Fixed TypeError and added documentation
diff --git a/cryptography/fernet.py b/cryptography/fernet.py
index 674ce8a..d0394b4 100644
--- a/cryptography/fernet.py
+++ b/cryptography/fernet.py
@@ -60,9 +60,10 @@
return self._encrypt_from_parts(data, current_time, iv)
def _encrypt_from_parts(self, data, current_time, iv):
- if isinstance(data, six.text_type):
+ if not isinstance(data, six.binary_type):
raise TypeError(
- "Unicode-objects must be encoded before encryption"
+ "data must be binary type. This is str in Python 2 and bytes "
+ "in Python 3"
)
padder = padding.PKCS7(algorithms.AES.block_size).padder()
@@ -82,9 +83,10 @@
return base64.urlsafe_b64encode(basic_parts + hmac)
def decrypt(self, token, ttl=None):
- if isinstance(token, six.text_type):
+ if not isinstance(token, six.binary_type):
raise TypeError(
- "Unicode-objects must be encoded before decryption"
+ "token must be binary type. This is str in Python 2 and bytes "
+ "in Python 3"
)
current_time = int(time.time())
diff --git a/cryptography/hazmat/primitives/cmac.py b/cryptography/hazmat/primitives/cmac.py
index 7e7f65a..cc8e8f2 100644
--- a/cryptography/hazmat/primitives/cmac.py
+++ b/cryptography/hazmat/primitives/cmac.py
@@ -47,8 +47,11 @@
def update(self, data):
if self._ctx is None:
raise AlreadyFinalized("Context was already finalized")
- if isinstance(data, six.text_type):
- raise TypeError("Unicode-objects must be encoded before hashing")
+ if not isinstance(data, six.binary_type):
+ raise TypeError(
+ "data must be binary type. This is str in Python 2 and bytes "
+ "in Python 3"
+ )
self._ctx.update(data)
def finalize(self):
@@ -59,8 +62,11 @@
return digest
def verify(self, signature):
- if isinstance(signature, six.text_type):
- raise TypeError("Unicode-objects must be encoded before verifying")
+ if not isinstance(signature, six.binary_type):
+ raise TypeError(
+ "signature must be binary type. This is str in Python 2 and "
+ "bytes in Python 3"
+ )
digest = self.finalize()
if not constant_time.bytes_eq(digest, signature):
raise InvalidSignature("Signature did not match digest.")
diff --git a/cryptography/hazmat/primitives/constant_time.py b/cryptography/hazmat/primitives/constant_time.py
index e0e9aa3..658b1f5 100644
--- a/cryptography/hazmat/primitives/constant_time.py
+++ b/cryptography/hazmat/primitives/constant_time.py
@@ -57,7 +57,11 @@
def bytes_eq(a, b):
- if isinstance(a, six.text_type) or isinstance(b, six.text_type):
- raise TypeError("Unicode-objects must be encoded before comparing")
+ if (not isinstance(a, six.binary_type) or
+ not isinstance(b, six.binary_type)):
+ raise TypeError(
+ "a and b must be binary type. This is str in Python 2 and "
+ "bytes in Python 3"
+ )
return _lib.Cryptography_constant_time_bytes_eq(a, len(a), b, len(b)) == 1
diff --git a/cryptography/hazmat/primitives/hashes.py b/cryptography/hazmat/primitives/hashes.py
index 35b677b..a9b5b55 100644
--- a/cryptography/hazmat/primitives/hashes.py
+++ b/cryptography/hazmat/primitives/hashes.py
@@ -46,8 +46,11 @@
def update(self, data):
if self._ctx is None:
raise AlreadyFinalized("Context was already finalized")
- if isinstance(data, six.text_type):
- raise TypeError("Unicode-objects must be encoded before hashing")
+ if not isinstance(data, six.binary_type):
+ raise TypeError(
+ "data must be binary type. This is str in Python 2 and bytes "
+ "in Python 3"
+ )
self._ctx.update(data)
def copy(self):
diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py
index afbb2f7..e39fcf8 100644
--- a/cryptography/hazmat/primitives/hmac.py
+++ b/cryptography/hazmat/primitives/hmac.py
@@ -46,8 +46,11 @@
def update(self, msg):
if self._ctx is None:
raise AlreadyFinalized("Context was already finalized")
- if isinstance(msg, six.text_type):
- raise TypeError("Unicode-objects must be encoded before hashing")
+ if not isinstance(msg, six.binary_type):
+ raise TypeError(
+ "msg must be binary type. This is str in Python 2 and bytes "
+ "in Python 3"
+ )
self._ctx.update(msg)
def copy(self):
@@ -68,8 +71,11 @@
return digest
def verify(self, signature):
- if isinstance(signature, six.text_type):
- raise TypeError("Unicode-objects must be encoded before verifying")
+ if not isinstance(signature, six.binary_type):
+ raise TypeError(
+ "signature must be binary type. This is str in Python 2 and "
+ "bytes in Python 3"
+ )
digest = self.finalize()
if not constant_time.bytes_eq(digest, signature):
raise InvalidSignature("Signature did not match digest.")
diff --git a/cryptography/hazmat/primitives/kdf/hkdf.py b/cryptography/hazmat/primitives/kdf/hkdf.py
index daa8fcc..e02d9af 100644
--- a/cryptography/hazmat/primitives/kdf/hkdf.py
+++ b/cryptography/hazmat/primitives/kdf/hkdf.py
@@ -34,9 +34,11 @@
self._algorithm = algorithm
- if isinstance(salt, six.text_type):
+ if not isinstance(salt, six.binary_type) and salt is not None:
raise TypeError(
- "Unicode-objects must be encoded before using them as a salt.")
+ "salt must be binary type. This is str in Python 2 and bytes "
+ "in Python 3"
+ )
if salt is None:
salt = b"\x00" * (self._algorithm.digest_size // 8)
@@ -53,10 +55,10 @@
return h.finalize()
def derive(self, key_material):
- if isinstance(key_material, six.text_type):
+ if not isinstance(key_material, six.binary_type):
raise TypeError(
- "Unicode-objects must be encoded before using them as key "
- "material."
+ "key_material must be binary type. This is str in Python 2 "
+ "and bytes in Python 3"
)
return self._hkdf_expand.derive(self._extract(key_material))
@@ -89,9 +91,11 @@
self._length = length
- if isinstance(info, six.text_type):
+ if not isinstance(info, six.binary_type) and info is not None:
raise TypeError(
- "Unicode-objects must be encoded before using them as info.")
+ "info must be binary type. This is str in Python 2 and bytes "
+ "in Python 3"
+ )
if info is None:
info = b""
@@ -115,10 +119,10 @@
return b"".join(output)[:self._length]
def derive(self, key_material):
- if isinstance(key_material, six.text_type):
+ if not isinstance(key_material, six.binary_type):
raise TypeError(
- "Unicode-objects must be encoded before using them as key"
- "material."
+ "key_material must be binary type. This is str in Python 2 "
+ "and bytes in Python 3"
)
if self._used:
diff --git a/cryptography/hazmat/primitives/kdf/pbkdf2.py b/cryptography/hazmat/primitives/kdf/pbkdf2.py
index bec35bb..6711763 100644
--- a/cryptography/hazmat/primitives/kdf/pbkdf2.py
+++ b/cryptography/hazmat/primitives/kdf/pbkdf2.py
@@ -41,10 +41,10 @@
self._used = False
self._algorithm = algorithm
self._length = length
- if isinstance(salt, six.text_type):
+ if not isinstance(salt, six.binary_type):
raise TypeError(
- "Unicode-objects must be encoded before using them as key "
- "material."
+ "salt must be binary type. This is str in Python 2 and bytes "
+ "in Python 3"
)
self._salt = salt
self._iterations = iterations
@@ -55,10 +55,10 @@
raise AlreadyFinalized("PBKDF2 instances can only be used once")
self._used = True
- if isinstance(key_material, six.text_type):
+ if not isinstance(key_material, six.binary_type):
raise TypeError(
- "Unicode-objects must be encoded before using them as key "
- "material."
+ "key_material must be binary type. This is str in Python 2 "
+ "and bytes in Python 3"
)
return self._backend.derive_pbkdf2_hmac(
self._algorithm,
diff --git a/cryptography/hazmat/primitives/padding.py b/cryptography/hazmat/primitives/padding.py
index c1a763b..982baae 100644
--- a/cryptography/hazmat/primitives/padding.py
+++ b/cryptography/hazmat/primitives/padding.py
@@ -104,8 +104,11 @@
if self._buffer is None:
raise AlreadyFinalized("Context was already finalized")
- if isinstance(data, six.text_type):
- raise TypeError("Unicode-objects must be encoded before padding")
+ if not isinstance(data, six.binary_type):
+ raise TypeError(
+ "data must be binary type. This is str in Python 2 and bytes "
+ "in Python 3"
+ )
self._buffer += data
@@ -137,8 +140,11 @@
if self._buffer is None:
raise AlreadyFinalized("Context was already finalized")
- if isinstance(data, six.text_type):
- raise TypeError("Unicode-objects must be encoded before unpadding")
+ if not isinstance(data, six.binary_type):
+ raise TypeError(
+ "data must be binary type. This is str in Python 2 and bytes "
+ "in Python 3"
+ )
self._buffer += data
diff --git a/docs/fernet.rst b/docs/fernet.rst
index f55a2d6..b75be77 100644
--- a/docs/fernet.rst
+++ b/docs/fernet.rst
@@ -34,12 +34,15 @@
they'll also be able forge arbitrary messages that will be
authenticated and decrypted.
- .. method:: encrypt(plaintext)
+ .. method:: encrypt(data)
- :param bytes plaintext: The message you would like to encrypt.
+ :param bytes data: The message you would like to encrypt.
:returns bytes: A secure message that cannot be read or altered
without the key. It is URL-safe base64-encoded. This is
referred to as a "Fernet token".
+ :raises TypeError: This exception is raised if ``data`` is not a binary
+ type. This is ``str`` in Python 2 and ``bytes`` in
+ Python 3.
.. note::
@@ -66,6 +69,9 @@
``ttl``, it is malformed, or
it does not have a valid
signature.
+ :raises TypeError: This exception is raised if ``token`` is not a binary
+ type. This is ``str`` in Python 2 and ``bytes`` in
+ Python 3.
.. class:: InvalidToken
diff --git a/docs/hazmat/primitives/constant-time.rst b/docs/hazmat/primitives/constant-time.rst
index c6fcb3a..3296dbd 100644
--- a/docs/hazmat/primitives/constant-time.rst
+++ b/docs/hazmat/primitives/constant-time.rst
@@ -36,6 +36,9 @@
:param bytes b: The right-hand side.
:returns bool: ``True`` if ``a`` has the same bytes as ``b``, otherwise
``False``.
+ :raises TypeError: This exception is raised if ``a`` or ``b`` is not a
+ binary type. This is ``str`` in Python 2 and ``bytes``
+ in Python 3.
.. _`Coda Hale's blog post`: http://codahale.com/a-lesson-in-timing-attacks/
diff --git a/docs/hazmat/primitives/cryptographic-hashes.rst b/docs/hazmat/primitives/cryptographic-hashes.rst
index 773d97f..43dee3f 100644
--- a/docs/hazmat/primitives/cryptographic-hashes.rst
+++ b/docs/hazmat/primitives/cryptographic-hashes.rst
@@ -54,6 +54,9 @@
:param bytes data: The bytes to be hashed.
:raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize`.
+ :raises TypeError: This exception is raised if ``data`` is not a binary
+ type. This is ``str`` in Python 2 and ``bytes`` in
+ Python 3.
.. method:: copy()
diff --git a/docs/hazmat/primitives/key-derivation-functions.rst b/docs/hazmat/primitives/key-derivation-functions.rst
index de6bf5f..c9c0c3c 100644
--- a/docs/hazmat/primitives/key-derivation-functions.rst
+++ b/docs/hazmat/primitives/key-derivation-functions.rst
@@ -88,6 +88,10 @@
provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.PBKDF2HMACBackend`
+ :raises TypeError: This exception is raised if ``salt`` is not a binary
+ type. This is ``str`` in Python 2 and ``bytes`` in
+ Python 3.
+
.. method:: derive(key_material)
:param bytes key_material: The input key material. For PBKDF2 this
@@ -99,6 +103,10 @@
called more than
once.
+ :raises TypeError: This exception is raised if ``key_material`` is not
+ a binary type. This is ``str`` in Python 2 and
+ ``bytes`` in Python 3.
+
This generates and returns a new key from the supplied password.
.. method:: verify(key_material, expected_key)
@@ -191,10 +199,17 @@
provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
+ :raises TypeError: This exception is raised if ``salt`` or ``info`` is not
+ a binary type. This is ``str`` in Python 2 and ``bytes``
+ in Python 3.
+
.. method:: derive(key_material)
:param bytes key_material: The input key material.
:return bytes: The derived key.
+ :raises TypeError: This exception is raised if ``key_material`` is not
+ a binary type. This is ``str`` in Python 2 and
+ ``bytes`` in Python 3.
Derives a new key from the input key material by performing both the
extract and expand operations.
@@ -277,6 +292,9 @@
provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
:raises TypeError: This is raised if the provided ``info`` is a unicode object
+ :raises TypeError: This exception is raised if ``info`` is not a binary
+ type. This is ``str`` in Python 2 and ``bytes`` in
+ Python 3.
.. method:: derive(key_material)
@@ -285,6 +303,9 @@
:raises TypeError: This is raised if the provided ``key_material`` is
a unicode object
+ :raises TypeError: This exception is raised if ``key_material`` is not
+ a binary type. This is ``str`` in Python 2 and
+ ``bytes`` in Python 3.
Derives a new key from the input key material by performing both the
extract and expand operations.
diff --git a/docs/hazmat/primitives/mac/cmac.rst b/docs/hazmat/primitives/mac/cmac.rst
index 1fde139..86c3b6a 100644
--- a/docs/hazmat/primitives/mac/cmac.rst
+++ b/docs/hazmat/primitives/mac/cmac.rst
@@ -68,6 +68,9 @@
:param bytes data: The bytes to hash and authenticate.
:raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize`
+ :raises TypeError: This exception is raised if ``data`` is not a binary
+ type. This is ``str`` in Python 2 and ``bytes`` in
+ Python 3.
.. method:: copy()
@@ -89,6 +92,9 @@
:raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize`
:raises cryptography.exceptions.InvalidSignature: If signature does not
match digest
+ :raises TypeError: This exception is raised if ``signature`` is not a
+ binary type. This is ``str`` in Python 2 and
+ ``bytes`` in Python 3.
.. method:: finalize()
diff --git a/docs/hazmat/primitives/mac/hmac.rst b/docs/hazmat/primitives/mac/hmac.rst
index e20a403..0fc4a19 100644
--- a/docs/hazmat/primitives/mac/hmac.rst
+++ b/docs/hazmat/primitives/mac/hmac.rst
@@ -69,6 +69,9 @@
:param bytes msg: The bytes to hash and authenticate.
:raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize`
+ :raises TypeError: This exception is raised if ``msg`` is not a binary
+ type. This is ``str`` in Python 2 and ``bytes`` in
+ Python 3.
.. method:: copy()
@@ -90,6 +93,9 @@
:raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize`
:raises cryptography.exceptions.InvalidSignature: If signature does not
match digest
+ :raises TypeError: This exception is raised if ``signature`` is not a
+ binary type. This is ``str`` in Python 2 and
+ ``bytes`` in Python 3.
.. method:: finalize()
diff --git a/docs/hazmat/primitives/padding.rst b/docs/hazmat/primitives/padding.rst
index 4092ac0..72378e1 100644
--- a/docs/hazmat/primitives/padding.rst
+++ b/docs/hazmat/primitives/padding.rst
@@ -70,6 +70,9 @@
:return bytes: Returns the data that was padded or unpadded.
:raises TypeError: Raised if data is not bytes.
:raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize`.
+ :raises TypeError: This exception is raised if ``data`` is not a binary
+ type. This is ``str`` in Python 2 and ``bytes`` in
+ Python 3.
.. method:: finalize()