Merge pull request #484 from reaperhulk/common-crypto-hmac

HMAC support for commoncrypto
author: Alex Gaynor <alex.gaynor@gmail.com> 2014-01-19 15:55:23 -0800
committer: Alex Gaynor <alex.gaynor@gmail.com> 2014-01-19 15:55:23 -0800
commit: 34fb5e54dd1670a0c3cf5936f0a7b33e40686cc2 (patch)
tree: 43124263a94b51a1d260e5ccdeb1e68a2023d739
parent: 83a299c450260e895ab7e3a0a4d4e0a44a8ece31 (diff)
parent: b74658ec6e752e9a510434af23ffad69ed7e4f93 (diff)
download: cryptography-34fb5e54dd1670a0c3cf5936f0a7b33e40686cc2.tar.gz
cryptography-34fb5e54dd1670a0c3cf5936f0a7b33e40686cc2.tar.bz2
cryptography-34fb5e54dd1670a0c3cf5936f0a7b33e40686cc2.zip
4 files changed, 64 insertions, 4 deletions
diff --git a/cryptography/hazmat/backends/commoncrypto/backend.py b/cryptography/hazmat/backends/commoncrypto/backend.py
index 3d98bf6b..58e57efb 100644
--- a/cryptography/hazmat/backends/commoncrypto/backend.py
+++ b/cryptography/hazmat/backends/commoncrypto/backend.py
@@ -18,7 +18,7 @@ from collections import namedtuple
 from cryptography import utils
 from cryptography.exceptions import UnsupportedAlgorithm
 from cryptography.hazmat.backends.interfaces import (
-    HashBackend,
+    HashBackend, HMACBackend,
 )
 from cryptography.hazmat.bindings.commoncrypto.binding import Binding
 from cryptography.hazmat.primitives import interfaces
@@ -30,6 +30,7 @@ HashMethods = namedtuple(
 
 
 @utils.register_interface(HashBackend)
+@utils.register_interface(HMACBackend)
 class Backend(object):
     """
     CommonCrypto API wrapper.
@@ -68,6 +69,15 @@ class Backend(object):
             ),
         }
 
+        self._supported_hmac_algorithms = {
+            "md5": self._lib.kCCHmacAlgMD5,
+            "sha1": self._lib.kCCHmacAlgSHA1,
+            "sha224": self._lib.kCCHmacAlgSHA224,
+            "sha256": self._lib.kCCHmacAlgSHA256,
+            "sha384": self._lib.kCCHmacAlgSHA384,
+            "sha512": self._lib.kCCHmacAlgSHA512,
+        }
+
     def hash_supported(self, algorithm):
         try:
             self._hash_mapping[algorithm.name]
@@ -75,9 +85,19 @@ class Backend(object):
         except KeyError:
             return False
 
+    def hmac_supported(self, algorithm):
+        try:
+            self._supported_hmac_algorithms[algorithm.name]
+            return True
+        except KeyError:
+            return False
+
     def create_hash_ctx(self, algorithm):
         return _HashContext(self, algorithm)
 
+    def create_hmac_ctx(self, key, algorithm):
+        return _HMACContext(self, key, algorithm)
+
 
 @utils.register_interface(interfaces.HashContext)
 class _HashContext(object):
@@ -122,4 +142,43 @@ class _HashContext(object):
         return self._backend._ffi.buffer(buf)[:]
 
 
+@utils.register_interface(interfaces.HashContext)
+class _HMACContext(object):
+    def __init__(self, backend, key, algorithm, ctx=None):
+        self.algorithm = algorithm
+        self._backend = backend
+        if ctx is None:
+            ctx = self._backend._ffi.new("CCHmacContext *")
+            try:
+                alg = self._backend._supported_hmac_algorithms[algorithm.name]
+            except KeyError:
+                raise UnsupportedAlgorithm(
+                    "{0} is not a supported HMAC hash on this backend".format(
+                        algorithm.name)
+                )
+
+            self._backend._lib.CCHmacInit(ctx, alg, key, len(key))
+
+        self._ctx = ctx
+        self._key = key
+
+    def copy(self):
+        copied_ctx = self._backend._ffi.new("CCHmacContext *")
+        # CommonCrypto has no APIs for copying HMACs, so we have to copy the
+        # underlying struct.
+        copied_ctx[0] = self._ctx[0]
+        return _HMACContext(
+            self._backend, self._key, self.algorithm, ctx=copied_ctx
+        )
+
+    def update(self, data):
+        self._backend._lib.CCHmacUpdate(self._ctx, data, len(data))
+
+    def finalize(self):
+        buf = self._backend._ffi.new("unsigned char[]",
+                                     self.algorithm.digest_size)
+        self._backend._lib.CCHmacFinal(self._ctx, buf)
+        return self._backend._ffi.buffer(buf)[:]
+
+
 backend = Backend()
diff --git a/docs/changelog.rst b/docs/changelog.rst
index b0baf912..819b426a 100644
--- a/docs/changelog.rst
+++ b/docs/changelog.rst
@@ -6,10 +6,11 @@ Changelog
 
 **In development**
 
-* Added CommonCrypto backend with hash support.
-* Added initial CommonCrypto bindings.
+* Added :doc:`/hazmat/backends/commoncrypto` with hash and HMAC support.
+* Added initial :doc:`/hazmat/bindings/commoncrypto`.
 
 0.1 - 2014-01-08
 ~~~~~~~~~~~~~~~~
 
 * Initial release.
+
diff --git a/docs/hazmat/backends/common-crypto.rst b/docs/hazmat/backends/commoncrypto.rst
index af2032b6..af2032b6 100644
--- a/docs/hazmat/backends/common-crypto.rst
+++ b/docs/hazmat/backends/commoncrypto.rst
diff --git a/docs/hazmat/backends/index.rst b/docs/hazmat/backends/index.rst
index 22354f69..dbc0724e 100644
--- a/docs/hazmat/backends/index.rst
+++ b/docs/hazmat/backends/index.rst
@@ -31,5 +31,5 @@ Individual Backends
     :maxdepth: 1
 
     openssl
-    common-crypto
+    commoncrypto
     interfaces
author	Alex Gaynor <alex.gaynor@gmail.com>	2014-01-19 15:55:23 -0800
committer	Alex Gaynor <alex.gaynor@gmail.com>	2014-01-19 15:55:23 -0800
commit	34fb5e54dd1670a0c3cf5936f0a7b33e40686cc2 (patch)
tree	43124263a94b51a1d260e5ccdeb1e68a2023d739
parent	83a299c450260e895ab7e3a0a4d4e0a44a8ece31 (diff)
parent	b74658ec6e752e9a510434af23ffad69ed7e4f93 (diff)
download	cryptography-34fb5e54dd1670a0c3cf5936f0a7b33e40686cc2.tar.gz cryptography-34fb5e54dd1670a0c3cf5936f0a7b33e40686cc2.tar.bz2 cryptography-34fb5e54dd1670a0c3cf5936f0a7b33e40686cc2.zip