Merge pull request #157 from reaperhulk/hmac

HMAC support
author: David Reid <dreid@dreid.org> 2013-10-29 10:05:47 -0700
committer: David Reid <dreid@dreid.org> 2013-10-29 10:05:47 -0700
commit: a9d9922f82d4e7b940679c4b548a4b14d0958ed9 (patch)
tree: fe842ec8a06805dd12092721982afdc213072772 /cryptography
parent: c402f359864f91132a31631c97713fb8293a3bd8 (diff)
parent: 50a881572bc7617d4d49c4ae7b200c3bcb7398d9 (diff)
download: cryptography-a9d9922f82d4e7b940679c4b548a4b14d0958ed9.tar.gz
cryptography-a9d9922f82d4e7b940679c4b548a4b14d0958ed9.tar.bz2
cryptography-a9d9922f82d4e7b940679c4b548a4b14d0958ed9.zip
2 files changed, 99 insertions, 0 deletions
diff --git a/cryptography/hazmat/bindings/openssl/backend.py b/cryptography/hazmat/bindings/openssl/backend.py
index 494430ba..635d6a0c 100644
--- a/cryptography/hazmat/bindings/openssl/backend.py
+++ b/cryptography/hazmat/bindings/openssl/backend.py
@@ -96,6 +96,7 @@ class Backend(object):
 
         self.ciphers = Ciphers(self)
         self.hashes = Hashes(self)
+        self.hmacs = HMACs(self)
 
     def openssl_version_text(self):
         """
@@ -259,4 +260,43 @@ class Hashes(object):
         return copied_ctx
 
 
+class HMACs(object):
+    def __init__(self, backend):
+        super(HMACs, self).__init__()
+        self._backend = backend
+
+    def create_ctx(self, key, hash_cls):
+        ctx = self._backend.ffi.new("HMAC_CTX *")
+        self._backend.lib.HMAC_CTX_init(ctx)
+        ctx = self._backend.ffi.gc(ctx, self._backend.lib.HMAC_CTX_cleanup)
+        evp_md = self._backend.lib.EVP_get_digestbyname(
+            hash_cls.name.encode('ascii'))
+        assert evp_md != self._backend.ffi.NULL
+        res = self._backend.lib.HMAC_Init_ex(ctx, key, len(key), evp_md,
+                                             self._backend.ffi.NULL)
+        assert res != 0
+        return ctx
+
+    def update_ctx(self, ctx, data):
+        res = self._backend.lib.HMAC_Update(ctx, data, len(data))
+        assert res != 0
+
+    def finalize_ctx(self, ctx, digest_size):
+        buf = self._backend.ffi.new("unsigned char[]", digest_size)
+        buflen = self._backend.ffi.new("unsigned int *", digest_size)
+        res = self._backend.lib.HMAC_Final(ctx, buf, buflen)
+        assert res != 0
+        self._backend.lib.HMAC_CTX_cleanup(ctx)
+        return self._backend.ffi.buffer(buf)[:digest_size]
+
+    def copy_ctx(self, ctx):
+        copied_ctx = self._backend.ffi.new("HMAC_CTX *")
+        self._backend.lib.HMAC_CTX_init(copied_ctx)
+        copied_ctx = self._backend.ffi.gc(copied_ctx,
+                                          self._backend.lib.HMAC_CTX_cleanup)
+        res = self._backend.lib.HMAC_CTX_copy(copied_ctx, ctx)
+        assert res != 0
+        return copied_ctx
+
+
 backend = Backend()
diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py
new file mode 100644
index 00000000..4da0cc3f
--- /dev/null
+++ b/cryptography/hazmat/primitives/hmac.py
@@ -0,0 +1,59 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+import binascii
+
+import six
+
+
+class HMAC(object):
+    def __init__(self, key, msg=None, digestmod=None, ctx=None, backend=None):
+        super(HMAC, self).__init__()
+        if backend is None:
+            from cryptography.hazmat.bindings import _default_backend
+            backend = _default_backend
+
+        if digestmod is None:
+            raise TypeError("digestmod is a required argument")
+
+        self._backend = backend
+        self.digestmod = digestmod
+        self.key = key
+        if ctx is None:
+            self._ctx = self._backend.hmacs.create_ctx(key, self.digestmod)
+        else:
+            self._ctx = ctx
+
+        if msg is not None:
+            self.update(msg)
+
+    def update(self, msg):
+        if isinstance(msg, six.text_type):
+            raise TypeError("Unicode-objects must be encoded before hashing")
+        self._backend.hmacs.update_ctx(self._ctx, msg)
+
+    def copy(self):
+        return self.__class__(self.key, digestmod=self.digestmod,
+                              backend=self._backend, ctx=self._copy_ctx())
+
+    def digest(self):
+        return self._backend.hmacs.finalize_ctx(self._copy_ctx(),
+                                                self.digestmod.digest_size)
+
+    def hexdigest(self):
+        return str(binascii.hexlify(self.digest()).decode("ascii"))
+
+    def _copy_ctx(self):
+        return self._backend.hmacs.copy_ctx(self._ctx)
author	David Reid <dreid@dreid.org>	2013-10-29 10:05:47 -0700
committer	David Reid <dreid@dreid.org>	2013-10-29 10:05:47 -0700
commit	a9d9922f82d4e7b940679c4b548a4b14d0958ed9 (patch)
tree	fe842ec8a06805dd12092721982afdc213072772 /cryptography
parent	c402f359864f91132a31631c97713fb8293a3bd8 (diff)
parent	50a881572bc7617d4d49c4ae7b200c3bcb7398d9 (diff)
download	cryptography-a9d9922f82d4e7b940679c4b548a4b14d0958ed9.tar.gz cryptography-a9d9922f82d4e7b940679c4b548a4b14d0958ed9.tar.bz2 cryptography-a9d9922f82d4e7b940679c4b548a4b14d0958ed9.zip