From b864db11a3577ff6b117f6ce73e43f3c1e7b3e84 Mon Sep 17 00:00:00 2001
From: David Reid <dreid@dreid.org>
Date: Fri, 1 Nov 2013 15:11:45 -0700
Subject: Enforce HMAC taking an instance of HashAlgorithm

---
 cryptography/hazmat/primitives/hmac.py       |  2 ++
 tests/hazmat/primitives/test_hmac.py         | 10 +++++++---
 tests/hazmat/primitives/test_hmac_vectors.py | 14 +++++++-------
 3 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py
index fc5e777c..1457ed78 100644
--- a/cryptography/hazmat/primitives/hmac.py
+++ b/cryptography/hazmat/primitives/hmac.py
@@ -22,6 +22,8 @@ from cryptography.hazmat.primitives import interfaces
 class HMAC(object):
     def __init__(self, key, algorithm, ctx=None, backend=None):
         super(HMAC, self).__init__()
+        if not isinstance(algorithm, interfaces.HashAlgorithm):
+            raise TypeError("Expected instance of interfaces.HashAlgorithm.")
         self.algorithm = algorithm
 
         if backend is None:
diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py
index 43909024..bbaabb22 100644
--- a/tests/hazmat/primitives/test_hmac.py
+++ b/tests/hazmat/primitives/test_hmac.py
@@ -26,13 +26,13 @@ from .utils import generate_base_hmac_test
 
 class TestHMAC(object):
     test_copy = generate_base_hmac_test(
-        hashes.MD5,
+        hashes.MD5(),
         only_if=lambda backend: backend.hashes.supported(hashes.MD5),
         skip_message="Does not support MD5",
     )
 
     def test_hmac_reject_unicode(self, backend):
-        h = hmac.HMAC(b"mykey", hashes.SHA1, backend=backend)
+        h = hmac.HMAC(b"mykey", hashes.SHA1(), backend=backend)
         with pytest.raises(TypeError):
             h.update(six.u("\u00FC"))
 
@@ -40,7 +40,11 @@ class TestHMAC(object):
         pretend_hmac = pretend.stub(copy_ctx=lambda a: True)
         pretend_backend = pretend.stub(hmacs=pretend_hmac)
         pretend_ctx = pretend.stub()
-        h = hmac.HMAC(b"key", hashes.SHA1, backend=pretend_backend,
+        h = hmac.HMAC(b"key", hashes.SHA1(), backend=pretend_backend,
                       ctx=pretend_ctx)
         assert h._backend is pretend_backend
         assert h.copy()._backend is pretend_backend
+
+    def test_hmac_algorithm_instance(self):
+        with pytest.raises(TypeError):
+            hmac.HMAC(hashes.SHA1)
diff --git a/tests/hazmat/primitives/test_hmac_vectors.py b/tests/hazmat/primitives/test_hmac_vectors.py
index 27b45012..52d592b6 100644
--- a/tests/hazmat/primitives/test_hmac_vectors.py
+++ b/tests/hazmat/primitives/test_hmac_vectors.py
@@ -26,7 +26,7 @@ class TestHMAC_MD5(object):
         [
             "rfc-2202-md5.txt",
         ],
-        hashes.MD5,
+        hashes.MD5(),
         only_if=lambda backend: backend.hashes.supported(hashes.MD5),
         skip_message="Does not support MD5",
     )
@@ -39,7 +39,7 @@ class TestHMAC_SHA1(object):
         [
             "rfc-2202-sha1.txt",
         ],
-        hashes.SHA1,
+        hashes.SHA1(),
         only_if=lambda backend: backend.hashes.supported(hashes.SHA1),
         skip_message="Does not support SHA1",
     )
@@ -52,7 +52,7 @@ class TestHMAC_SHA224(object):
         [
             "rfc-4231-sha224.txt",
         ],
-        hashes.SHA224,
+        hashes.SHA224(),
         only_if=lambda backend: backend.hashes.supported(hashes.SHA224),
         skip_message="Does not support SHA224",
     )
@@ -65,7 +65,7 @@ class TestHMAC_SHA256(object):
         [
             "rfc-4231-sha256.txt",
         ],
-        hashes.SHA256,
+        hashes.SHA256(),
         only_if=lambda backend: backend.hashes.supported(hashes.SHA256),
         skip_message="Does not support SHA256",
     )
@@ -78,7 +78,7 @@ class TestHMAC_SHA384(object):
         [
             "rfc-4231-sha384.txt",
         ],
-        hashes.SHA384,
+        hashes.SHA384(),
         only_if=lambda backend: backend.hashes.supported(hashes.SHA384),
         skip_message="Does not support SHA384",
     )
@@ -91,7 +91,7 @@ class TestHMAC_SHA512(object):
         [
             "rfc-4231-sha512.txt",
         ],
-        hashes.SHA512,
+        hashes.SHA512(),
         only_if=lambda backend: backend.hashes.supported(hashes.SHA512),
         skip_message="Does not support SHA512",
     )
@@ -104,7 +104,7 @@ class TestHMAC_RIPEMD160(object):
         [
             "rfc-2286-ripemd160.txt",
         ],
-        hashes.RIPEMD160,
+        hashes.RIPEMD160(),
         only_if=lambda backend: backend.hashes.supported(hashes.RIPEMD160),
         skip_message="Does not support RIPEMD160",
     )
-- 
cgit v1.2.3