Add scrypt KDF (#226)

wbond · Jun 29, 2022 · b5f03e6 · b5f03e6
1 parent 74ef376
commit b5f03e6
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 2 deletions.
diff --git a/asn1crypto/algos.py b/asn1crypto/algos.py
@@ -411,9 +411,21 @@ class Pbkdf2Params(Sequence):
     ]
 
 
+class ScryptParams(Sequence):
+    # https://tools.ietf.org/html/rfc7914#section-7
+    _fields = [
+        ('salt', OctetString),
+        ('cost_parameter', Integer),
+        ('block_size', Integer),
+        ('parallelization_parameter', Integer),
+        ('key_length', Integer, {'optional': True}),
+    ]
+
+
 class KdfAlgorithmId(ObjectIdentifier):
     _map = {
-        '1.2.840.113549.1.5.12': 'pbkdf2'
+        '1.2.840.113549.1.5.12': 'pbkdf2',
+        '1.3.6.1.4.1.11591.4.11': 'scrypt',
     }
 
 
@@ -424,7 +436,8 @@ class KdfAlgorithm(Sequence):
     ]
     _oid_pair = ('algorithm', 'parameters')
     _oid_specs = {
-        'pbkdf2': Pbkdf2Params
+        'pbkdf2': Pbkdf2Params,
+        'scrypt': ScryptParams,
     }
 
 
@@ -747,6 +760,8 @@ def kdf_hmac(self):
         encryption_algo = self['algorithm'].native
 
         if encryption_algo == 'pbes2':
+            if self.kdf == 'scrypt':
+                return None
             return self['parameters']['key_derivation_func']['parameters']['prf']['algorithm'].native
 
         if encryption_algo.find('.') == -1:
@@ -827,6 +842,8 @@ def kdf_iterations(self):
         encryption_algo = self['algorithm'].native
 
         if encryption_algo == 'pbes2':
+            if self.kdf == 'scrypt':
+                return None
             return self['parameters']['key_derivation_func']['parameters']['iteration_count'].native
 
         if encryption_algo.find('.') == -1:

diff --git a/tests/fixtures/scrypt_algo.der b/tests/fixtures/scrypt_algo.der
diff --git a/tests/test_algos.py b/tests/test_algos.py
@@ -43,6 +43,21 @@ def test_ccm_parameters(self):
         self.assertEqual(scheme['parameters']['aes_icvlen'].__class__, core.Integer)
         self.assertEqual(scheme['parameters']['aes_icvlen'].native, 8)
 
+    def test_scrypt_parameters(self):
+        with open(os.path.join(fixtures_dir, 'scrypt_algo.der'), 'rb') as f:
+            # PBES2 AlgorithmIdentifier
+            algo = algos.EncryptionAlgorithm.load(f.read())
+        kdf = algo['parameters']['key_derivation_func']
+        self.assertEqual(kdf['parameters'].__class__, algos.ScryptParams)
+        self.assertEqual(kdf['parameters']['salt'].__class__, core.OctetString)
+        self.assertEqual(kdf['parameters']['salt'].native, b'c\x0c\x04\xb6\xe2^\xe0v')
+        self.assertEqual(kdf['parameters']['cost_parameter'].__class__, core.Integer)
+        self.assertEqual(kdf['parameters']['cost_parameter'].native, 16384)
+        self.assertEqual(kdf['parameters']['block_size'].__class__, core.Integer)
+        self.assertEqual(kdf['parameters']['block_size'].native, 8)
+        self.assertEqual(kdf['parameters']['parallelization_parameter'].__class__, core.Integer)
+        self.assertEqual(kdf['parameters']['parallelization_parameter'].native, 1)
+
     def test_rc2_parameters(self):
         with open(os.path.join(fixtures_dir, 'rc2_algo.der'), 'rb') as f:
             algo = algos.EncryptionAlgorithm.load(f.read())