From 54fc2c8fbd7e8a877e3995672fc9b8c9c74361b9 Mon Sep 17 00:00:00 2001 From: Ryan Date: Thu, 2 Nov 2023 09:16:40 -0400 Subject: [PATCH] Add SHA3-256 and SHA3-512 to preferred hash algos on key generation (#1696) This is to signal support to senders who wish to use these algos. Note that SHA256 remains as first default preference, followed by SHA512, as in the context of OpenPGP signatures they provide better performance/security ratio than their SHA3 counterparts. --- openpgp.d.ts | 4 +++- src/key/factory.js | 4 +++- test/general/key.js | 4 ++-- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/openpgp.d.ts b/openpgp.d.ts index 2b5509b4..76a4072c 100644 --- a/openpgp.d.ts +++ b/openpgp.d.ts @@ -782,7 +782,7 @@ export namespace enums { bzip2 = 3, } - export type hashNames = 'md5' | 'sha1' | 'ripemd' | 'sha256' | 'sha384' | 'sha512' | 'sha224'; + export type hashNames = 'md5' | 'sha1' | 'ripemd' | 'sha256' | 'sha384' | 'sha512' | 'sha224' | 'sha3_256' | 'sha3_512'; enum hash { md5 = 1, sha1 = 2, @@ -791,6 +791,8 @@ export namespace enums { sha384 = 9, sha512 = 10, sha224 = 11, + sha3_256 = 12, + sha3_512 = 14 } export type packetNames = 'publicKeyEncryptedSessionKey' | 'signature' | 'symEncryptedSessionKey' | 'onePassSignature' | 'secretKey' | 'publicKey' diff --git a/src/key/factory.js b/src/key/factory.js index c485b35c..43f07c06 100644 --- a/src/key/factory.js +++ b/src/key/factory.js @@ -216,7 +216,9 @@ async function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, conf signatureProperties.preferredHashAlgorithms = createPreferredAlgos([ // prefer fast asm.js implementations (SHA-256) enums.hash.sha256, - enums.hash.sha512 + enums.hash.sha512, + enums.hash.sha3_256, + enums.hash.sha3_512 ], config.preferredHashAlgorithm); signatureProperties.preferredCompressionAlgorithms = createPreferredAlgos([ enums.compression.uncompressed diff --git a/test/general/key.js b/test/general/key.js index 341b95d8..07c7b092 100644 --- a/test/general/key.js +++ b/test/general/key.js @@ -2262,7 +2262,7 @@ function versionSpecificTests() { ]); } const hash = openpgp.enums.hash; - expect(selfSignature.preferredHashAlgorithms).to.eql([hash.sha256, hash.sha512]); + expect(selfSignature.preferredHashAlgorithms).to.eql([hash.sha256, hash.sha512, hash.sha3_256, hash.sha3_512]); const compr = openpgp.enums.compression; expect(selfSignature.preferredCompressionAlgorithms).to.eql([compr.uncompressed]); @@ -2317,7 +2317,7 @@ function versionSpecificTests() { ]); } const hash = openpgp.enums.hash; - expect(selfSignature.preferredHashAlgorithms).to.eql([hash.sha224, hash.sha256, hash.sha512]); + expect(selfSignature.preferredHashAlgorithms).to.eql([hash.sha224, hash.sha256, hash.sha512, hash.sha3_256, hash.sha3_512]); const compr = openpgp.enums.compression; expect(selfSignature.preferredCompressionAlgorithms).to.eql([compr.zlib, compr.uncompressed]);