🔖 Bump version to v2.0.0

CHANGELOG.rst

@@ -1,4 +1,49 @@
 
+2.0.0 - 2021-06-11
+==================
+
+Added
+-----
+
+- Allow changing encoder in every signer: previously only Blake2SerializerSigner accepted encoders other than b64, yet not totally: the signature was always b64 URL safe encoded. This required a slight refactor splitting the signers module into bases and signers
+- Add new base32 encoder.
+- Add check to ensure that the separator does not belong to the encoder alphabet.
+- Add new hex (base16) encoder.
+- Add check to ensure that the separator and compressor flag are ASCII characters to prevent encoding errors when converting from bytes to string.
+- Add new gzip compressor.
+- Add new null serializer: a serializer that doesn't actually serializes. It can be useful when you need to manage bytes or strings, but you want to compress too, therefore being able to use the Blake2SerializerSigner for this.
+- Add check to ensure that the separator and compressor flag are not empty.
+- Add check to ensure that the encoder alphabet is ASCII and not empty.
+- Add signature timestamp to `ExpiredSignatureError` exception in new `timestamp` parameter as an aware datetime object.
+- Add new dump/load interface in `Blake2SerializerSigner` for file-like objects.
+- Add argument to `Blake2SerializerSigner.dumps()` to pass keyword arguments to the serializer.
+- Add documentation with mkdocs, and a nice title with logo (many thanks to Erus).
+- Add new methods to obtain data and signature separately for all signers: `sign_parts`/`unsign_parts` and `dumps_parts`/`loads_parts`.
+- Create a security scanning job using `Trivy <https://aquasecurity.github.io/trivy/>`_.
+- Add a job to test support for `PyPy <https://www.pypy.org>`_ 3.7.
+- Add a job to test support for `Stackless Python <https://github.com/stackless-dev/stackless/wiki>`_ 3.7.
+
+Changed
+-------
+
+- Split classes between mixins and interfaces; also serializers, compressors and encoders, which are implementations of interfaces. This smooths the way to have several different implementors and to actually be able to change the entire encoding in the future (currently the signature is always b64 URL safe encoded even if the encoder is changed in Blake2SerializerSigner).
+- Set default digest size for all signers to 16 bytes, so the output and functioning is more homogeneous.
+- Make compression flag and ratio an instance attribute.
+- Make separator an instance attribute.
+- Change type annotations for secret, personalisation, separator and compression_flag to show support for bytes and string as it has always been supported.
+- Improve force_bytes performance by not casting bytes to bytes, and change its signature to accept any.
+- Rename `use_compression` to `compress` because it's shorter and easier to write, and more tab-autocompletion friendly.
+- Recover cause in all exceptions for easier debugging. This was not done before on purpose to hide information in case a misconfiguration in the implementor application would expose said information to the public, but the benefits of having a cause traceback to the original exception are too many to not have it.
+- Split tests by module or class to avoid having a giant single file with all the tests in it.
+- Marginally improve performance, around ~4% less time, to sign and unsign by removing unneeded calls to `force_bytes` when encoding/decoding.
+
+Security
+--------
+
+- Prevent timestamped signatures "from the future" to pass as correct by checking the signature age to be bigger than 0.
+- Create a fuzzing script using `pythonfuzz` to uncover unexpected bugs.
+- Fix a potential vulnerability when the `NullSerializer` was used and the user could sign arbitrary data, then a malicious user could sign a zip bomb that when unsigned could cause at best a controlled `DecompressionError` exception or at worst a DoS or other unknown result (depends heavily on the compressor used). This scenario is not default and probably very hard to achieve (it can't be produced with the `JSONSerializer` but it could perhaps be produced by some other custom serializer too), but nevertheless the possibility was there.
+
 1.2.1 - 2021-05-10
 ==================
 

blake2signer/__init__.py

@@ -32,7 +32,7 @@
 from .signers import Blake2Signer
 from .signers import Blake2TimestampSigner
 
-__version__ = '1.2.1'
+__version__ = '2.0.0'
 
 __all__ = (
     'errors',

docs/changelog.md

@@ -1,5 +1,46 @@
 # Changelog
 
+## 2.0.0 - 2021-06-11
+
+**Added**
+
+- Allow changing encoder in every signer: previously only Blake2SerializerSigner accepted encoders other than b64, yet not totally: the signature was always b64 URL safe encoded. This required a slight refactor splitting the signers module into bases and signers
+- Add new base32 encoder.
+- Add check to ensure that the separator does not belong to the encoder alphabet.
+- Add new hex (base16) encoder.
+- Add check to ensure that the separator and compressor flag are ASCII characters to prevent encoding errors when converting from bytes to string.
+- Add new gzip compressor.
+- Add new null serializer: a serializer that doesn't actually serializes. It can be useful when you need to manage bytes or strings, but you want to compress too, therefore being able to use the Blake2SerializerSigner for this.
+- Add check to ensure that the separator and compressor flag are not empty.
+- Add check to ensure that the encoder alphabet is ASCII and not empty.
+- Add signature timestamp to `ExpiredSignatureError` exception in new `timestamp` parameter as an aware datetime object.
+- Add new dump/load interface in `Blake2SerializerSigner` for file-like objects.
+- Add argument to `Blake2SerializerSigner.dumps()` to pass keyword arguments to the serializer.
+- Add documentation with mkdocs, and a nice title with logo (many thanks to Erus).
+- Add new methods to obtain data and signature separately for all signers: `sign_parts`/`unsign_parts` and `dumps_parts`/`loads_parts`.
+- Create a security scanning job using [Trivy](https://aquasecurity.github.io/trivy/).
+- Add a job to test support for [PyPy](https://www.pypy.org) 3.7.
+- Add a job to test support for [Stackless Python](https://github.com/stackless-dev/stackless/wiki) 3.7.
+
+**Changed**
+
+- Split classes between mixins and interfaces; also serializers, compressors and encoders, which are implementations of interfaces. This smooths the way to have several implementors and to actually be able to change the entire encoding in the future (currently the signature is always b64 URL safe encoded even if the encoder is changed in Blake2SerializerSigner).
+- Set default digest size for all signers to 16 bytes, so the output and functioning is more homogeneous.
+- Make compression flag and ratio an instance attribute.
+- Make separator an instance attribute.
+- Change type annotations for secret, personalisation, separator and compression_flag to show support for bytes and string as it has always been supported.
+- Improve force_bytes performance by not casting bytes to bytes, and change its signature to accept any.
+- Rename `use_compression` to `compress` because it's shorter and easier to write, and more tab-autocompletion friendly.
+- Recover cause in all exceptions for easier debugging. This was not done before on purpose to hide information in case a misconfiguration in the implementor application would expose said information to the public, but the benefits of having a cause traceback to the original exception are too many to not have it.
+- Split tests by module or class to avoid having a giant single file with all the tests in it.
+- Marginally improve performance, around ~4% less time, to sign and unsign by removing unneeded calls to `force_bytes` when encoding/decoding.
+
+**Security**
+
+- Prevent timestamped signatures "from the future" to pass as correct by checking the signature age to be bigger than 0.
+- Create a fuzzing script using `pythonfuzz` to uncover unexpected bugs.
+- Fix a potential vulnerability when the `NullSerializer` was used, and the user could sign arbitrary data, then a malicious user could sign a zip bomb that when unsigned could cause at best a controlled `DecompressionError` exception or at worst a DoS or other unknown result (depends heavily on the compressor used). This scenario is not default and probably very hard to achieve (it can't be produced with the `JSONSerializer` but it could perhaps be produced by some other custom serializer too), but nevertheless the possibility was there.
+
 ## 1.2.1 - 2021-05-10
 
 **Added**

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "blake2signer"
-version = "1.2.1"
+version = "2.0.0"
 description = "A library to use Blake2 in keyed hashing mode to sign and verify signed data"
 authors = ["HacKan <hackan@gmail.com>"]
 license = "MPL-2.0"