15 files changed, 269 insertions, 97 deletions

diff --git a/tests/hazmat/primitives/test_3des.py b/tests/hazmat/primitives/test_3des.py
index af6bdc04..69ec9c9a 100644
--- a/tests/hazmat/primitives/test_3des.py
+++ b/tests/hazmat/primitives/test_3des.py
@@ -23,12 +23,12 @@ import os
 from cryptography.hazmat.primitives.ciphers import algorithms, modes
 
 from .utils import generate_encrypt_test
-from ...utils import load_nist_vectors_from_file
+from ...utils import load_nist_vectors
 
 
 class TestTripleDES_CBC(object):
     test_KAT = generate_encrypt_test(
-        lambda path: load_nist_vectors_from_file(path, "ENCRYPT"),
+        load_nist_vectors,
         os.path.join("ciphers", "3DES", "CBC"),
         [
             "TCBCinvperm.rsp",
@@ -42,7 +42,7 @@ class TestTripleDES_CBC(object):
     )
 
     test_MMT = generate_encrypt_test(
-        lambda path: load_nist_vectors_from_file(path, "ENCRYPT"),
+        load_nist_vectors,
         os.path.join("ciphers", "3DES", "CBC"),
         [
             "TCBCMMT1.rsp",
@@ -58,7 +58,7 @@ class TestTripleDES_CBC(object):
 
 class TestTripleDES_OFB(object):
     test_KAT = generate_encrypt_test(
-        lambda path: load_nist_vectors_from_file(path, "ENCRYPT"),
+        load_nist_vectors,
         os.path.join("ciphers", "3DES", "OFB"),
         [
             "TOFBpermop.rsp",
@@ -72,7 +72,7 @@ class TestTripleDES_OFB(object):
     )
 
     test_MMT = generate_encrypt_test(
-        lambda path: load_nist_vectors_from_file(path, "ENCRYPT"),
+        load_nist_vectors,
         os.path.join("ciphers", "3DES", "OFB"),
         [
             "TOFBMMT1.rsp",
@@ -88,7 +88,7 @@ class TestTripleDES_OFB(object):
 
 class TestTripleDES_CFB(object):
     test_KAT = generate_encrypt_test(
-        lambda path: load_nist_vectors_from_file(path, "ENCRYPT"),
+        load_nist_vectors,
         os.path.join("ciphers", "3DES", "CFB"),
         [
             "TCFB64invperm.rsp",
@@ -102,7 +102,7 @@ class TestTripleDES_CFB(object):
     )
 
     test_MMT = generate_encrypt_test(
-        lambda path: load_nist_vectors_from_file(path, "ENCRYPT"),
+        load_nist_vectors,
         os.path.join("ciphers", "3DES", "CFB"),
         [
             "TCFB64MMT1.rsp",
diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py
index 66471fac..d178da7b 100644
--- a/tests/hazmat/primitives/test_aes.py
+++ b/tests/hazmat/primitives/test_aes.py
@@ -20,13 +20,13 @@ from cryptography.hazmat.primitives.ciphers import algorithms, modes
 
 from .utils import generate_encrypt_test
 from ...utils import (
-    load_nist_vectors_from_file, load_openssl_vectors_from_file
+    load_nist_vectors, load_openssl_vectors,
 )
 
 
 class TestAES(object):
     test_CBC = generate_encrypt_test(
-        lambda path: load_nist_vectors_from_file(path, "ENCRYPT"),
+        load_nist_vectors,
         os.path.join("ciphers", "AES", "CBC"),
         [
             "CBCGFSbox128.rsp",
@@ -50,7 +50,7 @@ class TestAES(object):
     )
 
     test_ECB = generate_encrypt_test(
-        lambda path: load_nist_vectors_from_file(path, "ENCRYPT"),
+        load_nist_vectors,
         os.path.join("ciphers", "AES", "ECB"),
         [
             "ECBGFSbox128.rsp",
@@ -74,7 +74,7 @@ class TestAES(object):
     )
 
     test_OFB = generate_encrypt_test(
-        lambda path: load_nist_vectors_from_file(path, "ENCRYPT"),
+        load_nist_vectors,
         os.path.join("ciphers", "AES", "OFB"),
         [
             "OFBGFSbox128.rsp",
@@ -98,7 +98,7 @@ class TestAES(object):
     )
 
     test_CFB = generate_encrypt_test(
-        lambda path: load_nist_vectors_from_file(path, "ENCRYPT"),
+        load_nist_vectors,
         os.path.join("ciphers", "AES", "CFB"),
         [
             "CFB128GFSbox128.rsp",
@@ -122,12 +122,12 @@ class TestAES(object):
     )
 
     test_CTR = generate_encrypt_test(
-        load_openssl_vectors_from_file,
+        load_openssl_vectors,
         os.path.join("ciphers", "AES", "CTR"),
         ["aes-128-ctr.txt", "aes-192-ctr.txt", "aes-256-ctr.txt"],
         lambda key, iv: algorithms.AES(binascii.unhexlify(key)),
         lambda key, iv: modes.CTR(binascii.unhexlify(iv)),
-        only_if=lambda backend: backend.ciphers.supported(
+        only_if=lambda backend: backend.cipher_supported(
             algorithms.AES("\x00" * 16), modes.CTR("\x00" * 16)
         ),
         skip_message="Does not support AES CTR",
diff --git a/tests/hazmat/primitives/test_arc4.py b/tests/hazmat/primitives/test_arc4.py
new file mode 100644
index 00000000..d233bec2
--- /dev/null
+++ b/tests/hazmat/primitives/test_arc4.py
@@ -0,0 +1,43 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
+import binascii
+import os
+
+from cryptography.hazmat.primitives.ciphers import algorithms
+
+from .utils import generate_stream_encryption_test
+from ...utils import load_nist_vectors
+
+
+class TestARC4(object):
+    test_rfc = generate_stream_encryption_test(
+        load_nist_vectors,
+        os.path.join("ciphers", "ARC4"),
+        [
+            "rfc-6229-40.txt",
+            "rfc-6229-56.txt",
+            "rfc-6229-64.txt",
+            "rfc-6229-80.txt",
+            "rfc-6229-128.txt",
+            "rfc-6229-192.txt",
+            "rfc-6229-256.txt",
+        ],
+        lambda key: algorithms.ARC4(binascii.unhexlify((key))),
+        only_if=lambda backend: backend.cipher_supported(
+            algorithms.ARC4("\x00" * 16), None
+        ),
+        skip_message="Does not support ARC4",
+    )
diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py
index 28f34478..9460c53d 100644
--- a/tests/hazmat/primitives/test_block.py
+++ b/tests/hazmat/primitives/test_block.py
@@ -17,13 +17,19 @@ import binascii
 
 import pytest
 
-from cryptography.exceptions import UnsupportedAlgorithm
+from cryptography import utils
+from cryptography.exceptions import UnsupportedAlgorithm, AlreadyFinalized
 from cryptography.hazmat.primitives import interfaces
 from cryptography.hazmat.primitives.ciphers import (
     Cipher, algorithms, modes
 )
 
 
+@utils.register_interface(interfaces.CipherAlgorithm)
+class DummyCipher(object):
+    pass
+
+
 class TestCipher(object):
     def test_instantiate_without_backend(self):
         Cipher(
@@ -45,6 +51,11 @@ class TestCipher(object):
         )
         assert isinstance(cipher.decryptor(), interfaces.CipherContext)
 
+    def test_instantiate_with_non_algorithm(self):
+        algorithm = object()
+        with pytest.raises(TypeError):
+            Cipher(algorithm, mode=None)
+
 
 class TestCipherContext(object):
     def test_use_after_finalize(self, backend):
@@ -56,16 +67,16 @@ class TestCipherContext(object):
         encryptor = cipher.encryptor()
         encryptor.update(b"a" * 16)
         encryptor.finalize()
-        with pytest.raises(ValueError):
+        with pytest.raises(AlreadyFinalized):
             encryptor.update(b"b" * 16)
-        with pytest.raises(ValueError):
+        with pytest.raises(AlreadyFinalized):
             encryptor.finalize()
         decryptor = cipher.decryptor()
         decryptor.update(b"a" * 16)
         decryptor.finalize()
-        with pytest.raises(ValueError):
+        with pytest.raises(AlreadyFinalized):
             decryptor.update(b"b" * 16)
-        with pytest.raises(ValueError):
+        with pytest.raises(AlreadyFinalized):
             decryptor.finalize()
 
     def test_unaligned_block_encryption(self, backend):
@@ -90,7 +101,7 @@ class TestCipherContext(object):
 
     def test_nonexistent_cipher(self, backend):
         cipher = Cipher(
-            object(), object(), backend
+            DummyCipher(), object(), backend
         )
         with pytest.raises(UnsupportedAlgorithm):
             cipher.encryptor()
diff --git a/tests/hazmat/primitives/test_blowfish.py b/tests/hazmat/primitives/test_blowfish.py
index a7f13823..d5fbed6f 100644
--- a/tests/hazmat/primitives/test_blowfish.py
+++ b/tests/hazmat/primitives/test_blowfish.py
@@ -19,53 +19,53 @@ import os
 from cryptography.hazmat.primitives.ciphers import algorithms, modes
 
 from .utils import generate_encrypt_test
-from ...utils import load_nist_vectors_from_file
+from ...utils import load_nist_vectors
 
 
 class TestBlowfish(object):
     test_ECB = generate_encrypt_test(
-        lambda path: load_nist_vectors_from_file(path, "ENCRYPT"),
+        load_nist_vectors,
         os.path.join("ciphers", "Blowfish"),
         ["bf-ecb.txt"],
         lambda key: algorithms.Blowfish(binascii.unhexlify(key)),
         lambda key: modes.ECB(),
-        only_if=lambda backend: backend.ciphers.supported(
+        only_if=lambda backend: backend.cipher_supported(
             algorithms.Blowfish("\x00" * 56), modes.ECB()
         ),
         skip_message="Does not support Blowfish ECB",
     )
 
     test_CBC = generate_encrypt_test(
-        lambda path: load_nist_vectors_from_file(path, "ENCRYPT"),
+        load_nist_vectors,
         os.path.join("ciphers", "Blowfish"),
         ["bf-cbc.txt"],
         lambda key, iv: algorithms.Blowfish(binascii.unhexlify(key)),
         lambda key, iv: modes.CBC(binascii.unhexlify(iv)),
-        only_if=lambda backend: backend.ciphers.supported(
+        only_if=lambda backend: backend.cipher_supported(
             algorithms.Blowfish("\x00" * 56), modes.CBC("\x00" * 8)
         ),
         skip_message="Does not support Blowfish CBC",
     )
 
     test_OFB = generate_encrypt_test(
-        lambda path: load_nist_vectors_from_file(path, "ENCRYPT"),
+        load_nist_vectors,
         os.path.join("ciphers", "Blowfish"),
         ["bf-ofb.txt"],
         lambda key, iv: algorithms.Blowfish(binascii.unhexlify(key)),
         lambda key, iv: modes.OFB(binascii.unhexlify(iv)),
-        only_if=lambda backend: backend.ciphers.supported(
+        only_if=lambda backend: backend.cipher_supported(
             algorithms.Blowfish("\x00" * 56), modes.OFB("\x00" * 8)
         ),
         skip_message="Does not support Blowfish OFB",
     )
 
     test_CFB = generate_encrypt_test(
-        lambda path: load_nist_vectors_from_file(path, "ENCRYPT"),
+        load_nist_vectors,
         os.path.join("ciphers", "Blowfish"),
         ["bf-cfb.txt"],
         lambda key, iv: algorithms.Blowfish(binascii.unhexlify(key)),
         lambda key, iv: modes.CFB(binascii.unhexlify(iv)),
-        only_if=lambda backend: backend.ciphers.supported(
+        only_if=lambda backend: backend.cipher_supported(
             algorithms.Blowfish("\x00" * 56), modes.CFB("\x00" * 8)
         ),
         skip_message="Does not support Blowfish CFB",
diff --git a/tests/hazmat/primitives/test_camellia.py b/tests/hazmat/primitives/test_camellia.py
index e1be5d1d..a2c935d9 100644
--- a/tests/hazmat/primitives/test_camellia.py
+++ b/tests/hazmat/primitives/test_camellia.py
@@ -20,13 +20,13 @@ from cryptography.hazmat.primitives.ciphers import algorithms, modes
 
 from .utils import generate_encrypt_test
 from ...utils import (
-    load_cryptrec_vectors_from_file, load_openssl_vectors_from_file
+    load_cryptrec_vectors, load_openssl_vectors
 )
 
 
 class TestCamellia(object):
     test_ECB = generate_encrypt_test(
-        load_cryptrec_vectors_from_file,
+        load_cryptrec_vectors,
         os.path.join("ciphers", "Camellia"),
         [
             "camellia-128-ecb.txt",
@@ -35,43 +35,43 @@ class TestCamellia(object):
         ],
         lambda key: algorithms.Camellia(binascii.unhexlify((key))),
         lambda key: modes.ECB(),
-        only_if=lambda backend: backend.ciphers.supported(
+        only_if=lambda backend: backend.cipher_supported(
             algorithms.Camellia("\x00" * 16), modes.ECB()
         ),
         skip_message="Does not support Camellia ECB",
     )
 
     test_CBC = generate_encrypt_test(
-        load_openssl_vectors_from_file,
+        load_openssl_vectors,
         os.path.join("ciphers", "Camellia"),
         ["camellia-cbc.txt"],
         lambda key, iv: algorithms.Camellia(binascii.unhexlify(key)),
         lambda key, iv: modes.CBC(binascii.unhexlify(iv)),
-        only_if=lambda backend: backend.ciphers.supported(
+        only_if=lambda backend: backend.cipher_supported(
             algorithms.Camellia("\x00" * 16), modes.CBC("\x00" * 16)
         ),
         skip_message="Does not support Camellia CBC",
     )
 
     test_OFB = generate_encrypt_test(
-        load_openssl_vectors_from_file,
+        load_openssl_vectors,
         os.path.join("ciphers", "Camellia"),
         ["camellia-ofb.txt"],
         lambda key, iv: algorithms.Camellia(binascii.unhexlify(key)),
         lambda key, iv: modes.OFB(binascii.unhexlify(iv)),
-        only_if=lambda backend: backend.ciphers.supported(
+        only_if=lambda backend: backend.cipher_supported(
             algorithms.Camellia("\x00" * 16), modes.OFB("\x00" * 16)
         ),
         skip_message="Does not support Camellia OFB",
     )
 
     test_CFB = generate_encrypt_test(
-        load_openssl_vectors_from_file,
+        load_openssl_vectors,
         os.path.join("ciphers", "Camellia"),
         ["camellia-cfb.txt"],
         lambda key, iv: algorithms.Camellia(binascii.unhexlify(key)),
         lambda key, iv: modes.CFB(binascii.unhexlify(iv)),
-        only_if=lambda backend: backend.ciphers.supported(
+        only_if=lambda backend: backend.cipher_supported(
             algorithms.Camellia("\x00" * 16), modes.CFB("\x00" * 16)
         ),
         skip_message="Does not support Camellia CFB",
diff --git a/tests/hazmat/primitives/test_cast5.py b/tests/hazmat/primitives/test_cast5.py
index b2988437..a283dafc 100644
--- a/tests/hazmat/primitives/test_cast5.py
+++ b/tests/hazmat/primitives/test_cast5.py
@@ -19,19 +19,17 @@ import os
 from cryptography.hazmat.primitives.ciphers import algorithms, modes
 
 from .utils import generate_encrypt_test
-from ...utils import load_nist_vectors_from_file
+from ...utils import load_nist_vectors
 
 
 class TestCAST5(object):
     test_ECB = generate_encrypt_test(
-        lambda path: load_nist_vectors_from_file(path, "ENCRYPT"),
+        load_nist_vectors,
         os.path.join("ciphers", "CAST5"),
-        [
-            "cast5-ecb.txt",
-        ],
+        ["cast5-ecb.txt"],
         lambda key: algorithms.CAST5(binascii.unhexlify((key))),
         lambda key: modes.ECB(),
-        only_if=lambda backend: backend.ciphers.supported(
+        only_if=lambda backend: backend.cipher_supported(
             algorithms.CAST5("\x00" * 16), modes.ECB()
         ),
         skip_message="Does not support CAST5 ECB",
diff --git a/tests/hazmat/primitives/test_ciphers.py b/tests/hazmat/primitives/test_ciphers.py
index dfafab3f..653f7ce6 100644
--- a/tests/hazmat/primitives/test_ciphers.py
+++ b/tests/hazmat/primitives/test_ciphers.py
@@ -18,7 +18,7 @@ import binascii
 import pytest
 
 from cryptography.hazmat.primitives.ciphers.algorithms import (
-    AES, Camellia, TripleDES, Blowfish, CAST5
+    AES, Camellia, TripleDES, Blowfish, CAST5, ARC4
 )
 
 
@@ -91,3 +91,22 @@ class TestCAST5(object):
     def test_invalid_key_size(self):
         with pytest.raises(ValueError):
             CAST5(binascii.unhexlify(b"0" * 34))
+
+
+class TestARC4(object):
+    @pytest.mark.parametrize(("key", "keysize"), [
+        (b"0" * 10, 40),
+        (b"0" * 14, 56),
+        (b"0" * 16, 64),
+        (b"0" * 20, 80),
+        (b"0" * 32, 128),
+        (b"0" * 48, 192),
+        (b"0" * 64, 256),
+    ])
+    def test_key_size(self, key, keysize):
+        cipher = ARC4(binascii.unhexlify(key))
+        assert cipher.key_size == keysize
+
+    def test_invalid_key_size(self):
+        with pytest.raises(ValueError):
+            ARC4(binascii.unhexlify(b"0" * 34))
diff --git a/tests/hazmat/primitives/test_hash_vectors.py b/tests/hazmat/primitives/test_hash_vectors.py
index fca839c7..a8655812 100644
--- a/tests/hazmat/primitives/test_hash_vectors.py
+++ b/tests/hazmat/primitives/test_hash_vectors.py
@@ -18,108 +18,108 @@ import os
 from cryptography.hazmat.primitives import hashes
 
 from .utils import generate_hash_test, generate_long_string_hash_test
-from ...utils import load_hash_vectors_from_file
+from ...utils import load_hash_vectors
 
 
 class TestSHA1(object):
     test_SHA1 = generate_hash_test(
-        load_hash_vectors_from_file,
+        load_hash_vectors,
         os.path.join("hashes", "SHA1"),
         [
             "SHA1LongMsg.rsp",
             "SHA1ShortMsg.rsp",
         ],
         hashes.SHA1(),
-        only_if=lambda backend: backend.hashes.supported(hashes.SHA1),
+        only_if=lambda backend: backend.hash_supported(hashes.SHA1),
         skip_message="Does not support SHA1",
     )
 
 
 class TestSHA224(object):
     test_SHA224 = generate_hash_test(
-        load_hash_vectors_from_file,
+        load_hash_vectors,
         os.path.join("hashes", "SHA2"),
         [
             "SHA224LongMsg.rsp",
             "SHA224ShortMsg.rsp",
         ],
         hashes.SHA224(),
-        only_if=lambda backend: backend.hashes.supported(hashes.SHA224),
+        only_if=lambda backend: backend.hash_supported(hashes.SHA224),
         skip_message="Does not support SHA224",
     )
 
 
 class TestSHA256(object):
     test_SHA256 = generate_hash_test(
-        load_hash_vectors_from_file,
+        load_hash_vectors,
         os.path.join("hashes", "SHA2"),
         [
             "SHA256LongMsg.rsp",
             "SHA256ShortMsg.rsp",
         ],
         hashes.SHA256(),
-        only_if=lambda backend: backend.hashes.supported(hashes.SHA256),
+        only_if=lambda backend: backend.hash_supported(hashes.SHA256),
         skip_message="Does not support SHA256",
     )
 
 
 class TestSHA384(object):
     test_SHA384 = generate_hash_test(
-        load_hash_vectors_from_file,
+        load_hash_vectors,
         os.path.join("hashes", "SHA2"),
         [
             "SHA384LongMsg.rsp",
             "SHA384ShortMsg.rsp",
         ],
         hashes.SHA384(),
-        only_if=lambda backend: backend.hashes.supported(hashes.SHA384),
+        only_if=lambda backend: backend.hash_supported(hashes.SHA384),
         skip_message="Does not support SHA384",
     )
 
 
 class TestSHA512(object):
     test_SHA512 = generate_hash_test(
-        load_hash_vectors_from_file,
+        load_hash_vectors,
         os.path.join("hashes", "SHA2"),
         [
             "SHA512LongMsg.rsp",
             "SHA512ShortMsg.rsp",
         ],
         hashes.SHA512(),
-        only_if=lambda backend: backend.hashes.supported(hashes.SHA512),
+        only_if=lambda backend: backend.hash_supported(hashes.SHA512),
         skip_message="Does not support SHA512",
     )
 
 
 class TestRIPEMD160(object):
     test_RIPEMD160 = generate_hash_test(
-        load_hash_vectors_from_file,
+        load_hash_vectors,
         os.path.join("hashes", "ripemd160"),
         [
             "ripevectors.txt",
         ],
         hashes.RIPEMD160(),
-        only_if=lambda backend: backend.hashes.supported(hashes.RIPEMD160),
+        only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160),
         skip_message="Does not support RIPEMD160",
     )
 
     test_RIPEMD160_long_string = generate_long_string_hash_test(
         hashes.RIPEMD160(),
         "52783243c1697bdbe16d37f97f68f08325dc1528",
-        only_if=lambda backend: backend.hashes.supported(hashes.RIPEMD160),
+        only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160),
         skip_message="Does not support RIPEMD160",
     )
 
 
 class TestWhirlpool(object):
     test_whirlpool = generate_hash_test(
-        load_hash_vectors_from_file,
+        load_hash_vectors,
         os.path.join("hashes", "whirlpool"),
         [
             "iso-test-vectors.txt",
         ],
         hashes.Whirlpool(),
-        only_if=lambda backend: backend.hashes.supported(hashes.Whirlpool),
+        only_if=lambda backend: backend.hash_supported(hashes.Whirlpool),
         skip_message="Does not support Whirlpool",
     )
 
@@ -128,19 +128,19 @@ class TestWhirlpool(object):
         ("0c99005beb57eff50a7cf005560ddf5d29057fd86b2"
          "0bfd62deca0f1ccea4af51fc15490eddc47af32bb2b"
          "66c34ff9ad8c6008ad677f77126953b226e4ed8b01"),
-        only_if=lambda backend: backend.hashes.supported(hashes.Whirlpool),
+        only_if=lambda backend: backend.hash_supported(hashes.Whirlpool),
         skip_message="Does not support Whirlpool",
     )
 
 
 class TestMD5(object):
     test_md5 = generate_hash_test(
-        load_hash_vectors_from_file,
+        load_hash_vectors,
         os.path.join("hashes", "MD5"),
         [
             "rfc-1321.txt",
         ],
         hashes.MD5(),
-        only_if=lambda backend: backend.hashes.supported(hashes.MD5),
+        only_if=lambda backend: backend.hash_supported(hashes.MD5),
         skip_message="Does not support MD5",
     )
diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py
index 07ab2489..367e764f 100644
--- a/tests/hazmat/primitives/test_hashes.py
+++ b/tests/hazmat/primitives/test_hashes.py
@@ -19,6 +19,7 @@ import pytest
 
 import six
 
+from cryptography.exceptions import AlreadyFinalized
 from cryptography.hazmat.bindings import _default_backend
 from cryptography.hazmat.primitives import hashes
 
@@ -32,9 +33,9 @@ class TestHashContext(object):
             m.update(six.u("\u00FC"))
 
     def test_copy_backend_object(self):
-        pretend_hashes = pretend.stub(copy_ctx=lambda a: "copiedctx")
-        pretend_backend = pretend.stub(hashes=pretend_hashes)
-        pretend_ctx = pretend.stub()
+        pretend_backend = pretend.stub()
+        copied_ctx = pretend.stub()
+        pretend_ctx = pretend.stub(copy=lambda: copied_ctx)
         h = hashes.Hash(hashes.SHA1(), backend=pretend_backend,
                         ctx=pretend_ctx)
         assert h._backend is pretend_backend
@@ -51,13 +52,26 @@ class TestHashContext(object):
         with pytest.raises(TypeError):
             hashes.Hash(hashes.SHA1)
 
+    def test_raises_after_finalize(self):
+        h = hashes.Hash(hashes.SHA1())
+        h.finalize()
+
+        with pytest.raises(AlreadyFinalized):
+            h.update(b"foo")
+
+        with pytest.raises(AlreadyFinalized):
+            h.copy()
+
+        with pytest.raises(AlreadyFinalized):
+            h.finalize()
+
 
 class TestSHA1(object):
     test_SHA1 = generate_base_hash_test(
         hashes.SHA1(),
         digest_size=20,
         block_size=64,
-        only_if=lambda backend: backend.hashes.supported(hashes.SHA1),
+        only_if=lambda backend: backend.hash_supported(hashes.SHA1),
         skip_message="Does not support SHA1",
     )
 
@@ -67,7 +81,7 @@ class TestSHA224(object):
         hashes.SHA224(),
         digest_size=28,
         block_size=64,
-        only_if=lambda backend: backend.hashes.supported(hashes.SHA224),
+        only_if=lambda backend: backend.hash_supported(hashes.SHA224),
         skip_message="Does not support SHA224",
     )
 
@@ -77,7 +91,7 @@ class TestSHA256(object):
         hashes.SHA256(),
         digest_size=32,
         block_size=64,
-        only_if=lambda backend: backend.hashes.supported(hashes.SHA256),
+        only_if=lambda backend: backend.hash_supported(hashes.SHA256),
         skip_message="Does not support SHA256",
     )
 
@@ -87,7 +101,7 @@ class TestSHA384(object):
         hashes.SHA384(),
         digest_size=48,
         block_size=128,
-        only_if=lambda backend: backend.hashes.supported(hashes.SHA384),
+        only_if=lambda backend: backend.hash_supported(hashes.SHA384),
         skip_message="Does not support SHA384",
     )
 
@@ -97,7 +111,7 @@ class TestSHA512(object):
         hashes.SHA512(),
         digest_size=64,
         block_size=128,
-        only_if=lambda backend: backend.hashes.supported(hashes.SHA512),
+        only_if=lambda backend: backend.hash_supported(hashes.SHA512),
         skip_message="Does not support SHA512",
     )
 
@@ -107,7 +121,7 @@ class TestRIPEMD160(object):
         hashes.RIPEMD160(),
         digest_size=20,
         block_size=64,
-        only_if=lambda backend: backend.hashes.supported(hashes.RIPEMD160),
+        only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160),
         skip_message="Does not support RIPEMD160",
     )
 
@@ -117,7 +131,7 @@ class TestWhirlpool(object):
         hashes.Whirlpool(),
         digest_size=64,
         block_size=64,
-        only_if=lambda backend: backend.hashes.supported(hashes.Whirlpool),
+        only_if=lambda backend: backend.hash_supported(hashes.Whirlpool),
         skip_message="Does not support Whirlpool",
     )
 
@@ -127,6 +141,6 @@ class TestMD5(object):
         hashes.MD5(),
         digest_size=16,
         block_size=64,
-        only_if=lambda backend: backend.hashes.supported(hashes.MD5),
+        only_if=lambda backend: backend.hash_supported(hashes.MD5),
         skip_message="Does not support MD5",
     )
diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py
index a44838cf..d17049e3 100644
--- a/tests/hazmat/primitives/test_hmac.py
+++ b/tests/hazmat/primitives/test_hmac.py
@@ -19,6 +19,7 @@ import pytest
 
 import six
 
+from cryptography.exceptions import AlreadyFinalized
 from cryptography.hazmat.primitives import hashes, hmac
 
 from .utils import generate_base_hmac_test
@@ -27,7 +28,7 @@ from .utils import generate_base_hmac_test
 class TestHMAC(object):
     test_copy = generate_base_hmac_test(
         hashes.MD5(),
-        only_if=lambda backend: backend.hashes.supported(hashes.MD5),
+        only_if=lambda backend: backend.hash_supported(hashes.MD5),
         skip_message="Does not support MD5",
     )
 
@@ -37,9 +38,10 @@ class TestHMAC(object):
             h.update(six.u("\u00FC"))
 
     def test_copy_backend_object(self):
-        pretend_hmac = pretend.stub(copy_ctx=lambda a: True)
+        pretend_hmac = pretend.stub()
         pretend_backend = pretend.stub(hmacs=pretend_hmac)
-        pretend_ctx = pretend.stub()
+        copied_ctx = pretend.stub()
+        pretend_ctx = pretend.stub(copy=lambda: copied_ctx)
         h = hmac.HMAC(b"key", hashes.SHA1(), backend=pretend_backend,
                       ctx=pretend_ctx)
         assert h._backend is pretend_backend
@@ -48,3 +50,16 @@ class TestHMAC(object):
     def test_hmac_algorithm_instance(self):
         with pytest.raises(TypeError):
             hmac.HMAC(b"key", hashes.SHA1)
+
+    def test_raises_after_finalize(self):
+        h = hmac.HMAC(b"key", hashes.SHA1())
+        h.finalize()
+
+        with pytest.raises(AlreadyFinalized):
+            h.update(b"foo")
+
+        with pytest.raises(AlreadyFinalized):
+            h.copy()
+
+        with pytest.raises(AlreadyFinalized):
+            h.finalize()
diff --git a/tests/hazmat/primitives/test_hmac_vectors.py b/tests/hazmat/primitives/test_hmac_vectors.py
index 52d592b6..7d0f156a 100644
--- a/tests/hazmat/primitives/test_hmac_vectors.py
+++ b/tests/hazmat/primitives/test_hmac_vectors.py
@@ -16,95 +16,95 @@ from __future__ import absolute_import, division, print_function
 from cryptography.hazmat.primitives import hashes
 
 from .utils import generate_hmac_test
-from ...utils import load_hash_vectors_from_file
+from ...utils import load_hash_vectors
 
 
 class TestHMAC_MD5(object):
     test_hmac_md5 = generate_hmac_test(
-        load_hash_vectors_from_file,
+        load_hash_vectors,
         "HMAC",
         [
             "rfc-2202-md5.txt",
         ],
         hashes.MD5(),
-        only_if=lambda backend: backend.hashes.supported(hashes.MD5),
+        only_if=lambda backend: backend.hash_supported(hashes.MD5),
         skip_message="Does not support MD5",
     )
 
 
 class TestHMAC_SHA1(object):
     test_hmac_sha1 = generate_hmac_test(
-        load_hash_vectors_from_file,
+        load_hash_vectors,
         "HMAC",
         [
             "rfc-2202-sha1.txt",
         ],
         hashes.SHA1(),
-        only_if=lambda backend: backend.hashes.supported(hashes.SHA1),
+        only_if=lambda backend: backend.hash_supported(hashes.SHA1),
         skip_message="Does not support SHA1",
     )
 
 
 class TestHMAC_SHA224(object):
     test_hmac_sha224 = generate_hmac_test(
-        load_hash_vectors_from_file,
+        load_hash_vectors,
         "HMAC",
         [
             "rfc-4231-sha224.txt",
         ],
         hashes.SHA224(),
-        only_if=lambda backend: backend.hashes.supported(hashes.SHA224),
+        only_if=lambda backend: backend.hash_supported(hashes.SHA224),
         skip_message="Does not support SHA224",
     )
 
 
 class TestHMAC_SHA256(object):
     test_hmac_sha256 = generate_hmac_test(
-        load_hash_vectors_from_file,
+        load_hash_vectors,
         "HMAC",
         [
             "rfc-4231-sha256.txt",
         ],
         hashes.SHA256(),
-        only_if=lambda backend: backend.hashes.supported(hashes.SHA256),
+        only_if=lambda backend: backend.hash_supported(hashes.SHA256),
         skip_message="Does not support SHA256",
     )
 
 
 class TestHMAC_SHA384(object):
     test_hmac_sha384 = generate_hmac_test(
-        load_hash_vectors_from_file,
+        load_hash_vectors,
         "HMAC",
         [
             "rfc-4231-sha384.txt",
         ],
         hashes.SHA384(),
-        only_if=lambda backend: backend.hashes.supported(hashes.SHA384),
+        only_if=lambda backend: backend.hash_supported(hashes.SHA384),
         skip_message="Does not support SHA384",
     )
 
 
 class TestHMAC_SHA512(object):
     test_hmac_sha512 = generate_hmac_test(
-        load_hash_vectors_from_file,
+        load_hash_vectors,
         "HMAC",
         [
             "rfc-4231-sha512.txt",
         ],
         hashes.SHA512(),
-        only_if=lambda backend: backend.hashes.supported(hashes.SHA512),
+        only_if=lambda backend: backend.hash_supported(hashes.SHA512),
         skip_message="Does not support SHA512",
     )
 
 
 class TestHMAC_RIPEMD160(object):
     test_hmac_ripemd160 = generate_hmac_test(
-        load_hash_vectors_from_file,
+        load_hash_vectors,
         "HMAC",
         [
             "rfc-2286-ripemd160.txt",
         ],
         hashes.RIPEMD160(),
-        only_if=lambda backend: backend.hashes.supported(hashes.RIPEMD160),
+        only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160),
         skip_message="Does not support RIPEMD160",
     )
diff --git a/tests/hazmat/primitives/test_padding.py b/tests/hazmat/primitives/test_padding.py
index 3cefafaf..6a2b6243 100644
--- a/tests/hazmat/primitives/test_padding.py
+++ b/tests/hazmat/primitives/test_padding.py
@@ -29,6 +29,8 @@ class TestPKCS7(object):
         (128, b"1111111111111111"),
         (128, b"111111111111111\x06"),
         (128, b""),
+        (128, b"\x06" * 6),
+        (128, b"\x00" * 16),
     ])
     def test_invalid_padding(self, size, padded):
         unpadder = padding.PKCS7(size).unpadder()
diff --git a/tests/hazmat/primitives/test_utils.py b/tests/hazmat/primitives/test_utils.py
index d7247e67..cee0b20e 100644
--- a/tests/hazmat/primitives/test_utils.py
+++ b/tests/hazmat/primitives/test_utils.py
@@ -2,7 +2,7 @@ import pytest
 
 from .utils import (
     base_hash_test, encrypt_test, hash_test, long_string_hash_test,
-    base_hmac_test, hmac_test
+    base_hmac_test, hmac_test, stream_encryption_test
 )
 
 
@@ -70,3 +70,14 @@ class TestBaseHMACTest(object):
                 skip_message="message!"
             )
         assert exc_info.value.args[0] == "message!"
+
+
+class TestStreamEncryptionTest(object):
+    def test_skips_if_only_if_returns_false(self):
+        with pytest.raises(pytest.skip.Exception) as exc_info:
+            stream_encryption_test(
+                None, None, None,
+                only_if=lambda backend: False,
+                skip_message="message!"
+            )
+        assert exc_info.value.args[0] == "message!"
diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py
index e6e97d1d..9327b0eb 100644
--- a/tests/hazmat/primitives/utils.py
+++ b/tests/hazmat/primitives/utils.py
@@ -8,6 +8,8 @@ from cryptography.hazmat.primitives import hashes
 from cryptography.hazmat.primitives import hmac
 from cryptography.hazmat.primitives.ciphers import Cipher
 
+from ...utils import load_vectors_from_file
+
 
 def generate_encrypt_test(param_loader, path, file_names, cipher_factory,
                           mode_factory, only_if=lambda backend: True,
@@ -15,7 +17,10 @@ def generate_encrypt_test(param_loader, path, file_names, cipher_factory,
     def test_encryption(self):
         for backend in _ALL_BACKENDS:
             for file_name in file_names:
-                for params in param_loader(os.path.join(path, file_name)):
+                for params in load_vectors_from_file(
+                    os.path.join(path, file_name),
+                    param_loader
+                ):
                     yield (
                         encrypt_test,
                         backend,
@@ -49,12 +54,57 @@ def encrypt_test(backend, cipher_factory, mode_factory, params, only_if,
     assert actual_plaintext == binascii.unhexlify(plaintext)
 
 
+def generate_stream_encryption_test(param_loader, path, file_names,
+                                    cipher_factory, only_if=None,
+                                    skip_message=None):
+    def test_stream_encryption(self):
+        for backend in _ALL_BACKENDS:
+            for file_name in file_names:
+                for params in load_vectors_from_file(
+                    os.path.join(path, file_name),
+                    param_loader
+                ):
+                    yield (
+                        stream_encryption_test,
+                        backend,
+                        cipher_factory,
+                        params,
+                        only_if,
+                        skip_message
+                    )
+    return test_stream_encryption
+
+
+def stream_encryption_test(backend, cipher_factory, params, only_if,
+                           skip_message):
+    if not only_if(backend):
+        pytest.skip(skip_message)
+    plaintext = params.pop("plaintext")
+    ciphertext = params.pop("ciphertext")
+    offset = params.pop("offset")
+    cipher = Cipher(cipher_factory(**params), None, backend)
+    encryptor = cipher.encryptor()
+    # throw away offset bytes
+    encryptor.update(b"\x00" * int(offset))
+    actual_ciphertext = encryptor.update(binascii.unhexlify(plaintext))
+    actual_ciphertext += encryptor.finalize()
+    assert actual_ciphertext == binascii.unhexlify(ciphertext)
+    decryptor = cipher.decryptor()
+    decryptor.update(b"\x00" * int(offset))
+    actual_plaintext = decryptor.update(binascii.unhexlify(ciphertext))
+    actual_plaintext += decryptor.finalize()
+    assert actual_plaintext == binascii.unhexlify(plaintext)
+
+
 def generate_hash_test(param_loader, path, file_names, hash_cls,
                        only_if=None, skip_message=None):
     def test_hash(self):
         for backend in _ALL_BACKENDS:
             for file_name in file_names:
-                for params in param_loader(os.path.join(path, file_name)):
+                for params in load_vectors_from_file(
+                    os.path.join(path, file_name),
+                    param_loader
+                ):
                     yield (
                         hash_test,
                         backend,
@@ -105,6 +155,12 @@ def base_hash_test(backend, algorithm, digest_size, block_size, only_if,
     assert m != m_copy
     assert m._ctx != m_copy._ctx
 
+    m.update(b"abc")
+    copy = m.copy()
+    copy.update(b"123")
+    m.update(b"123")
+    assert copy.finalize() == m.finalize()
+
 
 def generate_long_string_hash_test(hash_factory, md, only_if=None,
                                    skip_message=None):
@@ -134,7 +190,10 @@ def generate_hmac_test(param_loader, path, file_names, algorithm,
     def test_hmac(self):
         for backend in _ALL_BACKENDS:
             for file_name in file_names:
-                for params in param_loader(os.path.join(path, file_name)):
+                for params in load_vectors_from_file(
+                    os.path.join(path, file_name),
+                    param_loader
+                ):
                     yield (
                         hmac_test,
                         backend,