commit c6ba99dd6153e7c10c4fc37dcc7af464fc76853b
author Lucia Li <luciali@google.com> Mon Nov 08 22:06:11 2021 +0800
committer Lucia Li <luciali@google.com> Thu Nov 11 11:40:19 2021 +0800
tree 1bc0942b942becc5391abbaf74cb61a05a4e76cd
parent 104d218456a1d4f2f71a14c2c112b4ca24fe7310

Upgrade cryptography from 2.5 to 3.3

Source code is from https://github.com/pyca/cryptography/tree/3.3.x

Run setup.py locally and rename _openssl.so/_padding.so

Bug: 205265538
Test: None
Change-Id: If031739ef5830ba2fb177add74515e4660e2906e

tests/wycheproof/test_hmac.py

diff --git a/tests/wycheproof/test_hmac.py b/tests/wycheproof/test_hmac.py
new file mode 100644
index 0000000..0cf908f
--- /dev/null
+++ b/tests/wycheproof/test_hmac.py
@@ -0,0 +1,66 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+import binascii
+
+import pytest
+
+from cryptography.exceptions import InvalidSignature
+from cryptography.hazmat.primitives import hashes, hmac
+
+
+_HMAC_ALGORITHMS = {
+    "HMACSHA1": hashes.SHA1(),
+    "HMACSHA224": hashes.SHA224(),
+    "HMACSHA256": hashes.SHA256(),
+    "HMACSHA384": hashes.SHA384(),
+    "HMACSHA512": hashes.SHA512(),
+    "HMACSHA3-224": hashes.SHA3_224(),
+    "HMACSHA3-256": hashes.SHA3_256(),
+    "HMACSHA3-384": hashes.SHA3_384(),
+    "HMACSHA3-512": hashes.SHA3_512(),
+}
+
+
+@pytest.mark.wycheproof_tests(
+    "hmac_sha1_test.json",
+    "hmac_sha224_test.json",
+    "hmac_sha256_test.json",
+    "hmac_sha384_test.json",
+    "hmac_sha3_224_test.json",
+    "hmac_sha3_256_test.json",
+    "hmac_sha3_384_test.json",
+    "hmac_sha3_512_test.json",
+    "hmac_sha512_test.json",
+)
+def test_hmac(backend, wycheproof):
+    hash_algo = _HMAC_ALGORITHMS[wycheproof.testfiledata["algorithm"]]
+    if wycheproof.testgroup["tagSize"] // 8 != hash_algo.digest_size:
+        pytest.skip("Truncated HMAC not supported")
+    if not backend.hash_supported(hash_algo):
+        pytest.skip("Hash {} not supported".format(hash_algo.name))
+
+    h = hmac.HMAC(
+        key=binascii.unhexlify(wycheproof.testcase["key"]),
+        algorithm=hash_algo,
+        backend=backend,
+    )
+    h.update(binascii.unhexlify(wycheproof.testcase["msg"]))
+
+    if wycheproof.invalid:
+        with pytest.raises(InvalidSignature):
+            h.verify(binascii.unhexlify(wycheproof.testcase["tag"]))
+    else:
+        tag = h.finalize()
+        assert tag == binascii.unhexlify(wycheproof.testcase["tag"])
+
+        h = hmac.HMAC(
+            key=binascii.unhexlify(wycheproof.testcase["key"]),
+            algorithm=hash_algo,
+            backend=backend,
+        )
+        h.update(binascii.unhexlify(wycheproof.testcase["msg"]))
+        h.verify(binascii.unhexlify(wycheproof.testcase["tag"]))