From 12e85b59165da0c05270e8db84941b18291220db Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Sun, 26 Apr 2020 16:53:58 -0400
Subject: Added wycheproof hmac vectors (#5238)

---
 docs/development/test-vectors.rst |  2 +-
 tests/wycheproof/test_hmac.py     | 66 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 67 insertions(+), 1 deletion(-)
 create mode 100644 tests/wycheproof/test_hmac.py

diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
index 217237ab..95e608b2 100644
--- a/docs/development/test-vectors.rst
+++ b/docs/development/test-vectors.rst
@@ -23,7 +23,7 @@ for various cryptographic algorithms. These are not included in the repository
 continuous integration environments.
 
 We have ensured all test vectors are used as of commit
-``c313761979d74b0417230eddd0f87d0cfab2b46b``.
+``2196000605e45d91097147c9c71f26b72af58003``.
 
 Asymmetric ciphers
 ~~~~~~~~~~~~~~~~~~
diff --git a/tests/wycheproof/test_hmac.py b/tests/wycheproof/test_hmac.py
new file mode 100644
index 00000000..0cf908fe
--- /dev/null
+++ b/tests/wycheproof/test_hmac.py
@@ -0,0 +1,66 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+import binascii
+
+import pytest
+
+from cryptography.exceptions import InvalidSignature
+from cryptography.hazmat.primitives import hashes, hmac
+
+
+_HMAC_ALGORITHMS = {
+    "HMACSHA1": hashes.SHA1(),
+    "HMACSHA224": hashes.SHA224(),
+    "HMACSHA256": hashes.SHA256(),
+    "HMACSHA384": hashes.SHA384(),
+    "HMACSHA512": hashes.SHA512(),
+    "HMACSHA3-224": hashes.SHA3_224(),
+    "HMACSHA3-256": hashes.SHA3_256(),
+    "HMACSHA3-384": hashes.SHA3_384(),
+    "HMACSHA3-512": hashes.SHA3_512(),
+}
+
+
+@pytest.mark.wycheproof_tests(
+    "hmac_sha1_test.json",
+    "hmac_sha224_test.json",
+    "hmac_sha256_test.json",
+    "hmac_sha384_test.json",
+    "hmac_sha3_224_test.json",
+    "hmac_sha3_256_test.json",
+    "hmac_sha3_384_test.json",
+    "hmac_sha3_512_test.json",
+    "hmac_sha512_test.json",
+)
+def test_hmac(backend, wycheproof):
+    hash_algo = _HMAC_ALGORITHMS[wycheproof.testfiledata["algorithm"]]
+    if wycheproof.testgroup["tagSize"] // 8 != hash_algo.digest_size:
+        pytest.skip("Truncated HMAC not supported")
+    if not backend.hash_supported(hash_algo):
+        pytest.skip("Hash {} not supported".format(hash_algo.name))
+
+    h = hmac.HMAC(
+        key=binascii.unhexlify(wycheproof.testcase["key"]),
+        algorithm=hash_algo,
+        backend=backend,
+    )
+    h.update(binascii.unhexlify(wycheproof.testcase["msg"]))
+
+    if wycheproof.invalid:
+        with pytest.raises(InvalidSignature):
+            h.verify(binascii.unhexlify(wycheproof.testcase["tag"]))
+    else:
+        tag = h.finalize()
+        assert tag == binascii.unhexlify(wycheproof.testcase["tag"])
+
+        h = hmac.HMAC(
+            key=binascii.unhexlify(wycheproof.testcase["key"]),
+            algorithm=hash_algo,
+            backend=backend,
+        )
+        h.update(binascii.unhexlify(wycheproof.testcase["msg"]))
+        h.verify(binascii.unhexlify(wycheproof.testcase["tag"]))
-- 
cgit v1.2.3