HMAC support

Conflicts: docs/primitives/index.rst tests/hazmat/primitives/utils.py
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2013-10-28 17:34:27 -0500
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2013-10-28 17:34:27 -0500
commit: 0317b04b119ceb55e11cf1be28c5223bad240c26 (patch)
tree: 7ddf3ce8f7e7f51cdca419e915e60a853d678fed /cryptography
parent: 0a0d749e38d849c6d4b1767b6a3994408f0977f1 (diff)
download: cryptography-0317b04b119ceb55e11cf1be28c5223bad240c26.tar.gz
cryptography-0317b04b119ceb55e11cf1be28c5223bad240c26.tar.bz2
cryptography-0317b04b119ceb55e11cf1be28c5223bad240c26.zip
2 files changed, 95 insertions, 0 deletions
diff --git a/cryptography/hazmat/bindings/openssl/backend.py b/cryptography/hazmat/bindings/openssl/backend.py
index 494430ba..300495cb 100644
--- a/cryptography/hazmat/bindings/openssl/backend.py
+++ b/cryptography/hazmat/bindings/openssl/backend.py
@@ -96,6 +96,7 @@ class Backend(object):
 
         self.ciphers = Ciphers(self)
         self.hashes = Hashes(self)
+        self.hmacs = HMACs(self)
 
     def openssl_version_text(self):
         """
@@ -259,4 +260,43 @@ class Hashes(object):
         return copied_ctx
 
 
+class HMACs(object):
+    def __init__(self, backend):
+        super(HMACs, self).__init__()
+        self._backend = backend
+
+    def create_ctx(self, key, hash_cls):
+        ctx = self._backend.ffi.new("HMAC_CTX *")
+        self._backend.lib.HMAC_CTX_init(ctx)
+        ctx = self._backend.ffi.gc(ctx, self._backend.lib.HMAC_CTX_cleanup)
+        evp_md = self._backend.lib.EVP_get_digestbyname(
+            hash_cls.name.encode('ascii'))
+        assert evp_md != self._backend.ffi.NULL
+        res = self._backend.lib.HMAC_Init_ex(ctx, key, len(key), evp_md,
+                                             self._backend.ffi.NULL)
+        assert res != 0
+        return ctx
+
+    def update_ctx(self, ctx, data):
+        res = self._backend.lib.HMAC_Update(ctx, data, len(data))
+        assert res != 0
+
+    def finalize_ctx(self, ctx, digest_size):
+        buf = self._backend.ffi.new("unsigned char[]", digest_size)
+        buflen = self._backend.ffi.new("unsigned int *")
+        buflen[0] = digest_size
+        res = self._backend.lib.HMAC_Final(ctx, buf, buflen)
+        assert res != 0
+        return self._backend.ffi.buffer(buf)[:digest_size]
+
+    def copy_ctx(self, ctx):
+        copied_ctx = self._backend.ffi.new("HMAC_CTX *")
+        self._backend.lib.HMAC_CTX_init(copied_ctx)
+        copied_ctx = self._backend.ffi.gc(copied_ctx,
+                                          self._backend.lib.HMAC_CTX_cleanup)
+        res = self._backend.lib.HMAC_CTX_copy(copied_ctx, ctx)
+        assert res != 0
+        return copied_ctx
+
+
 backend = Backend()
diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py
new file mode 100644
index 00000000..f635e36e
--- /dev/null
+++ b/cryptography/hazmat/primitives/hmac.py
@@ -0,0 +1,55 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+import binascii
+
+import six
+
+
+class HMAC(object):
+    def __init__(self, key, hash_cls, data=None, ctx=None, backend=None):
+        super(HMAC, self).__init__()
+        if backend is None:
+            from cryptography.hazmat.bindings import _default_backend
+            backend = _default_backend
+        self._backend = backend
+        self.hash_cls = hash_cls
+        self.key = key
+        if ctx is None:
+            self._ctx = self._backend.hmacs.create_ctx(key, self.hash_cls)
+        else:
+            self._ctx = ctx
+
+        if data is not None:
+            self.update(data)
+
+    def update(self, data):
+        if isinstance(data, six.text_type):
+            raise TypeError("Unicode-objects must be encoded before hashing")
+        self._backend.hmacs.update_ctx(self._ctx, data)
+
+    def copy(self):
+        return self.__class__(self.key, hash_cls=self.hash_cls,
+                              backend=self._backend, ctx=self._copy_ctx())
+
+    def digest(self):
+        return self._backend.hmacs.finalize_ctx(self._copy_ctx(),
+                                                self.hash_cls.digest_size)
+
+    def hexdigest(self):
+        return str(binascii.hexlify(self.digest()).decode("ascii"))
+
+    def _copy_ctx(self):
+        return self._backend.hmacs.copy_ctx(self._ctx)
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2013-10-28 17:34:27 -0500
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2013-10-28 17:34:27 -0500
commit	0317b04b119ceb55e11cf1be28c5223bad240c26 (patch)
tree	7ddf3ce8f7e7f51cdca419e915e60a853d678fed /cryptography
parent	0a0d749e38d849c6d4b1767b6a3994408f0977f1 (diff)
download	cryptography-0317b04b119ceb55e11cf1be28c5223bad240c26.tar.gz cryptography-0317b04b119ceb55e11cf1be28c5223bad240c26.tar.bz2 cryptography-0317b04b119ceb55e11cf1be28c5223bad240c26.zip