diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-02-03 21:59:29 -0600 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-02-03 21:59:29 -0600 |
| commit | e4acd5d922bd66dfa4f27782c0913550085a6929 (patch) | |
| tree | 8922ec5e4e3f150883a89cf54c00264c1fd5be46 /tests/hazmat/primitives/test_hkdf.py | |
| parent | e035ba978bf81c9dc17c33d7a8c6d61082ac4292 (diff) | |
| parent | ba5fcd97baf193259a156caa5b5cbc107ee46794 (diff) | |
| download | cryptography-e4acd5d922bd66dfa4f27782c0913550085a6929.tar.gz cryptography-e4acd5d922bd66dfa4f27782c0913550085a6929.tar.bz2 cryptography-e4acd5d922bd66dfa4f27782c0913550085a6929.zip | |
Merge branch 'master' into urandom-engine
* master: (66 commits)
Chanloge + versionadded
Added an example usage
Typo fix
Added to toctree
Rename and document
Linkify the things we have that others don't
add HKDF to changelog
Strings have quote marks at both ends.
HKDF example.
Properly mark all test cases as dependant on HMAC.
Remove language about the separate stages of HKDF until we expose multiple stages of HKDF.
Don't forget InvalidKey.
Fix typo
Import exception classes instead of the exceptions module.
Lose the bit about passwords.
https a bunch of links.
Pseudorandom is a word.
Backtick the entire equation.
Clarify salt language and link to the paper in addition to the RFC.
Don't expose extract and expand on this class yet because we don't know how best to expose verify functionality, continue testing the stages using the private methods.
...
Conflicts:
docs/hazmat/backends/openssl.rst
Diffstat (limited to 'tests/hazmat/primitives/test_hkdf.py')
| -rw-r--r-- | tests/hazmat/primitives/test_hkdf.py | 147 |
1 files changed, 147 insertions, 0 deletions
diff --git a/tests/hazmat/primitives/test_hkdf.py b/tests/hazmat/primitives/test_hkdf.py new file mode 100644 index 00000000..e3e2a9df --- /dev/null +++ b/tests/hazmat/primitives/test_hkdf.py @@ -0,0 +1,147 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + +import six + +import pytest + +from cryptography.exceptions import AlreadyFinalized, InvalidKey +from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.primitives.kdf.hkdf import HKDF + + +@pytest.mark.hmac +class TestHKDF(object): + def test_length_limit(self, backend): + big_length = 255 * (hashes.SHA256().digest_size // 8) + 1 + + with pytest.raises(ValueError): + HKDF( + hashes.SHA256(), + big_length, + salt=None, + info=None, + backend=backend + ) + + def test_already_finalized(self, backend): + hkdf = HKDF( + hashes.SHA256(), + 16, + salt=None, + info=None, + backend=backend + ) + + hkdf.derive(b"\x01" * 16) + + with pytest.raises(AlreadyFinalized): + hkdf.derive(b"\x02" * 16) + + hkdf = HKDF( + hashes.SHA256(), + 16, + salt=None, + info=None, + backend=backend + ) + + hkdf.verify(b"\x01" * 16, b"gJ\xfb{\xb1Oi\xc5sMC\xb7\xe4@\xf7u") + + with pytest.raises(AlreadyFinalized): + hkdf.verify(b"\x02" * 16, b"gJ\xfb{\xb1Oi\xc5sMC\xb7\xe4@\xf7u") + + hkdf = HKDF( + hashes.SHA256(), + 16, + salt=None, + info=None, + backend=backend + ) + + def test_verify(self, backend): + hkdf = HKDF( + hashes.SHA256(), + 16, + salt=None, + info=None, + backend=backend + ) + + hkdf.verify(b"\x01" * 16, b"gJ\xfb{\xb1Oi\xc5sMC\xb7\xe4@\xf7u") + + def test_verify_invalid(self, backend): + hkdf = HKDF( + hashes.SHA256(), + 16, + salt=None, + info=None, + backend=backend + ) + + with pytest.raises(InvalidKey): + hkdf.verify(b"\x02" * 16, b"gJ\xfb{\xb1Oi\xc5sMC\xb7\xe4@\xf7u") + + def test_unicode_typeerror(self, backend): + with pytest.raises(TypeError): + HKDF( + hashes.SHA256(), + 16, + salt=six.u("foo"), + info=None, + backend=backend + ) + + with pytest.raises(TypeError): + HKDF( + hashes.SHA256(), + 16, + salt=None, + info=six.u("foo"), + backend=backend + ) + + with pytest.raises(TypeError): + hkdf = HKDF( + hashes.SHA256(), + 16, + salt=None, + info=None, + backend=backend + ) + + hkdf.derive(six.u("foo")) + + with pytest.raises(TypeError): + hkdf = HKDF( + hashes.SHA256(), + 16, + salt=None, + info=None, + backend=backend + ) + + hkdf.verify(six.u("foo"), b"bar") + + with pytest.raises(TypeError): + hkdf = HKDF( + hashes.SHA256(), + 16, + salt=None, + info=None, + backend=backend + ) + + hkdf.verify(b"foo", six.u("bar")) |