Skip to content

Add SHA-3 support#1680

Merged
larabr merged 11 commits intoopenpgpjs:v6from
RyanHopkins7:v6
Sep 25, 2023
Merged

Add SHA-3 support#1680
larabr merged 11 commits intoopenpgpjs:v6from
RyanHopkins7:v6

Conversation

@RyanHopkins7
Copy link
Copy Markdown
Contributor

@RyanHopkins7 RyanHopkins7 commented Sep 18, 2023

These changes should add SHA-3 support from noble hashes as I discussed with @twiss on Gitter. This change is in regards to #1663.
I've added tests in test/crypto/hash/sha.js, but I'm not sure if I should add more tests using a PGP key which uses SHA3 internally. What do you think? If you think that I should, where do you think I should add that test? Maybe test/crypto/validate.js?

larabr
larabr reviewed Sep 18, 2023
View reviewed changes
Comment thread src/crypto/hash/index.js Outdated
larabr
larabr requested changes Sep 18, 2023
View reviewed changes
Copy link
Copy Markdown
Collaborator

@larabr larabr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for working on this! 🙂
I just left a small comment about leveraging NodeCrypto as well.

I've added tests but I'm not sure if I should add more tests using a PGP key which uses SHA3 internally. What do you think? If you think that I should, where do you think I should add that test?

I would add a test checking that

  • a key using SHA3 internal signatures can be read using openpgp.readKey (e.g. key from #1663 (comment) )
  • signing with the key (using openpgp.sign) generates a sha3 signature
  • the newly generated SHA3 signature is verified (by openpgp.verify)

This could go under the unit tests for signing in test/general/openpgpjs.js.

Since SHA3 is just another hash algo, I don't think more ad-hoc tests are needed: everything is expected to work as long as the underlying hash function is correct.

@RyanHopkins7
Copy link
Copy Markdown
Contributor Author

RyanHopkins7 commented Sep 18, 2023

Sounds great, thanks for your quick review!! I'll add the test(s) you suggested.

@RyanHopkins7
Copy link
Copy Markdown
Contributor Author

RyanHopkins7 commented Sep 19, 2023
edited
Loading

Hi, I've added tests for openpgp.readKey, openpgp.sign, and openpgp.verify using the private key from #1663 (comment). Please let me know if that's sufficient or if you had any other suggestions!

larabr
larabr reviewed Sep 19, 2023
View reviewed changes
Comment thread test/general/openpgp.js Outdated
Comment thread test/general/openpgp.js Outdated
Comment thread test/general/openpgp.js
Comment thread test/general/openpgp.js Outdated
Comment thread test/general/openpgp.js Outdated
@RyanHopkins7
Copy link
Copy Markdown
Contributor Author

RyanHopkins7 commented Sep 20, 2023
edited
Loading

Thanks a bunch for your feedback, explanations, and patience. :)
I believe that the test should be good now, and all npm tests are passing for me-- let me know if there's anything else though!

larabr
larabr reviewed Sep 20, 2023
View reviewed changes
Comment thread test/general/openpgp.js Outdated
larabr
larabr reviewed Sep 20, 2023
View reviewed changes
Comment thread test/general/openpgp.js Outdated
larabr
larabr reviewed Sep 20, 2023
View reviewed changes
Copy link
Copy Markdown
Collaborator

@larabr larabr left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the prompt changes! Almost there, just noted a couple of minor things 🙂 (in particular, see #1680 (comment) ).

larabr
larabr approved these changes Sep 21, 2023
View reviewed changes
Copy link
Copy Markdown
Collaborator

@larabr larabr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks again! Looks good to me, let's see if @twiss has something to add 🙂

@larabr larabr requested a review from twiss September 21, 2023 10:28
twiss
twiss approved these changes Sep 25, 2023
View reviewed changes
Copy link
Copy Markdown
Member

@twiss twiss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for working on this! It looks good to me. Just as a note, we may want to consider adding these algorithms to the preferred hash algorithms (in key/factory.js) as well, but before we do that we should do some benchmarks on which algorithms are fastest, to decide the order. So IMO we can merge this as-is and do that later :)

@larabr larabr merged commit d82f9f3 into openpgpjs:v6 Sep 25, 2023
larabr pushed a commit that referenced this pull request Oct 20, 2023
@RyanHopkins7 @larabr
Add SHA-3 signature support (#1680)
4e2dfa5 
To support parsing, signing and verifying SHA3 signatures over messages and
keys.
@twiss twiss mentioned this pull request Oct 23, 2023
Closed
larabr pushed a commit that referenced this pull request Oct 24, 2023
@RyanHopkins7 @larabr
Add SHA-3 signature support (#1680)
a3cd24e 
To support parsing, signing and verifying SHA3 signatures over messages and
keys.
larabr pushed a commit that referenced this pull request Oct 25, 2023
@RyanHopkins7 @larabr
Add SHA-3 signature support (#1680)
53e1ec0 
To support parsing, signing and verifying SHA3 signatures over messages and
keys.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@twiss twiss twiss approved these changes

@larabr larabr larabr approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@RyanHopkins7 @twiss @larabr