add decrepit namespace and put SEED, IDEA, Blowfish, and CAST5 in it (#…

…10284)

CHANGELOG.rst

@@ -12,7 +12,13 @@ Changelog
 * :func:`~cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key`
   now enforces a minimum RSA key size of 1024-bit. Note that 1024-bit is still
   considered insecure, users should generally use a key size of 2048-bits.
-
+* Added new :doc:`/hazmat/decrepit/index` module which contains outdated and
+  insecure cryptographic primitives.
+  :class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5`,
+  :class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`,
+  :class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA`, and
+  :class:`~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish`, which were
+  deprecated in 37.0.0, have been added to this module.
 
 .. _v42-0-1:
 

docs/hazmat/decrepit/ciphers.rst

@@ -0,0 +1,87 @@
+.. hazmat::
+
+
+Decrepit Symmetric algorithms
+=============================
+
+.. module:: cryptography.hazmat.decrepit.ciphers
+
+This module contains decrepit symmetric encryption algorithms. These
+are algorithms that should not be used unless necessary for backwards
+compatibility or interoperability with legacy systems. Their use is
+**strongly discouraged**.
+
+These algorithms require you to use a :class:`~cryptography.hazmat.primitives.ciphers.Cipher`
+object along with the appropriate :mod:`~cryptography.hazmat.primitives.ciphers.modes`.
+
+.. class:: CAST5(key)
+
+    .. versionadded:: 43.0.0
+
+    CAST5 (also known as CAST-128) is a block cipher approved for use in the
+    Canadian government by the `Communications Security Establishment`_. It is
+    a variable key length cipher and supports keys from 40-128 :term:`bits` in
+    length.
+
+    :param key: The secret key, This must be kept secret. 40 to 128
+        :term:`bits` in length in increments of 8 bits.
+    :type key: :term:`bytes-like`
+
+    .. doctest::
+
+        >>> import os
+        >>> from cryptography.hazmat.decrepit.ciphers.algorithms import CAST5
+        >>> from cryptography.hazmat.primitives.ciphers import Cipher, modes
+        >>> key = os.urandom(16)
+        >>> iv = os.urandom(8)
+        >>> algorithm = CAST5(key)
+        >>> cipher = Cipher(algorithm, modes.CBC(iv))
+        >>> encryptor = cipher.encryptor()
+        >>> ct = encryptor.update(b"a secret message")
+        >>> decryptor = cipher.decryptor()
+        >>> decryptor.update(ct)
+        b'a secret message'
+
+.. class:: SEED(key)
+
+    .. versionadded:: 43.0.0
+
+    SEED is a block cipher developed by the Korea Information Security Agency
+    (KISA). It is defined in :rfc:`4269` and is used broadly throughout South
+    Korean industry, but rarely found elsewhere.
+
+    :param key: The secret key. This must be kept secret. ``128``
+        :term:`bits` in length.
+    :type key: :term:`bytes-like`
+
+
+.. class:: Blowfish(key)
+
+    .. versionadded:: 43.0.0
+
+    Blowfish is a block cipher developed by Bruce Schneier. It is known to be
+    susceptible to attacks when using weak keys. The author has recommended
+    that users of Blowfish move to newer algorithms.
+
+    :param key: The secret key. This must be kept secret. 32 to 448
+        :term:`bits` in length in increments of 8 bits.
+    :type key: :term:`bytes-like`
+
+.. class:: IDEA(key)
+
+    .. versionadded:: 43.0.0
+
+    IDEA (`International Data Encryption Algorithm`_) is a block cipher created
+    in 1991. It is an optional component of the `OpenPGP`_ standard. This cipher
+    is susceptible to attacks when using weak keys. It is recommended that you
+    do not use this cipher for new applications.
+
+    :param key: The secret key. This must be kept secret. ``128``
+        :term:`bits` in length.
+    :type key: :term:`bytes-like`
+
+
+
+.. _`Communications Security Establishment`: https://www.cse-cst.gc.ca
+.. _`International Data Encryption Algorithm`: https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+.. _`OpenPGP`: https://www.openpgp.org/

docs/hazmat/decrepit/index.rst

@@ -0,0 +1,14 @@
+.. hazmat::
+
+Decrepit cryptography
+=====================
+
+This module holds old, deprecated, and/or insecure cryptographic
+algorithms that may be needed in exceptional cases for backwards
+compatibility or interoperability reasons. Unless necessary
+their use is **strongly discouraged**.
+
+.. toctree::
+    :maxdepth: 2
+
+    ciphers

docs/hazmat/primitives/symmetric-encryption.rst

@@ -205,6 +205,12 @@ Algorithms
 
     .. versionadded:: 0.2
 
+    .. warning::
+
+        This algorithm has been deprecated and moved to the :doc:`/hazmat/decrepit/index`
+        module. If you need to continue using it then update your code to
+        use the new module path. It will be removed from this namespace in 45.0.0.
+
     CAST5 (also known as CAST-128) is a block cipher approved for use in the
     Canadian government by the `Communications Security Establishment`_. It is
     a variable key length cipher and supports keys from 40-128 :term:`bits` in
@@ -218,6 +224,12 @@ Algorithms
 
     .. versionadded:: 0.4
 
+    .. warning::
+
+        This algorithm has been deprecated and moved to the :doc:`/hazmat/decrepit/index`
+        module. If you need to continue using it then update your code to
+        use the new module path. It will be removed from this namespace in 45.0.0.
+
     SEED is a block cipher developed by the Korea Information Security Agency
     (KISA). It is defined in :rfc:`4269` and is used broadly throughout South
     Korean industry, but rarely found elsewhere.
@@ -252,6 +264,12 @@ Weak ciphers
 
 .. class:: Blowfish(key)
 
+    .. warning::
+
+        This algorithm has been deprecated and moved to the :doc:`/hazmat/decrepit/index`
+        module. If you need to continue using it then update your code to
+        use the new module path. It will be removed from this namespace in 45.0.0.
+
     Blowfish is a block cipher developed by Bruce Schneier. It is known to be
     susceptible to attacks when using weak keys. The author has recommended
     that users of Blowfish move to newer algorithms such as :class:`AES`.
@@ -262,6 +280,12 @@ Weak ciphers
 
 .. class:: ARC4(key)
 
+    .. warning::
+
+        This algorithm has been deprecated and moved to the :doc:`/hazmat/decrepit/index`
+        module. If you need to continue using it then update your code to
+        use the new module path. It will be removed from this namespace in 45.0.0.
+
     ARC4 (Alleged RC4) is a stream cipher with serious weaknesses in its
     initial stream output. Its use is strongly discouraged. ARC4 does not use
     mode constructions.
@@ -284,6 +308,12 @@ Weak ciphers
 
 .. class:: IDEA(key)
 
+    .. warning::
+
+        This algorithm has been deprecated and moved to the :doc:`/hazmat/decrepit/index`
+        module. If you need to continue using it then update your code to
+        use the new module path. It will be removed from this namespace in 45.0.0.
+
     IDEA (`International Data Encryption Algorithm`_) is a block cipher created
     in 1991. It is an optional component of the `OpenPGP`_ standard. This cipher
     is susceptible to attacks when using weak keys. It is recommended that you

docs/index.rst

@@ -67,6 +67,7 @@ hazmat layer only when necessary.
     hazmat/primitives/index
     exceptions
     random-numbers
+    hazmat/decrepit/index
 
 .. toctree::
     :maxdepth: 2

src/cryptography/hazmat/backends/openssl/backend.py

@@ -15,6 +15,12 @@
 from cryptography.hazmat.backends.openssl.ciphers import _CipherContext
 from cryptography.hazmat.bindings._rust import openssl as rust_openssl
 from cryptography.hazmat.bindings.openssl import binding
+from cryptography.hazmat.decrepit.ciphers.algorithms import (
+    CAST5,
+    IDEA,
+    SEED,
+    Blowfish,
+)
 from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives._asymmetric import AsymmetricPadding
 from cryptography.hazmat.primitives.asymmetric import ec
@@ -40,10 +46,6 @@
     Camellia,
     ChaCha20,
     TripleDES,
-    _BlowfishInternal,
-    _CAST5Internal,
-    _IDEAInternal,
-    _SEEDInternal,
 )
 from cryptography.hazmat.primitives.ciphers.modes import (
     CBC,
@@ -282,18 +284,18 @@ def _register_default_ciphers(self) -> None:
         ):
             for mode_cls in [CBC, CFB, OFB, ECB]:
                 self.register_cipher_adapter(
-                    _BlowfishInternal,
+                    Blowfish,
                     mode_cls,
                     GetCipherByName("bf-{mode.name}"),
                 )
             for mode_cls in [CBC, CFB, OFB, ECB]:
                 self.register_cipher_adapter(
-                    _SEEDInternal,
+                    SEED,
                     mode_cls,
                     GetCipherByName("seed-{mode.name}"),
                 )
             for cipher_cls, mode_cls in itertools.product(
-                [_CAST5Internal, _IDEAInternal],
+                [CAST5, IDEA],
                 [CBC, OFB, CFB, ECB],
             ):
                 self.register_cipher_adapter(

src/cryptography/hazmat/decrepit/__init__.py

@@ -0,0 +1,5 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import annotations

src/cryptography/hazmat/decrepit/ciphers/__init__.py

@@ -0,0 +1,5 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import annotations

src/cryptography/hazmat/decrepit/ciphers/algorithms.py

@@ -0,0 +1,62 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import annotations
+
+from cryptography.hazmat.primitives._cipheralgorithm import (
+    BlockCipherAlgorithm,
+    _verify_key_size,
+)
+
+
+class Blowfish(BlockCipherAlgorithm):
+    name = "Blowfish"
+    block_size = 64
+    key_sizes = frozenset(range(32, 449, 8))
+
+    def __init__(self, key: bytes):
+        self.key = _verify_key_size(self, key)
+
+    @property
+    def key_size(self) -> int:
+        return len(self.key) * 8
+
+
+class CAST5(BlockCipherAlgorithm):
+    name = "CAST5"
+    block_size = 64
+    key_sizes = frozenset(range(40, 129, 8))
+
+    def __init__(self, key: bytes):
+        self.key = _verify_key_size(self, key)
+
+    @property
+    def key_size(self) -> int:
+        return len(self.key) * 8
+
+
+class SEED(BlockCipherAlgorithm):
+    name = "SEED"
+    block_size = 128
+    key_sizes = frozenset([128])
+
+    def __init__(self, key: bytes):
+        self.key = _verify_key_size(self, key)
+
+    @property
+    def key_size(self) -> int:
+        return len(self.key) * 8
+
+
+class IDEA(BlockCipherAlgorithm):
+    name = "IDEA"
+    block_size = 64
+    key_sizes = frozenset([128])
+
+    def __init__(self, key: bytes):
+        self.key = _verify_key_size(self, key)
+
+    @property
+    def key_size(self) -> int:
+        return len(self.key) * 8

src/cryptography/hazmat/primitives/_cipheralgorithm.py

@@ -6,6 +6,8 @@
 
 import abc
 
+from cryptography import utils
+
 # This exists to break an import cycle. It is normally accessible from the
 # ciphers module.
 
@@ -42,3 +44,15 @@ def block_size(self) -> int:
         """
         The size of a block as an integer in bits (e.g. 64, 128).
         """
+
+
+def _verify_key_size(algorithm: CipherAlgorithm, key: bytes) -> bytes:
+    # Verify that the key is instance of bytes
+    utils._check_byteslike("key", key)
+
+    # Verify that the key size matches the expected key size
+    if len(key) * 8 not in algorithm.key_sizes:
+        raise ValueError(
+            f"Invalid key size ({len(key) * 8}) for {algorithm.name}."
+        )
+    return key