HMAC support

Conflicts:
	docs/primitives/index.rst
	tests/hazmat/primitives/utils.py

4 files changed, 246 insertions, 1 deletions

diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py
new file mode 100644
index 00000000..e2b517ae
--- /dev/null
+++ b/tests/hazmat/primitives/test_hmac.py
@@ -0,0 +1,53 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+import pretend
+
+import pytest
+
+import six
+
+from cryptography.hazmat.primitives import hashes, hmac
+
+from .utils import generate_base_hmac_test
+
+
+class TestHMAC(object):
+    test_copy = generate_base_hmac_test(
+        hashes.MD5,
+        only_if=lambda backend: backend.hashes.supported(hashes.MD5),
+        skip_message="Does not support MD5",
+    )
+
+    def test_hmac_reject_unicode(self, backend):
+        h = hmac.HMAC(key=b"mykey", hash_cls=hashes.SHA1, backend=backend)
+        with pytest.raises(TypeError):
+            h.update(six.u("\u00FC"))
+
+    def test_base_hash_hexdigest_string_type(self, backend):
+        h = hmac.HMAC(key=b"mykey", hash_cls=hashes.SHA1, backend=backend,
+                      data=b"")
+        assert isinstance(h.hexdigest(), str)
+
+
+class TestCopyHMAC(object):
+    def test_copy_backend_object(self):
+        pretend_hmac = pretend.stub(copy_ctx=lambda a: True)
+        pretend_backend = pretend.stub(hmacs=pretend_hmac)
+        pretend_ctx = pretend.stub()
+        h = hmac.HMAC(b"key", hashes.SHA1, backend=pretend_backend,
+                      ctx=pretend_ctx)
+        assert h._backend is pretend_backend
+        assert h.copy()._backend is pretend_backend
diff --git a/tests/hazmat/primitives/test_hmac_vectors.py b/tests/hazmat/primitives/test_hmac_vectors.py
new file mode 100644
index 00000000..0754ab5e
--- /dev/null
+++ b/tests/hazmat/primitives/test_hmac_vectors.py
@@ -0,0 +1,114 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+import os
+
+from cryptography.hazmat.primitives import hashes
+
+from .utils import generate_hmac_test
+from ...utils import load_hash_vectors_from_file
+
+
+#TODO: find HMAC whirlpool vectors?
+
+class TestHMAC_MD5(object):
+    test_hmac_md5 = generate_hmac_test(
+        load_hash_vectors_from_file,
+        os.path.join("RFC", "HMAC"),
+        [
+            "rfc-2202-md5.txt",
+        ],
+        hashes.MD5,
+        only_if=lambda backend: backend.hashes.supported(hashes.MD5),
+        skip_message="Does not support MD5",
+    )
+
+
+class TestHMAC_SHA1(object):
+    test_hmac_sha1 = generate_hmac_test(
+        load_hash_vectors_from_file,
+        os.path.join("RFC", "HMAC"),
+        [
+            "rfc-2202-sha1.txt",
+        ],
+        hashes.SHA1,
+        only_if=lambda backend: backend.hashes.supported(hashes.SHA1),
+        skip_message="Does not support SHA1",
+    )
+
+
+class TestHMAC_SHA224(object):
+    test_hmac_sha224 = generate_hmac_test(
+        load_hash_vectors_from_file,
+        os.path.join("RFC", "HMAC"),
+        [
+            "rfc-4231-sha224.txt",
+        ],
+        hashes.SHA224,
+        only_if=lambda backend: backend.hashes.supported(hashes.SHA224),
+        skip_message="Does not support SHA224",
+    )
+
+
+class TestHMAC_SHA256(object):
+    test_hmac_sha256 = generate_hmac_test(
+        load_hash_vectors_from_file,
+        os.path.join("RFC", "HMAC"),
+        [
+            "rfc-4231-sha256.txt",
+        ],
+        hashes.SHA256,
+        only_if=lambda backend: backend.hashes.supported(hashes.SHA256),
+        skip_message="Does not support SHA256",
+    )
+
+
+class TestHMAC_SHA384(object):
+    test_hmac_sha384 = generate_hmac_test(
+        load_hash_vectors_from_file,
+        os.path.join("RFC", "HMAC"),
+        [
+            "rfc-4231-sha384.txt",
+        ],
+        hashes.SHA384,
+        only_if=lambda backend: backend.hashes.supported(hashes.SHA384),
+        skip_message="Does not support SHA384",
+    )
+
+
+class TestHMAC_SHA512(object):
+    test_hmac_sha512 = generate_hmac_test(
+        load_hash_vectors_from_file,
+        os.path.join("RFC", "HMAC"),
+        [
+            "rfc-4231-sha512.txt",
+        ],
+        hashes.SHA512,
+        only_if=lambda backend: backend.hashes.supported(hashes.SHA512),
+        skip_message="Does not support SHA512",
+    )
+
+
+class TestHMAC_RIPEMD160(object):
+    test_hmac_ripemd160 = generate_hmac_test(
+        load_hash_vectors_from_file,
+        os.path.join("RFC", "HMAC"),
+        [
+            "rfc-2286-ripemd160.txt",
+        ],
+        hashes.RIPEMD160,
+        only_if=lambda backend: backend.hashes.supported(hashes.RIPEMD160),
+        skip_message="Does not support RIPEMD160",
+    )
diff --git a/tests/hazmat/primitives/test_utils.py b/tests/hazmat/primitives/test_utils.py
index b7fa3d35..d7247e67 100644
--- a/tests/hazmat/primitives/test_utils.py
+++ b/tests/hazmat/primitives/test_utils.py
@@ -1,7 +1,8 @@
 import pytest
 
 from .utils import (
-    base_hash_test, encrypt_test, hash_test, long_string_hash_test
+    base_hash_test, encrypt_test, hash_test, long_string_hash_test,
+    base_hmac_test, hmac_test
 )
 
 
@@ -47,3 +48,25 @@ class TestLongHashTest(object):
                 skip_message="message!"
             )
         assert exc_info.value.args[0] == "message!"
+
+
+class TestHMACTest(object):
+    def test_skips_if_only_if_returns_false(self):
+        with pytest.raises(pytest.skip.Exception) as exc_info:
+            hmac_test(
+                None, None, None,
+                only_if=lambda backend: False,
+                skip_message="message!"
+            )
+        assert exc_info.value.args[0] == "message!"
+
+
+class TestBaseHMACTest(object):
+    def test_skips_if_only_if_returns_false(self):
+        with pytest.raises(pytest.skip.Exception) as exc_info:
+            base_hmac_test(
+                None, None,
+                only_if=lambda backend: False,
+                skip_message="message!"
+            )
+        assert exc_info.value.args[0] == "message!"
diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py
index fabdca01..73a2469a 100644
--- a/tests/hazmat/primitives/utils.py
+++ b/tests/hazmat/primitives/utils.py
@@ -4,6 +4,7 @@ import os
 import pytest
 
 from cryptography.hazmat.bindings import _ALL_BACKENDS
+from cryptography.hazmat.primitives import hmac
 from cryptography.hazmat.primitives.block import BlockCipher
 
 
@@ -125,3 +126,57 @@ def long_string_hash_test(backend, hash_factory, md, only_if, skip_message):
     m = hash_factory(backend=backend)
     m.update(b"a" * 1000000)
     assert m.hexdigest() == md.lower()
+
+
+def generate_hmac_test(param_loader, path, file_names, hash_cls,
+                       only_if=None, skip_message=None):
+    def test_hmac(self):
+        for backend in _ALL_BACKENDS:
+            for file_name in file_names:
+                for params in param_loader(os.path.join(path, file_name)):
+                    yield (
+                        hmac_test,
+                        backend,
+                        hash_cls,
+                        params,
+                        only_if,
+                        skip_message
+                    )
+    return test_hmac
+
+
+def hmac_test(backend, hash_cls, params, only_if, skip_message):
+    if only_if is not None and not only_if(backend):
+        pytest.skip(skip_message)
+    msg = params[0]
+    md = params[1]
+    key = params[2]
+    h = hmac.HMAC(binascii.unhexlify(key), hash_cls)
+    h.update(binascii.unhexlify(msg))
+    assert h.hexdigest() == md
+    digest = hmac.HMAC(binascii.unhexlify(key), hash_cls,
+                       data=binascii.unhexlify(msg)).hexdigest()
+    assert digest == md
+
+
+def generate_base_hmac_test(hash_cls, only_if=None, skip_message=None):
+    def test_base_hmac(self):
+        for backend in _ALL_BACKENDS:
+            yield (
+                base_hmac_test,
+                backend,
+                hash_cls,
+                only_if,
+                skip_message,
+            )
+    return test_base_hmac
+
+
+def base_hmac_test(backend, hash_cls, only_if, skip_message):
+    if only_if is not None and not only_if(backend):
+        pytest.skip(skip_message)
+    key = b"ab"
+    h = hmac.HMAC(binascii.unhexlify(key), hash_cls)
+    h_copy = h.copy()
+    assert h != h_copy
+    assert h._ctx != h_copy._ctx