Add support for SHA3 hashing

sybrenstuvel · sybrenstuvel · commit 3c5ee594a2e3 · 2019-08-04T17:47:26.000+02:00
This is based on sybrenstuvel#96, with a few improvements: - The minimum of one use of SHA3 in a unit test, to at least touch it at some point. - Documented the support of SHA3. - Only install the third-party library required by Python 3.5 when we're running on Python 3.5. Newer Python versions support SHA3 natively.
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
@@ -12,6 +12,9 @@ Version 4.1 - in development
   gives UnicodeDecodeError.
 - Switched to using [Poetry](https://poetry.eustace.io/) for package
   management.
+- Added support for SHA3 hashing: SHA3-256, SHA3-384, SHA3-512. This
+  is natively supported by Python 3.6+ and supported via a third-party
+  library on Python 3.5.
 
 
 Version 4.0 - released 2018-09-16
diff --git a/doc/compatibility.rst b/doc/compatibility.rst
@@ -16,7 +16,7 @@ Encryption:
 
 Signatures:
     PKCS#1 v1.5 using the following hash methods:
-    MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512
+    MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3-256, SHA3-384, SHA3-512
 
 Private keys:
     PKCS#1 v1.5 in PEM and DER format, ASN.1 type RSAPrivateKey
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -32,6 +32,7 @@ pyrsa-verify = "rsa.cli:verify"
 [tool.poetry.dependencies]
 python = "^3.5"
 pyasn1 = ">=0.1.3"
+pysha3 = {version="^1.0", python="~3.5"}
 
 [tool.poetry.dev-dependencies]
 coveralls = "^1.8"
diff --git a/rsa/pkcs1.py b/rsa/pkcs1.py
@@ -30,8 +30,16 @@
 
 import hashlib
 import os
+import sys
 import typing
 
+if sys.version_info < (3, 6):
+    # Python 3.6 and newer have SHA-3 support. For Python 3.5 we need a third party library.
+    # This library monkey-patches the hashlib module so that it looks like Python actually
+    # supports SHA-3 natively.
+    import sha3
+
+
 from . import common, transform, core, key
 
 # ASN.1 codes that describe the hash algorithm used.
@@ -42,6 +50,9 @@
     'SHA-256': b'\x30\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x05\x00\x04\x20',
     'SHA-384': b'\x30\x41\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x02\x05\x00\x04\x30',
     'SHA-512': b'\x30\x51\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x03\x05\x00\x04\x40',
+    'SHA3-256': b'\x30\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x08\x05\x00\x04\x20',
+    'SHA3-384': b'\x30\x41\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x09\x05\x00\x04\x30',
+    'SHA3-512': b'\x30\x51\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x0a\x05\x00\x04\x40',
 }
 
 HASH_METHODS = {
@@ -51,6 +62,9 @@
     'SHA-256': hashlib.sha256,
     'SHA-384': hashlib.sha384,
     'SHA-512': hashlib.sha512,
+    'SHA3-256': hashlib.sha3_256,
+    'SHA3-384': hashlib.sha3_384,
+    'SHA3-512': hashlib.sha3_512,
 }
 
 
diff --git a/tests/test_pkcs1.py b/tests/test_pkcs1.py
@@ -75,9 +75,11 @@ def test_sign_verify(self):
 
         message = b'je moeder'
         signature = pkcs1.sign(message, self.priv, 'SHA-256')
-
         self.assertEqual('SHA-256', pkcs1.verify(message, signature, self.pub))
 
+        signature = pkcs1.sign(message, self.priv, 'SHA3-256')
+        self.assertEqual('SHA3-256', pkcs1.verify(message, signature, self.pub))
+
     def test_find_signature_hash(self):
         """Test happy flow of sign and find_signature_hash"""
 
