Migrate parsing of private keys to Rust

CHANGELOG.rst

@@ -19,6 +19,13 @@ Changelog
   provided (previously no exception was raised), and raises a ``TypeError`` if
   the key is encrypted but no password is provided (previously a ``ValueError``
   was raised).
+* We significantly refactored how private key loading (
+  :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`
+  and
+  :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`)
+  works. This is intended to be backwards compatible for all well-formed keys,
+  therefore if you discover a key that now raises an exception, please file a
+  bug with instructions for reproducing.
 * Added ``unsafe_skip_rsa_key_validation`` keyword-argument to
   :func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key`.
 * Added :class:`~cryptography.hazmat.primitives.hashes.XOFHash` to support

src/rust/cryptography-key-parsing/Cargo.toml

@@ -11,7 +11,8 @@ asn1.workspace = true
 cfg-if = "1"
 openssl.workspace = true
 openssl-sys.workspace = true
+cryptography-crypto = { path = "../cryptography-crypto" }
 cryptography-x509 = { path = "../cryptography-x509" }
 
 [lints.rust]
-unexpected_cfgs = { level = "warn", check-cfg = ['cfg(CRYPTOGRAPHY_IS_LIBRESSL)', 'cfg(CRYPTOGRAPHY_IS_BORINGSSL)'] }
+unexpected_cfgs = { level = "warn", check-cfg = ['cfg(CRYPTOGRAPHY_IS_LIBRESSL)', 'cfg(CRYPTOGRAPHY_IS_BORINGSSL)', 'cfg(CRYPTOGRAPHY_OSSLCONF, values("OPENSSL_NO_RC2"))'] }

src/rust/cryptography-key-parsing/build.rs

@@ -12,4 +12,10 @@ fn main() {
     if env::var("DEP_OPENSSL_BORINGSSL").is_ok() {
         println!("cargo:rustc-cfg=CRYPTOGRAPHY_IS_BORINGSSL");
     }
+
+    if let Ok(vars) = env::var("DEP_OPENSSL_CONF") {
+        for var in vars.split(',') {
+            println!("cargo:rustc-cfg=CRYPTOGRAPHY_OSSLCONF=\"{var}\"");
+        }
+    }
 }

src/rust/cryptography-key-parsing/src/dsa.rs

@@ -0,0 +1,31 @@
+// This file is dual licensed under the terms of the Apache License, Version
+// 2.0, and the BSD License. See the LICENSE file in the root of this repository
+// for complete details.
+
+use crate::KeyParsingResult;
+
+#[derive(asn1::Asn1Read)]
+struct DsaPrivateKey<'a> {
+    version: u8,
+    p: asn1::BigUint<'a>,
+    q: asn1::BigUint<'a>,
+    g: asn1::BigUint<'a>,
+    pub_key: asn1::BigUint<'a>,
+    priv_key: asn1::BigUint<'a>,
+}
+
+pub fn parse_pkcs1_private_key(
+    data: &[u8],
+) -> KeyParsingResult<openssl::pkey::PKey<openssl::pkey::Private>> {
+    let dsa_private_key = asn1::parse_single::<DsaPrivateKey<'_>>(data)?;
+    if dsa_private_key.version != 0 {
+        return Err(crate::KeyParsingError::InvalidKey);
+    }
+    let p = openssl::bn::BigNum::from_slice(dsa_private_key.p.as_bytes())?;
+    let q = openssl::bn::BigNum::from_slice(dsa_private_key.q.as_bytes())?;
+    let g = openssl::bn::BigNum::from_slice(dsa_private_key.g.as_bytes())?;
+    let priv_key = openssl::bn::BigNum::from_slice(dsa_private_key.priv_key.as_bytes())?;
+    let pub_key = openssl::bn::BigNum::from_slice(dsa_private_key.pub_key.as_bytes())?;
+    let dsa = openssl::dsa::Dsa::from_private_components(p, q, g, priv_key, pub_key)?;
+    Ok(openssl::pkey::PKey::from_dsa(dsa)?)
+}

src/rust/cryptography-key-parsing/src/ec.rs

@@ -6,6 +6,17 @@ use cryptography_x509::common::EcParameters;
 
 use crate::{KeyParsingError, KeyParsingResult};
 
+// From RFC 5915 Section 3
+#[derive(asn1::Asn1Read)]
+pub(crate) struct EcPrivateKey<'a> {
+    pub(crate) version: u8,
+    pub(crate) private_key: &'a [u8],
+    #[explicit(0)]
+    pub(crate) parameters: Option<EcParameters<'a>>,
+    #[explicit(1)]
+    pub(crate) public_key: Option<asn1::BitString<'a>>,
+}
+
 pub(crate) fn ec_params_to_group(
     params: &EcParameters<'_>,
 ) -> KeyParsingResult<openssl::ec::EcGroup> {
@@ -51,3 +62,46 @@ pub(crate) fn ec_params_to_group(
         }
     }
 }
+
+pub fn parse_pkcs1_private_key(
+    data: &[u8],
+    ec_params: Option<EcParameters<'_>>,
+) -> KeyParsingResult<openssl::pkey::PKey<openssl::pkey::Private>> {
+    let ec_private_key = asn1::parse_single::<EcPrivateKey<'_>>(data)?;
+    if ec_private_key.version != 1 {
+        return Err(crate::KeyParsingError::InvalidKey);
+    }
+
+    let group = match (ec_params, ec_private_key.parameters) {
+        (Some(outer_params), Some(inner_params)) => {
+            if outer_params != inner_params {
+                return Err(crate::KeyParsingError::InvalidKey);
+            }
+            ec_params_to_group(&outer_params)?
+        }
+        (Some(outer_params), None) => ec_params_to_group(&outer_params)?,
+        (None, Some(inner_params)) => ec_params_to_group(&inner_params)?,
+        (None, None) => return Err(crate::KeyParsingError::InvalidKey),
+    };
+
+    let private_number = openssl::bn::BigNum::from_slice(ec_private_key.private_key)?;
+    let mut bn_ctx = openssl::bn::BigNumContext::new()?;
+    let public_point = if let Some(point_bytes) = ec_private_key.public_key {
+        openssl::ec::EcPoint::from_bytes(&group, point_bytes.as_bytes(), &mut bn_ctx)
+            .map_err(|_| crate::KeyParsingError::InvalidKey)?
+    } else {
+        let mut public_point = openssl::ec::EcPoint::new(&group)?;
+        public_point
+            .mul_generator(&group, &private_number, &bn_ctx)
+            .map_err(|_| crate::KeyParsingError::InvalidKey)?;
+        public_point
+    };
+
+    let ec_key =
+        openssl::ec::EcKey::from_private_components(&group, &private_number, &public_point)
+            .map_err(|_| KeyParsingError::InvalidKey)?;
+    ec_key
+        .check_key()
+        .map_err(|_| KeyParsingError::InvalidKey)?;
+    Ok(openssl::pkey::PKey::from_ec_key(ec_key)?)
+}

src/rust/cryptography-key-parsing/src/lib.rs

@@ -6,7 +6,9 @@
 #![deny(rust_2018_idioms, clippy::undocumented_unsafe_blocks)]
 #![allow(unknown_lints, clippy::result_large_err)]
 
-mod ec;
+pub mod dsa;
+pub mod ec;
+pub mod pkcs8;
 pub mod rsa;
 pub mod spki;
 
@@ -17,6 +19,9 @@ pub enum KeyParsingError {
     UnsupportedEllipticCurve(asn1::ObjectIdentifier),
     Parse(asn1::ParseError),
     OpenSSL(openssl::error::ErrorStack),
+    UnsupportedEncryptionAlgorithm(asn1::ObjectIdentifier),
+    EncryptedKeyWithoutPassword,
+    IncorrectPassword,
 }
 
 impl From<asn1::ParseError> for KeyParsingError {