aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docs/development/test-vectors.rst2
-rw-r--r--tests/wycheproof/test_hmac.py66
2 files changed, 67 insertions, 1 deletions
diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
index 217237ab..95e608b2 100644
--- a/docs/development/test-vectors.rst
+++ b/docs/development/test-vectors.rst
@@ -23,7 +23,7 @@ for various cryptographic algorithms. These are not included in the repository
continuous integration environments.
We have ensured all test vectors are used as of commit
-``c313761979d74b0417230eddd0f87d0cfab2b46b``.
+``2196000605e45d91097147c9c71f26b72af58003``.
Asymmetric ciphers
~~~~~~~~~~~~~~~~~~
diff --git a/tests/wycheproof/test_hmac.py b/tests/wycheproof/test_hmac.py
new file mode 100644
index 00000000..0cf908fe
--- /dev/null
+++ b/tests/wycheproof/test_hmac.py
@@ -0,0 +1,66 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+import binascii
+
+import pytest
+
+from cryptography.exceptions import InvalidSignature
+from cryptography.hazmat.primitives import hashes, hmac
+
+
+_HMAC_ALGORITHMS = {
+ "HMACSHA1": hashes.SHA1(),
+ "HMACSHA224": hashes.SHA224(),
+ "HMACSHA256": hashes.SHA256(),
+ "HMACSHA384": hashes.SHA384(),
+ "HMACSHA512": hashes.SHA512(),
+ "HMACSHA3-224": hashes.SHA3_224(),
+ "HMACSHA3-256": hashes.SHA3_256(),
+ "HMACSHA3-384": hashes.SHA3_384(),
+ "HMACSHA3-512": hashes.SHA3_512(),
+}
+
+
+@pytest.mark.wycheproof_tests(
+ "hmac_sha1_test.json",
+ "hmac_sha224_test.json",
+ "hmac_sha256_test.json",
+ "hmac_sha384_test.json",
+ "hmac_sha3_224_test.json",
+ "hmac_sha3_256_test.json",
+ "hmac_sha3_384_test.json",
+ "hmac_sha3_512_test.json",
+ "hmac_sha512_test.json",
+)
+def test_hmac(backend, wycheproof):
+ hash_algo = _HMAC_ALGORITHMS[wycheproof.testfiledata["algorithm"]]
+ if wycheproof.testgroup["tagSize"] // 8 != hash_algo.digest_size:
+ pytest.skip("Truncated HMAC not supported")
+ if not backend.hash_supported(hash_algo):
+ pytest.skip("Hash {} not supported".format(hash_algo.name))
+
+ h = hmac.HMAC(
+ key=binascii.unhexlify(wycheproof.testcase["key"]),
+ algorithm=hash_algo,
+ backend=backend,
+ )
+ h.update(binascii.unhexlify(wycheproof.testcase["msg"]))
+
+ if wycheproof.invalid:
+ with pytest.raises(InvalidSignature):
+ h.verify(binascii.unhexlify(wycheproof.testcase["tag"]))
+ else:
+ tag = h.finalize()
+ assert tag == binascii.unhexlify(wycheproof.testcase["tag"])
+
+ h = hmac.HMAC(
+ key=binascii.unhexlify(wycheproof.testcase["key"]),
+ algorithm=hash_algo,
+ backend=backend,
+ )
+ h.update(binascii.unhexlify(wycheproof.testcase["msg"]))
+ h.verify(binascii.unhexlify(wycheproof.testcase["tag"]))