make hmac (mostly) compatible with stdlib hmac

4 files changed, 37 insertions, 29 deletions

diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py
index f635e36e..c417cd2e 100644
--- a/cryptography/hazmat/primitives/hmac.py
+++ b/cryptography/hazmat/primitives/hmac.py
@@ -19,34 +19,38 @@ import six
 
 
 class HMAC(object):
-    def __init__(self, key, hash_cls, data=None, ctx=None, backend=None):
+    def __init__(self, key, msg=None, digestmod=None, ctx=None, backend=None):
         super(HMAC, self).__init__()
         if backend is None:
             from cryptography.hazmat.bindings import _default_backend
             backend = _default_backend
+
+        if digestmod is None:
+            raise ValueError("digestmod is a required argument")
+
         self._backend = backend
-        self.hash_cls = hash_cls
+        self.digestmod = digestmod
         self.key = key
         if ctx is None:
-            self._ctx = self._backend.hmacs.create_ctx(key, self.hash_cls)
+            self._ctx = self._backend.hmacs.create_ctx(key, self.digestmod)
         else:
             self._ctx = ctx
 
-        if data is not None:
-            self.update(data)
+        if msg is not None:
+            self.update(msg)
 
-    def update(self, data):
-        if isinstance(data, six.text_type):
+    def update(self, msg):
+        if isinstance(msg, six.text_type):
             raise TypeError("Unicode-objects must be encoded before hashing")
-        self._backend.hmacs.update_ctx(self._ctx, data)
+        self._backend.hmacs.update_ctx(self._ctx, msg)
 
     def copy(self):
-        return self.__class__(self.key, hash_cls=self.hash_cls,
+        return self.__class__(self.key, digestmod=self.digestmod,
                               backend=self._backend, ctx=self._copy_ctx())
 
     def digest(self):
         return self._backend.hmacs.finalize_ctx(self._copy_ctx(),
-                                                self.hash_cls.digest_size)
+                                                self.digestmod.digest_size)
 
     def hexdigest(self):
         return str(binascii.hexlify(self.digest()).decode("ascii"))
diff --git a/docs/hazmat/primitives/hmac.rst b/docs/hazmat/primitives/hmac.rst
index 47b88030..76b7e24c 100644
--- a/docs/hazmat/primitives/hmac.rst
+++ b/docs/hazmat/primitives/hmac.rst
@@ -18,23 +18,23 @@ message authentication codes using a cryptographic hash function coupled with a
 secret key. You can use an HMAC to verify integrity as well as authenticate a
 message.
 
-.. class:: cryptography.primitives.hmac.HMAC(key, hash_cls, data=None)
+.. class:: cryptography.primitives.hmac.HMAC(key, msg=None, digestmod=None)
 
    HMAC objects take a ``key``, a hash class derived from :class:`~cryptography.primitives.hashes.BaseHash`,
-   and optional initial data.  The ``key`` should be randomly generated bytes and
+   and optional msg.  The ``key`` should be randomly generated bytes and
    the length of the ``block_size`` of the hash. You must keep the ``key`` secret.
 
     .. doctest::
 
         >>> from cryptography.primitives import hashes, hmac
-        >>> h = hmac.HMAC(key, hashes.SHA256)
+        >>> h = hmac.HMAC(key, digestmod=hashes.SHA256)
         >>> h.update(b"message to hash")
         >>> h.hexdigest()
         '...'
 
-    .. method:: update(data)
+    .. method:: update(msg)
 
-        :param bytes data: The bytes you wish to hash.
+        :param bytes msg The bytes you wish to hash.
 
     .. method:: copy()
 
diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py
index e2b517ae..81d9ac86 100644
--- a/tests/hazmat/primitives/test_hmac.py
+++ b/tests/hazmat/primitives/test_hmac.py
@@ -32,22 +32,26 @@ class TestHMAC(object):
     )
 
     def test_hmac_reject_unicode(self, backend):
-        h = hmac.HMAC(key=b"mykey", hash_cls=hashes.SHA1, backend=backend)
+        h = hmac.HMAC(key=b"mykey", digestmod=hashes.SHA1, backend=backend)
         with pytest.raises(TypeError):
             h.update(six.u("\u00FC"))
 
     def test_base_hash_hexdigest_string_type(self, backend):
-        h = hmac.HMAC(key=b"mykey", hash_cls=hashes.SHA1, backend=backend,
-                      data=b"")
+        h = hmac.HMAC(key=b"mykey", digestmod=hashes.SHA1, backend=backend,
+                      msg=b"")
         assert isinstance(h.hexdigest(), str)
 
+    def test_hmac_no_digestmod(self):
+        with pytest.raises(ValueError):
+            hmac.HMAC(key=b"shortkey")
+
 
 class TestCopyHMAC(object):
     def test_copy_backend_object(self):
         pretend_hmac = pretend.stub(copy_ctx=lambda a: True)
         pretend_backend = pretend.stub(hmacs=pretend_hmac)
         pretend_ctx = pretend.stub()
-        h = hmac.HMAC(b"key", hashes.SHA1, backend=pretend_backend,
+        h = hmac.HMAC(b"key", digestmod=hashes.SHA1, backend=pretend_backend,
                       ctx=pretend_ctx)
         assert h._backend is pretend_backend
         assert h.copy()._backend is pretend_backend
diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py
index 73a2469a..c51fef52 100644
--- a/tests/hazmat/primitives/utils.py
+++ b/tests/hazmat/primitives/utils.py
@@ -93,11 +93,11 @@ def generate_base_hash_test(hash_cls, digest_size, block_size,
     return test_base_hash
 
 
-def base_hash_test(backend, hash_cls, digest_size, block_size, only_if,
+def base_hash_test(backend, digestmod, digest_size, block_size, only_if,
                    skip_message):
     if only_if is not None and not only_if(backend):
         pytest.skip(skip_message)
-    m = hash_cls(backend=backend)
+    m = digestmod(backend=backend)
     assert m.digest_size == digest_size
     assert m.block_size == block_size
     m_copy = m.copy()
@@ -128,7 +128,7 @@ def long_string_hash_test(backend, hash_factory, md, only_if, skip_message):
     assert m.hexdigest() == md.lower()
 
 
-def generate_hmac_test(param_loader, path, file_names, hash_cls,
+def generate_hmac_test(param_loader, path, file_names, digestmod,
                        only_if=None, skip_message=None):
     def test_hmac(self):
         for backend in _ALL_BACKENDS:
@@ -137,7 +137,7 @@ def generate_hmac_test(param_loader, path, file_names, hash_cls,
                     yield (
                         hmac_test,
                         backend,
-                        hash_cls,
+                        digestmod,
                         params,
                         only_if,
                         skip_message
@@ -145,17 +145,17 @@ def generate_hmac_test(param_loader, path, file_names, hash_cls,
     return test_hmac
 
 
-def hmac_test(backend, hash_cls, params, only_if, skip_message):
+def hmac_test(backend, digestmod, params, only_if, skip_message):
     if only_if is not None and not only_if(backend):
         pytest.skip(skip_message)
     msg = params[0]
     md = params[1]
     key = params[2]
-    h = hmac.HMAC(binascii.unhexlify(key), hash_cls)
+    h = hmac.HMAC(binascii.unhexlify(key), digestmod=digestmod)
     h.update(binascii.unhexlify(msg))
     assert h.hexdigest() == md
-    digest = hmac.HMAC(binascii.unhexlify(key), hash_cls,
-                       data=binascii.unhexlify(msg)).hexdigest()
+    digest = hmac.HMAC(binascii.unhexlify(key), digestmod=digestmod,
+                       msg=binascii.unhexlify(msg)).hexdigest()
     assert digest == md
 
 
@@ -172,11 +172,11 @@ def generate_base_hmac_test(hash_cls, only_if=None, skip_message=None):
     return test_base_hmac
 
 
-def base_hmac_test(backend, hash_cls, only_if, skip_message):
+def base_hmac_test(backend, digestmod, only_if, skip_message):
     if only_if is not None and not only_if(backend):
         pytest.skip(skip_message)
     key = b"ab"
-    h = hmac.HMAC(binascii.unhexlify(key), hash_cls)
+    h = hmac.HMAC(binascii.unhexlify(key), digestmod=digestmod)
     h_copy = h.copy()
     assert h != h_copy
     assert h._ctx != h_copy._ctx