aboutsummaryrefslogtreecommitdiffstats
path: root/cryptography/hazmat
diff options
context:
space:
mode:
Diffstat (limited to 'cryptography/hazmat')
-rw-r--r--cryptography/hazmat/primitives/cmac.py14
-rw-r--r--cryptography/hazmat/primitives/constant_time.py8
-rw-r--r--cryptography/hazmat/primitives/hashes.py7
-rw-r--r--cryptography/hazmat/primitives/hmac.py14
-rw-r--r--cryptography/hazmat/primitives/kdf/hkdf.py24
-rw-r--r--cryptography/hazmat/primitives/kdf/pbkdf2.py12
-rw-r--r--cryptography/hazmat/primitives/padding.py14
7 files changed, 61 insertions, 32 deletions
diff --git a/cryptography/hazmat/primitives/cmac.py b/cryptography/hazmat/primitives/cmac.py
index 7e7f65ab..cc8e8f2c 100644
--- a/cryptography/hazmat/primitives/cmac.py
+++ b/cryptography/hazmat/primitives/cmac.py
@@ -47,8 +47,11 @@ class CMAC(object):
def update(self, data):
if self._ctx is None:
raise AlreadyFinalized("Context was already finalized")
- if isinstance(data, six.text_type):
- raise TypeError("Unicode-objects must be encoded before hashing")
+ if not isinstance(data, six.binary_type):
+ raise TypeError(
+ "data must be binary type. This is str in Python 2 and bytes "
+ "in Python 3"
+ )
self._ctx.update(data)
def finalize(self):
@@ -59,8 +62,11 @@ class CMAC(object):
return digest
def verify(self, signature):
- if isinstance(signature, six.text_type):
- raise TypeError("Unicode-objects must be encoded before verifying")
+ if not isinstance(signature, six.binary_type):
+ raise TypeError(
+ "signature must be binary type. This is str in Python 2 and "
+ "bytes in Python 3"
+ )
digest = self.finalize()
if not constant_time.bytes_eq(digest, signature):
raise InvalidSignature("Signature did not match digest.")
diff --git a/cryptography/hazmat/primitives/constant_time.py b/cryptography/hazmat/primitives/constant_time.py
index e0e9aa37..658b1f5f 100644
--- a/cryptography/hazmat/primitives/constant_time.py
+++ b/cryptography/hazmat/primitives/constant_time.py
@@ -57,7 +57,11 @@ _lib = _ffi.verify(
def bytes_eq(a, b):
- if isinstance(a, six.text_type) or isinstance(b, six.text_type):
- raise TypeError("Unicode-objects must be encoded before comparing")
+ if (not isinstance(a, six.binary_type) or
+ not isinstance(b, six.binary_type)):
+ raise TypeError(
+ "a and b must be binary type. This is str in Python 2 and "
+ "bytes in Python 3"
+ )
return _lib.Cryptography_constant_time_bytes_eq(a, len(a), b, len(b)) == 1
diff --git a/cryptography/hazmat/primitives/hashes.py b/cryptography/hazmat/primitives/hashes.py
index 35b677b0..a9b5b55a 100644
--- a/cryptography/hazmat/primitives/hashes.py
+++ b/cryptography/hazmat/primitives/hashes.py
@@ -46,8 +46,11 @@ class Hash(object):
def update(self, data):
if self._ctx is None:
raise AlreadyFinalized("Context was already finalized")
- if isinstance(data, six.text_type):
- raise TypeError("Unicode-objects must be encoded before hashing")
+ if not isinstance(data, six.binary_type):
+ raise TypeError(
+ "data must be binary type. This is str in Python 2 and bytes "
+ "in Python 3"
+ )
self._ctx.update(data)
def copy(self):
diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py
index afbb2f75..e39fcf89 100644
--- a/cryptography/hazmat/primitives/hmac.py
+++ b/cryptography/hazmat/primitives/hmac.py
@@ -46,8 +46,11 @@ class HMAC(object):
def update(self, msg):
if self._ctx is None:
raise AlreadyFinalized("Context was already finalized")
- if isinstance(msg, six.text_type):
- raise TypeError("Unicode-objects must be encoded before hashing")
+ if not isinstance(msg, six.binary_type):
+ raise TypeError(
+ "msg must be binary type. This is str in Python 2 and bytes "
+ "in Python 3"
+ )
self._ctx.update(msg)
def copy(self):
@@ -68,8 +71,11 @@ class HMAC(object):
return digest
def verify(self, signature):
- if isinstance(signature, six.text_type):
- raise TypeError("Unicode-objects must be encoded before verifying")
+ if not isinstance(signature, six.binary_type):
+ raise TypeError(
+ "signature must be binary type. This is str in Python 2 and "
+ "bytes in Python 3"
+ )
digest = self.finalize()
if not constant_time.bytes_eq(digest, signature):
raise InvalidSignature("Signature did not match digest.")
diff --git a/cryptography/hazmat/primitives/kdf/hkdf.py b/cryptography/hazmat/primitives/kdf/hkdf.py
index daa8fcc7..e02d9aff 100644
--- a/cryptography/hazmat/primitives/kdf/hkdf.py
+++ b/cryptography/hazmat/primitives/kdf/hkdf.py
@@ -34,9 +34,11 @@ class HKDF(object):
self._algorithm = algorithm
- if isinstance(salt, six.text_type):
+ if not isinstance(salt, six.binary_type) and salt is not None:
raise TypeError(
- "Unicode-objects must be encoded before using them as a salt.")
+ "salt must be binary type. This is str in Python 2 and bytes "
+ "in Python 3"
+ )
if salt is None:
salt = b"\x00" * (self._algorithm.digest_size // 8)
@@ -53,10 +55,10 @@ class HKDF(object):
return h.finalize()
def derive(self, key_material):
- if isinstance(key_material, six.text_type):
+ if not isinstance(key_material, six.binary_type):
raise TypeError(
- "Unicode-objects must be encoded before using them as key "
- "material."
+ "key_material must be binary type. This is str in Python 2 "
+ "and bytes in Python 3"
)
return self._hkdf_expand.derive(self._extract(key_material))
@@ -89,9 +91,11 @@ class HKDFExpand(object):
self._length = length
- if isinstance(info, six.text_type):
+ if not isinstance(info, six.binary_type) and info is not None:
raise TypeError(
- "Unicode-objects must be encoded before using them as info.")
+ "info must be binary type. This is str in Python 2 and bytes "
+ "in Python 3"
+ )
if info is None:
info = b""
@@ -115,10 +119,10 @@ class HKDFExpand(object):
return b"".join(output)[:self._length]
def derive(self, key_material):
- if isinstance(key_material, six.text_type):
+ if not isinstance(key_material, six.binary_type):
raise TypeError(
- "Unicode-objects must be encoded before using them as key"
- "material."
+ "key_material must be binary type. This is str in Python 2 "
+ "and bytes in Python 3"
)
if self._used:
diff --git a/cryptography/hazmat/primitives/kdf/pbkdf2.py b/cryptography/hazmat/primitives/kdf/pbkdf2.py
index bec35bb2..6711763d 100644
--- a/cryptography/hazmat/primitives/kdf/pbkdf2.py
+++ b/cryptography/hazmat/primitives/kdf/pbkdf2.py
@@ -41,10 +41,10 @@ class PBKDF2HMAC(object):
self._used = False
self._algorithm = algorithm
self._length = length
- if isinstance(salt, six.text_type):
+ if not isinstance(salt, six.binary_type):
raise TypeError(
- "Unicode-objects must be encoded before using them as key "
- "material."
+ "salt must be binary type. This is str in Python 2 and bytes "
+ "in Python 3"
)
self._salt = salt
self._iterations = iterations
@@ -55,10 +55,10 @@ class PBKDF2HMAC(object):
raise AlreadyFinalized("PBKDF2 instances can only be used once")
self._used = True
- if isinstance(key_material, six.text_type):
+ if not isinstance(key_material, six.binary_type):
raise TypeError(
- "Unicode-objects must be encoded before using them as key "
- "material."
+ "key_material must be binary type. This is str in Python 2 "
+ "and bytes in Python 3"
)
return self._backend.derive_pbkdf2_hmac(
self._algorithm,
diff --git a/cryptography/hazmat/primitives/padding.py b/cryptography/hazmat/primitives/padding.py
index c1a763b5..982baaee 100644
--- a/cryptography/hazmat/primitives/padding.py
+++ b/cryptography/hazmat/primitives/padding.py
@@ -104,8 +104,11 @@ class _PKCS7PaddingContext(object):
if self._buffer is None:
raise AlreadyFinalized("Context was already finalized")
- if isinstance(data, six.text_type):
- raise TypeError("Unicode-objects must be encoded before padding")
+ if not isinstance(data, six.binary_type):
+ raise TypeError(
+ "data must be binary type. This is str in Python 2 and bytes "
+ "in Python 3"
+ )
self._buffer += data
@@ -137,8 +140,11 @@ class _PKCS7UnpaddingContext(object):
if self._buffer is None:
raise AlreadyFinalized("Context was already finalized")
- if isinstance(data, six.text_type):
- raise TypeError("Unicode-objects must be encoded before unpadding")
+ if not isinstance(data, six.binary_type):
+ raise TypeError(
+ "data must be binary type. This is str in Python 2 and bytes "
+ "in Python 3"
+ )
self._buffer += data
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-09 20:14:18 +0000