Randomness for cryptographic values should come from the cryptographic provider (#12688)

* Randomness for cryptographic values should come from the cryptographic provider

* Don't export function to python per feedback

Author: skmcgrail

src/rust/src/backend/aead.rs

@@ -6,7 +6,7 @@ use pyo3::types::{PyAnyMethods, PyListMethods};
 
 use crate::buf::CffiBuf;
 use crate::error::{CryptographyError, CryptographyResult};
-use crate::{exceptions, types};
+use crate::exceptions;
 
 fn check_length(data: &[u8]) -> CryptographyResult<()> {
     if data.len() > (i32::MAX as usize) {
@@ -525,8 +525,10 @@ impl ChaCha20Poly1305 {
     }
 
     #[staticmethod]
-    fn generate_key(py: pyo3::Python<'_>) -> CryptographyResult<pyo3::Bound<'_, pyo3::PyAny>> {
-        Ok(types::OS_URANDOM.get(py)?.call1((32,))?)
+    fn generate_key(
+        py: pyo3::Python<'_>,
+    ) -> CryptographyResult<pyo3::Bound<'_, pyo3::types::PyBytes>> {
+        crate::backend::rand::get_rand_bytes(py, 32)
     }
 
     #[pyo3(signature = (nonce, data, associated_data))]
@@ -639,14 +641,14 @@ impl AesGcm {
     fn generate_key(
         py: pyo3::Python<'_>,
         bit_length: usize,
-    ) -> CryptographyResult<pyo3::Bound<'_, pyo3::PyAny>> {
+    ) -> CryptographyResult<pyo3::Bound<'_, pyo3::types::PyBytes>> {
         if bit_length != 128 && bit_length != 192 && bit_length != 256 {
             return Err(CryptographyError::from(
                 pyo3::exceptions::PyValueError::new_err("bit_length must be 128, 192, or 256"),
             ));
         }
 
-        Ok(types::OS_URANDOM.get(py)?.call1((bit_length / 8,))?)
+        crate::backend::rand::get_rand_bytes(py, bit_length / 8)
     }
 
     #[pyo3(signature = (nonce, data, associated_data))]
@@ -755,14 +757,13 @@ impl AesCcm {
     fn generate_key(
         py: pyo3::Python<'_>,
         bit_length: usize,
-    ) -> CryptographyResult<pyo3::Bound<'_, pyo3::PyAny>> {
+    ) -> CryptographyResult<pyo3::Bound<'_, pyo3::types::PyBytes>> {
         if bit_length != 128 && bit_length != 192 && bit_length != 256 {
             return Err(CryptographyError::from(
                 pyo3::exceptions::PyValueError::new_err("bit_length must be 128, 192, or 256"),
             ));
         }
-
-        Ok(types::OS_URANDOM.get(py)?.call1((bit_length / 8,))?)
+        crate::backend::rand::get_rand_bytes(py, bit_length / 8)
     }
 
     #[pyo3(signature = (nonce, data, associated_data))]
@@ -891,14 +892,14 @@ impl AesSiv {
     fn generate_key(
         py: pyo3::Python<'_>,
         bit_length: usize,
-    ) -> CryptographyResult<pyo3::Bound<'_, pyo3::PyAny>> {
+    ) -> CryptographyResult<pyo3::Bound<'_, pyo3::types::PyBytes>> {
         if bit_length != 256 && bit_length != 384 && bit_length != 512 {
             return Err(CryptographyError::from(
                 pyo3::exceptions::PyValueError::new_err("bit_length must be 256, 384, or 512"),
             ));
         }
 
-        Ok(types::OS_URANDOM.get(py)?.call1((bit_length / 8,))?)
+        crate::backend::rand::get_rand_bytes(py, bit_length / 8)
     }
 
     #[pyo3(signature = (data, associated_data))]
@@ -989,14 +990,14 @@ impl AesOcb3 {
     fn generate_key(
         py: pyo3::Python<'_>,
         bit_length: usize,
-    ) -> CryptographyResult<pyo3::Bound<'_, pyo3::PyAny>> {
+    ) -> CryptographyResult<pyo3::Bound<'_, pyo3::types::PyBytes>> {
         if bit_length != 128 && bit_length != 192 && bit_length != 256 {
             return Err(CryptographyError::from(
                 pyo3::exceptions::PyValueError::new_err("bit_length must be 128, 192, or 256"),
             ));
         }
 
-        Ok(types::OS_URANDOM.get(py)?.call1((bit_length / 8,))?)
+        crate::backend::rand::get_rand_bytes(py, bit_length / 8)
     }
 
     #[pyo3(signature = (nonce, data, associated_data))]
@@ -1116,14 +1117,14 @@ impl AesGcmSiv {
     fn generate_key(
         py: pyo3::Python<'_>,
         bit_length: usize,
-    ) -> CryptographyResult<pyo3::Bound<'_, pyo3::PyAny>> {
+    ) -> CryptographyResult<pyo3::Bound<'_, pyo3::types::PyBytes>> {
         if bit_length != 128 && bit_length != 192 && bit_length != 256 {
             return Err(CryptographyError::from(
                 pyo3::exceptions::PyValueError::new_err("bit_length must be 128, 192, or 256"),
             ));
         }
 
-        Ok(types::OS_URANDOM.get(py)?.call1((bit_length / 8,))?)
+        crate::backend::rand::get_rand_bytes(py, bit_length / 8)
     }
 
     #[pyo3(signature = (nonce, data, associated_data))]

src/rust/src/backend/mod.rs

@@ -21,6 +21,7 @@ pub(crate) mod hmac;
 pub(crate) mod kdf;
 pub(crate) mod keys;
 pub(crate) mod poly1305;
+pub(crate) mod rand;
 pub(crate) mod rsa;
 pub(crate) mod utils;
 pub(crate) mod x25519;

src/rust/src/backend/rand.rs

@@ -0,0 +1,26 @@
+// This file is dual licensed under the terms of the Apache License, Version
+// 2.0, and the BSD License. See the LICENSE file in the root of this repository
+// for complete details.
+
+use crate::error::{CryptographyError, CryptographyResult};
+
+pub(crate) fn get_rand_bytes(
+    py: pyo3::Python<'_>,
+    size: usize,
+) -> CryptographyResult<pyo3::Bound<'_, pyo3::types::PyBytes>> {
+    Ok(pyo3::types::PyBytes::new_with(py, size, |b| {
+        #[cfg(any(
+            CRYPTOGRAPHY_IS_LIBRESSL,
+            CRYPTOGRAPHY_IS_BORINGSSL,
+            CRYPTOGRAPHY_IS_AWSLC
+        ))]
+        openssl::rand::rand_bytes(b).map_err(CryptographyError::from)?;
+        #[cfg(not(any(
+            CRYPTOGRAPHY_IS_LIBRESSL,
+            CRYPTOGRAPHY_IS_BORINGSSL,
+            CRYPTOGRAPHY_IS_AWSLC
+        )))]
+        openssl::rand::rand_priv_bytes(b).map_err(CryptographyError::from)?;
+        Ok(())
+    })?)
+}

src/rust/src/pkcs12.rs

@@ -432,13 +432,9 @@ fn serialize_safebags<'p>(
         if !plain_safebags.is_empty() {
             plain_safebag_contents =
                 asn1::write_single(&asn1::SequenceOfWriter::new(plain_safebags))?;
-            auth_safe_salt = types::OS_URANDOM
-                .get(py)?
-                .call1((e.salt_length(),))?
+            auth_safe_salt = crate::backend::rand::get_rand_bytes(py, e.salt_length())?
                 .extract::<pyo3::pybacked::PyBackedBytes>()?;
-            auth_safe_iv = types::OS_URANDOM
-                .get(py)?
-                .call1((16,))?
+            auth_safe_iv = crate::backend::rand::get_rand_bytes(py, 16)?
                 .extract::<pyo3::pybacked::PyBackedBytes>()?;
             auth_safe_ciphertext = e.encrypt(
                 py,
@@ -489,10 +485,8 @@ fn serialize_safebags<'p>(
 
     let auth_safe_content = asn1::write_single(&asn1::SequenceOfWriter::new(auth_safe_contents))?;
 
-    let salt = types::OS_URANDOM
-        .get(py)?
-        .call1((8,))?
-        .extract::<pyo3::pybacked::PyBackedBytes>()?;
+    let salt =
+        crate::backend::rand::get_rand_bytes(py, 8)?.extract::<pyo3::pybacked::PyBackedBytes>()?;
     let mac_algorithm_md =
         hashes::message_digest_from_algorithm(py, &encryption_details.mac_algorithm)?;
     let mac_key = cryptography_crypto::pkcs12::kdf(
@@ -634,13 +628,9 @@ fn serialize_key_and_certificates<'p>(
             .extract::<pyo3::pybacked::PyBackedBytes>()?;
 
         let key_bag = if let Some(ref e) = encryption_details.encryption_algorithm {
-            key_salt = types::OS_URANDOM
-                .get(py)?
-                .call1((e.salt_length(),))?
+            key_salt = crate::backend::rand::get_rand_bytes(py, e.salt_length())?
                 .extract::<pyo3::pybacked::PyBackedBytes>()?;
-            key_iv = types::OS_URANDOM
-                .get(py)?
-                .call1((16,))?
+            key_iv = crate::backend::rand::get_rand_bytes(py, 16)?
                 .extract::<pyo3::pybacked::PyBackedBytes>()?;
             key_ciphertext = e.encrypt(
                 py,

src/rust/src/pkcs7.rs

@@ -103,13 +103,11 @@ fn encrypt_and_serialize<'p>(
     // Get the content encryption algorithm
     let content_encryption_algorithm_type = content_encryption_algorithm;
     let key_size = content_encryption_algorithm_type.getattr(pyo3::intern!(py, "key_size"))?;
-    let key = types::OS_URANDOM
-        .get(py)?
-        .call1((key_size.floor_div(8)?,))?;
+    let key = crate::backend::rand::get_rand_bytes(py, key_size.floor_div(8)?.extract()?)?;
     let content_encryption_algorithm = content_encryption_algorithm_type.call1((&key,))?;
 
     // Get the mode
-    let iv = types::OS_URANDOM.get(py)?.call1((16,))?;
+    let iv = crate::backend::rand::get_rand_bytes(py, 16)?;
     let cbc_mode = types::CBC.get(py)?.call1((&iv,))?;
 
     let encrypted_content = symmetric_encrypt(

src/rust/src/types.rs

@@ -37,7 +37,6 @@ pub static DATETIME_TIMEZONE_UTC: LazyPyImport =
     LazyPyImport::new("datetime", &["timezone", "utc"]);
 pub static IPADDRESS_IPADDRESS: LazyPyImport = LazyPyImport::new("ipaddress", &["ip_address"]);
 pub static IPADDRESS_IPNETWORK: LazyPyImport = LazyPyImport::new("ipaddress", &["ip_network"]);
-pub static OS_URANDOM: LazyPyImport = LazyPyImport::new("os", &["urandom"]);
 
 pub static DEPRECATED_IN_36: LazyPyImport =
     LazyPyImport::new("cryptography.utils", &["DeprecatedIn36"]);