diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-11-22 23:42:42 +0800 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2018-11-22 09:42:42 -0600 |
| commit | 3065e16bcc05ddde3af87484a38b67b06471670e (patch) | |
| tree | 2c5f497c0a4d4a8008b8d8ea6f17102c9939d1b6 | |
| parent | cd4de3ce6dc2a0dd4171b869e187857e4125853b (diff) | |
| download | cryptography-3065e16bcc05ddde3af87484a38b67b06471670e.tar.gz cryptography-3065e16bcc05ddde3af87484a38b67b06471670e.tar.bz2 cryptography-3065e16bcc05ddde3af87484a38b67b06471670e.zip | |
add sha3 support (#4573)
* add sha3 support
* missed versionadded
* add prose, remove block_size
| -rw-r--r-- | CHANGELOG.rst | 5 | ||||
| -rw-r--r-- | docs/hazmat/primitives/cryptographic-hashes.rst | 37 | ||||
| -rw-r--r-- | src/cryptography/hazmat/primitives/hashes.py | 24 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_hash_vectors.py | 68 |
4 files changed, 134 insertions, 0 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 345c71e2..6f2c964a 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -11,6 +11,11 @@ Changelog * Added support for :class:`~cryptography.hazmat.primitives.hashes.SHA512_224` and :class:`~cryptography.hazmat.primitives.hashes.SHA512_256` when using OpenSSL 1.1.1. +* Added support for :class:`~cryptography.hazmat.primitives.hashes.SHA3_224`, + :class:`~cryptography.hazmat.primitives.hashes.SHA3_256`, + :class:`~cryptography.hazmat.primitives.hashes.SHA3_384`, and + :class:`~cryptography.hazmat.primitives.hashes.SHA3_512` when using OpenSSL + 1.1.1. .. _v2-4-2: diff --git a/docs/hazmat/primitives/cryptographic-hashes.rst b/docs/hazmat/primitives/cryptographic-hashes.rst index 1a96fc2d..bc979365 100644 --- a/docs/hazmat/primitives/cryptographic-hashes.rst +++ b/docs/hazmat/primitives/cryptographic-hashes.rst @@ -148,6 +148,43 @@ SHA-family of hashes. :raises ValueError: If the ``digest_size`` is invalid. +SHA-3 family +~~~~~~~~~~~~ + +SHA-3 is the most recent NIST secure hash algorithm standard. Despite the +larger number SHA-3 is not considered to be better than SHA-2. Instead, it uses +a significantly different internal structure so that **if** an attack appears +against SHA-2 it is unlikely to apply to SHA-3. SHA-3 is significantly slower +than SHA-2 so at this time most users should choose SHA-2. + +.. class:: SHA3_224() + + .. versionadded:: 2.5 + + SHA3/224 is a cryptographic hash function from the SHA-3 family and is + standardized by NIST. It produces a 224-bit message digest. + +.. class:: SHA3_256() + + .. versionadded:: 2.5 + + SHA3/256 is a cryptographic hash function from the SHA-3 family and is + standardized by NIST. It produces a 256-bit message digest. + +.. class:: SHA3_384() + + .. versionadded:: 2.5 + + SHA3/384 is a cryptographic hash function from the SHA-3 family and is + standardized by NIST. It produces a 384-bit message digest. + +.. class:: SHA3_512() + + .. versionadded:: 2.5 + + SHA3/512 is a cryptographic hash function from the SHA-3 family and is + standardized by NIST. It produces a 512-bit message digest. + SHA-1 ~~~~~ diff --git a/src/cryptography/hazmat/primitives/hashes.py b/src/cryptography/hazmat/primitives/hashes.py index 79029937..259a2c01 100644 --- a/src/cryptography/hazmat/primitives/hashes.py +++ b/src/cryptography/hazmat/primitives/hashes.py @@ -151,6 +151,30 @@ class SHA512(object): @utils.register_interface(HashAlgorithm) +class SHA3_224(object): # noqa: N801 + name = "sha3-224" + digest_size = 28 + + +@utils.register_interface(HashAlgorithm) +class SHA3_256(object): # noqa: N801 + name = "sha3-256" + digest_size = 32 + + +@utils.register_interface(HashAlgorithm) +class SHA3_384(object): # noqa: N801 + name = "sha3-384" + digest_size = 48 + + +@utils.register_interface(HashAlgorithm) +class SHA3_512(object): # noqa: N801 + name = "sha3-512" + digest_size = 64 + + +@utils.register_interface(HashAlgorithm) class MD5(object): name = "md5" digest_size = 16 diff --git a/tests/hazmat/primitives/test_hash_vectors.py b/tests/hazmat/primitives/test_hash_vectors.py index 33c5f8e1..f8561fcd 100644 --- a/tests/hazmat/primitives/test_hash_vectors.py +++ b/tests/hazmat/primitives/test_hash_vectors.py @@ -182,3 +182,71 @@ class TestBLAKE2s256(object): ], hashes.BLAKE2s(digest_size=32), ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA3_224()), + skip_message="Does not support SHA3_224", +) +@pytest.mark.requires_backend_interface(interface=HashBackend) +class TestSHA3224(object): + test_SHA3_224 = generate_hash_test( + load_hash_vectors, + os.path.join("hashes", "SHA3"), + [ + "SHA3_224LongMsg.rsp", + "SHA3_224ShortMsg.rsp", + ], + hashes.SHA3_224(), + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA3_256()), + skip_message="Does not support SHA3_256", +) +@pytest.mark.requires_backend_interface(interface=HashBackend) +class TestSHA3256(object): + test_SHA3_256 = generate_hash_test( + load_hash_vectors, + os.path.join("hashes", "SHA3"), + [ + "SHA3_256LongMsg.rsp", + "SHA3_256ShortMsg.rsp", + ], + hashes.SHA3_256(), + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA3_384()), + skip_message="Does not support SHA3_384", +) +@pytest.mark.requires_backend_interface(interface=HashBackend) +class TestSHA3384(object): + test_SHA3_384 = generate_hash_test( + load_hash_vectors, + os.path.join("hashes", "SHA3"), + [ + "SHA3_384LongMsg.rsp", + "SHA3_384ShortMsg.rsp", + ], + hashes.SHA3_384(), + ) + + +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA3_512()), + skip_message="Does not support SHA3_512", +) +@pytest.mark.requires_backend_interface(interface=HashBackend) +class TestSHA3512(object): + test_SHA3_512 = generate_hash_test( + load_hash_vectors, + os.path.join("hashes", "SHA3"), + [ + "SHA3_512LongMsg.rsp", + "SHA3_512ShortMsg.rsp", + ], + hashes.SHA3_512(), + ) |