diff options
| -rw-r--r-- | cryptography/fernet.py | 10 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/cmac.py | 14 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/constant_time.py | 8 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/hashes.py | 7 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/hmac.py | 14 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/kdf/hkdf.py | 24 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/kdf/pbkdf2.py | 12 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/padding.py | 14 | ||||
| -rw-r--r-- | docs/fernet.rst | 10 | ||||
| -rw-r--r-- | docs/hazmat/primitives/constant-time.rst | 3 | ||||
| -rw-r--r-- | docs/hazmat/primitives/cryptographic-hashes.rst | 3 | ||||
| -rw-r--r-- | docs/hazmat/primitives/key-derivation-functions.rst | 21 | ||||
| -rw-r--r-- | docs/hazmat/primitives/mac/cmac.rst | 6 | ||||
| -rw-r--r-- | docs/hazmat/primitives/mac/hmac.rst | 6 | ||||
| -rw-r--r-- | docs/hazmat/primitives/padding.rst | 3 |
15 files changed, 117 insertions, 38 deletions
diff --git a/cryptography/fernet.py b/cryptography/fernet.py index 674ce8ae..d0394b41 100644 --- a/cryptography/fernet.py +++ b/cryptography/fernet.py @@ -60,9 +60,10 @@ class Fernet(object): return self._encrypt_from_parts(data, current_time, iv) def _encrypt_from_parts(self, data, current_time, iv): - if isinstance(data, six.text_type): + if not isinstance(data, six.binary_type): raise TypeError( - "Unicode-objects must be encoded before encryption" + "data must be binary type. This is str in Python 2 and bytes " + "in Python 3" ) padder = padding.PKCS7(algorithms.AES.block_size).padder() @@ -82,9 +83,10 @@ class Fernet(object): return base64.urlsafe_b64encode(basic_parts + hmac) def decrypt(self, token, ttl=None): - if isinstance(token, six.text_type): + if not isinstance(token, six.binary_type): raise TypeError( - "Unicode-objects must be encoded before decryption" + "token must be binary type. This is str in Python 2 and bytes " + "in Python 3" ) current_time = int(time.time()) diff --git a/cryptography/hazmat/primitives/cmac.py b/cryptography/hazmat/primitives/cmac.py index 7e7f65ab..cc8e8f2c 100644 --- a/cryptography/hazmat/primitives/cmac.py +++ b/cryptography/hazmat/primitives/cmac.py @@ -47,8 +47,11 @@ class CMAC(object): def update(self, data): if self._ctx is None: raise AlreadyFinalized("Context was already finalized") - if isinstance(data, six.text_type): - raise TypeError("Unicode-objects must be encoded before hashing") + if not isinstance(data, six.binary_type): + raise TypeError( + "data must be binary type. This is str in Python 2 and bytes " + "in Python 3" + ) self._ctx.update(data) def finalize(self): @@ -59,8 +62,11 @@ class CMAC(object): return digest def verify(self, signature): - if isinstance(signature, six.text_type): - raise TypeError("Unicode-objects must be encoded before verifying") + if not isinstance(signature, six.binary_type): + raise TypeError( + "signature must be binary type. This is str in Python 2 and " + "bytes in Python 3" + ) digest = self.finalize() if not constant_time.bytes_eq(digest, signature): raise InvalidSignature("Signature did not match digest.") diff --git a/cryptography/hazmat/primitives/constant_time.py b/cryptography/hazmat/primitives/constant_time.py index e0e9aa37..658b1f5f 100644 --- a/cryptography/hazmat/primitives/constant_time.py +++ b/cryptography/hazmat/primitives/constant_time.py @@ -57,7 +57,11 @@ _lib = _ffi.verify( def bytes_eq(a, b): - if isinstance(a, six.text_type) or isinstance(b, six.text_type): - raise TypeError("Unicode-objects must be encoded before comparing") + if (not isinstance(a, six.binary_type) or + not isinstance(b, six.binary_type)): + raise TypeError( + "a and b must be binary type. This is str in Python 2 and " + "bytes in Python 3" + ) return _lib.Cryptography_constant_time_bytes_eq(a, len(a), b, len(b)) == 1 diff --git a/cryptography/hazmat/primitives/hashes.py b/cryptography/hazmat/primitives/hashes.py index 35b677b0..a9b5b55a 100644 --- a/cryptography/hazmat/primitives/hashes.py +++ b/cryptography/hazmat/primitives/hashes.py @@ -46,8 +46,11 @@ class Hash(object): def update(self, data): if self._ctx is None: raise AlreadyFinalized("Context was already finalized") - if isinstance(data, six.text_type): - raise TypeError("Unicode-objects must be encoded before hashing") + if not isinstance(data, six.binary_type): + raise TypeError( + "data must be binary type. This is str in Python 2 and bytes " + "in Python 3" + ) self._ctx.update(data) def copy(self): diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py index afbb2f75..e39fcf89 100644 --- a/cryptography/hazmat/primitives/hmac.py +++ b/cryptography/hazmat/primitives/hmac.py @@ -46,8 +46,11 @@ class HMAC(object): def update(self, msg): if self._ctx is None: raise AlreadyFinalized("Context was already finalized") - if isinstance(msg, six.text_type): - raise TypeError("Unicode-objects must be encoded before hashing") + if not isinstance(msg, six.binary_type): + raise TypeError( + "msg must be binary type. This is str in Python 2 and bytes " + "in Python 3" + ) self._ctx.update(msg) def copy(self): @@ -68,8 +71,11 @@ class HMAC(object): return digest def verify(self, signature): - if isinstance(signature, six.text_type): - raise TypeError("Unicode-objects must be encoded before verifying") + if not isinstance(signature, six.binary_type): + raise TypeError( + "signature must be binary type. This is str in Python 2 and " + "bytes in Python 3" + ) digest = self.finalize() if not constant_time.bytes_eq(digest, signature): raise InvalidSignature("Signature did not match digest.") diff --git a/cryptography/hazmat/primitives/kdf/hkdf.py b/cryptography/hazmat/primitives/kdf/hkdf.py index daa8fcc7..e02d9aff 100644 --- a/cryptography/hazmat/primitives/kdf/hkdf.py +++ b/cryptography/hazmat/primitives/kdf/hkdf.py @@ -34,9 +34,11 @@ class HKDF(object): self._algorithm = algorithm - if isinstance(salt, six.text_type): + if not isinstance(salt, six.binary_type) and salt is not None: raise TypeError( - "Unicode-objects must be encoded before using them as a salt.") + "salt must be binary type. This is str in Python 2 and bytes " + "in Python 3" + ) if salt is None: salt = b"\x00" * (self._algorithm.digest_size // 8) @@ -53,10 +55,10 @@ class HKDF(object): return h.finalize() def derive(self, key_material): - if isinstance(key_material, six.text_type): + if not isinstance(key_material, six.binary_type): raise TypeError( - "Unicode-objects must be encoded before using them as key " - "material." + "key_material must be binary type. This is str in Python 2 " + "and bytes in Python 3" ) return self._hkdf_expand.derive(self._extract(key_material)) @@ -89,9 +91,11 @@ class HKDFExpand(object): self._length = length - if isinstance(info, six.text_type): + if not isinstance(info, six.binary_type) and info is not None: raise TypeError( - "Unicode-objects must be encoded before using them as info.") + "info must be binary type. This is str in Python 2 and bytes " + "in Python 3" + ) if info is None: info = b"" @@ -115,10 +119,10 @@ class HKDFExpand(object): return b"".join(output)[:self._length] def derive(self, key_material): - if isinstance(key_material, six.text_type): + if not isinstance(key_material, six.binary_type): raise TypeError( - "Unicode-objects must be encoded before using them as key" - "material." + "key_material must be binary type. This is str in Python 2 " + "and bytes in Python 3" ) if self._used: diff --git a/cryptography/hazmat/primitives/kdf/pbkdf2.py b/cryptography/hazmat/primitives/kdf/pbkdf2.py index bec35bb2..6711763d 100644 --- a/cryptography/hazmat/primitives/kdf/pbkdf2.py +++ b/cryptography/hazmat/primitives/kdf/pbkdf2.py @@ -41,10 +41,10 @@ class PBKDF2HMAC(object): self._used = False self._algorithm = algorithm self._length = length - if isinstance(salt, six.text_type): + if not isinstance(salt, six.binary_type): raise TypeError( - "Unicode-objects must be encoded before using them as key " - "material." + "salt must be binary type. This is str in Python 2 and bytes " + "in Python 3" ) self._salt = salt self._iterations = iterations @@ -55,10 +55,10 @@ class PBKDF2HMAC(object): raise AlreadyFinalized("PBKDF2 instances can only be used once") self._used = True - if isinstance(key_material, six.text_type): + if not isinstance(key_material, six.binary_type): raise TypeError( - "Unicode-objects must be encoded before using them as key " - "material." + "key_material must be binary type. This is str in Python 2 " + "and bytes in Python 3" ) return self._backend.derive_pbkdf2_hmac( self._algorithm, diff --git a/cryptography/hazmat/primitives/padding.py b/cryptography/hazmat/primitives/padding.py index c1a763b5..982baaee 100644 --- a/cryptography/hazmat/primitives/padding.py +++ b/cryptography/hazmat/primitives/padding.py @@ -104,8 +104,11 @@ class _PKCS7PaddingContext(object): if self._buffer is None: raise AlreadyFinalized("Context was already finalized") - if isinstance(data, six.text_type): - raise TypeError("Unicode-objects must be encoded before padding") + if not isinstance(data, six.binary_type): + raise TypeError( + "data must be binary type. This is str in Python 2 and bytes " + "in Python 3" + ) self._buffer += data @@ -137,8 +140,11 @@ class _PKCS7UnpaddingContext(object): if self._buffer is None: raise AlreadyFinalized("Context was already finalized") - if isinstance(data, six.text_type): - raise TypeError("Unicode-objects must be encoded before unpadding") + if not isinstance(data, six.binary_type): + raise TypeError( + "data must be binary type. This is str in Python 2 and bytes " + "in Python 3" + ) self._buffer += data diff --git a/docs/fernet.rst b/docs/fernet.rst index f55a2d60..b75be779 100644 --- a/docs/fernet.rst +++ b/docs/fernet.rst @@ -34,12 +34,15 @@ symmetric (also known as "secret key") authenticated cryptography. they'll also be able forge arbitrary messages that will be authenticated and decrypted. - .. method:: encrypt(plaintext) + .. method:: encrypt(data) - :param bytes plaintext: The message you would like to encrypt. + :param bytes data: The message you would like to encrypt. :returns bytes: A secure message that cannot be read or altered without the key. It is URL-safe base64-encoded. This is referred to as a "Fernet token". + :raises TypeError: This exception is raised if ``data`` is not a binary + type. This is ``str`` in Python 2 and ``bytes`` in + Python 3. .. note:: @@ -66,6 +69,9 @@ symmetric (also known as "secret key") authenticated cryptography. ``ttl``, it is malformed, or it does not have a valid signature. + :raises TypeError: This exception is raised if ``token`` is not a binary + type. This is ``str`` in Python 2 and ``bytes`` in + Python 3. .. class:: InvalidToken diff --git a/docs/hazmat/primitives/constant-time.rst b/docs/hazmat/primitives/constant-time.rst index c6fcb3a3..3296dbde 100644 --- a/docs/hazmat/primitives/constant-time.rst +++ b/docs/hazmat/primitives/constant-time.rst @@ -36,6 +36,9 @@ about the timing attacks on KeyCzar and Java's ``MessageDigest.isEqual()``. :param bytes b: The right-hand side. :returns bool: ``True`` if ``a`` has the same bytes as ``b``, otherwise ``False``. + :raises TypeError: This exception is raised if ``a`` or ``b`` is not a + binary type. This is ``str`` in Python 2 and ``bytes`` + in Python 3. .. _`Coda Hale's blog post`: http://codahale.com/a-lesson-in-timing-attacks/ diff --git a/docs/hazmat/primitives/cryptographic-hashes.rst b/docs/hazmat/primitives/cryptographic-hashes.rst index 773d97f6..43dee3f3 100644 --- a/docs/hazmat/primitives/cryptographic-hashes.rst +++ b/docs/hazmat/primitives/cryptographic-hashes.rst @@ -54,6 +54,9 @@ Message digests :param bytes data: The bytes to be hashed. :raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize`. + :raises TypeError: This exception is raised if ``data`` is not a binary + type. This is ``str`` in Python 2 and ``bytes`` in + Python 3. .. method:: copy() diff --git a/docs/hazmat/primitives/key-derivation-functions.rst b/docs/hazmat/primitives/key-derivation-functions.rst index de6bf5f8..c9c0c3cc 100644 --- a/docs/hazmat/primitives/key-derivation-functions.rst +++ b/docs/hazmat/primitives/key-derivation-functions.rst @@ -88,6 +88,10 @@ Different KDFs are suitable for different tasks such as: provided ``backend`` does not implement :class:`~cryptography.hazmat.backends.interfaces.PBKDF2HMACBackend` + :raises TypeError: This exception is raised if ``salt`` is not a binary + type. This is ``str`` in Python 2 and ``bytes`` in + Python 3. + .. method:: derive(key_material) :param bytes key_material: The input key material. For PBKDF2 this @@ -99,6 +103,10 @@ Different KDFs are suitable for different tasks such as: called more than once. + :raises TypeError: This exception is raised if ``key_material`` is not + a binary type. This is ``str`` in Python 2 and + ``bytes`` in Python 3. + This generates and returns a new key from the supplied password. .. method:: verify(key_material, expected_key) @@ -191,10 +199,17 @@ Different KDFs are suitable for different tasks such as: provided ``backend`` does not implement :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` + :raises TypeError: This exception is raised if ``salt`` or ``info`` is not + a binary type. This is ``str`` in Python 2 and ``bytes`` + in Python 3. + .. method:: derive(key_material) :param bytes key_material: The input key material. :return bytes: The derived key. + :raises TypeError: This exception is raised if ``key_material`` is not + a binary type. This is ``str`` in Python 2 and + ``bytes`` in Python 3. Derives a new key from the input key material by performing both the extract and expand operations. @@ -277,6 +292,9 @@ Different KDFs are suitable for different tasks such as: provided ``backend`` does not implement :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` :raises TypeError: This is raised if the provided ``info`` is a unicode object + :raises TypeError: This exception is raised if ``info`` is not a binary + type. This is ``str`` in Python 2 and ``bytes`` in + Python 3. .. method:: derive(key_material) @@ -285,6 +303,9 @@ Different KDFs are suitable for different tasks such as: :raises TypeError: This is raised if the provided ``key_material`` is a unicode object + :raises TypeError: This exception is raised if ``key_material`` is not + a binary type. This is ``str`` in Python 2 and + ``bytes`` in Python 3. Derives a new key from the input key material by performing both the extract and expand operations. diff --git a/docs/hazmat/primitives/mac/cmac.rst b/docs/hazmat/primitives/mac/cmac.rst index 1fde1398..86c3b6a9 100644 --- a/docs/hazmat/primitives/mac/cmac.rst +++ b/docs/hazmat/primitives/mac/cmac.rst @@ -68,6 +68,9 @@ A subset of CMAC with the AES-128 algorithm is described in :rfc:`4493`. :param bytes data: The bytes to hash and authenticate. :raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize` + :raises TypeError: This exception is raised if ``data`` is not a binary + type. This is ``str`` in Python 2 and ``bytes`` in + Python 3. .. method:: copy() @@ -89,6 +92,9 @@ A subset of CMAC with the AES-128 algorithm is described in :rfc:`4493`. :raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize` :raises cryptography.exceptions.InvalidSignature: If signature does not match digest + :raises TypeError: This exception is raised if ``signature`` is not a + binary type. This is ``str`` in Python 2 and + ``bytes`` in Python 3. .. method:: finalize() diff --git a/docs/hazmat/primitives/mac/hmac.rst b/docs/hazmat/primitives/mac/hmac.rst index e20a4034..0fc4a19a 100644 --- a/docs/hazmat/primitives/mac/hmac.rst +++ b/docs/hazmat/primitives/mac/hmac.rst @@ -69,6 +69,9 @@ of a message. :param bytes msg: The bytes to hash and authenticate. :raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize` + :raises TypeError: This exception is raised if ``msg`` is not a binary + type. This is ``str`` in Python 2 and ``bytes`` in + Python 3. .. method:: copy() @@ -90,6 +93,9 @@ of a message. :raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize` :raises cryptography.exceptions.InvalidSignature: If signature does not match digest + :raises TypeError: This exception is raised if ``signature`` is not a + binary type. This is ``str`` in Python 2 and + ``bytes`` in Python 3. .. method:: finalize() diff --git a/docs/hazmat/primitives/padding.rst b/docs/hazmat/primitives/padding.rst index 4092ac00..72378e1f 100644 --- a/docs/hazmat/primitives/padding.rst +++ b/docs/hazmat/primitives/padding.rst @@ -70,6 +70,9 @@ multiple of the block size. :return bytes: Returns the data that was padded or unpadded. :raises TypeError: Raised if data is not bytes. :raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize`. + :raises TypeError: This exception is raised if ``data`` is not a binary + type. This is ``str`` in Python 2 and ``bytes`` in + Python 3. .. method:: finalize() |