| # This file is dual licensed under the terms of the Apache License, Version |
| # 2.0, and the BSD License. See the LICENSE file in the root of this repository |
| # for complete details. |
| |
| from __future__ import absolute_import, division, print_function |
| |
| import binascii |
| |
| import pytest |
| |
| from cryptography.exceptions import InvalidSignature |
| from cryptography.hazmat.primitives import hashes, hmac |
| |
| |
| _HMAC_ALGORITHMS = { |
| "HMACSHA1": hashes.SHA1(), |
| "HMACSHA224": hashes.SHA224(), |
| "HMACSHA256": hashes.SHA256(), |
| "HMACSHA384": hashes.SHA384(), |
| "HMACSHA512": hashes.SHA512(), |
| "HMACSHA3-224": hashes.SHA3_224(), |
| "HMACSHA3-256": hashes.SHA3_256(), |
| "HMACSHA3-384": hashes.SHA3_384(), |
| "HMACSHA3-512": hashes.SHA3_512(), |
| } |
| |
| |
| @pytest.mark.wycheproof_tests( |
| "hmac_sha1_test.json", |
| "hmac_sha224_test.json", |
| "hmac_sha256_test.json", |
| "hmac_sha384_test.json", |
| "hmac_sha3_224_test.json", |
| "hmac_sha3_256_test.json", |
| "hmac_sha3_384_test.json", |
| "hmac_sha3_512_test.json", |
| "hmac_sha512_test.json", |
| ) |
| def test_hmac(backend, wycheproof): |
| hash_algo = _HMAC_ALGORITHMS[wycheproof.testfiledata["algorithm"]] |
| if wycheproof.testgroup["tagSize"] // 8 != hash_algo.digest_size: |
| pytest.skip("Truncated HMAC not supported") |
| if not backend.hash_supported(hash_algo): |
| pytest.skip("Hash {} not supported".format(hash_algo.name)) |
| |
| h = hmac.HMAC( |
| key=binascii.unhexlify(wycheproof.testcase["key"]), |
| algorithm=hash_algo, |
| backend=backend, |
| ) |
| h.update(binascii.unhexlify(wycheproof.testcase["msg"])) |
| |
| if wycheproof.invalid: |
| with pytest.raises(InvalidSignature): |
| h.verify(binascii.unhexlify(wycheproof.testcase["tag"])) |
| else: |
| tag = h.finalize() |
| assert tag == binascii.unhexlify(wycheproof.testcase["tag"]) |
| |
| h = hmac.HMAC( |
| key=binascii.unhexlify(wycheproof.testcase["key"]), |
| algorithm=hash_algo, |
| backend=backend, |
| ) |
| h.update(binascii.unhexlify(wycheproof.testcase["msg"])) |
| h.verify(binascii.unhexlify(wycheproof.testcase["tag"])) |