Use AlreadyFinalized for symmetric ciphers

author: Alex Gaynor <alex.gaynor@gmail.com> 2013-11-13 13:30:30 -0800
committer: Alex Gaynor <alex.gaynor@gmail.com> 2013-11-13 13:30:30 -0800
commit: 34511c697f6f17915b5fe5a58214bb38d779f4a8 (patch)
tree: 8a51d2a402472a8071e641107eda2ee037f83349
parent: c2cddd2b1f0bd935ed53ee49446e268d9bf874e7 (diff)
download: cryptography-34511c697f6f17915b5fe5a58214bb38d779f4a8.tar.gz
cryptography-34511c697f6f17915b5fe5a58214bb38d779f4a8.tar.bz2
cryptography-34511c697f6f17915b5fe5a58214bb38d779f4a8.zip
5 files changed, 20 insertions, 9 deletions
diff --git a/cryptography/hazmat/primitives/ciphers/base.py b/cryptography/hazmat/primitives/ciphers/base.py
index 794d0191..0fe11996 100644
--- a/cryptography/hazmat/primitives/ciphers/base.py
+++ b/cryptography/hazmat/primitives/ciphers/base.py
@@ -13,6 +13,7 @@
 
 from __future__ import absolute_import, division, print_function
 
+from cryptography.exceptions import AlreadyFinalized
 from cryptography.hazmat.primitives import interfaces
 
 
@@ -45,12 +46,12 @@ class _CipherContext(object):
 
     def update(self, data):
         if self._ctx is None:
-            raise ValueError("Context was already finalized")
+            raise AlreadyFinalized("Context was already finalized")
         return self._ctx.update(data)
 
     def finalize(self):
         if self._ctx is None:
-            raise ValueError("Context was already finalized")
+            raise AlreadyFinalized("Context was already finalized")
         data = self._ctx.finalize()
         self._ctx = None
         return data
diff --git a/cryptography/hazmat/primitives/hashes.py b/cryptography/hazmat/primitives/hashes.py
index b8de6c4b..86c9fe2e 100644
--- a/cryptography/hazmat/primitives/hashes.py
+++ b/cryptography/hazmat/primitives/hashes.py
@@ -39,19 +39,21 @@ class Hash(object):
 
     def update(self, data):
         if self._ctx is None:
-            raise AlreadyFinalized()
+            raise AlreadyFinalized("Context was already finalized")
         if isinstance(data, six.text_type):
             raise TypeError("Unicode-objects must be encoded before hashing")
         self._ctx.update(data)
 
     def copy(self):
         if self._ctx is None:
-            raise AlreadyFinalized()
+            raise AlreadyFinalized("Context was already finalized")
         return Hash(
             self.algorithm, backend=self._backend, ctx=self._ctx.copy()
         )
 
     def finalize(self):
+        if self._ctx is None:
+            raise AlreadyFinalized("Context was already finalized")
         digest = self._ctx.finalize()
         self._ctx = None
         return digest
diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
index 28b143ba..950ea8b0 100644
--- a/docs/hazmat/primitives/symmetric-encryption.rst
+++ b/docs/hazmat/primitives/symmetric-encryption.rst
@@ -79,6 +79,7 @@ an "encrypt-then-MAC" formulation as `described by Colin Percival`_.
 
         :param bytes data: The data you wish to pass into the context.
         :return bytes: Returns the data that was encrypted or decrypted.
+        :raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize`
 
         When the ``Cipher`` was constructed in a mode that turns it into a
         stream cipher (e.g.
@@ -90,6 +91,10 @@ an "encrypt-then-MAC" formulation as `described by Colin Percival`_.
 
         :return bytes: Returns the remainder of the data.
 
+        Once ``finalize`` is called this object can no longer be used and
+        :meth:`update` will raise
+        :class:`~cryptography.exceptions.AlreadyFinalized`.
+
 Algorithms
 ~~~~~~~~~~
 
diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py
index 28f34478..938cff36 100644
--- a/tests/hazmat/primitives/test_block.py
+++ b/tests/hazmat/primitives/test_block.py
@@ -17,7 +17,7 @@ import binascii
 
 import pytest
 
-from cryptography.exceptions import UnsupportedAlgorithm
+from cryptography.exceptions import UnsupportedAlgorithm, AlreadyFinalized
 from cryptography.hazmat.primitives import interfaces
 from cryptography.hazmat.primitives.ciphers import (
     Cipher, algorithms, modes
@@ -56,16 +56,16 @@ class TestCipherContext(object):
         encryptor = cipher.encryptor()
         encryptor.update(b"a" * 16)
         encryptor.finalize()
-        with pytest.raises(ValueError):
+        with pytest.raises(AlreadyFinalized):
             encryptor.update(b"b" * 16)
-        with pytest.raises(ValueError):
+        with pytest.raises(AlreadyFinalized):
             encryptor.finalize()
         decryptor = cipher.decryptor()
         decryptor.update(b"a" * 16)
         decryptor.finalize()
-        with pytest.raises(ValueError):
+        with pytest.raises(AlreadyFinalized):
             decryptor.update(b"b" * 16)
-        with pytest.raises(ValueError):
+        with pytest.raises(AlreadyFinalized):
             decryptor.finalize()
 
     def test_unaligned_block_encryption(self, backend):
diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py
index 991caf15..367e764f 100644
--- a/tests/hazmat/primitives/test_hashes.py
+++ b/tests/hazmat/primitives/test_hashes.py
@@ -62,6 +62,9 @@ class TestHashContext(object):
         with pytest.raises(AlreadyFinalized):
             h.copy()
 
+        with pytest.raises(AlreadyFinalized):
+            h.finalize()
+
 
 class TestSHA1(object):
     test_SHA1 = generate_base_hash_test(
author	Alex Gaynor <alex.gaynor@gmail.com>	2013-11-13 13:30:30 -0800
committer	Alex Gaynor <alex.gaynor@gmail.com>	2013-11-13 13:30:30 -0800
commit	34511c697f6f17915b5fe5a58214bb38d779f4a8 (patch)
tree	8a51d2a402472a8071e641107eda2ee037f83349
parent	c2cddd2b1f0bd935ed53ee49446e268d9bf874e7 (diff)
download	cryptography-34511c697f6f17915b5fe5a58214bb38d779f4a8.tar.gz cryptography-34511c697f6f17915b5fe5a58214bb38d779f4a8.tar.bz2 cryptography-34511c697f6f17915b5fe5a58214bb38d779f4a8.zip