Limit SHA3 support to Python 3.6+

The third-party library that adds support for this to Python 3.5 is a binary package, and thus breaks the pure-Python nature of Python-RSA. This should fix [#147](#147).
sybrenstuvel · Jun 11, 2020 · 9032802 · 9032802
1 parent fb8772a
commit 9032802
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 41 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,10 @@
   for dependency management. There apparently is an issue no-binary installs of
   packages build with Poetry. This fixes
   [#148](https://github.com/sybrenstuvel/python-rsa/issues/148)
+- Limited SHA3 support to those Python versions (3.6+) that support it natively.
+  The third-party library that adds support for this to Python 3.5 is a binary
+  package, and thus breaks the pure-Python nature of Python-RSA.
+  This should fix [#147](https://github.com/sybrenstuvel/python-rsa/issues/147).
 
 
 ## Version 4.1 - released 2020-06-10

diff --git a/Pipfile b/Pipfile
@@ -5,7 +5,6 @@ name = "pypi"
 
 [packages]
 "pyasn1" = ">=0.1.3"
-"pysha3" = {version = "~=1.0, >=1.0",markers = "python_version < '3.6'"}
 
 [dev-packages]
 coveralls = "~=1.8, >=1.8"

diff --git a/Pipfile.lock b/Pipfile.lock
diff --git a/rsa/pkcs1.py b/rsa/pkcs1.py
@@ -33,12 +33,6 @@
 
 from . import common, transform, core, key
 
-if sys.version_info < (3, 6):
-    # Python 3.6 and newer have SHA-3 support. For Python 3.5 we need a third party library.
-    # This library monkey-patches the hashlib module so that it looks like Python actually
-    # supports SHA-3 natively.
-    import sha3  # noqa: F401
-
 # ASN.1 codes that describe the hash algorithm used.
 HASH_ASN1 = {
     'MD5': b'\x30\x20\x30\x0c\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x05\x05\x00\x04\x10',
@@ -47,9 +41,6 @@
     'SHA-256': b'\x30\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x05\x00\x04\x20',
     'SHA-384': b'\x30\x41\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x02\x05\x00\x04\x30',
     'SHA-512': b'\x30\x51\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x03\x05\x00\x04\x40',
-    'SHA3-256': b'\x30\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x08\x05\x00\x04\x20',
-    'SHA3-384': b'\x30\x41\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x09\x05\x00\x04\x30',
-    'SHA3-512': b'\x30\x51\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x0a\x05\x00\x04\x40',
 }
 
 HASH_METHODS = {
@@ -59,12 +50,24 @@
     'SHA-256': hashlib.sha256,
     'SHA-384': hashlib.sha384,
     'SHA-512': hashlib.sha512,
-    'SHA3-256': hashlib.sha3_256,
-    'SHA3-384': hashlib.sha3_384,
-    'SHA3-512': hashlib.sha3_512,
 }
 
 
+if sys.version_info >= (3, 6):
+    # Python 3.6 introduced SHA3 support.
+    HASH_ASN1.update({
+        'SHA3-256': b'\x30\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x08\x05\x00\x04\x20',
+        'SHA3-384': b'\x30\x41\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x09\x05\x00\x04\x30',
+        'SHA3-512': b'\x30\x51\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x0a\x05\x00\x04\x40',
+    })
+
+    HASH_METHODS.update({
+        'SHA3-256': hashlib.sha3_256,
+        'SHA3-384': hashlib.sha3_384,
+        'SHA3-512': hashlib.sha3_512,
+    })
+
+
 class CryptoError(Exception):
     """Base class for all exceptions in this module."""
 

diff --git a/tests/test_pkcs1.py b/tests/test_pkcs1.py
@@ -15,6 +15,7 @@
 """Tests string operations."""
 
 import struct
+import sys
 import unittest
 
 import rsa
@@ -101,6 +102,12 @@ def test_sign_verify(self):
         signature = pkcs1.sign(message, self.priv, 'SHA-256')
         self.assertEqual('SHA-256', pkcs1.verify(message, signature, self.pub))
 
+
+    @unittest.skipIf(sys.version_info < (3, 6), "SHA3 requires Python 3.6+")
+    def test_sign_verify_sha3(self):
+        """Test happy flow of sign and verify with SHA3-256"""
+
+        message = b'je moeder'
         signature = pkcs1.sign(message, self.priv, 'SHA3-256')
         self.assertEqual('SHA3-256', pkcs1.verify(message, signature, self.pub))