Your IP : 216.73.216.189
# This file is dual licensed under the terms of the Apache License, Version
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
# for complete details.
from __future__ import annotations
import abc
from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
from cryptography.hazmat.bindings._rust import openssl as rust_openssl
from cryptography.hazmat.primitives import _serialization
from cryptography.utils import Buffer
class MLDSA44PublicKey(metaclass=abc.ABCMeta):
@classmethod
def from_public_bytes(cls, data: bytes) -> MLDSA44PublicKey:
from cryptography.hazmat.backends.openssl.backend import backend
if not backend.mldsa_supported():
raise UnsupportedAlgorithm(
"ML-DSA-44 is not supported by this backend.",
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM,
)
return rust_openssl.mldsa.from_mldsa44_public_bytes(data)
@abc.abstractmethod
def public_bytes(
self,
encoding: _serialization.Encoding,
format: _serialization.PublicFormat,
) -> bytes:
"""
The serialized bytes of the public key.
"""
@abc.abstractmethod
def public_bytes_raw(self) -> bytes:
"""
The raw bytes of the public key.
Equivalent to public_bytes(Raw, Raw).
The public key is 1,312 bytes for MLDSA-44.
"""
@abc.abstractmethod
def verify(
self,
signature: Buffer,
data: Buffer,
context: Buffer | None = None,
) -> None:
"""
Verify the signature.
"""
@abc.abstractmethod
def __eq__(self, other: object) -> bool:
"""
Checks equality.
"""
@abc.abstractmethod
def __copy__(self) -> MLDSA44PublicKey:
"""
Returns a copy.
"""
@abc.abstractmethod
def __deepcopy__(self, memo: dict) -> MLDSA44PublicKey:
"""
Returns a deep copy.
"""
if hasattr(rust_openssl, "mldsa"):
MLDSA44PublicKey.register(rust_openssl.mldsa.MLDSA44PublicKey)
class MLDSA44PrivateKey(metaclass=abc.ABCMeta):
@classmethod
def generate(cls) -> MLDSA44PrivateKey:
from cryptography.hazmat.backends.openssl.backend import backend
if not backend.mldsa_supported():
raise UnsupportedAlgorithm(
"ML-DSA-44 is not supported by this backend.",
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM,
)
return rust_openssl.mldsa.generate_mldsa44_key()
@classmethod
def from_seed_bytes(cls, data: Buffer) -> MLDSA44PrivateKey:
from cryptography.hazmat.backends.openssl.backend import backend
if not backend.mldsa_supported():
raise UnsupportedAlgorithm(
"ML-DSA-44 is not supported by this backend.",
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM,
)
return rust_openssl.mldsa.from_mldsa44_seed_bytes(data)
@abc.abstractmethod
def public_key(self) -> MLDSA44PublicKey:
"""
The MLDSA44PublicKey derived from the private key.
"""
@abc.abstractmethod
def private_bytes(
self,
encoding: _serialization.Encoding,
format: _serialization.PrivateFormat,
encryption_algorithm: _serialization.KeySerializationEncryption,
) -> bytes:
"""
The serialized bytes of the private key.
This method only returns the serialization of the seed form of the
private key, never the expanded one.
"""
@abc.abstractmethod
def private_bytes_raw(self) -> bytes:
"""
The raw bytes of the private key.
Equivalent to private_bytes(Raw, Raw, NoEncryption()).
This method only returns the seed form of the private key (32 bytes).
"""
@abc.abstractmethod
def sign(self, data: Buffer, context: Buffer | None = None) -> bytes:
"""
Signs the data.
"""
@abc.abstractmethod
def __copy__(self) -> MLDSA44PrivateKey:
"""
Returns a copy.
"""
@abc.abstractmethod
def __deepcopy__(self, memo: dict) -> MLDSA44PrivateKey:
"""
Returns a deep copy.
"""
if hasattr(rust_openssl, "mldsa"):
MLDSA44PrivateKey.register(rust_openssl.mldsa.MLDSA44PrivateKey)
class MLDSA65PublicKey(metaclass=abc.ABCMeta):
@classmethod
def from_public_bytes(cls, data: bytes) -> MLDSA65PublicKey:
from cryptography.hazmat.backends.openssl.backend import backend
if not backend.mldsa_supported():
raise UnsupportedAlgorithm(
"ML-DSA-65 is not supported by this backend.",
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM,
)
return rust_openssl.mldsa.from_mldsa65_public_bytes(data)
@abc.abstractmethod
def public_bytes(
self,
encoding: _serialization.Encoding,
format: _serialization.PublicFormat,
) -> bytes:
"""
The serialized bytes of the public key.
"""
@abc.abstractmethod
def public_bytes_raw(self) -> bytes:
"""
The raw bytes of the public key.
Equivalent to public_bytes(Raw, Raw).
The public key is 1,952 bytes for MLDSA-65.
"""
@abc.abstractmethod
def verify(
self,
signature: Buffer,
data: Buffer,
context: Buffer | None = None,
) -> None:
"""
Verify the signature.
"""
@abc.abstractmethod
def __eq__(self, other: object) -> bool:
"""
Checks equality.
"""
@abc.abstractmethod
def __copy__(self) -> MLDSA65PublicKey:
"""
Returns a copy.
"""
@abc.abstractmethod
def __deepcopy__(self, memo: dict) -> MLDSA65PublicKey:
"""
Returns a deep copy.
"""
if hasattr(rust_openssl, "mldsa"):
MLDSA65PublicKey.register(rust_openssl.mldsa.MLDSA65PublicKey)
class MLDSA65PrivateKey(metaclass=abc.ABCMeta):
@classmethod
def generate(cls) -> MLDSA65PrivateKey:
from cryptography.hazmat.backends.openssl.backend import backend
if not backend.mldsa_supported():
raise UnsupportedAlgorithm(
"ML-DSA-65 is not supported by this backend.",
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM,
)
return rust_openssl.mldsa.generate_mldsa65_key()
@classmethod
def from_seed_bytes(cls, data: Buffer) -> MLDSA65PrivateKey:
from cryptography.hazmat.backends.openssl.backend import backend
if not backend.mldsa_supported():
raise UnsupportedAlgorithm(
"ML-DSA-65 is not supported by this backend.",
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM,
)
return rust_openssl.mldsa.from_mldsa65_seed_bytes(data)
@abc.abstractmethod
def public_key(self) -> MLDSA65PublicKey:
"""
The MLDSA65PublicKey derived from the private key.
"""
@abc.abstractmethod
def private_bytes(
self,
encoding: _serialization.Encoding,
format: _serialization.PrivateFormat,
encryption_algorithm: _serialization.KeySerializationEncryption,
) -> bytes:
"""
The serialized bytes of the private key.
This method only returns the serialization of the seed form of the
private key, never the expanded one.
"""
@abc.abstractmethod
def private_bytes_raw(self) -> bytes:
"""
The raw bytes of the private key.
Equivalent to private_bytes(Raw, Raw, NoEncryption()).
This method only returns the seed form of the private key (32 bytes).
"""
@abc.abstractmethod
def sign(self, data: Buffer, context: Buffer | None = None) -> bytes:
"""
Signs the data.
"""
@abc.abstractmethod
def __copy__(self) -> MLDSA65PrivateKey:
"""
Returns a copy.
"""
@abc.abstractmethod
def __deepcopy__(self, memo: dict) -> MLDSA65PrivateKey:
"""
Returns a deep copy.
"""
if hasattr(rust_openssl, "mldsa"):
MLDSA65PrivateKey.register(rust_openssl.mldsa.MLDSA65PrivateKey)
class MLDSA87PublicKey(metaclass=abc.ABCMeta):
@classmethod
def from_public_bytes(cls, data: bytes) -> MLDSA87PublicKey:
from cryptography.hazmat.backends.openssl.backend import backend
if not backend.mldsa_supported():
raise UnsupportedAlgorithm(
"ML-DSA-87 is not supported by this backend.",
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM,
)
return rust_openssl.mldsa.from_mldsa87_public_bytes(data)
@abc.abstractmethod
def public_bytes(
self,
encoding: _serialization.Encoding,
format: _serialization.PublicFormat,
) -> bytes:
"""
The serialized bytes of the public key.
"""
@abc.abstractmethod
def public_bytes_raw(self) -> bytes:
"""
The raw bytes of the public key.
Equivalent to public_bytes(Raw, Raw).
The public key is 2,592 bytes for MLDSA-87.
"""
@abc.abstractmethod
def verify(
self,
signature: Buffer,
data: Buffer,
context: Buffer | None = None,
) -> None:
"""
Verify the signature.
"""
@abc.abstractmethod
def __eq__(self, other: object) -> bool:
"""
Checks equality.
"""
@abc.abstractmethod
def __copy__(self) -> MLDSA87PublicKey:
"""
Returns a copy.
"""
@abc.abstractmethod
def __deepcopy__(self, memo: dict) -> MLDSA87PublicKey:
"""
Returns a deep copy.
"""
if hasattr(rust_openssl, "mldsa"):
MLDSA87PublicKey.register(rust_openssl.mldsa.MLDSA87PublicKey)
class MLDSA87PrivateKey(metaclass=abc.ABCMeta):
@classmethod
def generate(cls) -> MLDSA87PrivateKey:
from cryptography.hazmat.backends.openssl.backend import backend
if not backend.mldsa_supported():
raise UnsupportedAlgorithm(
"ML-DSA-87 is not supported by this backend.",
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM,
)
return rust_openssl.mldsa.generate_mldsa87_key()
@classmethod
def from_seed_bytes(cls, data: Buffer) -> MLDSA87PrivateKey:
from cryptography.hazmat.backends.openssl.backend import backend
if not backend.mldsa_supported():
raise UnsupportedAlgorithm(
"ML-DSA-87 is not supported by this backend.",
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM,
)
return rust_openssl.mldsa.from_mldsa87_seed_bytes(data)
@abc.abstractmethod
def public_key(self) -> MLDSA87PublicKey:
"""
The MLDSA87PublicKey derived from the private key.
"""
@abc.abstractmethod
def private_bytes(
self,
encoding: _serialization.Encoding,
format: _serialization.PrivateFormat,
encryption_algorithm: _serialization.KeySerializationEncryption,
) -> bytes:
"""
The serialized bytes of the private key.
This method only returns the serialization of the seed form of the
private key, never the expanded one.
"""
@abc.abstractmethod
def private_bytes_raw(self) -> bytes:
"""
The raw bytes of the private key.
Equivalent to private_bytes(Raw, Raw, NoEncryption()).
This method only returns the seed form of the private key (32 bytes).
"""
@abc.abstractmethod
def sign(self, data: Buffer, context: Buffer | None = None) -> bytes:
"""
Signs the data.
"""
@abc.abstractmethod
def __copy__(self) -> MLDSA87PrivateKey:
"""
Returns a copy.
"""
@abc.abstractmethod
def __deepcopy__(self, memo: dict) -> MLDSA87PrivateKey:
"""
Returns a deep copy.
"""
if hasattr(rust_openssl, "mldsa"):
MLDSA87PrivateKey.register(rust_openssl.mldsa.MLDSA87PrivateKey)