----- + """.strip() + message = b"" + + def sign_with_rsa_key(key, message): + return b"" + + def sign_with_dsa_key(key, message): + return b"" + There are several common schemes for serializing asymmetric private and public keys to bytes. They generally support encryption of private keys and additional key metadata. @@ -14,17 +41,18 @@ and will return an instance of the appropriate type. You should check that the returned key matches the type your application expects when using these methods. - .. code-block:: pycon + .. doctest:: + >>> from cryptography.hazmat.backends import default_backend >>> from cryptography.hazmat.primitives import interfaces >>> from cryptography.hazmat.primitives.serialization import load_pem_pkcs8_private_key - >>> key = load_pem_pkcs8_private_key(pem_data, password=None, backend=backend) + >>> key = load_pem_pkcs8_private_key(pem_data, password=None, backend=default_backend()) >>> if isinstance(key, interfaces.RSAPrivateKey): - >>> signature = sign_with_rsa_key(key, message) - >>> elif isinstance(key, interfaces.DSAPrivateKey): - >>> signature = sign_with_dsa_key(key, message) - >>> else: - >>> raise TypeError + ... signature = sign_with_rsa_key(key, message) + ... elif isinstance(key, interfaces.DSAPrivateKey): + ... signature = sign_with_dsa_key(key, message) + ... else: + ... raise TypeError PKCS #8 Format -- cgit v1.2.3 From faf305b3143d35d60d860c4156d020494280008b Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Sat, 12 Jul 2014 12:27:37 +0100 Subject: Get rid of remaining pycon blocks --- docs/hazmat/backends/multibackend.rst | 19 ++++++++++++++++++- docs/hazmat/primitives/mac/cmac.rst | 4 ++-- docs/hazmat/primitives/mac/hmac.rst | 4 ++-- 3 files changed, 22 insertions(+), 5 deletions(-) (limited to 'docs/hazmat') diff --git a/docs/hazmat/backends/multibackend.rst b/docs/hazmat/backends/multibackend.rst index 119b13ae..0aae04a7 100644 --- a/docs/hazmat/backends/multibackend.rst +++ b/docs/hazmat/backends/multibackend.rst @@ -12,7 +12,24 @@ MultiBackend This class allows you to combine multiple backends into a single backend that offers the combined features of all of its constituents. - .. code-block:: pycon + .. testsetup:: + + from cryptography import utils + from cryptography.exceptions import UnsupportedAlgorithm, _Reasons + from cryptography.hazmat.backends.interfaces import HashBackend + from cryptography.hazmat.backends.openssl.backend import backend as backend2 + + @utils.register_interface(HashBackend) + class DummyHashBackend(object): + def hash_supported(self, algorithm): + return False + + def create_hash_ctx(self, algorithm): + raise UnsupportedAlgorithm("", _Reasons.UNSUPPORTED_HASH) + + backend1 = DummyHashBackend() + + .. doctest:: >>> from cryptography.hazmat.backends.multibackend import MultiBackend >>> from cryptography.hazmat.primitives import hashes diff --git a/docs/hazmat/primitives/mac/cmac.rst b/docs/hazmat/primitives/mac/cmac.rst index 498b8b1e..104ba8b8 100644 --- a/docs/hazmat/primitives/mac/cmac.rst +++ b/docs/hazmat/primitives/mac/cmac.rst @@ -31,7 +31,7 @@ A subset of CMAC with the AES-128 algorithm is described in :rfc:`4493`. >>> from cryptography.hazmat.primitives.ciphers import algorithms >>> c = cmac.CMAC(algorithms.AES(key), backend=default_backend()) >>> c.update(b"message to authenticate") - >>> c.finalize() + >>> c.copy().finalize() 'CT\x1d\xc8\x0e\x15\xbe4e\xdb\xb6\x84\xca\xd9Xk' If the backend doesn't support the requested ``algorithm`` an @@ -45,7 +45,7 @@ A subset of CMAC with the AES-128 algorithm is described in :rfc:`4493`. To check that a given signature is correct use the :meth:`verify` method. You will receive an exception if the signature is wrong: - .. code-block:: pycon + .. doctest:: >>> c.verify(b"an incorrect signature") Traceback (most recent call last): diff --git a/docs/hazmat/primitives/mac/hmac.rst b/docs/hazmat/primitives/mac/hmac.rst index d56927b9..da75fa9d 100644 --- a/docs/hazmat/primitives/mac/hmac.rst +++ b/docs/hazmat/primitives/mac/hmac.rst @@ -31,7 +31,7 @@ of a message. >>> from cryptography.hazmat.primitives import hashes, hmac >>> h = hmac.HMAC(key, hashes.SHA256(), backend=default_backend()) >>> h.update(b"message to hash") - >>> h.finalize() + >>> h.copy().finalize() '#F\xdaI\x8b"e\xc4\xf1\xbb\x9a\x8fc\xff\xf5\xdex.\xbc\xcd/+\x8a\x86\x1d\x84\'\xc3\xa6\x1d\xd8J' If the backend doesn't support the requested ``algorithm`` an @@ -45,7 +45,7 @@ of a message. To check that a given signature is correct use the :meth:`verify` method. You will receive an exception if the signature is wrong: - .. code-block:: pycon + .. doctest:: >>> h.verify(b"an incorrect signature") Traceback (most recent call last): -- cgit v1.2.3 From 45fd0572bbc295bb771ba0500c70d6fd1b046847 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sat, 12 Jul 2014 09:27:37 -0700 Subject: Try to make the examples of verifying an HMAC/CMAC clearer -- refs #1259 --- docs/hazmat/primitives/mac/cmac.rst | 4 +++- docs/hazmat/primitives/mac/hmac.rst | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'docs/hazmat') diff --git a/docs/hazmat/primitives/mac/cmac.rst b/docs/hazmat/primitives/mac/cmac.rst index 104ba8b8..1ba1b3fa 100644 --- a/docs/hazmat/primitives/mac/cmac.rst +++ b/docs/hazmat/primitives/mac/cmac.rst @@ -31,7 +31,7 @@ A subset of CMAC with the AES-128 algorithm is described in :rfc:`4493`. >>> from cryptography.hazmat.primitives.ciphers import algorithms >>> c = cmac.CMAC(algorithms.AES(key), backend=default_backend()) >>> c.update(b"message to authenticate") - >>> c.copy().finalize() + >>> c.finalize() 'CT\x1d\xc8\x0e\x15\xbe4e\xdb\xb6\x84\xca\xd9Xk' If the backend doesn't support the requested ``algorithm`` an @@ -47,6 +47,8 @@ A subset of CMAC with the AES-128 algorithm is described in :rfc:`4493`. .. doctest:: + >>> c = cmac.CMAC(algorithms.AES(key), backend=default_backend()) + >>> c.update(b"message to authenticate") >>> c.verify(b"an incorrect signature") Traceback (most recent call last): ... diff --git a/docs/hazmat/primitives/mac/hmac.rst b/docs/hazmat/primitives/mac/hmac.rst index da75fa9d..9ce49c8d 100644 --- a/docs/hazmat/primitives/mac/hmac.rst +++ b/docs/hazmat/primitives/mac/hmac.rst @@ -31,7 +31,7 @@ of a message. >>> from cryptography.hazmat.primitives import hashes, hmac >>> h = hmac.HMAC(key, hashes.SHA256(), backend=default_backend()) >>> h.update(b"message to hash") - >>> h.copy().finalize() + >>> h.finalize() '#F\xdaI\x8b"e\xc4\xf1\xbb\x9a\x8fc\xff\xf5\xdex.\xbc\xcd/+\x8a\x86\x1d\x84\'\xc3\xa6\x1d\xd8J' If the backend doesn't support the requested ``algorithm`` an @@ -47,6 +47,8 @@ of a message. .. doctest:: + >>> h = hmac.HMAC(key, hashes.SHA256(), backend=default_backend()) + >>> h.update(b"message to hash") >>> h.verify(b"an incorrect signature") Traceback (most recent call last): ... -- cgit v1.2.3 From a1f1afa0b7ae4c472a08a0d5c93d72447d1c02d2 Mon Sep 17 00:00:00 2001 From: Alexander Gaynor Date: Fri, 18 Jul 2014 10:57:41 -0700 Subject: Reorder the backend interfaces in the docs to group them more sensibly --- docs/hazmat/backends/interfaces.rst | 145 ++++++++++++++++++------------------ 1 file changed, 72 insertions(+), 73 deletions(-) (limited to 'docs/hazmat') diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst index 86229125..63f84067 100644 --- a/docs/hazmat/backends/interfaces.rst +++ b/docs/hazmat/backends/interfaces.rst @@ -148,6 +148,33 @@ A specific ``backend`` may provide one or more of these interfaces. :class:`~cryptography.hazmat.primitives.interfaces.HashContext` +.. class:: CMACBackend + + .. versionadded:: 0.4 + + A backend with methods for using CMAC + + .. method:: cmac_algorithm_supported(algorithm) + + :param algorithm: An instance of a + :class:`~cryptography.hazmat.primitives.interfaces.BlockCipherAlgorithm` + provider. + :return: Returns True if the block cipher is supported for CMAC by this backend + + .. method:: create_cmac_ctx(algorithm) + + Create a + :class:`~cryptography.hazmat.primitives.interfaces.CMACContext` that + uses the specified ``algorithm`` to calculate a message authentication code. + + :param algorithm: An instance of a + :class:`~cryptography.hazmat.primitives.interfaces.BlockCipherAlgorithm` + provider. + + :returns: + :class:`~cryptography.hazmat.primitives.interfaces.CMACContext` + + .. class:: PBKDF2HMACBackend .. versionadded:: 0.2 @@ -364,29 +391,6 @@ A specific ``backend`` may provide one or more of these interfaces. any backend specific criteria are not met. -.. class:: TraditionalOpenSSLSerializationBackend - - .. versionadded:: 0.3 - - A backend with methods for working with OpenSSL's "traditional" PKCS #1 - style key serialization. - - .. method:: load_openssl_pem_private_key(data, password) - - :param bytes data: PEM data to deserialize. - - :param bytes password: The password to use if this data is encrypted. - Should be None if the data is not encrypted. - - :return: A new instance of the appropriate private key or public key - that the serialized data contains. - - :raises ValueError: If the data could not be deserialized correctly. - - :raises cryptography.exceptions.UnsupportedAlgorithm: If the data is - encrypted with an unsupported algorithm. - - .. class:: DSABackend .. versionadded:: 0.4 @@ -524,56 +528,6 @@ A specific ``backend`` may provide one or more of these interfaces. any backend specific criteria are not met. - -.. class:: CMACBackend - - .. versionadded:: 0.4 - - A backend with methods for using CMAC - - .. method:: cmac_algorithm_supported(algorithm) - - :param algorithm: An instance of a - :class:`~cryptography.hazmat.primitives.interfaces.BlockCipherAlgorithm` - provider. - :return: Returns True if the block cipher is supported for CMAC by this backend - - .. method:: create_cmac_ctx(algorithm) - - Create a - :class:`~cryptography.hazmat.primitives.interfaces.CMACContext` that - uses the specified ``algorithm`` to calculate a message authentication code. - - :param algorithm: An instance of a - :class:`~cryptography.hazmat.primitives.interfaces.BlockCipherAlgorithm` - provider. - - :returns: - :class:`~cryptography.hazmat.primitives.interfaces.CMACContext` - - -.. class:: PKCS8SerializationBackend - - .. versionadded:: 0.5 - - A backend with methods for working with PKCS #8 key serialization. - - .. method:: load_pkcs8_pem_private_key(data, password) - - :param bytes data: PEM data to deserialize. - - :param bytes password: The password to use if this data is encrypted. - Should be None if the data is not encrypted. - - :return: A new instance of the appropriate private key or public key - that the serialized data contains. - - :raises ValueError: If the data could not be deserialized correctly. - - :raises cryptography.exceptions.UnsupportedAlgorithm: If the data is - encrypted with an unsupported algorithm. - - .. class:: EllipticCurveBackend .. versionadded:: 0.5 @@ -623,3 +577,48 @@ A specific ``backend`` may provide one or more of these interfaces. :returns: An instance of a :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePublicKey` provider. + +.. class:: TraditionalOpenSSLSerializationBackend + + .. versionadded:: 0.3 + + A backend with methods for working with OpenSSL's "traditional" PKCS #1 + style key serialization. + + .. method:: load_openssl_pem_private_key(data, password) + + :param bytes data: PEM data to deserialize. + + :param bytes password: The password to use if this data is encrypted. + Should be None if the data is not encrypted. + + :return: A new instance of the appropriate private key or public key + that the serialized data contains. + + :raises ValueError: If the data could not be deserialized correctly. + + :raises cryptography.exceptions.UnsupportedAlgorithm: If the data is + encrypted with an unsupported algorithm. + + +.. class:: PKCS8SerializationBackend + + .. versionadded:: 0.5 + + A backend with methods for working with PKCS #8 key serialization. + + .. method:: load_pkcs8_pem_private_key(data, password) + + :param bytes data: PEM data to deserialize. + + :param bytes password: The password to use if this data is encrypted. + Should be None if the data is not encrypted. + + :return: A new instance of the appropriate private key or public key + that the serialized data contains. + + :raises ValueError: If the data could not be deserialized correctly. + + :raises cryptography.exceptions.UnsupportedAlgorithm: If the data is + encrypted with an unsupported algorithm. + -- cgit v1.2.3