Merge branch 'master' into idea-bespoke-vectors

* master: (246 commits)
  Fixed python3 incompatibility
  Removed dependency on setuptools for version check
  don't need to move these definitions
  conditional NIDs for 0.9.8e
  x509 changes for 0.9.8e support
  more changes for 0.9.8e support, this time in the ssl.h headers
  macro switches in evp for 0.9.8e
  bind some error constants conditionally for 0.9.8e support
  BIO macro switch for 0.9.8e support
  move some nids
  conditionally bind AES_wrap/unwrap for 0.9.8e support
  Add GPG key fingerprint for lvh
  change comparison to be easier to read
  ridiculous workaround time
  whoops
  Missing imports
  Convert stuff
  Add binding for DSA_new
  Fix drop in coverage levels by removing branches
  Added check to turn of CC backend for OS X version < 10.8
  ...

Conflicts:
	docs/development/test-vectors.rst

1 files changed, 129 insertions, 0 deletions

diff --git a/tests/hazmat/primitives/twofactor/test_totp.py b/tests/hazmat/primitives/twofactor/test_totp.py
new file mode 100644
index 00000000..a4a108bc
--- /dev/null
+++ b/tests/hazmat/primitives/twofactor/test_totp.py
@@ -0,0 +1,129 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import pytest
+
+from cryptography.exceptions import InvalidToken
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives.twofactor.totp import TOTP
+from tests.utils import load_vectors_from_file, load_nist_vectors
+
+vectors = load_vectors_from_file(
+    "twofactor/rfc-6238.txt", load_nist_vectors)
+
+
+@pytest.mark.hmac
+class TestTOTP(object):
+    @pytest.mark.supported(
+        only_if=lambda backend: backend.hmac_supported(hashes.SHA1()),
+        skip_message="Does not support HMAC-SHA1."
+    )
+    @pytest.mark.parametrize(
+        "params", [i for i in vectors if i["mode"] == b"SHA1"])
+    def test_generate_sha1(self, backend, params):
+        secret = params["secret"]
+        time = int(params["time"])
+        totp_value = params["totp"]
+
+        totp = TOTP(secret, 8, hashes.SHA1(), 30, backend)
+        assert totp.generate(time) == totp_value
+
+    @pytest.mark.supported(
+        only_if=lambda backend: backend.hmac_supported(hashes.SHA256()),
+        skip_message="Does not support HMAC-SHA256."
+    )
+    @pytest.mark.parametrize(
+        "params", [i for i in vectors if i["mode"] == b"SHA256"])
+    def test_generate_sha256(self, backend, params):
+        secret = params["secret"]
+        time = int(params["time"])
+        totp_value = params["totp"]
+
+        totp = TOTP(secret, 8, hashes.SHA256(), 30, backend)
+        assert totp.generate(time) == totp_value
+
+    @pytest.mark.supported(
+        only_if=lambda backend: backend.hmac_supported(hashes.SHA512()),
+        skip_message="Does not support HMAC-SHA512."
+    )
+    @pytest.mark.parametrize(
+        "params", [i for i in vectors if i["mode"] == b"SHA512"])
+    def test_generate_sha512(self, backend, params):
+        secret = params["secret"]
+        time = int(params["time"])
+        totp_value = params["totp"]
+
+        totp = TOTP(secret, 8, hashes.SHA512(), 30, backend)
+        assert totp.generate(time) == totp_value
+
+    @pytest.mark.supported(
+        only_if=lambda backend: backend.hmac_supported(hashes.SHA1()),
+        skip_message="Does not support HMAC-SHA1."
+    )
+    @pytest.mark.parametrize(
+        "params", [i for i in vectors if i["mode"] == b"SHA1"])
+    def test_verify_sha1(self, backend, params):
+        secret = params["secret"]
+        time = int(params["time"])
+        totp_value = params["totp"]
+
+        totp = TOTP(secret, 8, hashes.SHA1(), 30, backend)
+
+        assert totp.verify(totp_value, time) is None
+
+    @pytest.mark.supported(
+        only_if=lambda backend: backend.hmac_supported(hashes.SHA256()),
+        skip_message="Does not support HMAC-SHA256."
+    )
+    @pytest.mark.parametrize(
+        "params", [i for i in vectors if i["mode"] == b"SHA256"])
+    def test_verify_sha256(self, backend, params):
+        secret = params["secret"]
+        time = int(params["time"])
+        totp_value = params["totp"]
+
+        totp = TOTP(secret, 8, hashes.SHA256(), 30, backend)
+
+        assert totp.verify(totp_value, time) is None
+
+    @pytest.mark.supported(
+        only_if=lambda backend: backend.hmac_supported(hashes.SHA512()),
+        skip_message="Does not support HMAC-SHA512."
+    )
+    @pytest.mark.parametrize(
+        "params", [i for i in vectors if i["mode"] == b"SHA512"])
+    def test_verify_sha512(self, backend, params):
+        secret = params["secret"]
+        time = int(params["time"])
+        totp_value = params["totp"]
+
+        totp = TOTP(secret, 8, hashes.SHA512(), 30, backend)
+
+        assert totp.verify(totp_value, time) is None
+
+    def test_invalid_verify(self, backend):
+        secret = b"12345678901234567890"
+        time = 59
+
+        totp = TOTP(secret, 8, hashes.SHA1(), 30, backend)
+
+        with pytest.raises(InvalidToken):
+            totp.verify(b"12345678", time)
+
+    def test_floating_point_time_generate(self, backend):
+        secret = b"12345678901234567890"
+        time = 59.1
+
+        totp = TOTP(secret, 8, hashes.SHA1(), 30, backend)
+
+        assert totp.generate(time) == b"94287082"