classification
Title: PEP 466: Backport hashlib.pbkdf2_hmac to Python 2.7
Type: Stage: resolved
Components: Extension Modules, Library (Lib) Versions: Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: alex, benjamin.peterson, christian.heimes, dstufft, gregory.p.smith, lemburg, ncoghlan, pitrou, python-dev
Priority: normal Keywords: needs review, patch, security_issue

Created on 2014-04-19 00:49 by alex, last changed 2014-05-31 20:26 by python-dev. This issue is now closed.

Files
File name Uploaded Description Edit
pbkdf2.diff alex, 2014-04-19 00:49 review
pbkdf2.diff alex, 2014-05-13 13:37 review
pbkdf2.diff alex, 2014-05-21 20:49 review
pbkdf2.diff alex, 2014-05-27 03:06 review
Messages (17)
msg216823 - (view) Author: Alex Gaynor (alex) * (Python committer) Date: 2014-04-19 00:49
Pursuant to PEP466, this is a backport of Python 3.4's hashlib.pbkdf2_hmac.

Of note in this patch:

* None of the utilities for testing both a python and a C implementation simultaneously were present, so this only tests whichever implementation is available.
* Due to a variety of API changes and missing APIs, the code is not an exact copy-paste, tough luck :-)
* I haven't done docs yet.
* It currently accepts unicode values because the ``y*`` format from Python3 doesn't have any parallel in Python2. I'm not sure whether consistency with the rest of the 2-verse is more important than consistency with a sane way to treat data / the 3-verse.
msg216841 - (view) Author: Gregory P. Smith (gregory.p.smith) * (Python committer) Date: 2014-04-19 04:33
See also http://bugs.python.org/issue21288 to consider one fix/oversite/addition to the existing API as part of this process. (discuss that there)

by default: use the exact same API as 3.4 if it is suitable for PEP 466 and 2.7.7's needs. the above issue is about fixing a possible oversight; so if it happens in 3.4 it should happen in 2.7.7.
msg216842 - (view) Author: Alex Gaynor (alex) * (Python committer) Date: 2014-04-19 04:38
Yup, I've got my eyes on it, if anything lands there I'll include it in this in the 2.7 code, whether it's before or after this patch lands :-)
msg218454 - (view) Author: Alex Gaynor (alex) * (Python committer) Date: 2014-05-13 13:37
New patch includes the documentation as well.
msg218456 - (view) Author: Donald Stufft (dstufft) * (Python committer) Date: 2014-05-13 13:54
The attached patch looks pretty good to me.
msg218457 - (view) Author: Alex Gaynor (alex) * (Python committer) Date: 2014-05-13 13:55
I'm still concerned about the unicode issue, but I'm not sure what the right way to fix it is.
msg218458 - (view) Author: Donald Stufft (dstufft) * (Python committer) Date: 2014-05-13 13:56
I don't think there's any way around it, nor do I think that it actually leaks any meaningful timing.
msg218459 - (view) Author: Alex Gaynor (alex) * (Python committer) Date: 2014-05-13 13:57
Sorry, I wasn't concerned from a timing attack perspective here, I was concerned from an "oh my god implicit coercion is terrible" perspective :-)
msg218460 - (view) Author: Donald Stufft (dstufft) * (Python committer) Date: 2014-05-13 13:57
Oh, gotcha.

Yea I agree, but it's Python 2.x that's par for the course.
msg218785 - (view) Author: Marc-Andre Lemburg (lemburg) * (Python committer) Date: 2014-05-19 09:20
Some comments:

 * Python 2.7 ships with OpenSSL 0.9.8 on Windows, so the Python version will always get used on that platform, so it needs to be fast.

 * The iterations loop should use xrange instead of range

 * The .encode('ascii') in _long_to_bin() is not necessary in Python 2

 * Given that _long_to_bin() and _bin_to_long() are only used once in the function, it's better to inline the code directly.

 * bytes(buffer()) should not be necessary in Python 2, since objects with a buffer interface will usually also implement the tp_str slot used by bytes().
msg218786 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2014-05-19 10:24
Sorry that I join the party rather late.

How about you take my back port from https://bitbucket.org/tiran/backports.pbkdf2/ and remove all Python 3.x related code? :) I spent a lot of time to make the code as fast as possible.
msg218787 - (view) Author: Marc-Andre Lemburg (lemburg) * (Python committer) Date: 2014-05-19 10:34
On 19.05.2014 12:24, Christian Heimes wrote:
> 
> How about you take my back port from https://bitbucket.org/tiran/backports.pbkdf2/ and remove all Python 3.x related code? :) I spent a lot of time to make the code as fast as possible.

Could you perhaps compare this to the proposed patch ?
msg218885 - (view) Author: Alex Gaynor (alex) * (Python committer) Date: 2014-05-21 20:49
Updated patch applies all of MAL's suggestions. Except the buffer() one, the purpose of the buffer() call is to make it an error to pass a list (or random other types) since you can call bytes() on any object.
msg218887 - (view) Author: Alex Gaynor (alex) * (Python committer) Date: 2014-05-21 21:52
As a note, the current code is basically identical to the code in Christain's backport, without the py3k compat.
msg219188 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2014-05-26 22:55
Looks like there's a debugging turd in the test.
msg219197 - (view) Author: Alex Gaynor (alex) * (Python committer) Date: 2014-05-27 03:06
New patch removes the pdb nonsense in the test.
msg219475 - (view) Author: Roundup Robot (python-dev) Date: 2014-05-31 20:26
New changeset e4da3ba9dcac by Benjamin Peterson in branch '2.7':
backport hashlib.pbkdf2_hmac per PEP 466 (closes #21304)
http://hg.python.org/cpython/rev/e4da3ba9dcac
History
Date User Action Args
2014-05-31 20:26:54python-devsetstatus: open -> closed

nosy: + python-dev
messages: + msg219475

resolution: fixed
stage: resolved
2014-05-27 03:06:58alexsetfiles: + pbkdf2.diff

messages: + msg219197
2014-05-26 22:55:31benjamin.petersonsetmessages: + msg219188
2014-05-21 21:52:28alexsetmessages: + msg218887
2014-05-21 20:49:12alexsetfiles: + pbkdf2.diff

messages: + msg218885
2014-05-19 10:34:07lemburgsetmessages: + msg218787
2014-05-19 10:24:15christian.heimessetmessages: + msg218786
2014-05-19 09:20:37lemburgsetnosy: + lemburg
messages: + msg218785
2014-05-13 13:57:42dstufftsetmessages: + msg218460
2014-05-13 13:57:03alexsetmessages: + msg218459
2014-05-13 13:56:19dstufftsetmessages: + msg218458
2014-05-13 13:55:15alexsetmessages: + msg218457
2014-05-13 13:54:47dstufftsetmessages: + msg218456
2014-05-13 13:37:28alexsetkeywords: + needs review
files: + pbkdf2.diff
messages: + msg218454
2014-04-19 04:38:55alexsetmessages: + msg216842
2014-04-19 04:33:48gregory.p.smithsetnosy: + gregory.p.smith
messages: + msg216841
2014-04-19 02:32:26ncoghlansettitle: PEP 446: Backport hashlib.pbkdf2_hmac to Python 2.7 -> PEP 466: Backport hashlib.pbkdf2_hmac to Python 2.7
2014-04-19 02:25:19r.david.murraysettitle: Backport hashlib.pbkdf2_hmac to Python 2.7 -> PEP 446: Backport hashlib.pbkdf2_hmac to Python 2.7
2014-04-19 01:40:18benjamin.petersonunlinkissue21307 superseder
2014-04-19 01:40:18benjamin.petersonlinkissue21307 dependencies
2014-04-19 01:33:28benjamin.petersonlinkissue21307 superseder
2014-04-19 01:05:23alexsetnosy: + pitrou, benjamin.peterson
2014-04-19 00:49:36alexsetnosy: + ncoghlan, christian.heimes, dstufft
2014-04-19 00:49:06alexcreate