Added a max limit of 8 on length parameter. Updated documentation.

5 files changed, 25 insertions, 15 deletions

diff --git a/cryptography/hazmat/oath/hotp.py b/cryptography/hazmat/oath/hotp.py
index a1f62746..9f5a0f13 100644
--- a/cryptography/hazmat/oath/hotp.py
+++ b/cryptography/hazmat/oath/hotp.py
@@ -25,8 +25,8 @@ class HOTP(object):
         if len(key) < 16:
             raise ValueError("Key length has to be at least 128 bits.")
 
-        if length < 6:
-            raise ValueError("Length of HOTP has to be at least 6.")
+        if length < 6 or length > 8:
+            raise ValueError("Length of HOTP has to be between 6 to 8.")
 
         self._key = key
         self._length = length
diff --git a/docs/exceptions.rst b/docs/exceptions.rst
index 1e31e31c..8ca9df29 100644
--- a/docs/exceptions.rst
+++ b/docs/exceptions.rst
@@ -36,3 +36,9 @@ Exceptions
 
     This is raised when the verify method of a key derivation function's
     computed key does not match the expected key.
+
+
+.. class:: InvalidToken
+
+    This is raised when the verify method of a one time password function's
+    computed token does not match the expected token.
diff --git a/docs/hazmat/oath/hotp.rst b/docs/hazmat/oath.rst
index 7aff330f..b936f0e5 100644
--- a/docs/hazmat/oath/hotp.rst
+++ b/docs/hazmat/oath.rst
@@ -1,19 +1,25 @@
 .. hazmat::
 
-HMAC-Based One-Time Password Algorithm
-======================================
+OATH
+====
 
-.. currentmodule:: cryptography.hazmat.oath.hotp
+.. currentmodule:: cryptography.hazmat.oath
+
+This module contains algorithms under the umbrella of the
+Initiative for Open Authentication (OATH).
 
-This module contains functions for generating and verifying one time password
-values based on Hash-based message authentication codes (HMAC).
+Currently, it contains an algorithm for generating and verifying
+one time password values based on Hash-based message authentication
+codes (HMAC).
+
+.. currentmodule:: cryptography.hazmat.oath.hotp
 
 .. class:: HOTP(key, length, backend)
 
     HOTP objects take a ``key`` and ``length`` parameter. The ``key``
     should be randomly generated bytes and is recommended to be 160 bits in
     length. The ``length`` parameter controls the length of the generated
-    one time password and must be >= 6.
+    one time password and must be >= 6 and <= 8.
 
     This is an implementation of :rfc:`4226`.
 
@@ -36,8 +42,8 @@ values based on Hash-based message authentication codes (HMAC).
     :param backend: A
         :class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
         provider.
-    :raises ValueError: This is raised if the provided ``key`` or ``length``
-                        parameters are shorter than required.
+    :raises ValueError: This is raised if the provided ``key`` is shorter 128 bits
+                        or if the ``length`` parameter is not between 6 to 8.
 
 
     .. method:: generate(counter)
diff --git a/docs/index.rst b/docs/index.rst
index 7d6e618c..40c418b0 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -75,7 +75,7 @@ The hazardous materials layer
     hazmat/primitives/index
     hazmat/backends/index
     hazmat/bindings/index
-    hazmat/oath/hotp
+    hazmat/oath
 
 The ``cryptography`` open source project
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/tests/hazmat/oath/test_hotp.py b/tests/hazmat/oath/test_hotp.py
index 47292654..7b1db93d 100644
--- a/tests/hazmat/oath/test_hotp.py
+++ b/tests/hazmat/oath/test_hotp.py
@@ -35,15 +35,13 @@ class TestHOTP(object):
         secret = os.urandom(10)
 
         with pytest.raises(ValueError):
-            hotp = HOTP(secret, 6, backend)
-            hotp.generate(0)
+            HOTP(secret, 6, backend)
 
     def test_invalid_hotp_length(self, backend):
         secret = os.urandom(16)
 
         with pytest.raises(ValueError):
-            hotp = HOTP(secret, 4, backend)
-            hotp.generate(0)
+            HOTP(secret, 4, backend)
 
     @pytest.mark.parametrize("params", vectors)
     def test_truncate(self, backend, params):