5 files changed, 77 insertions, 15 deletions

diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py
index 6ecc70ff..f27afe41 100644
--- a/tests/hazmat/primitives/utils.py
+++ b/tests/hazmat/primitives/utils.py
@@ -141,8 +141,7 @@ def generate_hash_test(param_loader, path, file_names, hash_cls):
 
 
 def hash_test(backend, algorithm, params):
-    msg = params[0]
-    md = params[1]
+    msg, md = params
     m = hashes.Hash(algorithm, backend=backend)
     m.update(binascii.unhexlify(msg))
     expected_md = md.replace(" ", "").lower().encode("ascii")
@@ -206,9 +205,7 @@ def generate_hmac_test(param_loader, path, file_names, algorithm):
 
 
 def hmac_test(backend, algorithm, params):
-    msg = params[0]
-    md = params[1]
-    key = params[2]
+    msg, md, key = params
     h = hmac.HMAC(binascii.unhexlify(key), algorithm, backend=backend)
     h.update(binascii.unhexlify(msg))
     assert h.finalize() == binascii.unhexlify(md.encode("ascii"))
diff --git a/tests/hazmat/primitives/vectors/KDF/rfc-5869-HKDF-SHA1.txt b/tests/hazmat/primitives/vectors/KDF/rfc-5869-HKDF-SHA1.txt
index 598ecaae..b3fd03aa 100644
--- a/tests/hazmat/primitives/vectors/KDF/rfc-5869-HKDF-SHA1.txt
+++ b/tests/hazmat/primitives/vectors/KDF/rfc-5869-HKDF-SHA1.txt
@@ -1,6 +1,8 @@
 # A.4.  Test Case 4
 # Basic test case with SHA-1
 
+COUNT = 4
+
 Hash = SHA-1
 IKM  = 0b0b0b0b0b0b0b0b0b0b0b
 salt = 000102030405060708090a0b0c
@@ -13,6 +15,8 @@ OKM  = 085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e42247
 # A.5.  Test Case 5
 # Test with SHA-1 and longer inputs/outputs
 
+COUNT = 5
+
 Hash = SHA-1
 IKM  = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
 salt = 606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
@@ -25,6 +29,8 @@ OKM  = 0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e
 # A.6.  Test Case 6
 # Test with SHA-1 and zero-length salt/info
 
+COUNT = 6
+
 Hash = SHA-1
 IKM  = 0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 salt =
@@ -38,6 +44,8 @@ OKM  = 0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de
 # Test with SHA-1, salt not provided (defaults to HashLen zero octets),
 # zero-length info
 
+COUNT = 7
+
 Hash = SHA-1
 IKM  = 0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
 salt =
diff --git a/tests/hazmat/primitives/vectors/KDF/rfc-5869-HKDF-SHA256.txt b/tests/hazmat/primitives/vectors/KDF/rfc-5869-HKDF-SHA256.txt
index 170dd13e..9068a739 100644
--- a/tests/hazmat/primitives/vectors/KDF/rfc-5869-HKDF-SHA256.txt
+++ b/tests/hazmat/primitives/vectors/KDF/rfc-5869-HKDF-SHA256.txt
@@ -1,6 +1,8 @@
 # A.1.  Test Case 1
 # Basic test case with SHA-256
 
+COUNT = 1
+
 Hash = SHA-256
 IKM  = 0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 salt = 000102030405060708090a0b0c
@@ -12,6 +14,8 @@ OKM  = 3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d
 # A.2.  Test Case 2
 # Test with SHA-256 and longer inputs/outputs
 
+COUNT = 2
+
 Hash = SHA-256
 IKM  = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
 salt = 606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
@@ -24,6 +28,8 @@ OKM  = b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99c
 # A.3.  Test Case 3
 # Test with SHA-256 and zero-length salt/info
 
+COUNT = 3
+
 Hash = SHA-256
 IKM  = 0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 salt =
diff --git a/tests/hazmat/primitives/vectors/KDF/rfc-6070-PBKDF2-SHA1.txt b/tests/hazmat/primitives/vectors/KDF/rfc-6070-PBKDF2-SHA1.txt
new file mode 100644
index 00000000..739f3f36
--- /dev/null
+++ b/tests/hazmat/primitives/vectors/KDF/rfc-6070-PBKDF2-SHA1.txt
@@ -0,0 +1,48 @@
+# PBKDF2 SHA1 vectors from http://www.ietf.org/rfc/rfc6070.txt
+
+COUNT = 0
+PASSWORD = password
+SALT = salt
+ITERATIONS = 1
+LENGTH = 20
+DERIVED_KEY = 0c60c80f961f0e71f3a9b524af6012062fe037a6
+
+
+COUNT = 1
+PASSWORD = password
+SALT = salt
+ITERATIONS = 2
+LENGTH = 20
+DERIVED_KEY = ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957
+
+
+COUNT = 2
+PASSWORD = password
+SALT = salt
+ITERATIONS = 4096
+LENGTH = 20
+DERIVED_KEY = 4b007901b765489abead49d926f721d065a429c1
+
+
+COUNT = 3
+PASSWORD = password
+SALT = salt
+ITERATIONS = 16777216
+LENGTH = 20
+DERIVED_KEY = eefe3d61cd4da4e4e9945b3d6ba2158c2634e984
+
+
+COUNT = 4
+PASSWORD = passwordPASSWORDpassword
+SALT = saltSALTsaltSALTsaltSALTsaltSALTsalt
+ITERATIONS = 4096
+LENGTH = 25
+DERIVED_KEY = 3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038
+
+
+COUNT = 5
+PASSWORD = pass\0word
+SALT = sa\0lt
+ITERATIONS = 4096
+LENGTH = 16
+DERIVED_KEY = 56fa6aa75548099dcc37d7f03425e0c3
diff --git a/tests/utils.py b/tests/utils.py
index a2432256..507bc421 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -11,11 +11,18 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+import collections
 import os
 
 import pytest
 
 
+HashVector = collections.namedtuple("HashVector", ["message", "digest"])
+KeyedHashVector = collections.namedtuple(
+    "KeyedHashVector", ["message", "digest", "key"]
+)
+
+
 def select_backends(names, backend_list):
     if names is None:
         return backend_list
@@ -158,27 +165,23 @@ def load_hash_vectors(vector_data):
         if line.startswith("Len"):
             length = int(line.split(" = ")[1])
         elif line.startswith("Key"):
-            """
-            HMAC vectors contain a key attribute. Hash vectors do not.
-            """
+            # HMAC vectors contain a key attribute. Hash vectors do not.
             key = line.split(" = ")[1].encode("ascii")
         elif line.startswith("Msg"):
-            """
-            In the NIST vectors they have chosen to represent an empty
-            string as hex 00, which is of course not actually an empty
-            string. So we parse the provided length and catch this edge case.
-            """
+            # In the NIST vectors they have chosen to represent an empty
+            # string as hex 00, which is of course not actually an empty
+            # string. So we parse the provided length and catch this edge case.
             msg = line.split(" = ")[1].encode("ascii") if length > 0 else b""
         elif line.startswith("MD"):
             md = line.split(" = ")[1]
             # after MD is found the Msg+MD (+ potential key) tuple is complete
             if key is not None:
-                vectors.append((msg, md, key))
+                vectors.append(KeyedHashVector(msg, md, key))
                 key = None
                 msg = None
                 md = None
             else:
-                vectors.append((msg, md))
+                vectors.append(HashVector(msg, md))
                 msg = None
                 md = None
         else: