diff --git a/src/aes/apple/aes.c b/src/aes/apple/aes.c
new file mode 100644
index 0000000..82b198d
--- /dev/null
+++ b/src/aes/apple/aes.c
@@ -0,0 +1,120 @@
+/**
+ * @file apple/aes.c  AES using Apple CommonCrypto API
+ *
+ * Copyright (C) 2010 Creytiv.com
+ */
+
+#include <string.h>
+#include <re_types.h>
+#include <re_mem.h>
+#include <re_fmt.h>
+#include <re_aes.h>
+#include <CommonCrypto/CommonCryptor.h>
+
+
+struct aes {
+	CCCryptorRef cryptor;
+	uint8_t key[64];
+	size_t key_bytes;
+};
+
+
+static void destructor(void *arg)
+{
+	struct aes *st = arg;
+
+	if (st->cryptor)
+		CCCryptorRelease(st->cryptor);
+}
+
+
+int aes_alloc(struct aes **stp, enum aes_mode mode,
+	      const uint8_t *key, size_t key_bits,
+	      const uint8_t iv[AES_BLOCK_SIZE])
+{
+	struct aes *st;
+	size_t key_bytes = key_bits / 8;
+	CCCryptorStatus status;
+	int err = 0;
+
+	if (!stp || !key)
+		return EINVAL;
+
+	if (mode != AES_MODE_CTR)
+		return ENOTSUP;
+
+	st = mem_zalloc(sizeof(*st), destructor);
+	if (!st)
+		return ENOMEM;
+
+	if (key_bytes > sizeof(st->key)) {
+		err = EINVAL;
+		goto out;
+	}
+
+	st->key_bytes = key_bytes;
+	memcpy(st->key, key, st->key_bytes);
+
+	/* used for both encryption and decryption because CTR is symmetric */
+	status = CCCryptorCreateWithMode(kCCEncrypt, kCCModeCTR,
+					 kCCAlgorithmAES, ccNoPadding,
+					 iv, key, key_bytes, NULL, 0, 0,
+					 kCCModeOptionCTR_BE, &st->cryptor);
+	if (status != kCCSuccess) {
+		err = EPROTO;
+		goto out;
+	}
+
+ out:
+	if (err)
+		mem_deref(st);
+	else
+		*stp = st;
+
+	return err;
+}
+
+
+void aes_set_iv(struct aes *st, const uint8_t iv[AES_BLOCK_SIZE])
+{
+	CCCryptorStatus status;
+
+	if (!st)
+		return;
+
+	/* we must reset the state when updating IV */
+	status = CCCryptorCreateWithMode(kCCEncrypt, kCCModeCTR,
+					 kCCAlgorithmAES, ccNoPadding,
+					 iv, st->key, st->key_bytes,
+					 NULL, 0, 0, kCCModeOptionCTR_BE,
+					 &st->cryptor);
+	if (status != kCCSuccess) {
+		re_fprintf(stderr, "aes: CCCryptorCreateWithMode error (%d)\n",
+			   status);
+	}
+}
+
+
+int aes_encr(struct aes *st, uint8_t *out, const uint8_t *in, size_t len)
+{
+	CCCryptorStatus status;
+	size_t moved;
+
+	if (!st || !out || !in || !len)
+		return EINVAL;
+
+	status = CCCryptorUpdate(st->cryptor, in, len, out, len, &moved);
+	if (status != kCCSuccess) {
+		re_fprintf(stderr, "aes: CCCryptorUpdate error (%d)\n",
+			   status);
+		return EPROTO;
+	}
+
+	return 0;
+}
+
+
+int aes_decr(struct aes *st, uint8_t *out, const uint8_t *in, size_t len)
+{
+	return aes_encr(st, out, in, len);
+}
diff --git a/src/aes/mod.mk b/src/aes/mod.mk
index 931e5cf..95466c7 100644
--- a/src/aes/mod.mk
+++ b/src/aes/mod.mk
@@ -6,6 +6,8 @@
 
 ifneq ($(USE_OPENSSL),)
 SRCS	+= aes/openssl/aes.c
+else ifneq ($(USE_APPLE_COMMONCRYPTO),)
+SRCS	+= aes/apple/aes.c
 else
 SRCS	+= aes/stub.c
 endif
diff --git a/src/hmac/apple/hmac.c b/src/hmac/apple/hmac.c
new file mode 100644
index 0000000..f4cbc94
--- /dev/null
+++ b/src/hmac/apple/hmac.c
@@ -0,0 +1,69 @@
+/**
+ * @file apple/hmac.c  HMAC using Apple API
+ *
+ * Copyright (C) 2010 - 2015 Creytiv.com
+ */
+
+#include <string.h>
+#include <CommonCrypto/CommonHMAC.h>
+#include <re_types.h>
+#include <re_fmt.h>
+#include <re_mem.h>
+#include <re_hmac.h>
+
+
+struct hmac {
+	CCHmacContext ctx;
+	uint8_t key[20];
+	size_t key_len;
+};
+
+
+static void destructor(void *arg)
+{
+	struct hmac *hmac = arg;
+
+	memset(&hmac->ctx, 0, sizeof(hmac->ctx));
+}
+
+
+int hmac_create(struct hmac **hmacp, enum hmac_hash hash,
+		const uint8_t *key, size_t key_len)
+{
+	struct hmac *hmac;
+
+	if (!hmacp || !key || !key_len)
+		return EINVAL;
+
+	if (hash != HMAC_HASH_SHA1)
+		return ENOTSUP;
+
+	hmac = mem_zalloc(sizeof(*hmac), destructor);
+	if (!hmac)
+		return ENOMEM;
+
+	memcpy(hmac->key, key, key_len);
+	hmac->key_len = key_len;
+
+	CCHmacInit(&hmac->ctx, kCCHmacAlgSHA1, key, key_len);
+
+	*hmacp = hmac;
+
+	return 0;
+}
+
+
+int hmac_digest(struct hmac *hmac, uint8_t *md, size_t md_len,
+		const uint8_t *data, size_t data_len)
+{
+	if (!hmac || !md || !md_len || !data || !data_len)
+		return EINVAL;
+
+	/* reset state */
+	CCHmacInit(&hmac->ctx, kCCHmacAlgSHA1, hmac->key, hmac->key_len);
+
+	CCHmacUpdate(&hmac->ctx, data, data_len);
+	CCHmacFinal(&hmac->ctx, md);
+
+	return 0;
+}
diff --git a/src/hmac/mod.mk b/src/hmac/mod.mk
index 1679fb3..a88da46 100644
--- a/src/hmac/mod.mk
+++ b/src/hmac/mod.mk
@@ -8,6 +8,8 @@ SRCS	+= hmac/hmac_sha1.c
 
 ifneq ($(USE_OPENSSL),)
 SRCS	+= hmac/openssl/hmac.c
+else ifneq ($(USE_APPLE_COMMONCRYPTO),)
+SRCS	+= hmac/apple/hmac.c
 else
 SRCS	+= hmac/hmac.c
 endif