Add Argon2[d/i/id] KDF algorithms

[MarkusTeufelberger]

#2643 was unfortunately closed and limited already, So here is a new issue:

OpenSSL has finally merged Argon2 support (https://www.openssl.org/docs/manmaster/man7/EVP_KDF-ARGON2.html and openssl/openssl#12256 - openssl/openssl#4091 probably should be closed, I don't see anything missing in OpenSSL any more regarding Argon2)

Please consider adding support for Argon2 (and especially the Argon2id variant) to cryptography.

[alex]

It's not yet in an OpenSSL release, once it is we'll look at adding support.

[MarkusTeufelberger]

Awesome, I'll ping when OpenSSL 3.2 is out. :-)

Would it be possible to already design the interface etc. beforehand or do you want to only start looking into this once OpenSSL eventually does an alpha/beta/final release? Should this call directly into the OpenSSL backend or towards Rust via the openssl crate? I just quickly looked into scrypt and that seems to already call into Rust: https://github.com/pyca/cryptography/blob/c1ff39ff5cb0a179cd9a8fa44dd94482487e2fa5/src/cryptography/hazmat/bindings/_rust/openssl/kdf.pyi

[alex]

Sure, we're happy to design the interface, we're even happy to have a draft PR, we just won't merge it until 3.2 is out. https://github.com/pyca/cryptography/blob/main/src/rust/src/backend/kdf.rs is where the KDF's core are implemented, and https://github.com/pyca/cryptography/tree/main/src/cryptography/hazmat/primitives/kdf contains the public Python APIs. We'll probably just follow this pattern unless there's a reason not to.

…

On Wed, May 17, 2023 at 11:00 AM MarkusTeufelberger < ***@***.***> wrote: Awesome, I'll ping when OpenSSL 3.2 is out. :-) Would it be possible to already design the interface etc. beforehand or do you want to only start looking into this once OpenSSL eventually does an alpha/beta/final release? Should this call directly into the OpenSSL backend or towards Rust via the openssl crate? I just quickly looked into scrypt and that seems to already call into Rust: https://github.com/pyca/cryptography/blob/c1ff39ff5cb0a179cd9a8fa44dd94482487e2fa5/src/cryptography/hazmat/bindings/_rust/openssl/kdf.pyi — Reply to this email directly, view it on GitHub <#8939 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAAAGBCOEXKO4EFVHO2V3UDXGTRZLANCNFSM6AAAAAAYE4XASE> . You are receiving this because you commented.Message ID: ***@***.***>

-- All that is necessary for evil to succeed is for good people to do nothing.

[reaperhulk]

Now that 3.2's release is getting close we're tracking features like this in #9795