Merge pull request #919 from Ayrx/cmac-interfaces
CMAC interfaces + documentation
diff --git a/cryptography/hazmat/backends/interfaces.py b/cryptography/hazmat/backends/interfaces.py
index e4c1df3..4137b53 100644
--- a/cryptography/hazmat/backends/interfaces.py
+++ b/cryptography/hazmat/backends/interfaces.py
@@ -142,3 +142,18 @@
Load a private key from PEM encoded data, using password if the data
is encrypted.
"""
+
+
+@six.add_metaclass(abc.ABCMeta)
+class CMACBackend(object):
+ @abc.abstractmethod
+ def cmac_supported(self):
+ """
+ Returns True if the backend supports CMAC
+ """
+
+ @abc.abstractmethod
+ def create_cmac_ctx(self, algorithm):
+ """
+ Create a CMACContext for calculating a message authentication code.
+ """
diff --git a/cryptography/hazmat/primitives/interfaces.py b/cryptography/hazmat/primitives/interfaces.py
index 4d92ef2..810a67a 100644
--- a/cryptography/hazmat/primitives/interfaces.py
+++ b/cryptography/hazmat/primitives/interfaces.py
@@ -469,3 +469,23 @@
Checks whether the key generated by the key material matches the
expected derived key. Raises an exception if they do not match.
"""
+
+
+@six.add_metaclass(abc.ABCMeta)
+class CMACContext(object):
+ @abc.abstractmethod
+ def update(self, data):
+ """
+ Processes the provided bytes.
+ """
+
+ def finalize(self):
+ """
+ Returns the message authentication code as bytes.
+ """
+
+ @abc.abstractmethod
+ def copy(self):
+ """
+ Return a CMACContext that is a copy of the current context.
+ """
diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst
index 9c401d2..546aa76 100644
--- a/docs/hazmat/backends/interfaces.rst
+++ b/docs/hazmat/backends/interfaces.rst
@@ -319,3 +319,27 @@
:raises ValueError: This is raised if the key size is not (1024 or 2048 or 3072)
or if the OpenSSL version is older than 1.0.0 and the key size is larger than 1024
because older OpenSSL versions don't support a key size larger than 1024.
+
+
+.. class:: CMACBackend
+
+ .. versionadded:: 0.4
+
+ A backend with methods for using CMAC
+
+ .. method:: cmac_supported()
+
+ :return: True if CMAC is supported by the backend. False if otherwise.
+
+ .. method:: create_cmac_ctx(algorithm)
+
+ Create a
+ :class:`~cryptography.hazmat.primitives.interfaces.CMACContext` that
+ uses the specified ``algorithm`` to calculate a message authentication code.
+
+ :param algorithm: An instance of a
+ :class:`~cryptography.hazmat.primitives.interfaces.BlockCipherAlgorithm`
+ provider.
+
+ :returns:
+ :class:`~cryptography.hazmat.primitives.interfaces.CMACContext`
diff --git a/docs/hazmat/primitives/interfaces.rst b/docs/hazmat/primitives/interfaces.rst
index f4fb8de..95fd6f9 100644
--- a/docs/hazmat/primitives/interfaces.rst
+++ b/docs/hazmat/primitives/interfaces.rst
@@ -513,6 +513,29 @@
something like checking whether a user's password attempt matches the
stored derived key.
+
+`CMAC`_
+~~~~~~~
+
+.. class:: CMACContext
+
+ .. versionadded:: 0.4
+
+ .. method:: update(data)
+
+ :param data bytes: The data you want to authenticate.
+
+ .. method:: finalize()
+
+ :return: The message authentication code.
+
+ .. method:: copy()
+
+ :return: A :class:`~cryptography.hazmat.primitives.interfaces.CMACContext`
+ that is a copy of the current context.
+
+
.. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
.. _`Chinese remainder theorem`: https://en.wikipedia.org/wiki/Chinese_remainder_theorem
.. _`DSA`: https://en.wikipedia.org/wiki/Digital_Signature_Algorithm
+.. _`CMAC`: https://en.wikipedia.org/wiki/CMAC