commit 15fd6433ea357fc6d06052db85c0d0140a9c1d13
author David Reid <dreid@dreid.org> Thu Jan 30 15:28:09 2014 -0800
committer David Reid <dreid@dreid.org> Mon Feb 03 10:05:28 2014 -0800
tree 726763560e9c3927ea7d3dc839c41ae372b53862
parent c0248b9be0a207fe1b27690d819bd79ac3e1aa84

Don't expose extract and expand on this class yet because we don't know how best to expose verify functionality, continue testing the stages using the private methods.

cryptography/hazmat/primitives/kdf/hkdf.py

diff --git a/cryptography/hazmat/primitives/kdf/hkdf.py b/cryptography/hazmat/primitives/kdf/hkdf.py
index 2b5ba81..ae24f67 100644
--- a/cryptography/hazmat/primitives/kdf/hkdf.py
+++ b/cryptography/hazmat/primitives/kdf/hkdf.py
@@ -57,27 +57,11 @@
 
         self._used = False
 
-    def extract(self, key_material):
-        if self._used:
-            raise exceptions.AlreadyFinalized
-
-        self._used = True
-
-        return self._extract(key_material)
-
     def _extract(self, key_material):
         h = hmac.HMAC(self._salt, self._algorithm, backend=self._backend)
         h.update(key_material)
         return h.finalize()
 
-    def expand(self, key_material):
-        if self._used:
-            raise exceptions.AlreadyFinalized
-
-        self._used = True
-
-        return self._expand(key_material)
-
     def _expand(self, key_material):
         output = [b""]
         counter = 1

tests/hazmat/primitives/test_hkdf.py

diff --git a/tests/hazmat/primitives/test_hkdf.py b/tests/hazmat/primitives/test_hkdf.py
index f3345b0..66993f0 100644
--- a/tests/hazmat/primitives/test_hkdf.py
+++ b/tests/hazmat/primitives/test_hkdf.py
@@ -71,24 +71,6 @@
             backend=backend
         )
 
-        hkdf.extract(b"\x01" * 16)
-
-        with pytest.raises(exceptions.AlreadyFinalized):
-            hkdf.extract(b"\x02" * 16)
-
-        hkdf = HKDF(
-            hashes.SHA256(),
-            16,
-            salt=None,
-            info=None,
-            backend=backend
-        )
-
-        hkdf.expand(b"\x01" * 16)
-
-        with pytest.raises(exceptions.AlreadyFinalized):
-            hkdf.expand(b"\x02" * 16)
-
     def test_verify(self, backend):
         hkdf = HKDF(
             hashes.SHA256(),

tests/hazmat/primitives/utils.py

diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py
index 2584272..5a8dc3a 100644
--- a/tests/hazmat/primitives/utils.py
+++ b/tests/hazmat/primitives/utils.py
@@ -326,7 +326,7 @@
         backend=backend
     )
 
-    prk = hkdf.extract(binascii.unhexlify(params["ikm"]))
+    prk = hkdf._extract(binascii.unhexlify(params["ikm"]))
 
     assert prk == binascii.unhexlify(params["prk"])
 
@@ -340,7 +340,7 @@
         backend=backend
     )
 
-    okm = hkdf.expand(binascii.unhexlify(params["prk"]))
+    okm = hkdf._expand(binascii.unhexlify(params["prk"]))
 
     assert okm == binascii.unhexlify(params["okm"])