aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPaul Kehrer <paul.l.kehrer@gmail.com>2018-11-22 23:42:42 +0800
committerAlex Gaynor <alex.gaynor@gmail.com>2018-11-22 09:42:42 -0600
commit3065e16bcc05ddde3af87484a38b67b06471670e (patch)
tree2c5f497c0a4d4a8008b8d8ea6f17102c9939d1b6
parentcd4de3ce6dc2a0dd4171b869e187857e4125853b (diff)
downloadcryptography-3065e16bcc05ddde3af87484a38b67b06471670e.tar.gz
cryptography-3065e16bcc05ddde3af87484a38b67b06471670e.tar.bz2
cryptography-3065e16bcc05ddde3af87484a38b67b06471670e.zip
add sha3 support (#4573)
* add sha3 support * missed versionadded * add prose, remove block_size
-rw-r--r--CHANGELOG.rst5
-rw-r--r--docs/hazmat/primitives/cryptographic-hashes.rst37
-rw-r--r--src/cryptography/hazmat/primitives/hashes.py24
-rw-r--r--tests/hazmat/primitives/test_hash_vectors.py68
4 files changed, 134 insertions, 0 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 345c71e2..6f2c964a 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -11,6 +11,11 @@ Changelog
* Added support for :class:`~cryptography.hazmat.primitives.hashes.SHA512_224`
and :class:`~cryptography.hazmat.primitives.hashes.SHA512_256` when using
OpenSSL 1.1.1.
+* Added support for :class:`~cryptography.hazmat.primitives.hashes.SHA3_224`,
+ :class:`~cryptography.hazmat.primitives.hashes.SHA3_256`,
+ :class:`~cryptography.hazmat.primitives.hashes.SHA3_384`, and
+ :class:`~cryptography.hazmat.primitives.hashes.SHA3_512` when using OpenSSL
+ 1.1.1.
.. _v2-4-2:
diff --git a/docs/hazmat/primitives/cryptographic-hashes.rst b/docs/hazmat/primitives/cryptographic-hashes.rst
index 1a96fc2d..bc979365 100644
--- a/docs/hazmat/primitives/cryptographic-hashes.rst
+++ b/docs/hazmat/primitives/cryptographic-hashes.rst
@@ -148,6 +148,43 @@ SHA-family of hashes.
:raises ValueError: If the ``digest_size`` is invalid.
+SHA-3 family
+~~~~~~~~~~~~
+
+SHA-3 is the most recent NIST secure hash algorithm standard. Despite the
+larger number SHA-3 is not considered to be better than SHA-2. Instead, it uses
+a significantly different internal structure so that **if** an attack appears
+against SHA-2 it is unlikely to apply to SHA-3. SHA-3 is significantly slower
+than SHA-2 so at this time most users should choose SHA-2.
+
+.. class:: SHA3_224()
+
+ .. versionadded:: 2.5
+
+ SHA3/224 is a cryptographic hash function from the SHA-3 family and is
+ standardized by NIST. It produces a 224-bit message digest.
+
+.. class:: SHA3_256()
+
+ .. versionadded:: 2.5
+
+ SHA3/256 is a cryptographic hash function from the SHA-3 family and is
+ standardized by NIST. It produces a 256-bit message digest.
+
+.. class:: SHA3_384()
+
+ .. versionadded:: 2.5
+
+ SHA3/384 is a cryptographic hash function from the SHA-3 family and is
+ standardized by NIST. It produces a 384-bit message digest.
+
+.. class:: SHA3_512()
+
+ .. versionadded:: 2.5
+
+ SHA3/512 is a cryptographic hash function from the SHA-3 family and is
+ standardized by NIST. It produces a 512-bit message digest.
+
SHA-1
~~~~~
diff --git a/src/cryptography/hazmat/primitives/hashes.py b/src/cryptography/hazmat/primitives/hashes.py
index 79029937..259a2c01 100644
--- a/src/cryptography/hazmat/primitives/hashes.py
+++ b/src/cryptography/hazmat/primitives/hashes.py
@@ -151,6 +151,30 @@ class SHA512(object):
@utils.register_interface(HashAlgorithm)
+class SHA3_224(object): # noqa: N801
+ name = "sha3-224"
+ digest_size = 28
+
+
+@utils.register_interface(HashAlgorithm)
+class SHA3_256(object): # noqa: N801
+ name = "sha3-256"
+ digest_size = 32
+
+
+@utils.register_interface(HashAlgorithm)
+class SHA3_384(object): # noqa: N801
+ name = "sha3-384"
+ digest_size = 48
+
+
+@utils.register_interface(HashAlgorithm)
+class SHA3_512(object): # noqa: N801
+ name = "sha3-512"
+ digest_size = 64
+
+
+@utils.register_interface(HashAlgorithm)
class MD5(object):
name = "md5"
digest_size = 16
diff --git a/tests/hazmat/primitives/test_hash_vectors.py b/tests/hazmat/primitives/test_hash_vectors.py
index 33c5f8e1..f8561fcd 100644
--- a/tests/hazmat/primitives/test_hash_vectors.py
+++ b/tests/hazmat/primitives/test_hash_vectors.py
@@ -182,3 +182,71 @@ class TestBLAKE2s256(object):
],
hashes.BLAKE2s(digest_size=32),
)
+
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.hash_supported(hashes.SHA3_224()),
+ skip_message="Does not support SHA3_224",
+)
+@pytest.mark.requires_backend_interface(interface=HashBackend)
+class TestSHA3224(object):
+ test_SHA3_224 = generate_hash_test(
+ load_hash_vectors,
+ os.path.join("hashes", "SHA3"),
+ [
+ "SHA3_224LongMsg.rsp",
+ "SHA3_224ShortMsg.rsp",
+ ],
+ hashes.SHA3_224(),
+ )
+
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.hash_supported(hashes.SHA3_256()),
+ skip_message="Does not support SHA3_256",
+)
+@pytest.mark.requires_backend_interface(interface=HashBackend)
+class TestSHA3256(object):
+ test_SHA3_256 = generate_hash_test(
+ load_hash_vectors,
+ os.path.join("hashes", "SHA3"),
+ [
+ "SHA3_256LongMsg.rsp",
+ "SHA3_256ShortMsg.rsp",
+ ],
+ hashes.SHA3_256(),
+ )
+
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.hash_supported(hashes.SHA3_384()),
+ skip_message="Does not support SHA3_384",
+)
+@pytest.mark.requires_backend_interface(interface=HashBackend)
+class TestSHA3384(object):
+ test_SHA3_384 = generate_hash_test(
+ load_hash_vectors,
+ os.path.join("hashes", "SHA3"),
+ [
+ "SHA3_384LongMsg.rsp",
+ "SHA3_384ShortMsg.rsp",
+ ],
+ hashes.SHA3_384(),
+ )
+
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.hash_supported(hashes.SHA3_512()),
+ skip_message="Does not support SHA3_512",
+)
+@pytest.mark.requires_backend_interface(interface=HashBackend)
+class TestSHA3512(object):
+ test_SHA3_512 = generate_hash_test(
+ load_hash_vectors,
+ os.path.join("hashes", "SHA3"),
+ [
+ "SHA3_512LongMsg.rsp",
+ "SHA3_512ShortMsg.rsp",
+ ],
+ hashes.SHA3_512(),
+ )