From 5c8ea70ca7a36a0e090640b329bd9931232b7b23 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Tue, 28 Jan 2014 19:23:01 -0600
Subject: add some unicode checks for salt on init and key_material on derive

---
 cryptography/hazmat/primitives/kdf/pbkdf2.py | 13 +++++++++++++
 tests/hazmat/primitives/test_pbkdf2.py       | 10 ++++++++++
 2 files changed, 23 insertions(+)

diff --git a/cryptography/hazmat/primitives/kdf/pbkdf2.py b/cryptography/hazmat/primitives/kdf/pbkdf2.py
index a496cc27..fec1d5c2 100644
--- a/cryptography/hazmat/primitives/kdf/pbkdf2.py
+++ b/cryptography/hazmat/primitives/kdf/pbkdf2.py
@@ -13,6 +13,8 @@
 
 from __future__ import absolute_import, division, print_function
 
+import six
+
 from cryptography import utils
 from cryptography.exceptions import (
     InvalidKey, UnsupportedAlgorithm, AlreadyFinalized
@@ -31,6 +33,11 @@ class PBKDF2HMAC(object):
         self._called = False
         self.algorithm = algorithm
         self._length = length
+        if isinstance(salt, six.text_type):
+            raise TypeError(
+                "Unicode-objects must be encoded before using them as key "
+                "material."
+            )
         self._salt = salt
         self.iterations = iterations
         self._backend = backend
@@ -40,6 +47,12 @@ class PBKDF2HMAC(object):
             raise AlreadyFinalized("PBKDF2 instances can only be called once")
         else:
             self._called = True
+
+        if isinstance(key_material, six.text_type):
+            raise TypeError(
+                "Unicode-objects must be encoded before using them as key "
+                "material."
+            )
         return self._backend.derive_pbkdf2_hmac(
             self.algorithm,
             self._length,
diff --git a/tests/hazmat/primitives/test_pbkdf2.py b/tests/hazmat/primitives/test_pbkdf2.py
index 41123557..6ad225a8 100644
--- a/tests/hazmat/primitives/test_pbkdf2.py
+++ b/tests/hazmat/primitives/test_pbkdf2.py
@@ -14,6 +14,7 @@
 from __future__ import absolute_import, division, print_function
 
 import pytest
+import six
 
 from cryptography import utils
 from cryptography.exceptions import (
@@ -57,3 +58,12 @@ class TestPBKDF2HMAC(object):
         kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend())
         with pytest.raises(InvalidKey):
             kdf.verify(b"password2", key)
+
+    def test_unicode_error_with_salt(self):
+        with pytest.raises(TypeError):
+            PBKDF2HMAC(hashes.SHA1(), 20, six.u("salt"), 10, default_backend())
+
+    def test_unicode_error_with_key_material(self):
+        kdf = PBKDF2HMAC(hashes.SHA1(), 20, b"salt", 10, default_backend())
+        with pytest.raises(TypeError):
+            kdf.derive(six.u("unicode here"))
-- 
cgit v1.2.3