diff options
author | Sybren A. Stüvel <sybren@stuvel.eu> | 2019-08-04 17:43:55 +0200 |
---|---|---|
committer | Sybren A. Stüvel <sybren@stuvel.eu> | 2019-08-04 17:47:26 +0200 |
commit | 3c5ee594a2e38b27f086d042d9d2b9d7d0d0269d (patch) | |
tree | b8caf816400742d66a547c21cfef950a6c3b3d9f | |
parent | b68f6181e9729afc6cae42cdf12b6a8dba52a80e (diff) | |
download | rsa-git-3c5ee594a2e38b27f086d042d9d2b9d7d0d0269d.tar.gz |
Add support for SHA3 hashing
This is based on https://github.com/sybrenstuvel/python-rsa/pull/96, with
a few improvements:
- The minimum of one use of SHA3 in a unit test, to at least touch it at
some point.
- Documented the support of SHA3.
- Only install the third-party library required by Python 3.5 when we're
running on Python 3.5. Newer Python versions support SHA3 natively.
-rw-r--r-- | CHANGELOG.txt | 3 | ||||
-rw-r--r-- | doc/compatibility.rst | 2 | ||||
-rw-r--r-- | poetry.lock | 12 | ||||
-rw-r--r-- | pyproject.toml | 1 | ||||
-rw-r--r-- | rsa/pkcs1.py | 14 | ||||
-rw-r--r-- | tests/test_pkcs1.py | 4 |
6 files changed, 33 insertions, 3 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 1fbc18d..921b7bd 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -12,6 +12,9 @@ Version 4.1 - in development gives UnicodeDecodeError. - Switched to using [Poetry](https://poetry.eustace.io/) for package management. +- Added support for SHA3 hashing: SHA3-256, SHA3-384, SHA3-512. This + is natively supported by Python 3.6+ and supported via a third-party + library on Python 3.5. Version 4.0 - released 2018-09-16 diff --git a/doc/compatibility.rst b/doc/compatibility.rst index be4d295..1429553 100644 --- a/doc/compatibility.rst +++ b/doc/compatibility.rst @@ -16,7 +16,7 @@ Encryption: Signatures: PKCS#1 v1.5 using the following hash methods: - MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 + MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3-256, SHA3-384, SHA3-512 Private keys: PKCS#1 v1.5 in PEM and DER format, ASN.1 type RSAPrivateKey diff --git a/poetry.lock b/poetry.lock index 4477d26..4255772 100644 --- a/poetry.lock +++ b/poetry.lock @@ -247,6 +247,15 @@ python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*" version = "2.4.2" [[package]] +category = "main" +description = "SHA-3 (Keccak) for Python 2.7 - 3.5" +marker = "python_version >= \"3.5\" and python_version < \"3.6\"" +name = "pysha3" +optional = false +python-versions = "*" +version = "1.0.2" + +[[package]] category = "dev" description = "pytest: simple powerful testing with Python" name = "pytest" @@ -480,7 +489,7 @@ python-versions = ">=2.7" version = "0.5.2" [metadata] -content-hash = "f64e643bf6d9b4a0e0a72c8c7d4b097f49b0a36ef2832349d7954c750b9cc70c" +content-hash = "19b0fa85c2b103b5379097a1d476f450c123dd1a0b770e4c9beca9db5644fd9a" python-versions = "^3.5" [metadata.hashes] @@ -511,6 +520,7 @@ py = ["64f65755aee5b381cea27766a3a147c3f15b9b6b9ac88676de66ba2ae36793fa", "dc639 pyasn1 = ["0c444a3482c5f5c7fab93567761324f77045ede002362171e12acdd400ea50e0", "27e919f274d96829d9c78455eacf6a2253c9fd44979e5f880b672b524161366d", "3bb81821d47b17146049e7574ab4bf1e315eb7aead30efe5d6a9ca422c9710be", "3f8b11ba9fde9aeb56882589896cf9c7c8f4d5630f5e83abec1d80d1ef37b28b", "40f307cb9e351bf54b5cf956a85e02a42d4f881dac79ce7d0b736acb2adab0e5", "54734028b18e1d625a788d9846479ce088f10015db9ffb1abdd406d82b68b600", "5616c045d1eb934fecc0162bc2b9bd2c8935d4a3c4642c3ccd96fb1528b1f218", "5eb6dbc1191dc8a18da9d3ee4c3133909e3cfd0967d434dee958e737c1ca0bb7", "72f5f934852f4722e769ec9a4dd20d6fa206a78186bab2aadf27753a222892f6", "86ddc0f9a9062f111e70de780c5eb6d5d726f44809fafaa0af7a534ed66fc7c1", "b17f6696f920dc712a4dc5c711b1abd623d80531910e1455c70a6cb85ffb6332", "b773d5c9196ffbc3a1e13bdf909d446cad80a039aa3340bcad72f395b76ebc86", "f8dda822e63df09237acd8f88940c68c1964076e5d9a906cbf385d71ec1a4006"] pygments = ["71e430bc85c88a430f000ac1d9b331d2407f681d6f6aec95e8bcfbc3df5b0127", "881c4c157e45f30af185c1ffe8d549d48ac9127433f2c380c24b84572ad66297"] pyparsing = ["6f98a7b9397e206d78cc01df10131398f1c8b8510a2f4d97d9abd82e1aacdd80", "d9338df12903bbf5d65a0e4e87c2161968b10d2e489652bb47001d82a9b028b4"] +pysha3 = ["0060a66be16665d90c432f55a0ba1f6480590cfb7d2ad389e688a399183474f0", "11a2ba7a2e1d9669d0052fc8fb30f5661caed5512586ecbeeaf6bf9478ab5c48", "386998ee83e313b6911327174e088021f9f2061cbfa1651b97629b761e9ef5c4", "41be70b06c8775a9e4d4eeb52f2f6a3f356f17539a54eac61f43a29e42fd453d", "4416f16b0f1605c25f627966f76873e432971824778b369bd9ce1bb63d6566d9", "571a246308a7b63f15f5aa9651f99cf30f2a6acba18eddf28f1510935968b603", "59111c08b8f34495575d12e5f2ce3bafb98bea470bc81e70c8b6df99aef0dd2f", "5ec8da7c5c70a53b5fa99094af3ba8d343955b212bc346a0d25f6ff75853999f", "684cb01d87ed6ff466c135f1c83e7e4042d0fc668fa20619f581e6add1d38d77", "68c3a60a39f9179b263d29e221c1bd6e01353178b14323c39cc70593c30f21c5", "6e6a84efb7856f5d760ee55cd2b446972cb7b835676065f6c4f694913ea8f8d9", "827b308dc025efe9b6b7bae36c2e09ed0118a81f792d888548188e97b9bf9a3d", "93abd775dac570cb9951c4e423bcb2bc6303a9d1dc0dc2b7afa2dd401d195b24", "9c778fa8b161dc9348dc5cc361e94d54aa5ff18413788f4641f6600d4893a608", "9fdd28884c5d0b4edfed269b12badfa07f1c89dbc5c9c66dd279833894a9896b", "c7c2adcc43836223680ebdf91f1d3373543dc32747c182c8ca2e02d1b69ce030", "c93a2676e6588abcfaecb73eb14485c81c63b94fca2000a811a7b4fb5937b8e8", "cd5c961b603bd2e6c2b5ef9976f3238a561c58569945d4165efb9b9383b050ef", "f9046d59b3e72aa84f6dae83a040bd1184ebd7fef4e822d38186a8158c89e3cf", "fd7e66999060d079e9c0e8893e78d8017dad4f59721f6fe0be6307cd32127a07", "fe988e73f2ce6d947220624f04d467faf05f1bbdbc64b0a201296bb3af92739e"] pytest = ["6ef6d06de77ce2961156013e9dff62f1b2688aa04d0dc244299fe7d67e09370d", "a736fed91c12681a7b34617c8fcefe39ea04599ca72c608751c31d89579a3f77"] pytest-cov = ["2b097cde81a302e1047331b48cadacf23577e431b61e9c6f49a1170bbe3d3da6", "e00ea4fdde970725482f1f35630d12f074e121a23801aabf2ae154ec6bdd343a"] pytz = ["26c0b32e437e54a18161324a2fca3c4b9846b74a8dccddd843113109e1116b32", "c894d57500a4cd2d5c71114aaab77dbab5eabd9022308ce5ac9bb93a60a6f0c7"] diff --git a/pyproject.toml b/pyproject.toml index 776c6ab..df54336 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -32,6 +32,7 @@ pyrsa-verify = "rsa.cli:verify" [tool.poetry.dependencies] python = "^3.5" pyasn1 = ">=0.1.3" +pysha3 = {version="^1.0", python="~3.5"} [tool.poetry.dev-dependencies] coveralls = "^1.8" diff --git a/rsa/pkcs1.py b/rsa/pkcs1.py index 39ebc49..f810771 100644 --- a/rsa/pkcs1.py +++ b/rsa/pkcs1.py @@ -30,8 +30,16 @@ to your users. import hashlib import os +import sys import typing +if sys.version_info < (3, 6): + # Python 3.6 and newer have SHA-3 support. For Python 3.5 we need a third party library. + # This library monkey-patches the hashlib module so that it looks like Python actually + # supports SHA-3 natively. + import sha3 + + from . import common, transform, core, key # ASN.1 codes that describe the hash algorithm used. @@ -42,6 +50,9 @@ HASH_ASN1 = { 'SHA-256': b'\x30\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x05\x00\x04\x20', 'SHA-384': b'\x30\x41\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x02\x05\x00\x04\x30', 'SHA-512': b'\x30\x51\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x03\x05\x00\x04\x40', + 'SHA3-256': b'\x30\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x08\x05\x00\x04\x20', + 'SHA3-384': b'\x30\x41\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x09\x05\x00\x04\x30', + 'SHA3-512': b'\x30\x51\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x0a\x05\x00\x04\x40', } HASH_METHODS = { @@ -51,6 +62,9 @@ HASH_METHODS = { 'SHA-256': hashlib.sha256, 'SHA-384': hashlib.sha384, 'SHA-512': hashlib.sha512, + 'SHA3-256': hashlib.sha3_256, + 'SHA3-384': hashlib.sha3_384, + 'SHA3-512': hashlib.sha3_512, } diff --git a/tests/test_pkcs1.py b/tests/test_pkcs1.py index 1704ffd..1f0d305 100644 --- a/tests/test_pkcs1.py +++ b/tests/test_pkcs1.py @@ -75,9 +75,11 @@ class SignatureTest(unittest.TestCase): message = b'je moeder' signature = pkcs1.sign(message, self.priv, 'SHA-256') - self.assertEqual('SHA-256', pkcs1.verify(message, signature, self.pub)) + signature = pkcs1.sign(message, self.priv, 'SHA3-256') + self.assertEqual('SHA3-256', pkcs1.verify(message, signature, self.pub)) + def test_find_signature_hash(self): """Test happy flow of sign and find_signature_hash""" |