From 0192692f18d059e0c1f5f5345a8bfe71cc46c8c4 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sun, 19 Jan 2014 13:54:53 -0600
Subject: hmac support for commoncrypto

---
 .../hazmat/backends/commoncrypto/backend.py        | 61 +++++++++++++++++++++-
 docs/changelog.rst                                 |  2 +-
 2 files changed, 61 insertions(+), 2 deletions(-)

diff --git a/cryptography/hazmat/backends/commoncrypto/backend.py b/cryptography/hazmat/backends/commoncrypto/backend.py
index 3d98bf6b..6bdc7796 100644
--- a/cryptography/hazmat/backends/commoncrypto/backend.py
+++ b/cryptography/hazmat/backends/commoncrypto/backend.py
@@ -18,7 +18,7 @@ from collections import namedtuple
 from cryptography import utils
 from cryptography.exceptions import UnsupportedAlgorithm
 from cryptography.hazmat.backends.interfaces import (
-    HashBackend,
+    HashBackend, HMACBackend,
 )
 from cryptography.hazmat.bindings.commoncrypto.binding import Binding
 from cryptography.hazmat.primitives import interfaces
@@ -30,6 +30,7 @@ HashMethods = namedtuple(
 
 
 @utils.register_interface(HashBackend)
+@utils.register_interface(HMACBackend)
 class Backend(object):
     """
     CommonCrypto API wrapper.
@@ -68,6 +69,15 @@ class Backend(object):
             ),
         }
 
+        self._supported_hmac_algorithms = {
+            "md5": self._lib.kCCHmacAlgMD5,
+            "sha1": self._lib.kCCHmacAlgSHA1,
+            "sha224": self._lib.kCCHmacAlgSHA224,
+            "sha256": self._lib.kCCHmacAlgSHA256,
+            "sha384": self._lib.kCCHmacAlgSHA384,
+            "sha512": self._lib.kCCHmacAlgSHA512,
+        }
+
     def hash_supported(self, algorithm):
         try:
             self._hash_mapping[algorithm.name]
@@ -75,9 +85,19 @@ class Backend(object):
         except KeyError:
             return False
 
+    def hmac_supported(self, algorithm):
+        try:
+            self._supported_hmac_algorithms[algorithm.name]
+            return True
+        except KeyError:
+            return False
+
     def create_hash_ctx(self, algorithm):
         return _HashContext(self, algorithm)
 
+    def create_hmac_ctx(self, key, algorithm):
+        return _HMACContext(self, key, algorithm)
+
 
 @utils.register_interface(interfaces.HashContext)
 class _HashContext(object):
@@ -122,4 +142,43 @@ class _HashContext(object):
         return self._backend._ffi.buffer(buf)[:]
 
 
+@utils.register_interface(interfaces.HashContext)
+class _HMACContext(object):
+    def __init__(self, backend, key, algorithm, ctx=None):
+        self.algorithm = algorithm
+        self._backend = backend
+        if ctx is None:
+            ctx = self._backend._ffi.new("CCHmacContext *")
+            try:
+                alg = self._backend._supported_hmac_algorithms[algorithm.name]
+            except KeyError:
+                raise UnsupportedAlgorithm(
+                    "{0} is not a supported HMAC hash on this backend".format(
+                        algorithm.name)
+                )
+
+            self._backend._lib.CCHmacInit(ctx, alg, key, len(key))
+
+        self._ctx = ctx
+        self._key = key
+
+    def copy(self):
+        copied_ctx = self._backend._ffi.new("CCHmacContext *")
+        # CommonCrypto has no APIs for copying hashes, so we have to copy the
+        # underlying struct.
+        copied_ctx[0] = self._ctx[0]
+        return _HMACContext(
+            self._backend, self._key, self.algorithm, ctx=copied_ctx
+        )
+
+    def update(self, data):
+        self._backend._lib.CCHmacUpdate(self._ctx, data, len(data))
+
+    def finalize(self):
+        buf = self._backend._ffi.new("unsigned char[]",
+                                     self.algorithm.digest_size)
+        self._backend._lib.CCHmacFinal(self._ctx, buf)
+        return self._backend._ffi.buffer(buf)[:]
+
+
 backend = Backend()
diff --git a/docs/changelog.rst b/docs/changelog.rst
index b0baf912..82d3bf05 100644
--- a/docs/changelog.rst
+++ b/docs/changelog.rst
@@ -6,7 +6,7 @@ Changelog
 
 **In development**
 
-* Added CommonCrypto backend with hash support.
+* Added CommonCrypto backend with hash and HMAC support.
 * Added initial CommonCrypto bindings.
 
 0.1 - 2014-01-08
-- 
cgit v1.2.3


From b74658ec6e752e9a510434af23ffad69ed7e4f93 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sun, 19 Jan 2014 17:09:22 -0600
Subject: doc updates

---
 cryptography/hazmat/backends/commoncrypto/backend.py |  2 +-
 docs/changelog.rst                                   |  5 +++--
 docs/hazmat/backends/common-crypto.rst               | 20 --------------------
 docs/hazmat/backends/commoncrypto.rst                | 20 ++++++++++++++++++++
 docs/hazmat/backends/index.rst                       |  2 +-
 5 files changed, 25 insertions(+), 24 deletions(-)
 delete mode 100644 docs/hazmat/backends/common-crypto.rst
 create mode 100644 docs/hazmat/backends/commoncrypto.rst

diff --git a/cryptography/hazmat/backends/commoncrypto/backend.py b/cryptography/hazmat/backends/commoncrypto/backend.py
index 6bdc7796..58e57efb 100644
--- a/cryptography/hazmat/backends/commoncrypto/backend.py
+++ b/cryptography/hazmat/backends/commoncrypto/backend.py
@@ -164,7 +164,7 @@ class _HMACContext(object):
 
     def copy(self):
         copied_ctx = self._backend._ffi.new("CCHmacContext *")
-        # CommonCrypto has no APIs for copying hashes, so we have to copy the
+        # CommonCrypto has no APIs for copying HMACs, so we have to copy the
         # underlying struct.
         copied_ctx[0] = self._ctx[0]
         return _HMACContext(
diff --git a/docs/changelog.rst b/docs/changelog.rst
index 82d3bf05..819b426a 100644
--- a/docs/changelog.rst
+++ b/docs/changelog.rst
@@ -6,10 +6,11 @@ Changelog
 
 **In development**
 
-* Added CommonCrypto backend with hash and HMAC support.
-* Added initial CommonCrypto bindings.
+* Added :doc:`/hazmat/backends/commoncrypto` with hash and HMAC support.
+* Added initial :doc:`/hazmat/bindings/commoncrypto`.
 
 0.1 - 2014-01-08
 ~~~~~~~~~~~~~~~~
 
 * Initial release.
+
diff --git a/docs/hazmat/backends/common-crypto.rst b/docs/hazmat/backends/common-crypto.rst
deleted file mode 100644
index af2032b6..00000000
--- a/docs/hazmat/backends/common-crypto.rst
+++ /dev/null
@@ -1,20 +0,0 @@
-.. hazmat::
-
-CommonCrypto Backend
-====================
-
-The `CommonCrypto`_ C library provided by Apple on OS X and iOS.
-
-.. currentmodule:: cryptography.hazmat.backends.commoncrypto.backend
-
-.. versionadded:: 0.2
-
-.. data:: cryptography.hazmat.backends.commoncrypto.backend
-
-    This is the exposed API for the CommonCrypto backend. It has one public attribute.
-
-    .. attribute:: name
-
-        The string name of this backend: ``"commoncrypto"``
-
-.. _`CommonCrypto`: https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man3/Common%20Crypto.3cc.html
diff --git a/docs/hazmat/backends/commoncrypto.rst b/docs/hazmat/backends/commoncrypto.rst
new file mode 100644
index 00000000..af2032b6
--- /dev/null
+++ b/docs/hazmat/backends/commoncrypto.rst
@@ -0,0 +1,20 @@
+.. hazmat::
+
+CommonCrypto Backend
+====================
+
+The `CommonCrypto`_ C library provided by Apple on OS X and iOS.
+
+.. currentmodule:: cryptography.hazmat.backends.commoncrypto.backend
+
+.. versionadded:: 0.2
+
+.. data:: cryptography.hazmat.backends.commoncrypto.backend
+
+    This is the exposed API for the CommonCrypto backend. It has one public attribute.
+
+    .. attribute:: name
+
+        The string name of this backend: ``"commoncrypto"``
+
+.. _`CommonCrypto`: https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man3/Common%20Crypto.3cc.html
diff --git a/docs/hazmat/backends/index.rst b/docs/hazmat/backends/index.rst
index 22354f69..dbc0724e 100644
--- a/docs/hazmat/backends/index.rst
+++ b/docs/hazmat/backends/index.rst
@@ -31,5 +31,5 @@ Individual Backends
     :maxdepth: 1
 
     openssl
-    common-crypto
+    commoncrypto
     interfaces
-- 
cgit v1.2.3