CasperSecurity
# Copyright 2016-2019 Donald Stufft and individual contributors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import binascii
from typing import NoReturn
import nacl.bindings
from nacl.utils import bytes_as_string
BYTES = nacl.bindings.crypto_generichash_BYTES
BYTES_MIN = nacl.bindings.crypto_generichash_BYTES_MIN
BYTES_MAX = nacl.bindings.crypto_generichash_BYTES_MAX
KEYBYTES = nacl.bindings.crypto_generichash_KEYBYTES
KEYBYTES_MIN = nacl.bindings.crypto_generichash_KEYBYTES_MIN
KEYBYTES_MAX = nacl.bindings.crypto_generichash_KEYBYTES_MAX
SALTBYTES = nacl.bindings.crypto_generichash_SALTBYTES
PERSONALBYTES = nacl.bindings.crypto_generichash_PERSONALBYTES
SCRYPT_AVAILABLE = nacl.bindings.has_crypto_pwhash_scryptsalsa208sha256
_b2b_init = nacl.bindings.crypto_generichash_blake2b_init
_b2b_final = nacl.bindings.crypto_generichash_blake2b_final
_b2b_update = nacl.bindings.crypto_generichash_blake2b_update
class blake2b:
"""
:py:mod:`hashlib` API compatible blake2b algorithm implementation
"""
MAX_DIGEST_SIZE = BYTES
MAX_KEY_SIZE = KEYBYTES_MAX
PERSON_SIZE = PERSONALBYTES
SALT_SIZE = SALTBYTES
def __init__(
self,
data: bytes = b"",
digest_size: int = BYTES,
key: bytes = b"",
salt: bytes = b"",
person: bytes = b"",
):
"""
:py:class:`.blake2b` algorithm initializer
:param data:
:type data: bytes
:param int digest_size: the requested digest size; must be
at most :py:attr:`.MAX_DIGEST_SIZE`;
the default digest size is :py:data:`.BYTES`
:param key: the key to be set for keyed MAC/PRF usage; if set,
the key must be at most :py:data:`.KEYBYTES_MAX` long
:type key: bytes
:param salt: a initialization salt at most
:py:attr:`.SALT_SIZE` long; it will be zero-padded
if needed
:type salt: bytes
:param person: a personalization string at most
:py:attr:`.PERSONAL_SIZE` long; it will be zero-padded
if needed
:type person: bytes
"""
self._state = _b2b_init(
key=key, salt=salt, person=person, digest_size=digest_size
)
self._digest_size = digest_size
if data:
self.update(data)
@property
def digest_size(self) -> int:
return self._digest_size
@property
def block_size(self) -> int:
return 128
@property
def name(self) -> str:
return "blake2b"
def update(self, data: bytes) -> None:
_b2b_update(self._state, data)
def digest(self) -> bytes:
_st = self._state.copy()
return _b2b_final(_st)
def hexdigest(self) -> str:
return bytes_as_string(binascii.hexlify(self.digest()))
def copy(self) -> "blake2b":
_cp = type(self)(digest_size=self.digest_size)
_st = self._state.copy()
_cp._state = _st
return _cp
def __reduce__(self) -> NoReturn:
"""
Raise the same exception as hashlib's blake implementation
on copy.copy()
"""
raise TypeError(
"can't pickle {} objects".format(self.__class__.__name__)
)
def scrypt(
password: bytes,
salt: bytes = b"",
n: int = 2 ** 20,
r: int = 8,
p: int = 1,
maxmem: int = 2 ** 25,
dklen: int = 64,
) -> bytes:
"""
Derive a cryptographic key using the scrypt KDF.
:raises nacl.exceptions.UnavailableError: If called when using a
minimal build of libsodium.
Implements the same signature as the ``hashlib.scrypt`` implemented
in cpython version 3.6
"""
return nacl.bindings.crypto_pwhash_scryptsalsa208sha256_ll(
password, salt, n, r, p, maxmem=maxmem, dklen=dklen
)