From 90ae866e0a83ef92ce2b2e7c58ccb86e79f3bee8 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Mon, 23 Dec 2013 17:21:00 -0600
Subject: add hmac_supported method to backend.

Previously we were implicitly assuming that if a hash was supported then
its hmac equivalent was as well.
---
 cryptography/hazmat/backends/openssl/backend.py |  3 +++
 docs/hazmat/backends/interfaces.rst             | 15 +++++++++++++--
 tests/hazmat/primitives/test_hmac.py            |  2 +-
 tests/hazmat/primitives/test_hmac_vectors.py    | 14 +++++++-------
 4 files changed, 24 insertions(+), 10 deletions(-)

diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index f11ddf22..7b67fb0b 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -184,6 +184,9 @@ class Backend(object):
         digest = self.lib.EVP_get_digestbyname(algorithm.name.encode("ascii"))
         return digest != self.ffi.NULL
 
+    def hmac_supported(self, algorithm):
+        return self.hash_supported(algorithm)
+
     def create_hash_ctx(self, algorithm):
         return _HashContext(self, algorithm)
 
diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst
index b524943d..45fbaf09 100644
--- a/docs/hazmat/backends/interfaces.rst
+++ b/docs/hazmat/backends/interfaces.rst
@@ -126,12 +126,23 @@ A specific ``backend`` may provide one or more of these interfaces.
     A backend with methods for using cryptographic hash functions as message
     authentication codes.
 
+    .. method:: hmac_supported(algorithm)
+
+        Check if the specified ``algorithm`` is supported by this backend.
+
+        :param algorithm: An instance of a
+            :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
+            provider.
+
+        :returns: ``True`` if the specified ``algorithm`` is supported for HMAC
+            by this backend, otherwise ``False``.
+
     .. method:: create_hmac_ctx(algorithm)
 
         Create a
         :class:`~cryptogrpahy.hazmat.primitives.interfaces.HashContext` that
-        uses the specified ``algorithm`` to calculate a hash-based message
-        authentication code.
+            uses the specified ``algorithm`` to calculate a hash-based message
+            authentication code.
 
         :param algorithm: An instance of a
             :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py
index 124c4377..1e776c98 100644
--- a/tests/hazmat/primitives/test_hmac.py
+++ b/tests/hazmat/primitives/test_hmac.py
@@ -34,7 +34,7 @@ class UnsupportedDummyHash(object):
 class TestHMAC(object):
     test_copy = generate_base_hmac_test(
         hashes.MD5(),
-        only_if=lambda backend: backend.hash_supported(hashes.MD5),
+        only_if=lambda backend: backend.hmac_supported(hashes.MD5),
         skip_message="Does not support MD5",
     )
 
diff --git a/tests/hazmat/primitives/test_hmac_vectors.py b/tests/hazmat/primitives/test_hmac_vectors.py
index 7d0f156a..f884d850 100644
--- a/tests/hazmat/primitives/test_hmac_vectors.py
+++ b/tests/hazmat/primitives/test_hmac_vectors.py
@@ -27,7 +27,7 @@ class TestHMAC_MD5(object):
             "rfc-2202-md5.txt",
         ],
         hashes.MD5(),
-        only_if=lambda backend: backend.hash_supported(hashes.MD5),
+        only_if=lambda backend: backend.hmac_supported(hashes.MD5),
         skip_message="Does not support MD5",
     )
 
@@ -40,7 +40,7 @@ class TestHMAC_SHA1(object):
             "rfc-2202-sha1.txt",
         ],
         hashes.SHA1(),
-        only_if=lambda backend: backend.hash_supported(hashes.SHA1),
+        only_if=lambda backend: backend.hmac_supported(hashes.SHA1),
         skip_message="Does not support SHA1",
     )
 
@@ -53,7 +53,7 @@ class TestHMAC_SHA224(object):
             "rfc-4231-sha224.txt",
         ],
         hashes.SHA224(),
-        only_if=lambda backend: backend.hash_supported(hashes.SHA224),
+        only_if=lambda backend: backend.hmac_supported(hashes.SHA224),
         skip_message="Does not support SHA224",
     )
 
@@ -66,7 +66,7 @@ class TestHMAC_SHA256(object):
             "rfc-4231-sha256.txt",
         ],
         hashes.SHA256(),
-        only_if=lambda backend: backend.hash_supported(hashes.SHA256),
+        only_if=lambda backend: backend.hmac_supported(hashes.SHA256),
         skip_message="Does not support SHA256",
     )
 
@@ -79,7 +79,7 @@ class TestHMAC_SHA384(object):
             "rfc-4231-sha384.txt",
         ],
         hashes.SHA384(),
-        only_if=lambda backend: backend.hash_supported(hashes.SHA384),
+        only_if=lambda backend: backend.hmac_supported(hashes.SHA384),
         skip_message="Does not support SHA384",
     )
 
@@ -92,7 +92,7 @@ class TestHMAC_SHA512(object):
             "rfc-4231-sha512.txt",
         ],
         hashes.SHA512(),
-        only_if=lambda backend: backend.hash_supported(hashes.SHA512),
+        only_if=lambda backend: backend.hmac_supported(hashes.SHA512),
         skip_message="Does not support SHA512",
     )
 
@@ -105,6 +105,6 @@ class TestHMAC_RIPEMD160(object):
             "rfc-2286-ripemd160.txt",
         ],
         hashes.RIPEMD160(),
-        only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160),
+        only_if=lambda backend: backend.hmac_supported(hashes.RIPEMD160),
         skip_message="Does not support RIPEMD160",
     )
-- 
cgit v1.2.3


From 4f776c495cfef4dd29023cb7bb035612d1e53916 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Mon, 23 Dec 2013 17:25:54 -0600
Subject: fix erroneous indent and add abstractmethod to HMACBackend

---
 cryptography/hazmat/backends/interfaces.py | 7 +++++++
 docs/hazmat/backends/interfaces.rst        | 4 ++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/cryptography/hazmat/backends/interfaces.py b/cryptography/hazmat/backends/interfaces.py
index 912476bb..9a570968 100644
--- a/cryptography/hazmat/backends/interfaces.py
+++ b/cryptography/hazmat/backends/interfaces.py
@@ -59,6 +59,13 @@ class HashBackend(six.with_metaclass(abc.ABCMeta)):
 
 
 class HMACBackend(six.with_metaclass(abc.ABCMeta)):
+    @abc.abstractmethod
+    def hmac_supported(self, algorithm):
+        """
+        Return True if the hash algorithm is supported for HMAC by this
+        backend.
+        """
+
     @abc.abstractmethod
     def create_hmac_ctx(self, key, algorithm):
         """
diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst
index 45fbaf09..5b6cd64d 100644
--- a/docs/hazmat/backends/interfaces.rst
+++ b/docs/hazmat/backends/interfaces.rst
@@ -141,8 +141,8 @@ A specific ``backend`` may provide one or more of these interfaces.
 
         Create a
         :class:`~cryptogrpahy.hazmat.primitives.interfaces.HashContext` that
-            uses the specified ``algorithm`` to calculate a hash-based message
-            authentication code.
+        uses the specified ``algorithm`` to calculate a hash-based message
+        authentication code.
 
         :param algorithm: An instance of a
             :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
-- 
cgit v1.2.3