pyspread.api.docsv2-dev

Source code for lib.hashing

# -*- coding: utf-8 -*-

# Copyright Martin Manns
# Distributed under the terms of the GNU General Public License

# --------------------------------------------------------------------
# pyspread is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# pyspread is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with pyspread.  If not, see <http://www.gnu.org/licenses/>.
# --------------------------------------------------------------------

"""

File hashing services

**Provides**

 * :func:`genkey` - Generates hash key
 * :func:`sign` - Returns a signature for a given file
 * :func:`verify` - Verifies file against signature

"""

import ast

from hashlib import blake2b
from hmac import compare_digest
import secrets




[docs]
def genkey(nbytes: int = 64) -> bytes:
    """Returns a random byte sting that may be used as signature key

    :param nbytes: Length of key
    :return: Random byte string of length nbytes

    """

    return secrets.token_bytes(nbytes)






[docs]
def sign(data: bytes, key: bytes) -> bytes:
    """Returns signature for file using blake2b

    Note: 64 bytes is the maximum that is supported in Python's BLAKE2b

    :param data: Data to be signed
    :param key: Signature key, len(key) <= 64
    :return: File signature hexdigest, encoded in utf-8

    """

    if not key:
        raise ValueError("No signature key defined")

    if not isinstance(key, bytes):
        key = ast.literal_eval(key)

    if len(key) > blake2b.MAX_KEY_SIZE:
        key = key[:blake2b.MAX_KEY_SIZE]
        raise UserWarning("Key is too long and has been truncated")

    signature = blake2b(digest_size=64, key=key)
    signature.update(data)

    return signature.hexdigest().encode('utf-8')






[docs]
def verify(data: bytes, signature: bytes, key: bytes) -> bool:
    """Verifies a signature

    :param data: Data to be verified
    :param signature: Signature for verification
    :param key: Signature key, len(key) <= 64
    :return: True if verification was successful else False

    """

    data_signature = sign(data, key)
    return compare_digest(data_signature, signature)