aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--docs/hazmat/backends/interfaces.rst85
-rw-r--r--src/cryptography/hazmat/backends/interfaces.py52
2 files changed, 137 insertions, 0 deletions
diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst
index 8866cf71..4da0d753 100644
--- a/docs/hazmat/backends/interfaces.rst
+++ b/docs/hazmat/backends/interfaces.rst
@@ -518,3 +518,88 @@ A specific ``backend`` may provide one or more of these interfaces.
:returns: An instance of
:class:`~cryptography.x509.CertificateSigningRequest`.
+
+
+.. class:: DHBackend
+
+ .. versionadded:: 0.9
+
+ A backend with methods for doing Diffie-Hellman key exchange.
+
+ .. method:: generate_dh_parameters(key_size)
+
+ :param int key_size: The bit length of the prime modulus to generate.
+
+ :return: A new instance of a
+ :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHParameters`
+ provider.
+
+ :raises ValueError: If ``key_size`` is not at least 512.
+
+ .. method:: generate_dh_private_key(parameters)
+
+ :param parameters: A
+ :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHParameters`
+ provider.
+
+ :return: A new instance of a
+ :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey`
+ provider.
+
+ .. method:: generate_dh_private_key_and_parameters(self, key_size)
+
+ :param int key_size: The bit length of the prime modulus to generate.
+
+ :return: A new instance of a
+ :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey`
+ provider.
+
+ :raises ValueError: If ``key_size`` is not at least 512.
+
+ .. method:: load_dh_private_numbers(numbers)
+
+ :param numbers: A
+ :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateNumbers`
+ instance.
+
+ :return: A new instance of a
+ :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey`
+ provider.
+
+ :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised
+ when any backend specific criteria are not met.
+
+ .. method:: load_dh_public_numbers(numbers)
+
+ :param numbers: A
+ :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicNumbers`
+ instance.
+
+ :return: A new instance of a
+ :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKey`
+ provider.
+
+ :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised
+ when any backend specific criteria are not met.
+
+ .. method:: load_dh_parameter_numbers(numbers)
+
+ :param numbers: A
+ :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHParameterNumbers`
+ instance.
+
+ :return: A new instance of a
+ :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHParameters`
+ provider.
+
+ :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised
+ when any backend specific criteria are not met.
+
+ .. method:: dh_parameters_supported(p, g)
+
+ :param int p: The p value of the DH key.
+
+ :param int g: The g value of the DH key.
+
+ :returns: ``True`` if the given values of ``p`` and ``g`` are supported
+ by this backend, otherwise ``False``.
diff --git a/src/cryptography/hazmat/backends/interfaces.py b/src/cryptography/hazmat/backends/interfaces.py
index 5224f5c7..eca7ddf4 100644
--- a/src/cryptography/hazmat/backends/interfaces.py
+++ b/src/cryptography/hazmat/backends/interfaces.py
@@ -273,3 +273,55 @@ class X509Backend(object):
"""
Load an X.509 CSR from PEM encoded data.
"""
+
+
+@six.add_metaclass(abc.ABCMeta)
+class DHBackend(object):
+ @abc.abstractmethod
+ def generate_dh_parameters(self, key_size):
+ """
+ Generate a DHParameters instance with a modulus of key_size bits.
+ """
+
+ @abc.abstractmethod
+ def generate_dh_private_key(self, parameters):
+ """
+ Generate a DHPrivateKey instance with parameters as a DHParameters
+ object.
+ """
+
+ @abc.abstractmethod
+ def generate_dh_private_key_and_parameters(self, key_size):
+ """
+ Generate a DHPrivateKey instance using key size only.
+ """
+
+ @abc.abstractmethod
+ def load_dh_private_numbers(self, numbers):
+ """
+ Returns a DHPrivateKey provider.
+ """
+
+ @abc.abstractmethod
+ def load_dh_public_numbers(self, numbers):
+ """
+ Returns a DHPublicKey provider.
+ """
+
+ @abc.abstractmethod
+ def load_dh_parameter_numbers(self, numbers):
+ """
+ Returns a DHParameters provider.
+ """
+
+ @abc.abstractmethod
+ def dh_exchange_algorithm_supported(self, exchange_algorithm):
+ """
+ Returns whether the exchange algorithm is supported by this backend.
+ """
+
+ @abc.abstractmethod
+ def dh_parameters_supported(self, p, g):
+ """
+ Returns whether the backend supports DH with these parameter values.
+ """
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-28 01:02:41 +0000