diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2014-02-03 14:14:15 -0800 | 
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2014-02-03 14:14:15 -0800 | 
| commit | fe5d54ac8d4df056d53efda6c141b054a57bf249 (patch) | |
| tree | c886d921511930197df6a50ffb44c3ba0cbbae3b /tests | |
| parent | 4b12c35982c206b7cba2036d00edc36c19d02ad7 (diff) | |
| parent | 134f1f4acf423c3546b9552a169d10d40dd5fc84 (diff) | |
| download | cryptography-fe5d54ac8d4df056d53efda6c141b054a57bf249.tar.gz cryptography-fe5d54ac8d4df056d53efda6c141b054a57bf249.tar.bz2 cryptography-fe5d54ac8d4df056d53efda6c141b054a57bf249.zip | |
Merge pull request #490 from dreid/hkdf
HKDF - RFC5869 implementation.
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/hazmat/primitives/test_hkdf.py | 147 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_hkdf_vectors.py | 51 | ||||
| -rw-r--r-- | tests/hazmat/primitives/utils.py | 61 | 
3 files changed, 259 insertions, 0 deletions
| diff --git a/tests/hazmat/primitives/test_hkdf.py b/tests/hazmat/primitives/test_hkdf.py new file mode 100644 index 00000000..e3e2a9df --- /dev/null +++ b/tests/hazmat/primitives/test_hkdf.py @@ -0,0 +1,147 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +#    http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + +import six + +import pytest + +from cryptography.exceptions import AlreadyFinalized, InvalidKey +from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.primitives.kdf.hkdf import HKDF + + +@pytest.mark.hmac +class TestHKDF(object): +    def test_length_limit(self, backend): +        big_length = 255 * (hashes.SHA256().digest_size // 8) + 1 + +        with pytest.raises(ValueError): +            HKDF( +                hashes.SHA256(), +                big_length, +                salt=None, +                info=None, +                backend=backend +            ) + +    def test_already_finalized(self, backend): +        hkdf = HKDF( +            hashes.SHA256(), +            16, +            salt=None, +            info=None, +            backend=backend +        ) + +        hkdf.derive(b"\x01" * 16) + +        with pytest.raises(AlreadyFinalized): +            hkdf.derive(b"\x02" * 16) + +        hkdf = HKDF( +            hashes.SHA256(), +            16, +            salt=None, +            info=None, +            backend=backend +        ) + +        hkdf.verify(b"\x01" * 16, b"gJ\xfb{\xb1Oi\xc5sMC\xb7\xe4@\xf7u") + +        with pytest.raises(AlreadyFinalized): +            hkdf.verify(b"\x02" * 16, b"gJ\xfb{\xb1Oi\xc5sMC\xb7\xe4@\xf7u") + +        hkdf = HKDF( +            hashes.SHA256(), +            16, +            salt=None, +            info=None, +            backend=backend +        ) + +    def test_verify(self, backend): +        hkdf = HKDF( +            hashes.SHA256(), +            16, +            salt=None, +            info=None, +            backend=backend +        ) + +        hkdf.verify(b"\x01" * 16, b"gJ\xfb{\xb1Oi\xc5sMC\xb7\xe4@\xf7u") + +    def test_verify_invalid(self, backend): +        hkdf = HKDF( +            hashes.SHA256(), +            16, +            salt=None, +            info=None, +            backend=backend +        ) + +        with pytest.raises(InvalidKey): +            hkdf.verify(b"\x02" * 16, b"gJ\xfb{\xb1Oi\xc5sMC\xb7\xe4@\xf7u") + +    def test_unicode_typeerror(self, backend): +        with pytest.raises(TypeError): +            HKDF( +                hashes.SHA256(), +                16, +                salt=six.u("foo"), +                info=None, +                backend=backend +            ) + +        with pytest.raises(TypeError): +            HKDF( +                hashes.SHA256(), +                16, +                salt=None, +                info=six.u("foo"), +                backend=backend +            ) + +        with pytest.raises(TypeError): +            hkdf = HKDF( +                hashes.SHA256(), +                16, +                salt=None, +                info=None, +                backend=backend +            ) + +            hkdf.derive(six.u("foo")) + +        with pytest.raises(TypeError): +            hkdf = HKDF( +                hashes.SHA256(), +                16, +                salt=None, +                info=None, +                backend=backend +            ) + +            hkdf.verify(six.u("foo"), b"bar") + +        with pytest.raises(TypeError): +            hkdf = HKDF( +                hashes.SHA256(), +                16, +                salt=None, +                info=None, +                backend=backend +            ) + +            hkdf.verify(b"foo", six.u("bar")) diff --git a/tests/hazmat/primitives/test_hkdf_vectors.py b/tests/hazmat/primitives/test_hkdf_vectors.py new file mode 100644 index 00000000..1e67234f --- /dev/null +++ b/tests/hazmat/primitives/test_hkdf_vectors.py @@ -0,0 +1,51 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +#    http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + +import os + +import pytest + +from cryptography.hazmat.primitives import hashes + +from .utils import generate_hkdf_test +from ...utils import load_nist_vectors + + +@pytest.mark.supported( +    only_if=lambda backend: backend.hmac_supported(hashes.SHA1()), +    skip_message="Does not support SHA1." +) +@pytest.mark.hmac +class TestHKDFSHA1(object): +    test_HKDFSHA1 = generate_hkdf_test( +        load_nist_vectors, +        os.path.join("KDF"), +        ["rfc-5869-HKDF-SHA1.txt"], +        hashes.SHA1() +    ) + + +@pytest.mark.supported( +    only_if=lambda backend: backend.hmac_supported(hashes.SHA256()), +    skip_message="Does not support SHA256." +) +@pytest.mark.hmac +class TestHKDFSHA256(object): +    test_HKDFSHA1 = generate_hkdf_test( +        load_nist_vectors, +        os.path.join("KDF"), +        ["rfc-5869-HKDF-SHA256.txt"], +        hashes.SHA256() +    ) diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py index 6b1d055d..5a8dc3ab 100644 --- a/tests/hazmat/primitives/utils.py +++ b/tests/hazmat/primitives/utils.py @@ -1,11 +1,15 @@  import binascii  import os +import itertools +  import pytest  from cryptography.hazmat.primitives import hashes, hmac  from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC  from cryptography.hazmat.primitives.ciphers import Cipher +from cryptography.hazmat.primitives.kdf.hkdf import HKDF +  from cryptography.exceptions import (      AlreadyFinalized, NotYetFinalized, AlreadyUpdated, InvalidTag,  ) @@ -297,3 +301,60 @@ def aead_tag_exception_test(backend, cipher_factory, mode_factory):      )      with pytest.raises(ValueError):          cipher.encryptor() + + +def hkdf_derive_test(backend, algorithm, params): +    hkdf = HKDF( +        algorithm, +        int(params["l"]), +        salt=binascii.unhexlify(params["salt"]) or None, +        info=binascii.unhexlify(params["info"]) or None, +        backend=backend +    ) + +    okm = hkdf.derive(binascii.unhexlify(params["ikm"])) + +    assert okm == binascii.unhexlify(params["okm"]) + + +def hkdf_extract_test(backend, algorithm, params): +    hkdf = HKDF( +        algorithm, +        int(params["l"]), +        salt=binascii.unhexlify(params["salt"]) or None, +        info=binascii.unhexlify(params["info"]) or None, +        backend=backend +    ) + +    prk = hkdf._extract(binascii.unhexlify(params["ikm"])) + +    assert prk == binascii.unhexlify(params["prk"]) + + +def hkdf_expand_test(backend, algorithm, params): +    hkdf = HKDF( +        algorithm, +        int(params["l"]), +        salt=binascii.unhexlify(params["salt"]) or None, +        info=binascii.unhexlify(params["info"]) or None, +        backend=backend +    ) + +    okm = hkdf._expand(binascii.unhexlify(params["prk"])) + +    assert okm == binascii.unhexlify(params["okm"]) + + +def generate_hkdf_test(param_loader, path, file_names, algorithm): +    all_params = _load_all_params(path, file_names, param_loader) + +    all_tests = [hkdf_extract_test, hkdf_expand_test, hkdf_derive_test] + +    @pytest.mark.parametrize( +        ("params", "hkdf_test"), +        itertools.product(all_params, all_tests) +    ) +    def test_hkdf(self, backend, params, hkdf_test): +        hkdf_test(backend, algorithm, params) + +    return test_hkdf | 
