From 5ce6901b2dc7e492e3e39c001821beca96c58906 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Mon, 27 Jan 2014 22:39:57 -0600
Subject: commoncrypto PBKDF2 support

---
 .../hazmat/backends/commoncrypto/backend.py        | 37 +++++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)

diff --git a/cryptography/hazmat/backends/commoncrypto/backend.py b/cryptography/hazmat/backends/commoncrypto/backend.py
index 4e70cab5..e3466457 100644
--- a/cryptography/hazmat/backends/commoncrypto/backend.py
+++ b/cryptography/hazmat/backends/commoncrypto/backend.py
@@ -20,7 +20,7 @@ from cryptography.exceptions import (
     UnsupportedAlgorithm, InvalidTag, InternalError
 )
 from cryptography.hazmat.backends.interfaces import (
-    HashBackend, HMACBackend, CipherBackend
+    HashBackend, HMACBackend, CipherBackend, PBKDF2Backend
 )
 from cryptography.hazmat.bindings.commoncrypto.binding import Binding
 from cryptography.hazmat.primitives import interfaces, constant_time
@@ -40,6 +40,7 @@ HashMethods = namedtuple(
 @utils.register_interface(CipherBackend)
 @utils.register_interface(HashBackend)
 @utils.register_interface(HMACBackend)
+@utils.register_interface(PBKDF2Backend)
 class Backend(object):
     """
     CommonCrypto API wrapper.
@@ -89,6 +90,14 @@ class Backend(object):
             "sha512": self._lib.kCCHmacAlgSHA512,
         }
 
+        self._supported_pbkdf2_algorithms = {
+            "sha1": self._lib.kCCPRFHmacAlgSHA1,
+            "sha224": self._lib.kCCPRFHmacAlgSHA224,
+            "sha256": self._lib.kCCPRFHmacAlgSHA256,
+            "sha384": self._lib.kCCPRFHmacAlgSHA384,
+            "sha512": self._lib.kCCPRFHmacAlgSHA512,
+        }
+
     def hash_supported(self, algorithm):
         try:
             self._hash_mapping[algorithm.name]
@@ -134,6 +143,32 @@ class Backend(object):
         else:
             return _CipherContext(self, cipher, mode, self._lib.kCCDecrypt)
 
+    def pbkdf2_hash_supported(self, algorithm):
+        try:
+            self._supported_pbkdf2_algorithms[algorithm.name]
+        except KeyError:
+            return False
+        else:
+            return True
+
+    def derive_pbkdf2(self, algorithm, length, salt, iterations, key_material):
+        alg_enum = self._supported_pbkdf2_algorithms[algorithm.name]
+        buf = self._ffi.new("char[]", length)
+        res = self._lib.CCKeyDerivationPBKDF(
+            self._lib.kCCPBKDF2,
+            key_material,
+            len(key_material),
+            salt,
+            len(salt),
+            alg_enum,
+            iterations,
+            buf,
+            length
+        )
+        self._check_response(res)
+
+        return self._ffi.buffer(buf)[:]
+
     def _register_cipher_adapter(self, cipher_cls, cipher_const, mode_cls,
                                  mode_const):
         if (cipher_cls, mode_cls) in self._cipher_registry:
-- 
cgit v1.2.3


From 92e801a41d6c4938e9833b0397112ca855b4355b Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Tue, 28 Jan 2014 21:18:52 -0600
Subject: update commoncrypto pbkdf2 with new naming

---
 cryptography/hazmat/backends/commoncrypto/backend.py | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/cryptography/hazmat/backends/commoncrypto/backend.py b/cryptography/hazmat/backends/commoncrypto/backend.py
index e3466457..ce40bb38 100644
--- a/cryptography/hazmat/backends/commoncrypto/backend.py
+++ b/cryptography/hazmat/backends/commoncrypto/backend.py
@@ -20,7 +20,7 @@ from cryptography.exceptions import (
     UnsupportedAlgorithm, InvalidTag, InternalError
 )
 from cryptography.hazmat.backends.interfaces import (
-    HashBackend, HMACBackend, CipherBackend, PBKDF2Backend
+    HashBackend, HMACBackend, CipherBackend, PBKDF2HMACBackend
 )
 from cryptography.hazmat.bindings.commoncrypto.binding import Binding
 from cryptography.hazmat.primitives import interfaces, constant_time
@@ -40,7 +40,7 @@ HashMethods = namedtuple(
 @utils.register_interface(CipherBackend)
 @utils.register_interface(HashBackend)
 @utils.register_interface(HMACBackend)
-@utils.register_interface(PBKDF2Backend)
+@utils.register_interface(PBKDF2HMACBackend)
 class Backend(object):
     """
     CommonCrypto API wrapper.
@@ -90,7 +90,7 @@ class Backend(object):
             "sha512": self._lib.kCCHmacAlgSHA512,
         }
 
-        self._supported_pbkdf2_algorithms = {
+        self._supported_pbkdf2_hmac_algorithms = {
             "sha1": self._lib.kCCPRFHmacAlgSHA1,
             "sha224": self._lib.kCCPRFHmacAlgSHA224,
             "sha256": self._lib.kCCPRFHmacAlgSHA256,
@@ -143,16 +143,17 @@ class Backend(object):
         else:
             return _CipherContext(self, cipher, mode, self._lib.kCCDecrypt)
 
-    def pbkdf2_hash_supported(self, algorithm):
+    def pbkdf2_hmac_supported(self, algorithm):
         try:
-            self._supported_pbkdf2_algorithms[algorithm.name]
+            self._supported_pbkdf2_hmac_algorithms[algorithm.name]
         except KeyError:
             return False
         else:
             return True
 
-    def derive_pbkdf2(self, algorithm, length, salt, iterations, key_material):
-        alg_enum = self._supported_pbkdf2_algorithms[algorithm.name]
+    def derive_pbkdf2_hmac(self, algorithm, length, salt, iterations,
+                           key_material):
+        alg_enum = self._supported_pbkdf2_hmac_algorithms[algorithm.name]
         buf = self._ffi.new("char[]", length)
         res = self._lib.CCKeyDerivationPBKDF(
             self._lib.kCCPBKDF2,
-- 
cgit v1.2.3


From 0bf1f138d5a504ddf07279c42632702265090f76 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Tue, 28 Jan 2014 21:20:01 -0600
Subject: update changelog

---
 docs/changelog.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/changelog.rst b/docs/changelog.rst
index be42b5db..14019c81 100644
--- a/docs/changelog.rst
+++ b/docs/changelog.rst
@@ -14,7 +14,7 @@ Changelog
 * Improved thread-safety for the OpenSSL backend.
 * Fixed compilation on systems where OpenSSL's ``ec.h`` header is not
   available, such as CentOS.
-* Added PBKDF2HMAC support to OpenSSL backend.
+* Added PBKDF2HMAC support to OpenSSL and CommonCrypto backends.
 
 0.1 - 2014-01-08
 ~~~~~~~~~~~~~~~~
-- 
cgit v1.2.3


From 84fc58c1d03e6512c203ba19439cebc17fd393a7 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Wed, 29 Jan 2014 17:16:27 -0600
Subject: simplify check for algorithm

---
 cryptography/hazmat/backends/commoncrypto/backend.py | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/cryptography/hazmat/backends/commoncrypto/backend.py b/cryptography/hazmat/backends/commoncrypto/backend.py
index ce40bb38..8792c8ac 100644
--- a/cryptography/hazmat/backends/commoncrypto/backend.py
+++ b/cryptography/hazmat/backends/commoncrypto/backend.py
@@ -144,12 +144,7 @@ class Backend(object):
             return _CipherContext(self, cipher, mode, self._lib.kCCDecrypt)
 
     def pbkdf2_hmac_supported(self, algorithm):
-        try:
-            self._supported_pbkdf2_hmac_algorithms[algorithm.name]
-        except KeyError:
-            return False
-        else:
-            return True
+        return algorithm.name in self._supported_pbkdf2_hmac_algorithms
 
     def derive_pbkdf2_hmac(self, algorithm, length, salt, iterations,
                            key_material):
-- 
cgit v1.2.3