aboutsummaryrefslogtreecommitdiffstats
path: root/cryptography/hazmat
diff options
context:
space:
mode:
Diffstat (limited to 'cryptography/hazmat')
-rw-r--r--cryptography/hazmat/primitives/cmac.py8
-rw-r--r--cryptography/hazmat/primitives/constant_time.py5
-rw-r--r--cryptography/hazmat/primitives/hashes.py4
-rw-r--r--cryptography/hazmat/primitives/hmac.py8
-rw-r--r--cryptography/hazmat/primitives/kdf/hkdf.py24
-rw-r--r--cryptography/hazmat/primitives/kdf/pbkdf2.py14
-rw-r--r--cryptography/hazmat/primitives/padding.py8
7 files changed, 29 insertions, 42 deletions
diff --git a/cryptography/hazmat/primitives/cmac.py b/cryptography/hazmat/primitives/cmac.py
index 7e7f65ab..b01c5170 100644
--- a/cryptography/hazmat/primitives/cmac.py
+++ b/cryptography/hazmat/primitives/cmac.py
@@ -47,8 +47,8 @@ class CMAC(object):
def update(self, data):
if self._ctx is None:
raise AlreadyFinalized("Context was already finalized")
- if isinstance(data, six.text_type):
- raise TypeError("Unicode-objects must be encoded before hashing")
+ if not isinstance(data, six.binary_type):
+ raise TypeError("data must be bytes")
self._ctx.update(data)
def finalize(self):
@@ -59,8 +59,8 @@ class CMAC(object):
return digest
def verify(self, signature):
- if isinstance(signature, six.text_type):
- raise TypeError("Unicode-objects must be encoded before verifying")
+ if not isinstance(signature, six.binary_type):
+ raise TypeError("signature must be bytes")
digest = self.finalize()
if not constant_time.bytes_eq(digest, signature):
raise InvalidSignature("Signature did not match digest.")
diff --git a/cryptography/hazmat/primitives/constant_time.py b/cryptography/hazmat/primitives/constant_time.py
index e0e9aa37..6d325a9d 100644
--- a/cryptography/hazmat/primitives/constant_time.py
+++ b/cryptography/hazmat/primitives/constant_time.py
@@ -57,7 +57,8 @@ _lib = _ffi.verify(
def bytes_eq(a, b):
- if isinstance(a, six.text_type) or isinstance(b, six.text_type):
- raise TypeError("Unicode-objects must be encoded before comparing")
+ if (not isinstance(a, six.binary_type) or
+ not isinstance(b, six.binary_type)):
+ raise TypeError("a and b must be bytes")
return _lib.Cryptography_constant_time_bytes_eq(a, len(a), b, len(b)) == 1
diff --git a/cryptography/hazmat/primitives/hashes.py b/cryptography/hazmat/primitives/hashes.py
index 35b677b0..2efd8484 100644
--- a/cryptography/hazmat/primitives/hashes.py
+++ b/cryptography/hazmat/primitives/hashes.py
@@ -46,8 +46,8 @@ class Hash(object):
def update(self, data):
if self._ctx is None:
raise AlreadyFinalized("Context was already finalized")
- if isinstance(data, six.text_type):
- raise TypeError("Unicode-objects must be encoded before hashing")
+ if not isinstance(data, six.binary_type):
+ raise TypeError("data must be bytes")
self._ctx.update(data)
def copy(self):
diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py
index afbb2f75..5d7bad59 100644
--- a/cryptography/hazmat/primitives/hmac.py
+++ b/cryptography/hazmat/primitives/hmac.py
@@ -46,8 +46,8 @@ class HMAC(object):
def update(self, msg):
if self._ctx is None:
raise AlreadyFinalized("Context was already finalized")
- if isinstance(msg, six.text_type):
- raise TypeError("Unicode-objects must be encoded before hashing")
+ if not isinstance(msg, six.binary_type):
+ raise TypeError("msg must be bytes")
self._ctx.update(msg)
def copy(self):
@@ -68,8 +68,8 @@ class HMAC(object):
return digest
def verify(self, signature):
- if isinstance(signature, six.text_type):
- raise TypeError("Unicode-objects must be encoded before verifying")
+ if not isinstance(signature, six.binary_type):
+ raise TypeError("signature must be bytes")
digest = self.finalize()
if not constant_time.bytes_eq(digest, signature):
raise InvalidSignature("Signature did not match digest.")
diff --git a/cryptography/hazmat/primitives/kdf/hkdf.py b/cryptography/hazmat/primitives/kdf/hkdf.py
index daa8fcc7..adeecaff 100644
--- a/cryptography/hazmat/primitives/kdf/hkdf.py
+++ b/cryptography/hazmat/primitives/kdf/hkdf.py
@@ -34,9 +34,8 @@ class HKDF(object):
self._algorithm = algorithm
- if isinstance(salt, six.text_type):
- raise TypeError(
- "Unicode-objects must be encoded before using them as a salt.")
+ if not isinstance(salt, six.binary_type) and salt is not None:
+ raise TypeError("salt must be bytes")
if salt is None:
salt = b"\x00" * (self._algorithm.digest_size // 8)
@@ -53,11 +52,8 @@ class HKDF(object):
return h.finalize()
def derive(self, key_material):
- if isinstance(key_material, six.text_type):
- raise TypeError(
- "Unicode-objects must be encoded before using them as key "
- "material."
- )
+ if not isinstance(key_material, six.binary_type):
+ raise TypeError("key_material must be bytes")
return self._hkdf_expand.derive(self._extract(key_material))
@@ -89,9 +85,8 @@ class HKDFExpand(object):
self._length = length
- if isinstance(info, six.text_type):
- raise TypeError(
- "Unicode-objects must be encoded before using them as info.")
+ if not isinstance(info, six.binary_type) and info is not None:
+ raise TypeError("info must be bytes")
if info is None:
info = b""
@@ -115,11 +110,8 @@ class HKDFExpand(object):
return b"".join(output)[:self._length]
def derive(self, key_material):
- if isinstance(key_material, six.text_type):
- raise TypeError(
- "Unicode-objects must be encoded before using them as key"
- "material."
- )
+ if not isinstance(key_material, six.binary_type):
+ raise TypeError("key_material must be bytes")
if self._used:
raise AlreadyFinalized
diff --git a/cryptography/hazmat/primitives/kdf/pbkdf2.py b/cryptography/hazmat/primitives/kdf/pbkdf2.py
index bec35bb2..66a9b462 100644
--- a/cryptography/hazmat/primitives/kdf/pbkdf2.py
+++ b/cryptography/hazmat/primitives/kdf/pbkdf2.py
@@ -41,11 +41,8 @@ class PBKDF2HMAC(object):
self._used = False
self._algorithm = algorithm
self._length = length
- if isinstance(salt, six.text_type):
- raise TypeError(
- "Unicode-objects must be encoded before using them as key "
- "material."
- )
+ if not isinstance(salt, six.binary_type):
+ raise TypeError("salt must be bytes")
self._salt = salt
self._iterations = iterations
self._backend = backend
@@ -55,11 +52,8 @@ class PBKDF2HMAC(object):
raise AlreadyFinalized("PBKDF2 instances can only be used once")
self._used = True
- if isinstance(key_material, six.text_type):
- raise TypeError(
- "Unicode-objects must be encoded before using them as key "
- "material."
- )
+ if not isinstance(key_material, six.binary_type):
+ raise TypeError("key_material must be bytes")
return self._backend.derive_pbkdf2_hmac(
self._algorithm,
self._length,
diff --git a/cryptography/hazmat/primitives/padding.py b/cryptography/hazmat/primitives/padding.py
index c1a763b5..e8e6a6df 100644
--- a/cryptography/hazmat/primitives/padding.py
+++ b/cryptography/hazmat/primitives/padding.py
@@ -104,8 +104,8 @@ class _PKCS7PaddingContext(object):
if self._buffer is None:
raise AlreadyFinalized("Context was already finalized")
- if isinstance(data, six.text_type):
- raise TypeError("Unicode-objects must be encoded before padding")
+ if not isinstance(data, six.binary_type):
+ raise TypeError("data must be bytes")
self._buffer += data
@@ -137,8 +137,8 @@ class _PKCS7UnpaddingContext(object):
if self._buffer is None:
raise AlreadyFinalized("Context was already finalized")
- if isinstance(data, six.text_type):
- raise TypeError("Unicode-objects must be encoded before unpadding")
+ if not isinstance(data, six.binary_type):
+ raise TypeError("data must be bytes")
self._buffer += data
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-11 10:23:13 +0000