BLAKE2s

BLAKE2s is an optimized variant of BLAKE, one of the SHA-3 candidates that made it to the final round of the NIST hash competition. It is specified in RFC7693.

The algorithm uses 32 bit words, and it therefore works best on 32-bit platforms. The digest size ranges from 8 to 256 bits:

>>> from Crypto.Hash import BLAKE2s
>>>
>>> h_obj = BLAKE2s.new(digest_bits=256)
>>> h_obj.update(b'Some data')
>>> print h_obj.hexdigest()

Optionally, BLAKE2s can work as a cryptographic MAC when initialized with a secret key:

>>> from Crypto.Hash import BLAKE2s
>>>
>>> mac = BLAKE2s.new(digest_bits=128, key=b'secret')
>>> mac.update(b'Some data')
>>> print mac.hexdigest()
class Crypto.Hash.BLAKE2s.BLAKE2s_Hash(data, key, digest_bytes, update_after_digest)

A BLAKE2s hash object. Do not instantiate directly. Use the new() function.

Variables:

  • oid (string) – ASN.1 Object ID

  • block_size (integer) – the size in bytes of the internal message block, input to the compression function

  • digest_size (integer) – the size in bytes of the resulting hash

digest()

Return the binary (non-printable) digest of the message that has been hashed so far.

Returns:

The hash digest, computed over the data processed so far. Binary form.

Return type:

byte string

hexdigest()

Return the printable digest of the message that has been hashed so far.

Returns:

The hash digest, computed over the data processed so far. Hexadecimal encoded.

Return type:

string

hexverify(hex_mac_tag)

Verify that a given printable MAC (computed by another party) is valid.

Parameters:

hex_mac_tag (string) – the expected MAC of the message, as a hexadecimal string.

Raises:

ValueError – if the MAC does not match. It means that the message has been tampered with or that the MAC key is incorrect.

new(**kwargs)

Return a new instance of a BLAKE2s hash object. See new().

update(data)

Continue hashing of a message by consuming the next chunk of data.

Parameters:

data (byte string/byte array/memoryview) – The next chunk of the message being hashed.

verify(mac_tag)

Verify that a given binary MAC (computed by another party) is valid.

Parameters:

mac_tag (byte string/byte array/memoryview) – the expected MAC of the message.

Raises:

ValueError – if the MAC does not match. It means that the message has been tampered with or that the MAC key is incorrect.

Crypto.Hash.BLAKE2s.new(**kwargs)

Create a new hash object.

Parameters:

  • data (byte string/byte array/memoryview) – Optional. The very first chunk of the message to hash. It is equivalent to an early call to BLAKE2s_Hash.update().

  • digest_bytes (integer) – Optional. The size of the digest, in bytes (1 to 32). Default is 32.

  • digest_bits (integer) – Optional and alternative to digest_bytes. The size of the digest, in bits (8 to 256, in steps of 8). Default is 256.

  • key (byte string) – Optional. The key to use to compute the MAC (1 to 64 bytes). If not specified, no key will be used.

  • update_after_digest (boolean) – Optional. By default, a hash object cannot be updated anymore after the digest is computed. When this flag is True, such check is no longer enforced.

Returns:

A BLAKE2s_Hash hash object