PBKDF2 support for OpenSSL backend

1 files changed, 39 insertions, 0 deletions

diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst
index 11e2f2a2..fa4f800c 100644
--- a/docs/hazmat/backends/interfaces.rst
+++ b/docs/hazmat/backends/interfaces.rst
@@ -131,3 +131,42 @@ A specific ``backend`` may provide one or more of these interfaces.
 
         :returns:
             :class:`~cryptography.hazmat.primitives.interfaces.HashContext`
+
+
+
+.. class:: PBKDF2Backend
+
+    A backend with methods for using PBKDF2.
+
+    .. method:: pbkdf2_hash_supported(algorithm)
+
+        Check if the specified ``algorithm`` is supported by this backend.
+
+        :param algorithm: An instance of a
+            :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
+            provider.
+
+        :returns: ``True`` if the specified ``algorithm`` is supported for
+            PBKDF2 by this backend, otherwise ``False``.
+
+    .. method:: derive_pbkdf2(self, algorithm, length, salt, iterations,
+                              key_material)
+
+        :param algorithm: An instance of a
+            :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
+            provider.
+
+        :param int length: The desired length of the derived key. Maximum is
+        2\ :sup:`31` - 1.
+
+        :param bytes salt: A salt. `RFC 2898`_ recommends 64-bits or longer.
+
+        :param int iterations: The number of iterations to perform of the hash
+            function.
+
+        :param bytes key_material: The key material to use as a basis for
+            the derived key. This is typically a password.
+
+        :return bytes: Derived key.
+
+.. _`RFC 2898`: https://www.ietf.org/rfc/rfc2898.txt