1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
|
.. hazmat::
Message digests (Hashing)
=========================
.. module:: cryptography.hazmat.primitives.hashes
.. class:: Hash(algorithm)
A cryptographic hash function takes an arbitrary block of data and
calculates a fixed-size bit string (a digest), such that different data
results (with a high probability) in different digests.
This is an implementation of
:class:`~cryptography.hazmat.primitives.hashes.HashContext` meant to
be used with
:class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`
implementations to provide an incremental interface to calculating
various message digests.
.. doctest::
>>> from cryptography.hazmat.primitives import hashes
>>> digest = hashes.Hash(hashes.SHA256())
>>> digest.update(b"abc")
>>> digest.update(b"123")
>>> digest.finalize()
b'l\xa1=R\xcap\xc8\x83\xe0\xf0\xbb\x10\x1eBZ\x89\xe8bM\xe5\x1d\xb2\xd29%\x93\xafj\x84\x11\x80\x90'
Keep in mind that attacks against cryptographic hashes only get stronger
with time, and that often algorithms that were once thought to be strong,
become broken. Because of this it's important to include a plan for
upgrading the hash algorithm you use over time. For more information, see
`Lifetimes of cryptographic hash functions`_.
:param algorithm: A
:class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`
instance such as those described in
:ref:`below <cryptographic-hash-algorithms>`.
:raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the
provided ``algorithm`` is unsupported.
.. method:: update(data)
:param bytes data: The bytes to be hashed.
:raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize`.
:raises TypeError: This exception is raised if ``data`` is not ``bytes``.
.. method:: copy()
Copy this :class:`Hash` instance, usually so that you may call
:meth:`finalize` to get an intermediate digest value while we continue
to call :meth:`update` on the original instance.
:return: A new instance of :class:`Hash` that can be updated
and finalized independently of the original instance.
:raises cryptography.exceptions.AlreadyFinalized: See :meth:`finalize`.
.. method:: finalize()
Finalize the current context and return the message digest as bytes.
After ``finalize`` has been called this object can no longer be used
and :meth:`update`, :meth:`copy`, and :meth:`finalize` will raise an
:class:`~cryptography.exceptions.AlreadyFinalized` exception.
:return bytes: The message digest as bytes.
.. _cryptographic-hash-algorithms:
SHA-2 family
~~~~~~~~~~~~
.. class:: SHA224()
SHA-224 is a cryptographic hash function from the SHA-2 family and is
standardized by NIST. It produces a 224-bit message digest.
.. class:: SHA256()
SHA-256 is a cryptographic hash function from the SHA-2 family and is
standardized by NIST. It produces a 256-bit message digest.
.. class:: SHA384()
SHA-384 is a cryptographic hash function from the SHA-2 family and is
standardized by NIST. It produces a 384-bit message digest.
.. class:: SHA512()
SHA-512 is a cryptographic hash function from the SHA-2 family and is
standardized by NIST. It produces a 512-bit message digest.
.. class:: SHA512_224()
.. versionadded:: 2.5
SHA-512/224 is a cryptographic hash function from the SHA-2 family and is
standardized by NIST. It produces a 224-bit message digest.
.. class:: SHA512_256()
.. versionadded:: 2.5
SHA-512/256 is a cryptographic hash function from the SHA-2 family and is
standardized by NIST. It produces a 256-bit message digest.
BLAKE2
~~~~~~
`BLAKE2`_ is a cryptographic hash function specified in :rfc:`7693`. BLAKE2's
design makes it immune to `length-extension attacks`_, an advantage over the
SHA-family of hashes.
.. note::
While the RFC specifies keying, personalization, and salting features,
these are not supported at this time due to limitations in OpenSSL.
.. class:: BLAKE2b(digest_size)
BLAKE2b is optimized for 64-bit platforms and produces an 1 to 64-byte
message digest.
:param int digest_size: The desired size of the hash output in bytes. Only
``64`` is supported at this time.
:raises ValueError: If the ``digest_size`` is invalid.
.. class:: BLAKE2s(digest_size)
BLAKE2s is optimized for 8 to 32-bit platforms and produces a
1 to 32-byte message digest.
:param int digest_size: The desired size of the hash output in bytes. Only
``32`` is supported at this time.
:raises ValueError: If the ``digest_size`` is invalid.
SHA-3 family
~~~~~~~~~~~~
SHA-3 is the most recent NIST secure hash algorithm standard. Despite the
larger number SHA-3 is not considered to be better than SHA-2. Instead, it uses
a significantly different internal structure so that **if** an attack appears
against SHA-2 it is unlikely to apply to SHA-3. SHA-3 is significantly slower
than SHA-2 so at this time most users should choose SHA-2.
.. class:: SHA3_224()
.. versionadded:: 2.5
SHA3/224 is a cryptographic hash function from the SHA-3 family and is
standardized by NIST. It produces a 224-bit message digest.
.. class:: SHA3_256()
.. versionadded:: 2.5
SHA3/256 is a cryptographic hash function from the SHA-3 family and is
standardized by NIST. It produces a 256-bit message digest.
.. class:: SHA3_384()
.. versionadded:: 2.5
SHA3/384 is a cryptographic hash function from the SHA-3 family and is
standardized by NIST. It produces a 384-bit message digest.
.. class:: SHA3_512()
.. versionadded:: 2.5
SHA3/512 is a cryptographic hash function from the SHA-3 family and is
standardized by NIST. It produces a 512-bit message digest.
.. class:: SHAKE128(digest_size)
.. versionadded:: 2.5
SHAKE128 is an extendable output function (XOF) based on the same core
permutations as SHA3. It allows the caller to obtain an arbitrarily long
digest length. Longer lengths, however, do not increase security or
collision resistance and lengths shorter than 128 bit (16 bytes) will
decrease it.
:param int digest_size: The length of output desired. Must be greater than
zero.
:raises ValueError: If the ``digest_size`` is invalid.
.. class:: SHAKE256(digest_size)
.. versionadded:: 2.5
SHAKE256 is an extendable output function (XOF) based on the same core
permutations as SHA3. It allows the caller to obtain an arbitrarily long
digest length. Longer lengths, however, do not increase security or
collision resistance and lengths shorter than 256 bit (32 bytes) will
decrease it.
:param int digest_size: The length of output desired. Must be greater than
zero.
:raises ValueError: If the ``digest_size`` is invalid.
SHA-1
~~~~~
.. warning::
SHA-1 is a deprecated hash algorithm that has practical known collision
attacks. You are strongly discouraged from using it. Existing applications
should strongly consider moving away.
.. class:: SHA1()
SHA-1 is a cryptographic hash function standardized by NIST. It produces an
160-bit message digest. Cryptanalysis of SHA-1 has demonstrated that it is
vulnerable to practical collision attacks, and collisions have been
demonstrated.
MD5
~~~
.. warning::
MD5 is a deprecated hash algorithm that has practical known collision
attacks. You are strongly discouraged from using it. Existing applications
should strongly consider moving away.
.. class:: MD5()
MD5 is a deprecated cryptographic hash function. It produces a 128-bit
message digest and has practical known collision attacks.
SM3
~~~
.. class:: SM3()
.. versionadded:: 35.0.0
SM3 is a cryptographic hash function standardized by the Chinese National
Cryptography Administration in `GM/T 0004-2012`_. It produces 256-bit
message digests. (An English description is available at
`draft-sca-cfrg-sm3`_.) This hash should be used for compatibility
purposes where required and is not otherwise recommended for use.
Interfaces
~~~~~~~~~~
.. class:: HashAlgorithm
.. attribute:: name
:type: str
The standard name for the hash algorithm, for example: ``"sha256"`` or
``"blake2b"``.
.. attribute:: digest_size
:type: int
The size of the resulting digest in bytes.
.. class:: HashContext
.. attribute:: algorithm
A :class:`HashAlgorithm` that will be used by this context.
.. method:: update(data)
:param bytes data: The data you want to hash.
.. method:: finalize()
:return: The final digest as bytes.
.. method:: copy()
:return: A :class:`HashContext` that is a copy of the current context.
.. _`Lifetimes of cryptographic hash functions`: https://valerieaurora.org/hash.html
.. _`BLAKE2`: https://www.blake2.net/
.. _`length-extension attacks`: https://en.wikipedia.org/wiki/Length_extension_attack
.. _`GM/T 0004-2012`: https://www.oscca.gov.cn/sca/xxgk/2010-12/17/1002389/files/302a3ada057c4a73830536d03e683110.pdf
.. _`draft-sca-cfrg-sm3`: https://datatracker.ietf.org/doc/html/draft-sca-cfrg-sm3
|
