diff options
24 files changed, 187 insertions, 168 deletions
diff --git a/cryptography/fernet.py b/cryptography/fernet.py index 86920b48..cdb9bdca 100644 --- a/cryptography/fernet.py +++ b/cryptography/fernet.py @@ -43,7 +43,7 @@ class Fernet(object): key = base64.urlsafe_b64decode(key) if len(key) != 32: raise ValueError( - "Fernet key must be 32 url-safe base64-encoded bytes" + "Fernet key must be 32 url-safe base64-encoded bytes." ) self._signing_key = key[:16] @@ -61,7 +61,7 @@ class Fernet(object): def _encrypt_from_parts(self, data, current_time, iv): if not isinstance(data, bytes): - raise TypeError("data must be bytes") + raise TypeError("data must be bytes.") padder = padding.PKCS7(algorithms.AES.block_size).padder() padded_data = padder.update(data) + padder.finalize() @@ -81,7 +81,7 @@ class Fernet(object): def decrypt(self, token, ttl=None): if not isinstance(token, bytes): - raise TypeError("token must be bytes") + raise TypeError("token must be bytes.") current_time = int(time.time()) diff --git a/cryptography/hazmat/backends/commoncrypto/backend.py b/cryptography/hazmat/backends/commoncrypto/backend.py index 91c0721d..213cbd8c 100644 --- a/cryptography/hazmat/backends/commoncrypto/backend.py +++ b/cryptography/hazmat/backends/commoncrypto/backend.py @@ -154,7 +154,7 @@ class Backend(object): def _register_cipher_adapter(self, cipher_cls, cipher_const, mode_cls, mode_const): if (cipher_cls, mode_cls) in self._cipher_registry: - raise ValueError("Duplicate registration for: {0} {1}".format( + raise ValueError("Duplicate registration for: {0} {1}.".format( cipher_cls, mode_cls) ) self._cipher_registry[cipher_cls, mode_cls] = (cipher_const, @@ -228,7 +228,7 @@ class Backend(object): # rdar://15589470 raise ValueError( "The length of the provided data is not a multiple of " - "the block length" + "the block length." ) else: raise InternalError( @@ -277,7 +277,7 @@ class _CipherContext(object): except KeyError: raise UnsupportedAlgorithm( "cipher {0} in {1} mode is not supported " - "by this backend".format( + "by this backend.".format( cipher.name, mode.name if mode else mode), _Reasons.UNSUPPORTED_CIPHER ) @@ -324,7 +324,7 @@ class _CipherContext(object): if self._bytes_processed % self._byte_block_size: raise ValueError( "The length of the provided data is not a multiple of " - "the block length" + "the block length." ) buf = self._backend._ffi.new("unsigned char[]", self._byte_block_size) outlen = self._backend._ffi.new("size_t *") @@ -351,7 +351,7 @@ class _GCMCipherContext(object): except KeyError: raise UnsupportedAlgorithm( "cipher {0} in {1} mode is not supported " - "by this backend".format( + "by this backend.".format( cipher.name, mode.name if mode else mode), _Reasons.UNSUPPORTED_CIPHER ) @@ -425,7 +425,7 @@ class _HashContext(object): methods = self._backend._hash_mapping[self.algorithm.name] except KeyError: raise UnsupportedAlgorithm( - "{0} is not a supported hash on this backend".format( + "{0} is not a supported hash on this backend.".format( algorithm.name), _Reasons.UNSUPPORTED_HASH ) @@ -469,7 +469,7 @@ class _HMACContext(object): alg = self._backend._supported_hmac_algorithms[algorithm.name] except KeyError: raise UnsupportedAlgorithm( - "{0} is not a supported HMAC hash on this backend".format( + "{0} is not a supported HMAC hash on this backend.".format( algorithm.name), _Reasons.UNSUPPORTED_HASH ) diff --git a/cryptography/hazmat/backends/multibackend.py b/cryptography/hazmat/backends/multibackend.py index c5c652db..21d307cf 100644 --- a/cryptography/hazmat/backends/multibackend.py +++ b/cryptography/hazmat/backends/multibackend.py @@ -52,7 +52,7 @@ class MultiBackend(object): except UnsupportedAlgorithm: pass raise UnsupportedAlgorithm( - "cipher {0} in {1} mode is not supported by this backend".format( + "cipher {0} in {1} mode is not supported by this backend.".format( algorithm.name, mode.name if mode else mode), _Reasons.UNSUPPORTED_CIPHER ) @@ -64,7 +64,7 @@ class MultiBackend(object): except UnsupportedAlgorithm: pass raise UnsupportedAlgorithm( - "cipher {0} in {1} mode is not supported by this backend".format( + "cipher {0} in {1} mode is not supported by this backend.".format( algorithm.name, mode.name if mode else mode), _Reasons.UNSUPPORTED_CIPHER ) @@ -82,7 +82,7 @@ class MultiBackend(object): except UnsupportedAlgorithm: pass raise UnsupportedAlgorithm( - "{0} is not a supported hash on this backend".format( + "{0} is not a supported hash on this backend.".format( algorithm.name), _Reasons.UNSUPPORTED_HASH ) @@ -100,7 +100,7 @@ class MultiBackend(object): except UnsupportedAlgorithm: pass raise UnsupportedAlgorithm( - "{0} is not a supported hash on this backend".format( + "{0} is not a supported hash on this backend.".format( algorithm.name), _Reasons.UNSUPPORTED_HASH ) @@ -121,7 +121,7 @@ class MultiBackend(object): except UnsupportedAlgorithm: pass raise UnsupportedAlgorithm( - "{0} is not a supported hash on this backend".format( + "{0} is not a supported hash on this backend.".format( algorithm.name), _Reasons.UNSUPPORTED_HASH ) @@ -129,13 +129,13 @@ class MultiBackend(object): def generate_rsa_private_key(self, public_exponent, key_size): for b in self._filtered_backends(RSABackend): return b.generate_rsa_private_key(public_exponent, key_size) - raise UnsupportedAlgorithm("RSA is not supported by the backend", + raise UnsupportedAlgorithm("RSA is not supported by the backend.", _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM) def create_rsa_signature_ctx(self, private_key, padding, algorithm): for b in self._filtered_backends(RSABackend): return b.create_rsa_signature_ctx(private_key, padding, algorithm) - raise UnsupportedAlgorithm("RSA is not supported by the backend", + raise UnsupportedAlgorithm("RSA is not supported by the backend.", _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM) def create_rsa_verification_ctx(self, public_key, signature, padding, @@ -143,62 +143,62 @@ class MultiBackend(object): for b in self._filtered_backends(RSABackend): return b.create_rsa_verification_ctx(public_key, signature, padding, algorithm) - raise UnsupportedAlgorithm("RSA is not supported by the backend", + raise UnsupportedAlgorithm("RSA is not supported by the backend.", _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM) def mgf1_hash_supported(self, algorithm): for b in self._filtered_backends(RSABackend): return b.mgf1_hash_supported(algorithm) - raise UnsupportedAlgorithm("RSA is not supported by the backend", + raise UnsupportedAlgorithm("RSA is not supported by the backend.", _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM) def decrypt_rsa(self, private_key, ciphertext, padding): for b in self._filtered_backends(RSABackend): return b.decrypt_rsa(private_key, ciphertext, padding) - raise UnsupportedAlgorithm("RSA is not supported by the backend", + raise UnsupportedAlgorithm("RSA is not supported by the backend.", _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM) def encrypt_rsa(self, public_key, plaintext, padding): for b in self._filtered_backends(RSABackend): return b.encrypt_rsa(public_key, plaintext, padding) - raise UnsupportedAlgorithm("RSA is not supported by the backend", + raise UnsupportedAlgorithm("RSA is not supported by the backend.", _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM) def generate_dsa_parameters(self, key_size): for b in self._filtered_backends(DSABackend): return b.generate_dsa_parameters(key_size) - raise UnsupportedAlgorithm("DSA is not supported by the backend", + raise UnsupportedAlgorithm("DSA is not supported by the backend.", _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM) def generate_dsa_private_key(self, parameters): for b in self._filtered_backends(DSABackend): return b.generate_dsa_private_key(parameters) - raise UnsupportedAlgorithm("DSA is not supported by the backend", + raise UnsupportedAlgorithm("DSA is not supported by the backend.", _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM) def create_dsa_verification_ctx(self, public_key, signature, algorithm): for b in self._filtered_backends(DSABackend): return b.create_dsa_verification_ctx(public_key, signature, algorithm) - raise UnsupportedAlgorithm("DSA is not supported by the backend", + raise UnsupportedAlgorithm("DSA is not supported by the backend.", _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM) def create_dsa_signature_ctx(self, private_key, algorithm): for b in self._filtered_backends(DSABackend): return b.create_dsa_signature_ctx(private_key, algorithm) - raise UnsupportedAlgorithm("DSA is not supported by the backend", + raise UnsupportedAlgorithm("DSA is not supported by the backend.", _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM) def dsa_hash_supported(self, algorithm): for b in self._filtered_backends(DSABackend): return b.dsa_hash_supported(algorithm) - raise UnsupportedAlgorithm("DSA is not supported by the backend", + raise UnsupportedAlgorithm("DSA is not supported by the backend.", _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM) def dsa_parameters_supported(self, p, q, g): for b in self._filtered_backends(DSABackend): return b.dsa_parameters_supported(p, q, g) - raise UnsupportedAlgorithm("DSA is not supported by the backend", + raise UnsupportedAlgorithm("DSA is not supported by the backend.", _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM) def cmac_algorithm_supported(self, algorithm): @@ -213,5 +213,5 @@ class MultiBackend(object): return b.create_cmac_ctx(algorithm) except UnsupportedAlgorithm: pass - raise UnsupportedAlgorithm("This backend does not support CMAC", + raise UnsupportedAlgorithm("This backend does not support CMAC.", _Reasons.UNSUPPORTED_CIPHER) diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index af8fc751..8853646a 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -141,7 +141,7 @@ class Backend(object): def register_cipher_adapter(self, cipher_cls, mode_cls, adapter): if (cipher_cls, mode_cls) in self._cipher_registry: - raise ValueError("Duplicate registration for: {0} {1}".format( + raise ValueError("Duplicate registration for: {0} {1}.".format( cipher_cls, mode_cls) ) self._cipher_registry[cipher_cls, mode_cls] = adapter @@ -234,7 +234,7 @@ class Backend(object): if not isinstance(algorithm, hashes.SHA1): raise UnsupportedAlgorithm( "This version of OpenSSL only supports PBKDF2HMAC with " - "SHA1", + "SHA1.", _Reasons.UNSUPPORTED_HASH ) res = self._lib.PKCS5_PBKDF2_HMAC_SHA1( @@ -272,7 +272,7 @@ class Backend(object): def _unknown_error(self, error): return InternalError( "Unknown error code {0} from OpenSSL, " - "you should probably file a bug. {1}".format( + "you should probably file a bug. {1}.".format( error.code, self._err_string(error.code) ) ) @@ -329,13 +329,13 @@ class Backend(object): def generate_rsa_private_key(self, public_exponent, key_size): if public_exponent < 3: - raise ValueError("public_exponent must be >= 3") + raise ValueError("public_exponent must be >= 3.") if public_exponent & 1 == 0: - raise ValueError("public_exponent must be odd") + raise ValueError("public_exponent must be odd.") if key_size < 512: - raise ValueError("key_size must be at least 512-bits") + raise ValueError("key_size must be at least 512-bits.") ctx = self._lib.RSA_new() assert ctx != self._ffi.NULL @@ -434,13 +434,13 @@ class Backend(object): def generate_dsa_parameters(self, key_size): if key_size not in (1024, 2048, 3072): raise ValueError( - "Key size must be 1024 or 2048 or 3072 bits") + "Key size must be 1024 or 2048 or 3072 bits.") if (self._lib.OPENSSL_VERSION_NUMBER < 0x1000000f and key_size > 1024): raise ValueError( "Key size must be 1024 because OpenSSL < 1.0.0 doesn't " - "support larger key sizes") + "support larger key sizes.") ctx = self._lib.DSA_new() assert ctx != self._ffi.NULL @@ -539,28 +539,28 @@ class Backend(object): padding_enum = self._lib.RSA_PKCS1_OAEP_PADDING if not isinstance(padding._mgf, MGF1): raise UnsupportedAlgorithm( - "Only MGF1 is supported by this backend", + "Only MGF1 is supported by this backend.", _Reasons.UNSUPPORTED_MGF ) if not isinstance(padding._mgf._algorithm, hashes.SHA1): raise UnsupportedAlgorithm( "This backend supports only SHA1 inside MGF1 when " - "using OAEP", + "using OAEP.", _Reasons.UNSUPPORTED_HASH ) if padding._label is not None and padding._label != b"": - raise ValueError("This backend does not support OAEP labels") + raise ValueError("This backend does not support OAEP labels.") if not isinstance(padding._algorithm, hashes.SHA1): raise UnsupportedAlgorithm( - "This backend only supports SHA1 when using OAEP", + "This backend only supports SHA1 when using OAEP.", _Reasons.UNSUPPORTED_HASH ) else: raise UnsupportedAlgorithm( - "{0} is not supported by this backend".format( + "{0} is not supported by this backend.".format( padding.name ), _Reasons.UNSUPPORTED_PADDING @@ -640,14 +640,14 @@ class Backend(object): self._lib.RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE) raise ValueError( "Data too long for key size. Encrypt less data or use a " - "larger key size" + "larger key size." ) else: assert ( errors[0].reason == self._lib.RSA_R_BLOCK_TYPE_IS_NOT_01 or errors[0].reason == self._lib.RSA_R_BLOCK_TYPE_IS_NOT_02 ) - raise ValueError("Decryption failed") + raise ValueError("Decryption failed.") def cmac_algorithm_supported(self, algorithm): return ( @@ -699,7 +699,7 @@ class _CipherContext(object): except KeyError: raise UnsupportedAlgorithm( "cipher {0} in {1} mode is not supported " - "by this backend".format( + "by this backend.".format( cipher.name, mode.name if mode else mode), _Reasons.UNSUPPORTED_CIPHER ) @@ -708,7 +708,7 @@ class _CipherContext(object): if evp_cipher == self._backend._ffi.NULL: raise UnsupportedAlgorithm( "cipher {0} in {1} mode is not supported " - "by this backend".format( + "by this backend.".format( cipher.name, mode.name if mode else mode), _Reasons.UNSUPPORTED_CIPHER ) @@ -849,7 +849,7 @@ class _HashContext(object): algorithm.name.encode("ascii")) if evp_md == self._backend._ffi.NULL: raise UnsupportedAlgorithm( - "{0} is not a supported hash on this backend".format( + "{0} is not a supported hash on this backend.".format( algorithm.name), _Reasons.UNSUPPORTED_HASH ) @@ -900,7 +900,7 @@ class _HMACContext(object): algorithm.name.encode('ascii')) if evp_md == self._backend._ffi.NULL: raise UnsupportedAlgorithm( - "{0} is not a supported hash on this backend".format( + "{0} is not a supported hash on this backend.".format( algorithm.name), _Reasons.UNSUPPORTED_HASH ) @@ -969,7 +969,7 @@ class _RSASignatureContext(object): if not isinstance(padding, interfaces.AsymmetricPadding): raise TypeError( - "Expected provider of interfaces.AsymmetricPadding") + "Expected provider of interfaces.AsymmetricPadding.") if isinstance(padding, PKCS1v15): if self._backend._lib.Cryptography_HAS_PKEY_CTX: @@ -980,7 +980,7 @@ class _RSASignatureContext(object): elif isinstance(padding, PSS): if not isinstance(padding._mgf, MGF1): raise UnsupportedAlgorithm( - "Only MGF1 is supported by this backend", + "Only MGF1 is supported by this backend.", _Reasons.UNSUPPORTED_MGF ) @@ -1005,7 +1005,7 @@ class _RSASignatureContext(object): self._finalize_method = self._finalize_pss else: raise UnsupportedAlgorithm( - "{0} is not supported by this backend".format(padding.name), + "{0} is not supported by this backend.".format(padding.name), _Reasons.UNSUPPORTED_PADDING ) @@ -1015,13 +1015,13 @@ class _RSASignatureContext(object): def update(self, data): if self._hash_ctx is None: - raise AlreadyFinalized("Context has already been finalized") + raise AlreadyFinalized("Context has already been finalized.") self._hash_ctx.update(data) def finalize(self): if self._hash_ctx is None: - raise AlreadyFinalized("Context has already been finalized") + raise AlreadyFinalized("Context has already been finalized.") evp_pkey = self._backend._rsa_private_key_to_evp_pkey( self._private_key) @@ -1169,7 +1169,7 @@ class _RSAVerificationContext(object): if not isinstance(padding, interfaces.AsymmetricPadding): raise TypeError( - "Expected provider of interfaces.AsymmetricPadding") + "Expected provider of interfaces.AsymmetricPadding.") if isinstance(padding, PKCS1v15): if self._backend._lib.Cryptography_HAS_PKEY_CTX: @@ -1180,7 +1180,7 @@ class _RSAVerificationContext(object): elif isinstance(padding, PSS): if not isinstance(padding._mgf, MGF1): raise UnsupportedAlgorithm( - "Only MGF1 is supported by this backend", + "Only MGF1 is supported by this backend.", _Reasons.UNSUPPORTED_MGF ) @@ -1207,7 +1207,7 @@ class _RSAVerificationContext(object): self._verify_method = self._verify_pss else: raise UnsupportedAlgorithm( - "{0} is not supported by this backend".format(padding.name), + "{0} is not supported by this backend.".format(padding.name), _Reasons.UNSUPPORTED_PADDING ) @@ -1217,13 +1217,13 @@ class _RSAVerificationContext(object): def update(self, data): if self._hash_ctx is None: - raise AlreadyFinalized("Context has already been finalized") + raise AlreadyFinalized("Context has already been finalized.") self._hash_ctx.update(data) def verify(self): if self._hash_ctx is None: - raise AlreadyFinalized("Context has already been finalized") + raise AlreadyFinalized("Context has already been finalized.") evp_pkey = self._backend._rsa_public_key_to_evp_pkey( self._public_key) @@ -1357,13 +1357,13 @@ class _DSAVerificationContext(object): def update(self, data): if self._hash_ctx is None: - raise AlreadyFinalized("Context has already been finalized") + raise AlreadyFinalized("Context has already been finalized.") self._hash_ctx.update(data) def verify(self): if self._hash_ctx is None: - raise AlreadyFinalized("Context has already been finalized") + raise AlreadyFinalized("Context has already been finalized.") self._dsa_cdata = self._backend._dsa_cdata_from_public_key( self._public_key) @@ -1402,13 +1402,13 @@ class _DSASignatureContext(object): def update(self, data): if self._hash_ctx is None: - raise AlreadyFinalized("Context has already been finalized") + raise AlreadyFinalized("Context has already been finalized.") self._hash_ctx.update(data) def finalize(self): if self._hash_ctx is None: - raise AlreadyFinalized("Context has already been finalized") + raise AlreadyFinalized("Context has already been finalized.") data_to_sign = self._hash_ctx.finalize() self._hash_ctx = None @@ -1431,7 +1431,7 @@ class _DSASignatureContext(object): class _CMACContext(object): def __init__(self, backend, algorithm, ctx=None): if not backend.cmac_algorithm_supported(algorithm): - raise UnsupportedAlgorithm("This backend does not support CMAC", + raise UnsupportedAlgorithm("This backend does not support CMAC.", _Reasons.UNSUPPORTED_CIPHER) self._backend = backend diff --git a/cryptography/hazmat/bindings/openssl/binding.py b/cryptography/hazmat/bindings/openssl/binding.py index aa0525ff..464081b0 100644 --- a/cryptography/hazmat/bindings/openssl/binding.py +++ b/cryptography/hazmat/bindings/openssl/binding.py @@ -149,7 +149,7 @@ class Binding(object): lock.release() else: raise RuntimeError( - "Unknown lock mode {0}: lock={1}, file={2}, line={3}".format( + "Unknown lock mode {0}: lock={1}, file={2}, line={3}.".format( mode, n, file, line ) ) diff --git a/cryptography/hazmat/bindings/openssl/ec.py b/cryptography/hazmat/bindings/openssl/ec.py index 45c17c2e..26fc8ff0 100644 --- a/cryptography/hazmat/bindings/openssl/ec.py +++ b/cryptography/hazmat/bindings/openssl/ec.py @@ -27,6 +27,8 @@ static const int Cryptography_HAS_EC_1_0_1; static const int Cryptography_HAS_EC_NISTP_64_GCC_128; static const int Cryptography_HAS_EC2M; +static const int OPENSSL_EC_NAMED_CURVE; + typedef ... EC_KEY; typedef ... EC_GROUP; typedef ... EC_POINT; @@ -61,6 +63,8 @@ int EC_GROUP_set_curve_GF2m( int EC_GROUP_get_curve_GF2m( const EC_GROUP *, BIGNUM *, BIGNUM *, BIGNUM *, BN_CTX *); +int EC_GROUP_get_degree(const EC_GROUP *); + const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *); const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *); int EC_GROUP_get_curve_name(const EC_GROUP *); @@ -198,6 +202,7 @@ int EC_METHOD_get_field_type(const EC_METHOD *); CUSTOMIZATIONS = """ #ifdef OPENSSL_NO_EC static const long Cryptography_HAS_EC = 0; + typedef void EC_KEY; typedef void EC_GROUP; typedef void EC_POINT; @@ -208,6 +213,8 @@ typedef struct { } EC_builtin_curve; typedef long point_conversion_form_t; +static const int OPENSSL_EC_NAMED_CURVE = 0; + void (*EC_KEY_free)(EC_KEY *) = NULL; size_t (*EC_get_builtin_curves)(EC_builtin_curve *, size_t) = NULL; EC_KEY *(*EC_KEY_new_by_curve_name)(int) = NULL; @@ -250,6 +257,8 @@ int (*EC_GROUP_set_curve_GFp)( int (*EC_GROUP_get_curve_GFp)( const EC_GROUP *, BIGNUM *, BIGNUM *, BIGNUM *, BN_CTX *); +int (*EC_GROUP_get_degree)(const EC_GROUP *) = NULL; + const EC_METHOD *(*EC_GROUP_method_of)(const EC_GROUP *) = NULL; const EC_POINT *(*EC_GROUP_get0_generator)(const EC_GROUP *) = NULL; int (*EC_GROUP_get_curve_name)(const EC_GROUP *) = NULL; @@ -389,6 +398,7 @@ static const long Cryptography_HAS_EC2M = 1; CONDITIONAL_NAMES = { "Cryptography_HAS_EC": [ + "OPENSSL_EC_NAMED_CURVE", "EC_GROUP_new", "EC_GROUP_free", "EC_GROUP_clear_free", @@ -399,6 +409,7 @@ CONDITIONAL_NAMES = { "EC_GROUP_method_of", "EC_GROUP_get0_generator", "EC_GROUP_get_curve_name", + "EC_GROUP_get_degree", "EC_KEY_free", "EC_get_builtin_curves", "EC_KEY_new_by_curve_name", diff --git a/cryptography/hazmat/primitives/asymmetric/dsa.py b/cryptography/hazmat/primitives/asymmetric/dsa.py index aa3cdc90..a9ae9ecb 100644 --- a/cryptography/hazmat/primitives/asymmetric/dsa.py +++ b/cryptography/hazmat/primitives/asymmetric/dsa.py @@ -27,7 +27,7 @@ def _check_dsa_parameters(modulus, subgroup_order, generator): not isinstance(subgroup_order, six.integer_types) or not isinstance(generator, six.integer_types) ): - raise TypeError("DSA parameters must be integers") + raise TypeError("DSA parameters must be integers.") if (utils.bit_length(modulus), utils.bit_length(subgroup_order)) not in ( @@ -36,10 +36,10 @@ def _check_dsa_parameters(modulus, subgroup_order, generator): (3072, 256)): raise ValueError("modulus and subgroup_order lengths must be " "one of these pairs (1024, 160) or (2048, 256) " - "or (3072, 256)") + "or (3072, 256).") if generator <= 1 or generator >= modulus: - raise ValueError("generator must be > 1 and < modulus") + raise ValueError("generator must be > 1 and < modulus.") @utils.register_interface(interfaces.DSAParameters) @@ -55,7 +55,7 @@ class DSAParameters(object): def generate(cls, key_size, backend): if not isinstance(backend, DSABackend): raise UnsupportedAlgorithm( - "Backend object does not implement DSABackend", + "Backend object does not implement DSABackend.", _Reasons.BACKEND_MISSING_INTERFACE ) @@ -94,13 +94,13 @@ class DSAPrivateKey(object): not isinstance(x, six.integer_types) or not isinstance(y, six.integer_types) ): - raise TypeError("DSAPrivateKey arguments must be integers") + raise TypeError("DSAPrivateKey arguments must be integers.") if x <= 0 or x >= subgroup_order: - raise ValueError("x must be > 0 and < subgroup_order") + raise ValueError("x must be > 0 and < subgroup_order.") if y != pow(generator, x, modulus): - raise ValueError("y must be equal to (generator ** x % modulus)") + raise ValueError("y must be equal to (generator ** x % modulus).") self._modulus = modulus self._subgroup_order = subgroup_order @@ -112,7 +112,7 @@ class DSAPrivateKey(object): def generate(cls, parameters, backend): if not isinstance(backend, DSABackend): raise UnsupportedAlgorithm( - "Backend object does not implement DSABackend", + "Backend object does not implement DSABackend.", _Reasons.BACKEND_MISSING_INTERFACE ) @@ -121,7 +121,7 @@ class DSAPrivateKey(object): def signer(self, algorithm, backend): if not isinstance(backend, DSABackend): raise UnsupportedAlgorithm( - "Backend object does not implement DSABackend", + "Backend object does not implement DSABackend.", _Reasons.BACKEND_MISSING_INTERFACE ) @@ -153,7 +153,7 @@ class DSAPublicKey(object): def __init__(self, modulus, subgroup_order, generator, y): _check_dsa_parameters(modulus, subgroup_order, generator) if not isinstance(y, six.integer_types): - raise TypeError("y must be an integer") + raise TypeError("y must be an integer.") self._modulus = modulus self._subgroup_order = subgroup_order @@ -163,7 +163,7 @@ class DSAPublicKey(object): def verifier(self, signature, algorithm, backend): if not isinstance(backend, DSABackend): raise UnsupportedAlgorithm( - "Backend object does not implement DSABackend", + "Backend object does not implement DSABackend.", _Reasons.BACKEND_MISSING_INTERFACE ) diff --git a/cryptography/hazmat/primitives/asymmetric/padding.py b/cryptography/hazmat/primitives/asymmetric/padding.py index f7710c49..d44bbda5 100644 --- a/cryptography/hazmat/primitives/asymmetric/padding.py +++ b/cryptography/hazmat/primitives/asymmetric/padding.py @@ -44,13 +44,13 @@ class PSS(object): else: if (not isinstance(salt_length, six.integer_types) and salt_length is not self.MAX_LENGTH): - raise TypeError("salt_length must be an integer") + raise TypeError("salt_length must be an integer.") if salt_length is not self.MAX_LENGTH and salt_length < 0: - raise ValueError("salt_length must be zero or greater") + raise ValueError("salt_length must be zero or greater.") if salt_length is None and self._mgf._salt_length is None: - raise ValueError("You must supply salt_length") + raise ValueError("You must supply salt_length.") self._salt_length = salt_length @@ -86,9 +86,9 @@ class MGF1(object): ) if (not isinstance(salt_length, six.integer_types) and salt_length is not self.MAX_LENGTH): - raise TypeError("salt_length must be an integer") + raise TypeError("salt_length must be an integer.") if salt_length is not self.MAX_LENGTH and salt_length < 0: - raise ValueError("salt_length must be zero or greater") + raise ValueError("salt_length must be zero or greater.") self._salt_length = salt_length diff --git a/cryptography/hazmat/primitives/asymmetric/rsa.py b/cryptography/hazmat/primitives/asymmetric/rsa.py index 5d3bb36c..a9f57838 100644 --- a/cryptography/hazmat/primitives/asymmetric/rsa.py +++ b/cryptography/hazmat/primitives/asymmetric/rsa.py @@ -28,16 +28,16 @@ class RSAPublicKey(object): not isinstance(public_exponent, six.integer_types) or not isinstance(modulus, six.integer_types) ): - raise TypeError("RSAPublicKey arguments must be integers") + raise TypeError("RSAPublicKey arguments must be integers.") if modulus < 3: - raise ValueError("modulus must be >= 3") + raise ValueError("modulus must be >= 3.") if public_exponent < 3 or public_exponent >= modulus: - raise ValueError("public_exponent must be >= 3 and < modulus") + raise ValueError("public_exponent must be >= 3 and < modulus.") if public_exponent & 1 == 0: - raise ValueError("public_exponent must be odd") + raise ValueError("public_exponent must be odd.") self._public_exponent = public_exponent self._modulus = modulus @@ -45,7 +45,7 @@ class RSAPublicKey(object): def verifier(self, signature, padding, algorithm, backend): if not isinstance(backend, RSABackend): raise UnsupportedAlgorithm( - "Backend object does not implement RSABackend", + "Backend object does not implement RSABackend.", _Reasons.BACKEND_MISSING_INTERFACE ) @@ -55,7 +55,7 @@ class RSAPublicKey(object): def encrypt(self, plaintext, padding, backend): if not isinstance(backend, RSABackend): raise UnsupportedAlgorithm( - "Backend object does not implement RSABackend", + "Backend object does not implement RSABackend.", _Reasons.BACKEND_MISSING_INTERFACE ) @@ -132,43 +132,43 @@ class RSAPrivateKey(object): not isinstance(public_exponent, six.integer_types) or not isinstance(modulus, six.integer_types) ): - raise TypeError("RSAPrivateKey arguments must be integers") + raise TypeError("RSAPrivateKey arguments must be integers.") if modulus < 3: - raise ValueError("modulus must be >= 3") + raise ValueError("modulus must be >= 3.") if p >= modulus: - raise ValueError("p must be < modulus") + raise ValueError("p must be < modulus.") if q >= modulus: - raise ValueError("q must be < modulus") + raise ValueError("q must be < modulus.") if dmp1 >= modulus: - raise ValueError("dmp1 must be < modulus") + raise ValueError("dmp1 must be < modulus.") if dmq1 >= modulus: - raise ValueError("dmq1 must be < modulus") + raise ValueError("dmq1 must be < modulus.") if iqmp >= modulus: - raise ValueError("iqmp must be < modulus") + raise ValueError("iqmp must be < modulus.") if private_exponent >= modulus: - raise ValueError("private_exponent must be < modulus") + raise ValueError("private_exponent must be < modulus.") if public_exponent < 3 or public_exponent >= modulus: - raise ValueError("public_exponent must be >= 3 and < modulus") + raise ValueError("public_exponent must be >= 3 and < modulus.") if public_exponent & 1 == 0: - raise ValueError("public_exponent must be odd") + raise ValueError("public_exponent must be odd.") if dmp1 & 1 == 0: - raise ValueError("dmp1 must be odd") + raise ValueError("dmp1 must be odd.") if dmq1 & 1 == 0: - raise ValueError("dmq1 must be odd") + raise ValueError("dmq1 must be odd.") if p * q != modulus: - raise ValueError("p*q must equal modulus") + raise ValueError("p*q must equal modulus.") self._p = p self._q = q @@ -183,7 +183,7 @@ class RSAPrivateKey(object): def generate(cls, public_exponent, key_size, backend): if not isinstance(backend, RSABackend): raise UnsupportedAlgorithm( - "Backend object does not implement RSABackend", + "Backend object does not implement RSABackend.", _Reasons.BACKEND_MISSING_INTERFACE ) @@ -192,7 +192,7 @@ class RSAPrivateKey(object): def signer(self, padding, algorithm, backend): if not isinstance(backend, RSABackend): raise UnsupportedAlgorithm( - "Backend object does not implement RSABackend", + "Backend object does not implement RSABackend.", _Reasons.BACKEND_MISSING_INTERFACE ) @@ -201,7 +201,7 @@ class RSAPrivateKey(object): def decrypt(self, ciphertext, padding, backend): if not isinstance(backend, RSABackend): raise UnsupportedAlgorithm( - "Backend object does not implement RSABackend", + "Backend object does not implement RSABackend.", _Reasons.BACKEND_MISSING_INTERFACE ) diff --git a/cryptography/hazmat/primitives/ciphers/algorithms.py b/cryptography/hazmat/primitives/ciphers/algorithms.py index 52daf178..bd8437c2 100644 --- a/cryptography/hazmat/primitives/ciphers/algorithms.py +++ b/cryptography/hazmat/primitives/ciphers/algorithms.py @@ -20,7 +20,7 @@ from cryptography.hazmat.primitives import interfaces def _verify_key_size(algorithm, key): # Verify that the key size matches the expected key size if len(key) * 8 not in algorithm.key_sizes: - raise ValueError("Invalid key size ({0}) for {1}".format( + raise ValueError("Invalid key size ({0}) for {1}.".format( len(key) * 8, algorithm.name )) return key diff --git a/cryptography/hazmat/primitives/ciphers/base.py b/cryptography/hazmat/primitives/ciphers/base.py index 2274e945..e3fe5adc 100644 --- a/cryptography/hazmat/primitives/ciphers/base.py +++ b/cryptography/hazmat/primitives/ciphers/base.py @@ -26,12 +26,14 @@ class Cipher(object): def __init__(self, algorithm, mode, backend): if not isinstance(backend, CipherBackend): raise UnsupportedAlgorithm( - "Backend object does not implement CipherBackend", + "Backend object does not implement CipherBackend.", _Reasons.BACKEND_MISSING_INTERFACE ) if not isinstance(algorithm, interfaces.CipherAlgorithm): - raise TypeError("Expected interface of interfaces.CipherAlgorithm") + raise TypeError( + "Expected interface of interfaces.CipherAlgorithm." + ) if mode is not None: mode.validate_for_algorithm(algorithm) @@ -44,7 +46,7 @@ class Cipher(object): if isinstance(self.mode, interfaces.ModeWithAuthenticationTag): if self.mode.tag is not None: raise ValueError( - "Authentication tag must be None when encrypting" + "Authentication tag must be None when encrypting." ) ctx = self._backend.create_symmetric_encryption_ctx( self.algorithm, self.mode @@ -55,7 +57,7 @@ class Cipher(object): if isinstance(self.mode, interfaces.ModeWithAuthenticationTag): if self.mode.tag is None: raise ValueError( - "Authentication tag must be provided when decrypting" + "Authentication tag must be provided when decrypting." ) ctx = self._backend.create_symmetric_decryption_ctx( self.algorithm, self.mode @@ -79,12 +81,12 @@ class _CipherContext(object): def update(self, data): if self._ctx is None: - raise AlreadyFinalized("Context was already finalized") + raise AlreadyFinalized("Context was already finalized.") return self._ctx.update(data) def finalize(self): if self._ctx is None: - raise AlreadyFinalized("Context was already finalized") + raise AlreadyFinalized("Context was already finalized.") data = self._ctx.finalize() self._ctx = None return data @@ -100,13 +102,13 @@ class _AEADCipherContext(object): def update(self, data): if self._ctx is None: - raise AlreadyFinalized("Context was already finalized") + raise AlreadyFinalized("Context was already finalized.") self._updated = True return self._ctx.update(data) def finalize(self): if self._ctx is None: - raise AlreadyFinalized("Context was already finalized") + raise AlreadyFinalized("Context was already finalized.") data = self._ctx.finalize() self._tag = self._ctx.tag self._ctx = None @@ -114,9 +116,9 @@ class _AEADCipherContext(object): def authenticate_additional_data(self, data): if self._ctx is None: - raise AlreadyFinalized("Context was already finalized") + raise AlreadyFinalized("Context was already finalized.") if self._updated: - raise AlreadyUpdated("Update has been called on this context") + raise AlreadyUpdated("Update has been called on this context.") self._ctx.authenticate_additional_data(data) @@ -126,5 +128,5 @@ class _AEADEncryptionContext(_AEADCipherContext): def tag(self): if self._ctx is not None: raise NotYetFinalized("You must finalize encryption before " - "getting the tag") + "getting the tag.") return self._tag diff --git a/cryptography/hazmat/primitives/ciphers/modes.py b/cryptography/hazmat/primitives/ciphers/modes.py index 20dab8ae..e70a9db5 100644 --- a/cryptography/hazmat/primitives/ciphers/modes.py +++ b/cryptography/hazmat/primitives/ciphers/modes.py @@ -19,7 +19,7 @@ from cryptography.hazmat.primitives import interfaces def _check_iv_length(mode, algorithm): if len(mode.initialization_vector) * 8 != algorithm.block_size: - raise ValueError("Invalid IV size ({0}) for {1}".format( + raise ValueError("Invalid IV size ({0}) for {1}.".format( len(mode.initialization_vector), mode.name )) @@ -86,7 +86,7 @@ class CTR(object): def validate_for_algorithm(self, algorithm): if len(self.nonce) * 8 != algorithm.block_size: - raise ValueError("Invalid nonce size ({0}) for {1}".format( + raise ValueError("Invalid nonce size ({0}) for {1}.".format( len(self.nonce), self.name )) @@ -103,7 +103,7 @@ class GCM(object): # for it if tag is not None and len(tag) < 4: raise ValueError( - "Authentication tag must be 4 bytes or longer" + "Authentication tag must be 4 bytes or longer." ) self.initialization_vector = initialization_vector diff --git a/cryptography/hazmat/primitives/cmac.py b/cryptography/hazmat/primitives/cmac.py index 7f7cc0f0..fa463ae0 100644 --- a/cryptography/hazmat/primitives/cmac.py +++ b/cryptography/hazmat/primitives/cmac.py @@ -26,13 +26,13 @@ class CMAC(object): def __init__(self, algorithm, backend, ctx=None): if not isinstance(backend, CMACBackend): raise UnsupportedAlgorithm( - "Backend object does not implement CMACBackend", + "Backend object does not implement CMACBackend.", _Reasons.BACKEND_MISSING_INTERFACE ) if not isinstance(algorithm, interfaces.BlockCipherAlgorithm): raise TypeError( - "Expected instance of interfaces.BlockCipherAlgorithm" + "Expected instance of interfaces.BlockCipherAlgorithm." ) self._algorithm = algorithm @@ -44,28 +44,28 @@ class CMAC(object): def update(self, data): if self._ctx is None: - raise AlreadyFinalized("Context was already finalized") + raise AlreadyFinalized("Context was already finalized.") if not isinstance(data, bytes): - raise TypeError("data must be bytes") + raise TypeError("data must be bytes.") self._ctx.update(data) def finalize(self): if self._ctx is None: - raise AlreadyFinalized("Context was already finalized") + raise AlreadyFinalized("Context was already finalized.") digest = self._ctx.finalize() self._ctx = None return digest def verify(self, signature): if not isinstance(signature, bytes): - raise TypeError("signature must be bytes") + raise TypeError("signature must be bytes.") digest = self.finalize() if not constant_time.bytes_eq(digest, signature): raise InvalidSignature("Signature did not match digest.") def copy(self): if self._ctx is None: - raise AlreadyFinalized("Context was already finalized") + raise AlreadyFinalized("Context was already finalized.") return CMAC( self._algorithm, backend=self._backend, diff --git a/cryptography/hazmat/primitives/constant_time.py b/cryptography/hazmat/primitives/constant_time.py index 7172741a..4547da13 100644 --- a/cryptography/hazmat/primitives/constant_time.py +++ b/cryptography/hazmat/primitives/constant_time.py @@ -56,6 +56,6 @@ _lib = _ffi.verify( def bytes_eq(a, b): if not isinstance(a, bytes) or not isinstance(b, bytes): - raise TypeError("a and b must be bytes") + raise TypeError("a and b must be bytes.") return _lib.Cryptography_constant_time_bytes_eq(a, len(a), b, len(b)) == 1 diff --git a/cryptography/hazmat/primitives/hashes.py b/cryptography/hazmat/primitives/hashes.py index 4e6d2fb1..04f7620a 100644 --- a/cryptography/hazmat/primitives/hashes.py +++ b/cryptography/hazmat/primitives/hashes.py @@ -26,7 +26,7 @@ class Hash(object): def __init__(self, algorithm, backend, ctx=None): if not isinstance(backend, HashBackend): raise UnsupportedAlgorithm( - "Backend object does not implement HashBackend", + "Backend object does not implement HashBackend.", _Reasons.BACKEND_MISSING_INTERFACE ) @@ -43,21 +43,21 @@ class Hash(object): def update(self, data): if self._ctx is None: - raise AlreadyFinalized("Context was already finalized") + raise AlreadyFinalized("Context was already finalized.") if not isinstance(data, bytes): - raise TypeError("data must be bytes") + raise TypeError("data must be bytes.") self._ctx.update(data) def copy(self): if self._ctx is None: - raise AlreadyFinalized("Context was already finalized") + raise AlreadyFinalized("Context was already finalized.") return Hash( self.algorithm, backend=self._backend, ctx=self._ctx.copy() ) def finalize(self): if self._ctx is None: - raise AlreadyFinalized("Context was already finalized") + raise AlreadyFinalized("Context was already finalized.") digest = self._ctx.finalize() self._ctx = None return digest diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py index 0f89df94..026ad3b3 100644 --- a/cryptography/hazmat/primitives/hmac.py +++ b/cryptography/hazmat/primitives/hmac.py @@ -26,7 +26,7 @@ class HMAC(object): def __init__(self, key, algorithm, backend, ctx=None): if not isinstance(backend, HMACBackend): raise UnsupportedAlgorithm( - "Backend object does not implement HMACBackend", + "Backend object does not implement HMACBackend.", _Reasons.BACKEND_MISSING_INTERFACE ) @@ -43,14 +43,14 @@ class HMAC(object): def update(self, msg): if self._ctx is None: - raise AlreadyFinalized("Context was already finalized") + raise AlreadyFinalized("Context was already finalized.") if not isinstance(msg, bytes): - raise TypeError("msg must be bytes") + raise TypeError("msg must be bytes.") self._ctx.update(msg) def copy(self): if self._ctx is None: - raise AlreadyFinalized("Context was already finalized") + raise AlreadyFinalized("Context was already finalized.") return HMAC( self._key, self.algorithm, @@ -60,14 +60,14 @@ class HMAC(object): def finalize(self): if self._ctx is None: - raise AlreadyFinalized("Context was already finalized") + raise AlreadyFinalized("Context was already finalized.") digest = self._ctx.finalize() self._ctx = None return digest def verify(self, signature): if not isinstance(signature, bytes): - raise TypeError("signature must be bytes") + raise TypeError("signature must be bytes.") digest = self.finalize() if not constant_time.bytes_eq(digest, signature): raise InvalidSignature("Signature did not match digest.") diff --git a/cryptography/hazmat/primitives/kdf/hkdf.py b/cryptography/hazmat/primitives/kdf/hkdf.py index d329cb61..04d02b26 100644 --- a/cryptography/hazmat/primitives/kdf/hkdf.py +++ b/cryptography/hazmat/primitives/kdf/hkdf.py @@ -28,14 +28,14 @@ class HKDF(object): def __init__(self, algorithm, length, salt, info, backend): if not isinstance(backend, HMACBackend): raise UnsupportedAlgorithm( - "Backend object does not implement HMACBackend", + "Backend object does not implement HMACBackend.", _Reasons.BACKEND_MISSING_INTERFACE ) self._algorithm = algorithm if not isinstance(salt, bytes) and salt is not None: - raise TypeError("salt must be bytes") + raise TypeError("salt must be bytes.") if salt is None: salt = b"\x00" * (self._algorithm.digest_size // 8) @@ -53,7 +53,7 @@ class HKDF(object): def derive(self, key_material): if not isinstance(key_material, bytes): - raise TypeError("key_material must be bytes") + raise TypeError("key_material must be bytes.") return self._hkdf_expand.derive(self._extract(key_material)) @@ -67,7 +67,7 @@ class HKDFExpand(object): def __init__(self, algorithm, length, info, backend): if not isinstance(backend, HMACBackend): raise UnsupportedAlgorithm( - "Backend object does not implement HMACBackend", + "Backend object does not implement HMACBackend.", _Reasons.BACKEND_MISSING_INTERFACE ) @@ -86,7 +86,7 @@ class HKDFExpand(object): self._length = length if not isinstance(info, bytes) and info is not None: - raise TypeError("info must be bytes") + raise TypeError("info must be bytes.") if info is None: info = b"" @@ -111,7 +111,7 @@ class HKDFExpand(object): def derive(self, key_material): if not isinstance(key_material, bytes): - raise TypeError("key_material must be bytes") + raise TypeError("key_material must be bytes.") if self._used: raise AlreadyFinalized diff --git a/cryptography/hazmat/primitives/kdf/pbkdf2.py b/cryptography/hazmat/primitives/kdf/pbkdf2.py index 158e98e7..97b6408c 100644 --- a/cryptography/hazmat/primitives/kdf/pbkdf2.py +++ b/cryptography/hazmat/primitives/kdf/pbkdf2.py @@ -26,13 +26,13 @@ class PBKDF2HMAC(object): def __init__(self, algorithm, length, salt, iterations, backend): if not isinstance(backend, PBKDF2HMACBackend): raise UnsupportedAlgorithm( - "Backend object does not implement PBKDF2HMACBackend", + "Backend object does not implement PBKDF2HMACBackend.", _Reasons.BACKEND_MISSING_INTERFACE ) if not backend.pbkdf2_hmac_supported(algorithm): raise UnsupportedAlgorithm( - "{0} is not supported for PBKDF2 by this backend".format( + "{0} is not supported for PBKDF2 by this backend.".format( algorithm.name), _Reasons.UNSUPPORTED_HASH ) @@ -40,18 +40,18 @@ class PBKDF2HMAC(object): self._algorithm = algorithm self._length = length if not isinstance(salt, bytes): - raise TypeError("salt must be bytes") + raise TypeError("salt must be bytes.") self._salt = salt self._iterations = iterations self._backend = backend def derive(self, key_material): if self._used: - raise AlreadyFinalized("PBKDF2 instances can only be used once") + raise AlreadyFinalized("PBKDF2 instances can only be used once.") self._used = True if not isinstance(key_material, bytes): - raise TypeError("key_material must be bytes") + raise TypeError("key_material must be bytes.") return self._backend.derive_pbkdf2_hmac( self._algorithm, self._length, diff --git a/cryptography/hazmat/primitives/padding.py b/cryptography/hazmat/primitives/padding.py index d58f8731..74f1ef2e 100644 --- a/cryptography/hazmat/primitives/padding.py +++ b/cryptography/hazmat/primitives/padding.py @@ -79,10 +79,10 @@ _lib = _ffi.verify( class PKCS7(object): def __init__(self, block_size): if not (0 <= block_size < 256): - raise ValueError("block_size must be in range(0, 256)") + raise ValueError("block_size must be in range(0, 256).") if block_size % 8 != 0: - raise ValueError("block_size must be a multiple of 8") + raise ValueError("block_size must be a multiple of 8.") self.block_size = block_size @@ -102,10 +102,10 @@ class _PKCS7PaddingContext(object): def update(self, data): if self._buffer is None: - raise AlreadyFinalized("Context was already finalized") + raise AlreadyFinalized("Context was already finalized.") if not isinstance(data, bytes): - raise TypeError("data must be bytes") + raise TypeError("data must be bytes.") self._buffer += data @@ -118,7 +118,7 @@ class _PKCS7PaddingContext(object): def finalize(self): if self._buffer is None: - raise AlreadyFinalized("Context was already finalized") + raise AlreadyFinalized("Context was already finalized.") pad_size = self.block_size // 8 - len(self._buffer) result = self._buffer + six.int2byte(pad_size) * pad_size @@ -135,10 +135,10 @@ class _PKCS7UnpaddingContext(object): def update(self, data): if self._buffer is None: - raise AlreadyFinalized("Context was already finalized") + raise AlreadyFinalized("Context was already finalized.") if not isinstance(data, bytes): - raise TypeError("data must be bytes") + raise TypeError("data must be bytes.") self._buffer += data @@ -154,17 +154,17 @@ class _PKCS7UnpaddingContext(object): def finalize(self): if self._buffer is None: - raise AlreadyFinalized("Context was already finalized") + raise AlreadyFinalized("Context was already finalized.") if len(self._buffer) != self.block_size // 8: - raise ValueError("Invalid padding bytes") + raise ValueError("Invalid padding bytes.") valid = _lib.Cryptography_check_pkcs7_padding( self._buffer, self.block_size // 8 ) if not valid: - raise ValueError("Invalid padding bytes") + raise ValueError("Invalid padding bytes.") pad_size = six.indexbytes(self._buffer, -1) res = self._buffer[:-pad_size] diff --git a/cryptography/hazmat/primitives/twofactor/hotp.py b/cryptography/hazmat/primitives/twofactor/hotp.py index 1a0f4472..d0b476a7 100644 --- a/cryptography/hazmat/primitives/twofactor/hotp.py +++ b/cryptography/hazmat/primitives/twofactor/hotp.py @@ -29,7 +29,7 @@ class HOTP(object): def __init__(self, key, length, algorithm, backend): if not isinstance(backend, HMACBackend): raise UnsupportedAlgorithm( - "Backend object does not implement HMACBackend", + "Backend object does not implement HMACBackend.", _Reasons.BACKEND_MISSING_INTERFACE ) @@ -37,13 +37,13 @@ class HOTP(object): raise ValueError("Key length has to be at least 128 bits.") if not isinstance(length, six.integer_types): - raise TypeError("Length parameter must be an integer type") + raise TypeError("Length parameter must be an integer type.") if length < 6 or length > 8: raise ValueError("Length of HOTP has to be between 6 to 8.") if not isinstance(algorithm, (SHA1, SHA256, SHA512)): - raise TypeError("Algorithm must be SHA1, SHA256 or SHA512") + raise TypeError("Algorithm must be SHA1, SHA256 or SHA512.") self._key = key self._length = length @@ -57,7 +57,7 @@ class HOTP(object): def verify(self, hotp, counter): if not constant_time.bytes_eq(self.generate(counter), hotp): - raise InvalidToken("Supplied HOTP value does not match") + raise InvalidToken("Supplied HOTP value does not match.") def _dynamic_truncate(self, counter): ctx = hmac.HMAC(self._key, self._algorithm, self._backend) diff --git a/cryptography/hazmat/primitives/twofactor/totp.py b/cryptography/hazmat/primitives/twofactor/totp.py index e55ba00d..854c5163 100644 --- a/cryptography/hazmat/primitives/twofactor/totp.py +++ b/cryptography/hazmat/primitives/twofactor/totp.py @@ -25,7 +25,7 @@ class TOTP(object): def __init__(self, key, length, algorithm, time_step, backend): if not isinstance(backend, HMACBackend): raise UnsupportedAlgorithm( - "Backend object does not implement HMACBackend", + "Backend object does not implement HMACBackend.", _Reasons.BACKEND_MISSING_INTERFACE ) @@ -38,4 +38,4 @@ class TOTP(object): def verify(self, totp, time): if not constant_time.bytes_eq(self.generate(time), totp): - raise InvalidToken("Supplied TOTP value does not match") + raise InvalidToken("Supplied TOTP value does not match.") diff --git a/docs/development/custom-vectors/cast5.rst b/docs/development/custom-vectors/cast5.rst index f045ec1b..97de9016 100644 --- a/docs/development/custom-vectors/cast5.rst +++ b/docs/development/custom-vectors/cast5.rst @@ -15,7 +15,8 @@ the following Python script was run to generate the vector files. .. literalinclude:: /development/custom-vectors/cast5/generate_cast5.py -Download link: :download:`generate_cast5.py </development/custom-vectors/cast5/generate_cast5.py>` +Download link: :download:`generate_cast5.py +</development/custom-vectors/cast5/generate_cast5.py>` Verification @@ -26,4 +27,5 @@ The following Go code was used to verify the vectors. .. literalinclude:: /development/custom-vectors/cast5/verify_cast5.go :language: go -Download link: :download:`verify_cast5.go </development/custom-vectors/cast5/verify_cast5.go>` +Download link: :download:`verify_cast5.go +</development/custom-vectors/cast5/verify_cast5.go>` diff --git a/docs/development/custom-vectors/idea.rst b/docs/development/custom-vectors/idea.rst index c2268634..336cdf01 100644 --- a/docs/development/custom-vectors/idea.rst +++ b/docs/development/custom-vectors/idea.rst @@ -14,7 +14,8 @@ the following python script was run to generate the vector files. .. literalinclude:: /development/custom-vectors/idea/generate_idea.py -Download link: :download:`generate_idea.py </development/custom-vectors/idea/generate_idea.py>` +Download link: :download:`generate_idea.py +</development/custom-vectors/idea/generate_idea.py>` Verification @@ -25,6 +26,7 @@ project's Python bindings. .. literalinclude:: /development/custom-vectors/idea/verify_idea.py -Download link: :download:`verify_idea.py </development/custom-vectors/idea/verify_idea.py>` +Download link: :download:`verify_idea.py +</development/custom-vectors/idea/verify_idea.py>` .. _`Botan`: http://botan.randombit.net diff --git a/docs/development/custom-vectors/seed.rst b/docs/development/custom-vectors/seed.rst index 5ea4295b..290fb77a 100644 --- a/docs/development/custom-vectors/seed.rst +++ b/docs/development/custom-vectors/seed.rst @@ -14,7 +14,8 @@ the following python script was run to generate the vector files. .. literalinclude:: /development/custom-vectors/seed/generate_seed.py -Download link: :download:`generate_seed.py </development/custom-vectors/seed/generate_seed.py>` +Download link: :download:`generate_seed.py +</development/custom-vectors/seed/generate_seed.py>` Verification @@ -25,6 +26,7 @@ project's Python bindings. .. literalinclude:: /development/custom-vectors/seed/verify_seed.py -Download link: :download:`verify_seed.py </development/custom-vectors/seed/verify_seed.py>` +Download link: :download:`verify_seed.py +</development/custom-vectors/seed/verify_seed.py>` .. _`Botan`: http://botan.randombit.net |