Hashers¶
blake2signer.hashers
¶
Hashers handlers.
These are not meant to be used directly, but otherwise through a signer.
BLAKE2Hasher
¶
Bases: BLAKEHasher
Hasher interface with BLAKE2.
Source code in blake2signer/hashers/blakehashers.py
133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 |
|
__init__(hasher, *, secrets, digest_size, person)
¶
BLAKE hasher to interface with different BLAKE versions.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
hasher |
HasherChoice
|
Hash function to use. |
required |
Other Parameters:
Name | Type | Description |
---|---|---|
secrets |
typing.Tuple[bytes, ...]
|
A tuple of secret values which are derived using BLAKE to produce the signing key, to ensure they fit the hasher limits (so they have no practical size limit), from oldest to newest. This allows secret rotation: signatures are checked against all of them, but the last one (the newest one) is used to sign. |
digest_size |
int
|
Size of digest in bytes. |
person |
bytes
|
Personalisation string to force the hash function to produce different digests for the same input. It is derived using BLAKE to ensure it fits the hasher limits, so it has no practical size limit. |
Raises:
Type | Description |
---|---|
InvalidOptionError
|
A parameter is out of bounds. |
Source code in blake2signer/hashers/blakehashers.py
136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 |
|
_derive_key(secret, *, person)
¶
Derive hasher key from given secret to ensure it fits the hasher correctly.
Source code in blake2signer/hashers/blakehashers.py
182 183 184 185 186 187 188 189 190 191 192 193 |
|
_derive_person(person)
¶
Derive given personalisation value to ensure it fits the hasher correctly.
Source code in blake2signer/hashers/blakehashers.py
178 179 180 |
|
digest(data, *, key, salt)
¶
Get a hash digest using the hasher in keyed hashing mode.
Source code in blake2signer/hashers/blakehashers.py
195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 |
|
max_digest_size()
¶
Get the maximum digest size, if any.
Source code in blake2signer/hashers/blakehashers.py
173 174 175 176 |
|
salt_size()
¶
Get the salt size of the hasher.
Source code in blake2signer/hashers/blakehashers.py
168 169 170 171 |
|
BLAKE3Hasher
¶
Bases: BLAKEHasher
Hasher interface with BLAKE3.
Source code in blake2signer/hashers/blakehashers.py
212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 |
|
_derive_key(secret, *, person)
¶
Derive hasher key from given secret to ensure it fits the hasher correctly.
Source code in blake2signer/hashers/blakehashers.py
229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 |
|
_derive_person(person)
¶
Derive given personalisation value to ensure it fits the hasher correctly.
Source code in blake2signer/hashers/blakehashers.py
225 226 227 |
|
digest(data, *, key, salt)
¶
Get a hash digest using the hasher in keyed hashing mode.
Source code in blake2signer/hashers/blakehashers.py
250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 |
|
max_digest_size()
¶
Get the maximum digest size of the hasher, if any.
Source code in blake2signer/hashers/blakehashers.py
220 221 222 223 |
|
salt_size()
¶
Get the salt size of the hasher.
Source code in blake2signer/hashers/blakehashers.py
215 216 217 218 |
|
HasherChoice
¶
Bases: str
, Enum
Hasher selection choices.
Source code in blake2signer/hashers/blakehashers.py
13 14 15 16 17 18 |
|
has_blake3()
¶
Return True if the blake3
package is installed.
Source code in blake2signer/hashers/blake3_package.py
30 31 32 |
|
blake3_package
¶
BLAKE3 module to handle the optional blake3
package.
When, and if, this package gets to the Python core, we can remove this.
has_blake3()
¶
Return True if the blake3
package is installed.
Source code in blake2signer/hashers/blake3_package.py
30 31 32 |
|
blakehashers
¶
BLAKE hashers handlers.
BLAKE2Hasher
¶
Bases: BLAKEHasher
Hasher interface with BLAKE2.
Source code in blake2signer/hashers/blakehashers.py
133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 |
|
__init__(hasher, *, secrets, digest_size, person)
¶
BLAKE hasher to interface with different BLAKE versions.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
hasher |
HasherChoice
|
Hash function to use. |
required |
Other Parameters:
Name | Type | Description |
---|---|---|
secrets |
typing.Tuple[bytes, ...]
|
A tuple of secret values which are derived using BLAKE to produce the signing key, to ensure they fit the hasher limits (so they have no practical size limit), from oldest to newest. This allows secret rotation: signatures are checked against all of them, but the last one (the newest one) is used to sign. |
digest_size |
int
|
Size of digest in bytes. |
person |
bytes
|
Personalisation string to force the hash function to produce different digests for the same input. It is derived using BLAKE to ensure it fits the hasher limits, so it has no practical size limit. |
Raises:
Type | Description |
---|---|
InvalidOptionError
|
A parameter is out of bounds. |
Source code in blake2signer/hashers/blakehashers.py
136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 |
|
_derive_key(secret, *, person)
¶
Derive hasher key from given secret to ensure it fits the hasher correctly.
Source code in blake2signer/hashers/blakehashers.py
182 183 184 185 186 187 188 189 190 191 192 193 |
|
_derive_person(person)
¶
Derive given personalisation value to ensure it fits the hasher correctly.
Source code in blake2signer/hashers/blakehashers.py
178 179 180 |
|
digest(data, *, key, salt)
¶
Get a hash digest using the hasher in keyed hashing mode.
Source code in blake2signer/hashers/blakehashers.py
195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 |
|
max_digest_size()
¶
Get the maximum digest size, if any.
Source code in blake2signer/hashers/blakehashers.py
173 174 175 176 |
|
salt_size()
¶
Get the salt size of the hasher.
Source code in blake2signer/hashers/blakehashers.py
168 169 170 171 |
|
BLAKE3Hasher
¶
Bases: BLAKEHasher
Hasher interface with BLAKE3.
Source code in blake2signer/hashers/blakehashers.py
212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 |
|
_derive_key(secret, *, person)
¶
Derive hasher key from given secret to ensure it fits the hasher correctly.
Source code in blake2signer/hashers/blakehashers.py
229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 |
|
_derive_person(person)
¶
Derive given personalisation value to ensure it fits the hasher correctly.
Source code in blake2signer/hashers/blakehashers.py
225 226 227 |
|
digest(data, *, key, salt)
¶
Get a hash digest using the hasher in keyed hashing mode.
Source code in blake2signer/hashers/blakehashers.py
250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 |
|
max_digest_size()
¶
Get the maximum digest size of the hasher, if any.
Source code in blake2signer/hashers/blakehashers.py
220 221 222 223 |
|
salt_size()
¶
Get the salt size of the hasher.
Source code in blake2signer/hashers/blakehashers.py
215 216 217 218 |
|
BLAKEHasher
¶
Bases: ABC
BLAKE interface to manage payload signing using different BLAKE versions.
Source code in blake2signer/hashers/blakehashers.py
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 |
|
__init__(hasher, *, secrets, digest_size, person)
¶
BLAKE hasher to interface with different BLAKE versions.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
hasher |
HasherChoice
|
Hash function to use. |
required |
Other Parameters:
Name | Type | Description |
---|---|---|
secrets |
typing.Tuple[bytes, ...]
|
A tuple of secret values which are derived using BLAKE to produce the signing key, to ensure they fit the hasher limits (so they have no practical size limit), from oldest to newest. This allows secret rotation: signatures are checked against all of them, but the last one (the newest one) is used to sign. |
digest_size |
int
|
Size of digest in bytes. |
person |
bytes
|
Personalisation string to force the hash function to produce different digests for the same input. It is derived using BLAKE to ensure it fits the hasher limits, so it has no practical size limit. |
Raises:
Type | Description |
---|---|
InvalidOptionError
|
A parameter is out of bounds. |
MissingDependencyError
|
A required dependency is not met. |
Source code in blake2signer/hashers/blakehashers.py
24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
|
_derive_key(secret, *, person)
¶
Derive hasher key from given secret to ensure it fits the hasher correctly.
Source code in blake2signer/hashers/blakehashers.py
104 105 106 107 108 109 110 111 |
|
_derive_keys(secrets, *, person)
¶
Derive hasher keys from given secrets to ensure they fit the hasher.
Source code in blake2signer/hashers/blakehashers.py
113 114 115 116 117 118 119 120 |
|
_derive_person(person)
¶
Derive given personalisation value to ensure it fits the hasher correctly.
Source code in blake2signer/hashers/blakehashers.py
100 101 102 |
|
_validate_digest_size(digest_size)
¶
Validate the digest_size value and return it clean.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
digest_size |
int
|
digest size to validate. |
required |
Returns:
Type | Description |
---|---|
int
|
Validated digest size. |
Raises:
Type | Description |
---|---|
InvalidOptionError
|
The value is out of bounds. |
Source code in blake2signer/hashers/blakehashers.py
70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 |
|
digest(data, *, key, salt)
¶
Get a hash digest using the hasher in keyed hashing mode.
Source code in blake2signer/hashers/blakehashers.py
122 123 124 125 126 127 128 129 130 |
|
keys()
¶
Get hasher keys, from oldest to newest.
Source code in blake2signer/hashers/blakehashers.py
60 61 62 63 |
|
max_digest_size()
¶
Get the maximum digest size of the hasher, if any.
Source code in blake2signer/hashers/blakehashers.py
95 96 97 98 |
|
salt_size()
¶
Get the salt size of the hasher.
Source code in blake2signer/hashers/blakehashers.py
90 91 92 93 |
|
signing_key()
¶
Get the hasher signing key (the newest one).
Source code in blake2signer/hashers/blakehashers.py
65 66 67 68 |
|
HasherChoice
¶
Bases: str
, Enum
Hasher selection choices.
Source code in blake2signer/hashers/blakehashers.py
13 14 15 16 17 18 |
|