Source code for lib.hashing

# -*- coding: utf-8 -*-

# Copyright Martin Manns
# Distributed under the terms of the GNU General Public License

# --------------------------------------------------------------------
# pyspread is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# pyspread is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with pyspread.  If not, see <http://www.gnu.org/licenses/>.
# --------------------------------------------------------------------

"""

File hashing services

**Provides**

 * :func:`genkey` - Generates hash key
 * :func:`sign` - Returns a signature for a given file
 * :func:`verify` - Verifies file against signature

"""

import ast

from hashlib import blake2b
from hmac import compare_digest
import secrets


[docs]def genkey(nbytes: int = 64) -> bytes: """Returns a random byte sting that may be used as signature key :param nbytes: Length of key :return: Random byte string of length nbytes """ return secrets.token_bytes(nbytes)
[docs]def sign(data: bytes, key: bytes) -> bytes: """Returns signature for file using blake2b Note: 64 bytes is the maximum that is supported in Python's BLAKE2b :param data: Data to be signed :param key: Signature key, len(key) <= 64 :return: File signature hexdigest, encoded in utf-8 """ if not key: raise ValueError("No signature key defined") if not isinstance(key, bytes): key = ast.literal_eval(key) if len(key) > blake2b.MAX_KEY_SIZE: key = key[:blake2b.MAX_KEY_SIZE] raise UserWarning("Key is too long and has been truncated") signature = blake2b(digest_size=64, key=key) signature.update(data) return signature.hexdigest().encode('utf-8')
[docs]def verify(data: bytes, signature: bytes, key: bytes) -> bool: """Verifies a signature :param data: Data to be verified :param signature: Signature for verification :param key: Signature key, len(key) <= 64 :return: True if verification was successful else False """ data_signature = sign(data, key) return compare_digest(data_signature, signature)