Merge pull request #1048 from Ayrx/change-unicode-check
Fixed TypeError and added documentation
diff --git a/cryptography/fernet.py b/cryptography/fernet.py
index 674ce8a..93eb32b 100644
--- a/cryptography/fernet.py
+++ b/cryptography/fernet.py
@@ -60,10 +60,8 @@
return self._encrypt_from_parts(data, current_time, iv)
def _encrypt_from_parts(self, data, current_time, iv):
- if isinstance(data, six.text_type):
- raise TypeError(
- "Unicode-objects must be encoded before encryption"
- )
+ if not isinstance(data, six.binary_type):
+ raise TypeError("data must be bytes")
padder = padding.PKCS7(algorithms.AES.block_size).padder()
padded_data = padder.update(data) + padder.finalize()
@@ -82,10 +80,8 @@
return base64.urlsafe_b64encode(basic_parts + hmac)
def decrypt(self, token, ttl=None):
- if isinstance(token, six.text_type):
- raise TypeError(
- "Unicode-objects must be encoded before decryption"
- )
+ if not isinstance(token, six.binary_type):
+ raise TypeError("token must be bytes")
current_time = int(time.time())
diff --git a/cryptography/hazmat/primitives/cmac.py b/cryptography/hazmat/primitives/cmac.py
index 7e7f65a..b01c517 100644
--- a/cryptography/hazmat/primitives/cmac.py
+++ b/cryptography/hazmat/primitives/cmac.py
@@ -47,8 +47,8 @@
def update(self, data):
if self._ctx is None:
raise AlreadyFinalized("Context was already finalized")
- if isinstance(data, six.text_type):
- raise TypeError("Unicode-objects must be encoded before hashing")
+ if not isinstance(data, six.binary_type):
+ raise TypeError("data must be bytes")
self._ctx.update(data)
def finalize(self):
@@ -59,8 +59,8 @@
return digest
def verify(self, signature):
- if isinstance(signature, six.text_type):
- raise TypeError("Unicode-objects must be encoded before verifying")
+ if not isinstance(signature, six.binary_type):
+ raise TypeError("signature must be bytes")
digest = self.finalize()
if not constant_time.bytes_eq(digest, signature):
raise InvalidSignature("Signature did not match digest.")
diff --git a/cryptography/hazmat/primitives/constant_time.py b/cryptography/hazmat/primitives/constant_time.py
index e0e9aa3..6d325a9 100644
--- a/cryptography/hazmat/primitives/constant_time.py
+++ b/cryptography/hazmat/primitives/constant_time.py
@@ -57,7 +57,8 @@
def bytes_eq(a, b):
- if isinstance(a, six.text_type) or isinstance(b, six.text_type):
- raise TypeError("Unicode-objects must be encoded before comparing")
+ if (not isinstance(a, six.binary_type) or
+ not isinstance(b, six.binary_type)):
+ raise TypeError("a and b must be bytes")
return _lib.Cryptography_constant_time_bytes_eq(a, len(a), b, len(b)) == 1
diff --git a/cryptography/hazmat/primitives/hashes.py b/cryptography/hazmat/primitives/hashes.py
index 35b677b..2efd848 100644
--- a/cryptography/hazmat/primitives/hashes.py
+++ b/cryptography/hazmat/primitives/hashes.py
@@ -46,8 +46,8 @@
def update(self, data):
if self._ctx is None:
raise AlreadyFinalized("Context was already finalized")
- if isinstance(data, six.text_type):
- raise TypeError("Unicode-objects must be encoded before hashing")
+ if not isinstance(data, six.binary_type):
+ raise TypeError("data must be bytes")
self._ctx.update(data)
def copy(self):
diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py
index afbb2f7..5d7bad5 100644
--- a/cryptography/hazmat/primitives/hmac.py
+++ b/cryptography/hazmat/primitives/hmac.py
@@ -46,8 +46,8 @@
def update(self, msg):
if self._ctx is None:
raise AlreadyFinalized("Context was already finalized")
- if isinstance(msg, six.text_type):
- raise TypeError("Unicode-objects must be encoded before hashing")
+ if not isinstance(msg, six.binary_type):
+ raise TypeError("msg must be bytes")
self._ctx.update(msg)
def copy(self):
@@ -68,8 +68,8 @@
return digest
def verify(self, signature):
- if isinstance(signature, six.text_type):
- raise TypeError("Unicode-objects must be encoded before verifying")
+ if not isinstance(signature, six.binary_type):
+ raise TypeError("signature must be bytes")
digest = self.finalize()
if not constant_time.bytes_eq(digest, signature):
raise InvalidSignature("Signature did not match digest.")
diff --git a/cryptography/hazmat/primitives/kdf/hkdf.py b/cryptography/hazmat/primitives/kdf/hkdf.py
index daa8fcc..adeecaf 100644
--- a/cryptography/hazmat/primitives/kdf/hkdf.py
+++ b/cryptography/hazmat/primitives/kdf/hkdf.py
@@ -34,9 +34,8 @@
self._algorithm = algorithm
- if isinstance(salt, six.text_type):
- raise TypeError(
- "Unicode-objects must be encoded before using them as a salt.")
+ if not isinstance(salt, six.binary_type) and salt is not None:
+ raise TypeError("salt must be bytes")
if salt is None:
salt = b"\x00" * (self._algorithm.digest_size // 8)
@@ -53,11 +52,8 @@
return h.finalize()
def derive(self, key_material):
- if isinstance(key_material, six.text_type):
- raise TypeError(
- "Unicode-objects must be encoded before using them as key "
- "material."
- )
+ if not isinstance(key_material, six.binary_type):
+ raise TypeError("key_material must be bytes")
return self._hkdf_expand.derive(self._extract(key_material))
@@ -89,9 +85,8 @@
self._length = length
- if isinstance(info, six.text_type):
- raise TypeError(
- "Unicode-objects must be encoded before using them as info.")
+ if not isinstance(info, six.binary_type) and info is not None:
+ raise TypeError("info must be bytes")
if info is None:
info = b""
@@ -115,11 +110,8 @@
return b"".join(output)[:self._length]
def derive(self, key_material):
- if isinstance(key_material, six.text_type):
- raise TypeError(
- "Unicode-objects must be encoded before using them as key"
- "material."
- )
+ if not isinstance(key_material, six.binary_type):
+ raise TypeError("key_material must be bytes")
if self._used:
raise AlreadyFinalized
diff --git a/cryptography/hazmat/primitives/kdf/pbkdf2.py b/cryptography/hazmat/primitives/kdf/pbkdf2.py
index bec35bb..66a9b46 100644
--- a/cryptography/hazmat/primitives/kdf/pbkdf2.py
+++ b/cryptography/hazmat/primitives/kdf/pbkdf2.py
@@ -41,11 +41,8 @@
self._used = False
self._algorithm = algorithm
self._length = length
- if isinstance(salt, six.text_type):
- raise TypeError(
- "Unicode-objects must be encoded before using them as key "
- "material."
- )
+ if not isinstance(salt, six.binary_type):
+ raise TypeError("salt must be bytes")
self._salt = salt
self._iterations = iterations
self._backend = backend
@@ -55,11 +52,8 @@
raise AlreadyFinalized("PBKDF2 instances can only be used once")
self._used = True
- if isinstance(key_material, six.text_type):
- raise TypeError(
- "Unicode-objects must be encoded before using them as key "
- "material."
- )
+ if not isinstance(key_material, six.binary_type):
+ raise TypeError("key_material must be bytes")
return self._backend.derive_pbkdf2_hmac(
self._algorithm,
self._length,
diff --git a/cryptography/hazmat/primitives/padding.py b/cryptography/hazmat/primitives/padding.py
index c1a763b..e8e6a6d 100644
--- a/cryptography/hazmat/primitives/padding.py
+++ b/cryptography/hazmat/primitives/padding.py
@@ -104,8 +104,8 @@
if self._buffer is None:
raise AlreadyFinalized("Context was already finalized")
- if isinstance(data, six.text_type):
- raise TypeError("Unicode-objects must be encoded before padding")
+ if not isinstance(data, six.binary_type):
+ raise TypeError("data must be bytes")
self._buffer += data
@@ -137,8 +137,8 @@
if self._buffer is None:
raise AlreadyFinalized("Context was already finalized")
- if isinstance(data, six.text_type):
- raise TypeError("Unicode-objects must be encoded before unpadding")
+ if not isinstance(data, six.binary_type):
+ raise TypeError("data must be bytes")
self._buffer += data
diff --git a/docs/fernet.rst b/docs/fernet.rst
index f55a2d6..1c4918a 100644
--- a/docs/fernet.rst
+++ b/docs/fernet.rst
@@ -34,12 +34,13 @@
they'll also be able forge arbitrary messages that will be
authenticated and decrypted.
- .. method:: encrypt(plaintext)
+ .. method:: encrypt(data)
- :param bytes plaintext: The message you would like to encrypt.
+ :param bytes data: The message you would like to encrypt.
:returns bytes: A secure message that cannot be read or altered
without the key. It is URL-safe base64-encoded. This is
referred to as a "Fernet token".
+ :raises TypeError: This exception is raised if ``data`` is not ``bytes``.
.. note::
@@ -66,6 +67,7 @@
``ttl``, it is malformed, or
it does not have a valid
signature.
+ :raises TypeError: This exception is raised if ``token`` is not ``bytes``.
.. class:: InvalidToken
diff --git a/docs/hazmat/primitives/constant-time.rst b/docs/hazmat/primitives/constant-time.rst
index c6fcb3a..1394b6b 100644
--- a/docs/hazmat/primitives/constant-time.rst
+++ b/docs/hazmat/primitives/constant-time.rst
@@ -36,6 +36,8 @@
:param bytes b: The right-hand side.
:returns bool: ``True`` if ``a`` has the same bytes as ``b``, otherwise
``False``.
+ :raises TypeError: This exception is raised if ``a`` or ``b`` is not
+ ``bytes``.
.. _`Coda Hale's blog post`: http://codahale.com/a-lesson-in-timing-attacks/
diff --git a/docs/hazmat/primitives/cryptographic-hashes.rst b/docs/hazmat/primitives/cryptographic-hashes.rst
index 773d97f..7e5295c 100644
--- a/docs/hazmat/primitives/cryptographic-hashes.rst
+++ b/docs/hazmat/primitives/cryptographic-hashes.rst
@@ -54,6 +54,7 @@
:param bytes data: The bytes to be hashed.
:raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize`.
+ :raises TypeError: This exception is raised if ``data`` is not ``bytes``.
.. method:: copy()
diff --git a/docs/hazmat/primitives/key-derivation-functions.rst b/docs/hazmat/primitives/key-derivation-functions.rst
index de6bf5f..f68b12c 100644
--- a/docs/hazmat/primitives/key-derivation-functions.rst
+++ b/docs/hazmat/primitives/key-derivation-functions.rst
@@ -88,6 +88,8 @@
provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.PBKDF2HMACBackend`
+ :raises TypeError: This exception is raised if ``salt`` is not ``bytes``.
+
.. method:: derive(key_material)
:param bytes key_material: The input key material. For PBKDF2 this
@@ -99,6 +101,9 @@
called more than
once.
+ :raises TypeError: This exception is raised if ``key_material`` is not
+ ``bytes``.
+
This generates and returns a new key from the supplied password.
.. method:: verify(key_material, expected_key)
@@ -191,10 +196,15 @@
provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
+ :raises TypeError: This exception is raised if ``salt`` or ``info`` is not
+ ``bytes``.
+
.. method:: derive(key_material)
:param bytes key_material: The input key material.
:return bytes: The derived key.
+ :raises TypeError: This exception is raised if ``key_material`` is not
+ ``bytes``.
Derives a new key from the input key material by performing both the
extract and expand operations.
@@ -277,6 +287,7 @@
provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
:raises TypeError: This is raised if the provided ``info`` is a unicode object
+ :raises TypeError: This exception is raised if ``info`` is not ``bytes``.
.. method:: derive(key_material)
@@ -285,6 +296,8 @@
:raises TypeError: This is raised if the provided ``key_material`` is
a unicode object
+ :raises TypeError: This exception is raised if ``key_material`` is not
+ ``bytes``.
Derives a new key from the input key material by performing both the
extract and expand operations.
diff --git a/docs/hazmat/primitives/mac/cmac.rst b/docs/hazmat/primitives/mac/cmac.rst
index 1fde139..23b1fea 100644
--- a/docs/hazmat/primitives/mac/cmac.rst
+++ b/docs/hazmat/primitives/mac/cmac.rst
@@ -68,6 +68,7 @@
:param bytes data: The bytes to hash and authenticate.
:raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize`
+ :raises TypeError: This exception is raised if ``data`` is not ``bytes``.
.. method:: copy()
@@ -89,6 +90,8 @@
:raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize`
:raises cryptography.exceptions.InvalidSignature: If signature does not
match digest
+ :raises TypeError: This exception is raised if ``signature`` is not
+ ``bytes``.
.. method:: finalize()
diff --git a/docs/hazmat/primitives/mac/hmac.rst b/docs/hazmat/primitives/mac/hmac.rst
index e20a403..d56927b 100644
--- a/docs/hazmat/primitives/mac/hmac.rst
+++ b/docs/hazmat/primitives/mac/hmac.rst
@@ -69,6 +69,7 @@
:param bytes msg: The bytes to hash and authenticate.
:raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize`
+ :raises TypeError: This exception is raised if ``msg`` is not ``bytes``.
.. method:: copy()
@@ -90,6 +91,8 @@
:raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize`
:raises cryptography.exceptions.InvalidSignature: If signature does not
match digest
+ :raises TypeError: This exception is raised if ``signature`` is not
+ ``bytes``.
.. method:: finalize()
diff --git a/docs/hazmat/primitives/padding.rst b/docs/hazmat/primitives/padding.rst
index 4092ac0..0322f9d 100644
--- a/docs/hazmat/primitives/padding.rst
+++ b/docs/hazmat/primitives/padding.rst
@@ -70,6 +70,7 @@
:return bytes: Returns the data that was padded or unpadded.
:raises TypeError: Raised if data is not bytes.
:raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize`.
+ :raises TypeError: This exception is raised if ``data`` is not ``bytes``.
.. method:: finalize()