Convert KDFs to Rust

alex · alex · commit 00a78c1bb034 · 2023-04-24T21:25:57.000-06:00
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -85,7 +85,6 @@
     XTS,
     Mode,
 )
-from cryptography.hazmat.primitives.kdf import scrypt
 from cryptography.hazmat.primitives.serialization import ssh
 from cryptography.hazmat.primitives.serialization.pkcs12 import (
     PBES,
@@ -365,30 +364,6 @@ def create_symmetric_decryption_ctx(
     def pbkdf2_hmac_supported(self, algorithm: hashes.HashAlgorithm) -> bool:
         return self.hmac_supported(algorithm)
 
-    def derive_pbkdf2_hmac(
-        self,
-        algorithm: hashes.HashAlgorithm,
-        length: int,
-        salt: bytes,
-        iterations: int,
-        key_material: bytes,
-    ) -> bytes:
-        buf = self._ffi.new("unsigned char[]", length)
-        evp_md = self._evp_md_non_null_from_algorithm(algorithm)
-        key_material_ptr = self._ffi.from_buffer(key_material)
-        res = self._lib.PKCS5_PBKDF2_HMAC(
-            key_material_ptr,
-            len(key_material),
-            salt,
-            len(salt),
-            iterations,
-            evp_md,
-            length,
-            buf,
-        )
-        self.openssl_assert(res == 1)
-        return self._ffi.buffer(buf)[:]
-
     def _consume_errors(self) -> typing.List[rust_openssl.OpenSSLError]:
         return rust_openssl.capture_error_stack()
 
@@ -1703,41 +1678,6 @@ def ed448_load_private_bytes(self, data: bytes) -> ed448.Ed448PrivateKey:
     def ed448_generate_key(self) -> ed448.Ed448PrivateKey:
         return rust_openssl.ed448.generate_key()
 
-    def derive_scrypt(
-        self,
-        key_material: bytes,
-        salt: bytes,
-        length: int,
-        n: int,
-        r: int,
-        p: int,
-    ) -> bytes:
-        buf = self._ffi.new("unsigned char[]", length)
-        key_material_ptr = self._ffi.from_buffer(key_material)
-        res = self._lib.EVP_PBE_scrypt(
-            key_material_ptr,
-            len(key_material),
-            salt,
-            len(salt),
-            n,
-            r,
-            p,
-            scrypt._MEM_LIMIT,
-            buf,
-            length,
-        )
-        if res != 1:
-            errors = self._consume_errors()
-            # memory required formula explained here:
-            # https://blog.filippo.io/the-scrypt-parameters/
-            min_memory = 128 * n * r // (1024**2)
-            raise MemoryError(
-                "Not enough memory to derive key. These parameters require"
-                " {} MB of memory.".format(min_memory),
-                errors,
-            )
-        return self._ffi.buffer(buf)[:]
-
     def aead_cipher_supported(self, cipher) -> bool:
         cipher_name = aead._aead_cipher_name(cipher)
         if self._fips_enabled and cipher_name not in self._fips_aead:
diff --git a/src/cryptography/hazmat/bindings/_rust/openssl/__init__.pyi b/src/cryptography/hazmat/bindings/_rust/openssl/__init__.pyi
@@ -10,6 +10,7 @@ from cryptography.hazmat.bindings._rust.openssl import (
     ed25519,
     hashes,
     hmac,
+    kdf,
     x448,
     x25519,
 )
@@ -20,6 +21,7 @@ __all__ = [
     "dh",
     "hashes",
     "hmac",
+    "kdf",
     "ed448",
     "ed25519",
     "x448",
diff --git a/src/cryptography/hazmat/bindings/_rust/openssl/kdf.pyi b/src/cryptography/hazmat/bindings/_rust/openssl/kdf.pyi
@@ -0,0 +1,22 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from cryptography.hazmat.primitives.hashes import HashAlgorithm
+
+def derive_pbkdf2_hmac(
+    key_material: bytes,
+    algorithm: HashAlgorithm,
+    salt: bytes,
+    iterations: int,
+    length: int,
+) -> bytes: ...
+def derive_scrypt(
+    key_material: bytes,
+    salt: bytes,
+    n: int,
+    r: int,
+    p: int,
+    max_mem: int,
+    length: int,
+) -> bytes: ...
diff --git a/src/cryptography/hazmat/primitives/kdf/pbkdf2.py b/src/cryptography/hazmat/primitives/kdf/pbkdf2.py
@@ -13,6 +13,7 @@
     UnsupportedAlgorithm,
     _Reasons,
 )
+from cryptography.hazmat.bindings._rust import openssl as rust_openssl
 from cryptography.hazmat.primitives import constant_time, hashes
 from cryptography.hazmat.primitives.kdf import KeyDerivationFunction
 
@@ -49,15 +50,12 @@ def derive(self, key_material: bytes) -> bytes:
             raise AlreadyFinalized("PBKDF2 instances can only be used once.")
         self._used = True
 
-        utils._check_byteslike("key_material", key_material)
-        from cryptography.hazmat.backends.openssl.backend import backend
-
-        return backend.derive_pbkdf2_hmac(
+        return rust_openssl.kdf.derive_pbkdf2_hmac(
+            key_material,
             self._algorithm,
-            self._length,
             self._salt,
             self._iterations,
-            key_material,
+            self._length,
         )
 
     def verify(self, key_material: bytes, expected_key: bytes) -> None:
diff --git a/src/cryptography/hazmat/primitives/kdf/scrypt.py b/src/cryptography/hazmat/primitives/kdf/scrypt.py
@@ -13,6 +13,7 @@
     InvalidKey,
     UnsupportedAlgorithm,
 )
+from cryptography.hazmat.bindings._rust import openssl as rust_openssl
 from cryptography.hazmat.primitives import constant_time
 from cryptography.hazmat.primitives.kdf import KeyDerivationFunction
 
@@ -62,10 +63,15 @@ def derive(self, key_material: bytes) -> bytes:
         self._used = True
 
         utils._check_byteslike("key_material", key_material)
-        from cryptography.hazmat.backends.openssl.backend import backend
 
-        return backend.derive_scrypt(
-            key_material, self._salt, self._length, self._n, self._r, self._p
+        return rust_openssl.kdf.derive_scrypt(
+            key_material,
+            self._salt,
+            self._n,
+            self._r,
+            self._p,
+            _MEM_LIMIT,
+            self._length,
         )
 
     def verify(self, key_material: bytes, expected_key: bytes) -> None:
diff --git a/src/rust/src/backend/kdf.rs b/src/rust/src/backend/kdf.rs
@@ -0,0 +1,60 @@
+// This file is dual licensed under the terms of the Apache License, Version
+// 2.0, and the BSD License. See the LICENSE file in the root of this repository
+// for complete details.
+
+use crate::backend::hashes;
+use crate::buf::CffiBuf;
+use crate::error::CryptographyResult;
+
+#[pyo3::prelude::pyfunction]
+fn derive_pbkdf2_hmac<'p>(
+    py: pyo3::Python<'p>,
+    key_material: CffiBuf<'_>,
+    algorithm: &pyo3::PyAny,
+    salt: &[u8],
+    iterations: usize,
+    length: usize,
+) -> CryptographyResult<&'p pyo3::types::PyBytes> {
+    let md = hashes::message_digest_from_algorithm(py, algorithm)?;
+
+    Ok(pyo3::types::PyBytes::new_with(py, length, |b| {
+        openssl::pkcs5::pbkdf2_hmac(key_material.as_bytes(), salt, iterations, md, b).unwrap();
+        Ok(())
+    })?)
+}
+
+#[cfg(not(CRYPTOGRAPHY_IS_LIBRESSL))]
+#[pyo3::prelude::pyfunction]
+#[allow(clippy::too_many_arguments)]
+fn derive_scrypt<'p>(
+    py: pyo3::Python<'p>,
+    key_material: CffiBuf<'_>,
+    salt: &[u8],
+    n: u64,
+    r: u64,
+    p: u64,
+    max_mem: u64,
+    length: usize,
+) -> CryptographyResult<&'p pyo3::types::PyBytes> {
+    Ok(pyo3::types::PyBytes::new_with(py, length, |b| {
+        openssl::pkcs5::scrypt(key_material.as_bytes(), salt, n, r, p, max_mem, b).map_err(|_| {
+            // memory required formula explained here:
+            // https://blog.filippo.io/the-scrypt-parameters/
+            let min_memory = 128 * n * r / (1024 * 1024);
+            pyo3::exceptions::PyMemoryError::new_err(format!(
+                "Not enough memory to derive key. These parameters require {}MB of memory.",
+                min_memory
+            ))
+        })
+    })?)
+}
+
+pub(crate) fn create_module(py: pyo3::Python<'_>) -> pyo3::PyResult<&pyo3::prelude::PyModule> {
+    let m = pyo3::prelude::PyModule::new(py, "kdf")?;
+
+    m.add_wrapped(pyo3::wrap_pyfunction!(derive_pbkdf2_hmac))?;
+    #[cfg(not(CRYPTOGRAPHY_IS_LIBRESSL))]
+    m.add_wrapped(pyo3::wrap_pyfunction!(derive_scrypt))?;
+
+    Ok(m)
+}
diff --git a/src/rust/src/backend/mod.rs b/src/rust/src/backend/mod.rs
@@ -9,6 +9,7 @@ pub(crate) mod ed25519;
 pub(crate) mod ed448;
 pub(crate) mod hashes;
 pub(crate) mod hmac;
+pub(crate) mod kdf;
 pub(crate) mod utils;
 #[cfg(any(not(CRYPTOGRAPHY_IS_LIBRESSL), CRYPTOGRAPHY_LIBRESSL_370_OR_GREATER))]
 pub(crate) mod x25519;
@@ -30,6 +31,7 @@ pub(crate) fn add_to_module(module: &pyo3::prelude::PyModule) -> pyo3::PyResult<
 
     module.add_submodule(hashes::create_module(module.py())?)?;
     module.add_submodule(hmac::create_module(module.py())?)?;
+    module.add_submodule(kdf::create_module(module.py())?)?;
 
     Ok(())
 }
