From e2c1c0fb8cb91b18597496b00df6a23b77f4affa Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Tue, 22 Aug 2017 09:37:32 -0700
Subject: add blake2b/blake2s support for hmac (#3873)

* add blake2b/blake2s support for hmac

This was a bug, but it turns out the noise protocol suggests using the
HMAC construction with BLAKE2 (rather than BLAKE2's own keyed
functionality) for a few reasons, so we should support it.

* actually test the thing
---
 tests/hazmat/primitives/test_hmac_vectors.py | 30 +++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

(limited to 'tests')

diff --git a/tests/hazmat/primitives/test_hmac_vectors.py b/tests/hazmat/primitives/test_hmac_vectors.py
index 70c929ad..6ff71fe3 100644
--- a/tests/hazmat/primitives/test_hmac_vectors.py
+++ b/tests/hazmat/primitives/test_hmac_vectors.py
@@ -4,10 +4,12 @@
 
 from __future__ import absolute_import, division, print_function
 
+import binascii
+
 import pytest
 
 from cryptography.hazmat.backends.interfaces import HMACBackend
-from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives import hashes, hmac
 
 from .utils import generate_hmac_test
 from ...utils import load_hash_vectors
@@ -107,3 +109,29 @@ class TestHMACSHA512(object):
         ],
         hashes.SHA512(),
     )
+
+
+@pytest.mark.supported(
+    only_if=lambda backend: backend.hmac_supported(hashes.BLAKE2b(
+        digest_size=64
+    )),
+    skip_message="Does not support BLAKE2",
+)
+@pytest.mark.requires_backend_interface(interface=HMACBackend)
+class TestHMACBLAKE2(object):
+    def test_blake2b(self, backend):
+        h = hmac.HMAC(b"0" * 64, hashes.BLAKE2b(digest_size=64), backend)
+        h.update(b"test")
+        digest = h.finalize()
+        assert digest == binascii.unhexlify(
+            b"b5319122f8a24ba134a0c9851922448104e25be5d1b91265c0c68b22722f0f29"
+            b"87dba4aeaa69e6bed7edc44f48d6b1be493a3ce583f9c737c53d6bacc09e2f32"
+        )
+
+    def test_blake2s(self, backend):
+        h = hmac.HMAC(b"0" * 32, hashes.BLAKE2s(digest_size=32), backend)
+        h.update(b"test")
+        digest = h.finalize()
+        assert digest == binascii.unhexlify(
+            b"51477cc5bdf1faf952cf97bb934ee936de1f4d5d7448a84eeb6f98d23b392166"
+        )
-- 
cgit v1.2.3