Merge pull request #1048 from Ayrx/change-unicode-check

Fixed TypeError and added documentation

8 files changed, 33 insertions, 50 deletions

diff --git a/cryptography/fernet.py b/cryptography/fernet.py
index 674ce8ae..93eb32bd 100644
--- a/cryptography/fernet.py
+++ b/cryptography/fernet.py
@@ -60,10 +60,8 @@ class Fernet(object):
         return self._encrypt_from_parts(data, current_time, iv)
 
     def _encrypt_from_parts(self, data, current_time, iv):
-        if isinstance(data, six.text_type):
-            raise TypeError(
-                "Unicode-objects must be encoded before encryption"
-            )
+        if not isinstance(data, six.binary_type):
+            raise TypeError("data must be bytes")
 
         padder = padding.PKCS7(algorithms.AES.block_size).padder()
         padded_data = padder.update(data) + padder.finalize()
@@ -82,10 +80,8 @@ class Fernet(object):
         return base64.urlsafe_b64encode(basic_parts + hmac)
 
     def decrypt(self, token, ttl=None):
-        if isinstance(token, six.text_type):
-            raise TypeError(
-                "Unicode-objects must be encoded before decryption"
-            )
+        if not isinstance(token, six.binary_type):
+            raise TypeError("token must be bytes")
 
         current_time = int(time.time())
 
diff --git a/cryptography/hazmat/primitives/cmac.py b/cryptography/hazmat/primitives/cmac.py
index 7e7f65ab..b01c5170 100644
--- a/cryptography/hazmat/primitives/cmac.py
+++ b/cryptography/hazmat/primitives/cmac.py
@@ -47,8 +47,8 @@ class CMAC(object):
     def update(self, data):
         if self._ctx is None:
             raise AlreadyFinalized("Context was already finalized")
-        if isinstance(data, six.text_type):
-            raise TypeError("Unicode-objects must be encoded before hashing")
+        if not isinstance(data, six.binary_type):
+            raise TypeError("data must be bytes")
         self._ctx.update(data)
 
     def finalize(self):
@@ -59,8 +59,8 @@ class CMAC(object):
         return digest
 
     def verify(self, signature):
-        if isinstance(signature, six.text_type):
-            raise TypeError("Unicode-objects must be encoded before verifying")
+        if not isinstance(signature, six.binary_type):
+            raise TypeError("signature must be bytes")
         digest = self.finalize()
         if not constant_time.bytes_eq(digest, signature):
             raise InvalidSignature("Signature did not match digest.")
diff --git a/cryptography/hazmat/primitives/constant_time.py b/cryptography/hazmat/primitives/constant_time.py
index e0e9aa37..6d325a9d 100644
--- a/cryptography/hazmat/primitives/constant_time.py
+++ b/cryptography/hazmat/primitives/constant_time.py
@@ -57,7 +57,8 @@ _lib = _ffi.verify(
 
 
 def bytes_eq(a, b):
-    if isinstance(a, six.text_type) or isinstance(b, six.text_type):
-        raise TypeError("Unicode-objects must be encoded before comparing")
+    if (not isinstance(a, six.binary_type) or
+            not isinstance(b, six.binary_type)):
+            raise TypeError("a and b must be bytes")
 
     return _lib.Cryptography_constant_time_bytes_eq(a, len(a), b, len(b)) == 1
diff --git a/cryptography/hazmat/primitives/hashes.py b/cryptography/hazmat/primitives/hashes.py
index 35b677b0..2efd8484 100644
--- a/cryptography/hazmat/primitives/hashes.py
+++ b/cryptography/hazmat/primitives/hashes.py
@@ -46,8 +46,8 @@ class Hash(object):
     def update(self, data):
         if self._ctx is None:
             raise AlreadyFinalized("Context was already finalized")
-        if isinstance(data, six.text_type):
-            raise TypeError("Unicode-objects must be encoded before hashing")
+        if not isinstance(data, six.binary_type):
+            raise TypeError("data must be bytes")
         self._ctx.update(data)
 
     def copy(self):
diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py
index afbb2f75..5d7bad59 100644
--- a/cryptography/hazmat/primitives/hmac.py
+++ b/cryptography/hazmat/primitives/hmac.py
@@ -46,8 +46,8 @@ class HMAC(object):
     def update(self, msg):
         if self._ctx is None:
             raise AlreadyFinalized("Context was already finalized")
-        if isinstance(msg, six.text_type):
-            raise TypeError("Unicode-objects must be encoded before hashing")
+        if not isinstance(msg, six.binary_type):
+            raise TypeError("msg must be bytes")
         self._ctx.update(msg)
 
     def copy(self):
@@ -68,8 +68,8 @@ class HMAC(object):
         return digest
 
     def verify(self, signature):
-        if isinstance(signature, six.text_type):
-            raise TypeError("Unicode-objects must be encoded before verifying")
+        if not isinstance(signature, six.binary_type):
+            raise TypeError("signature must be bytes")
         digest = self.finalize()
         if not constant_time.bytes_eq(digest, signature):
             raise InvalidSignature("Signature did not match digest.")
diff --git a/cryptography/hazmat/primitives/kdf/hkdf.py b/cryptography/hazmat/primitives/kdf/hkdf.py
index daa8fcc7..adeecaff 100644
--- a/cryptography/hazmat/primitives/kdf/hkdf.py
+++ b/cryptography/hazmat/primitives/kdf/hkdf.py
@@ -34,9 +34,8 @@ class HKDF(object):
 
         self._algorithm = algorithm
 
-        if isinstance(salt, six.text_type):
-            raise TypeError(
-                "Unicode-objects must be encoded before using them as a salt.")
+        if not isinstance(salt, six.binary_type) and salt is not None:
+            raise TypeError("salt must be bytes")
 
         if salt is None:
             salt = b"\x00" * (self._algorithm.digest_size // 8)
@@ -53,11 +52,8 @@ class HKDF(object):
         return h.finalize()
 
     def derive(self, key_material):
-        if isinstance(key_material, six.text_type):
-            raise TypeError(
-                "Unicode-objects must be encoded before using them as key "
-                "material."
-            )
+        if not isinstance(key_material, six.binary_type):
+            raise TypeError("key_material must be bytes")
 
         return self._hkdf_expand.derive(self._extract(key_material))
 
@@ -89,9 +85,8 @@ class HKDFExpand(object):
 
         self._length = length
 
-        if isinstance(info, six.text_type):
-            raise TypeError(
-                "Unicode-objects must be encoded before using them as info.")
+        if not isinstance(info, six.binary_type) and info is not None:
+            raise TypeError("info must be bytes")
 
         if info is None:
             info = b""
@@ -115,11 +110,8 @@ class HKDFExpand(object):
         return b"".join(output)[:self._length]
 
     def derive(self, key_material):
-        if isinstance(key_material, six.text_type):
-            raise TypeError(
-                "Unicode-objects must be encoded before using them as key"
-                "material."
-            )
+        if not isinstance(key_material, six.binary_type):
+            raise TypeError("key_material must be bytes")
 
         if self._used:
             raise AlreadyFinalized
diff --git a/cryptography/hazmat/primitives/kdf/pbkdf2.py b/cryptography/hazmat/primitives/kdf/pbkdf2.py
index bec35bb2..66a9b462 100644
--- a/cryptography/hazmat/primitives/kdf/pbkdf2.py
+++ b/cryptography/hazmat/primitives/kdf/pbkdf2.py
@@ -41,11 +41,8 @@ class PBKDF2HMAC(object):
         self._used = False
         self._algorithm = algorithm
         self._length = length
-        if isinstance(salt, six.text_type):
-            raise TypeError(
-                "Unicode-objects must be encoded before using them as key "
-                "material."
-            )
+        if not isinstance(salt, six.binary_type):
+            raise TypeError("salt must be bytes")
         self._salt = salt
         self._iterations = iterations
         self._backend = backend
@@ -55,11 +52,8 @@ class PBKDF2HMAC(object):
             raise AlreadyFinalized("PBKDF2 instances can only be used once")
         self._used = True
 
-        if isinstance(key_material, six.text_type):
-            raise TypeError(
-                "Unicode-objects must be encoded before using them as key "
-                "material."
-            )
+        if not isinstance(key_material, six.binary_type):
+            raise TypeError("key_material must be bytes")
         return self._backend.derive_pbkdf2_hmac(
             self._algorithm,
             self._length,
diff --git a/cryptography/hazmat/primitives/padding.py b/cryptography/hazmat/primitives/padding.py
index c1a763b5..e8e6a6df 100644
--- a/cryptography/hazmat/primitives/padding.py
+++ b/cryptography/hazmat/primitives/padding.py
@@ -104,8 +104,8 @@ class _PKCS7PaddingContext(object):
         if self._buffer is None:
             raise AlreadyFinalized("Context was already finalized")
 
-        if isinstance(data, six.text_type):
-            raise TypeError("Unicode-objects must be encoded before padding")
+        if not isinstance(data, six.binary_type):
+            raise TypeError("data must be bytes")
 
         self._buffer += data
 
@@ -137,8 +137,8 @@ class _PKCS7UnpaddingContext(object):
         if self._buffer is None:
             raise AlreadyFinalized("Context was already finalized")
 
-        if isinstance(data, six.text_type):
-            raise TypeError("Unicode-objects must be encoded before unpadding")
+        if not isinstance(data, six.binary_type):
+            raise TypeError("data must be bytes")
 
         self._buffer += data