Intrinsify pbkdf2_hmac

Author: otethal

graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/modules/hashlib/HashlibModuleBuiltins.java

@@ -45,6 +45,10 @@
 import static com.oracle.graal.python.nodes.BuiltinNames.J_SHA3;
 import static com.oracle.graal.python.nodes.BuiltinNames.T_HASHLIB;
 import static com.oracle.graal.python.nodes.BuiltinNames.T_SHA3;
+import static com.oracle.graal.python.nodes.ErrorMessages.ITERATION_VALUE_IS_TOO_GREAT;
+import static com.oracle.graal.python.nodes.ErrorMessages.ITERATION_VALUE_MUST_BE_GREATER_THAN_ZERO;
+import static com.oracle.graal.python.nodes.ErrorMessages.KEY_LENGTH_MUST_BE_GREATER_THAN_ZERO;
+import static com.oracle.graal.python.nodes.ErrorMessages.UNSUPPORTED_HASH_TYPE;
 import static com.oracle.graal.python.util.PythonUtils.TS_ENCODING;
 import static com.oracle.graal.python.util.PythonUtils.toTruffleStringUncached;
 import static com.oracle.graal.python.util.PythonUtils.tsLiteral;
@@ -60,6 +64,12 @@
 import javax.crypto.Mac;
 import javax.crypto.spec.SecretKeySpec;
 
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.jcajce.provider.util.DigestFactory;
+
 import com.oracle.graal.python.PythonLanguage;
 import com.oracle.graal.python.annotations.ArgumentClinic;
 import com.oracle.graal.python.builtins.Builtin;
@@ -68,14 +78,17 @@
 import com.oracle.graal.python.builtins.PythonBuiltinClassType;
 import com.oracle.graal.python.builtins.PythonBuiltins;
 import com.oracle.graal.python.builtins.modules.hashlib.HashlibModuleBuiltinsClinicProviders.NewNodeClinicProviderGen;
+import com.oracle.graal.python.builtins.modules.hashlib.HashlibModuleBuiltinsClinicProviders.Pbkdf2HmacNodeClinicProviderGen;
 import com.oracle.graal.python.builtins.objects.PNone;
 import com.oracle.graal.python.builtins.objects.buffer.PythonBufferAccessLibrary;
 import com.oracle.graal.python.builtins.objects.buffer.PythonBufferAcquireLibrary;
 import com.oracle.graal.python.builtins.objects.common.EconomicMapStorage;
 import com.oracle.graal.python.builtins.objects.common.HashingStorageNodes;
 import com.oracle.graal.python.builtins.objects.module.PythonModule;
 import com.oracle.graal.python.builtins.objects.ssl.CertUtils;
+import com.oracle.graal.python.lib.PyLongAsLongNode;
 import com.oracle.graal.python.nodes.ErrorMessages;
+import com.oracle.graal.python.nodes.PGuards;
 import com.oracle.graal.python.nodes.PRaiseNode;
 import com.oracle.graal.python.nodes.attributes.ReadAttributeFromPythonObjectNode;
 import com.oracle.graal.python.nodes.function.PythonBuiltinBaseNode;
@@ -89,6 +102,7 @@
 import com.oracle.graal.python.nodes.util.CastToTruffleStringNode;
 import com.oracle.graal.python.runtime.IndirectCallData;
 import com.oracle.graal.python.runtime.object.PFactory;
+import com.oracle.truffle.api.CompilerDirectives;
 import com.oracle.truffle.api.CompilerDirectives.TruffleBoundary;
 import com.oracle.truffle.api.dsl.Bind;
 import com.oracle.truffle.api.dsl.Cached;
@@ -103,6 +117,7 @@
 import com.oracle.truffle.api.frame.VirtualFrame;
 import com.oracle.truffle.api.library.CachedLibrary;
 import com.oracle.truffle.api.nodes.Node;
+import com.oracle.truffle.api.profiles.InlinedConditionProfile;
 import com.oracle.truffle.api.strings.TruffleString;
 import com.oracle.truffle.api.strings.TruffleString.CodeRange;
 
@@ -451,4 +466,77 @@ static int getFips() {
             return 0;
         }
     }
+
+    @Builtin(name = "pbkdf2_hmac", minNumOfPositionalArgs = 4, parameterNames = {"hash_name", "password", "salt", "iterations", "dklen"})
+    @GenerateNodeFactory
+    @ArgumentClinic(name = "hash_name", conversion = ArgumentClinic.ClinicConversion.TString)
+    @ArgumentClinic(name = "password", conversion = ArgumentClinic.ClinicConversion.ReadableBuffer)
+    @ArgumentClinic(name = "salt", conversion = ArgumentClinic.ClinicConversion.ReadableBuffer)
+    @ArgumentClinic(name = "iterations", conversion = ArgumentClinic.ClinicConversion.Long)
+    abstract static class Pbkdf2HmacNode extends PythonClinicBuiltinNode {
+        @Override
+        protected ArgumentClinicProvider getArgumentClinic() {
+            return Pbkdf2HmacNodeClinicProviderGen.INSTANCE;
+        }
+
+        @Specialization(limit = "3")
+        static Object pbkdf2(VirtualFrame frame, TruffleString hashName, Object password, Object salt, long iterations, Object dklenObj,
+                        @Bind("this") Node inliningTarget,
+                        @Bind PythonLanguage language,
+                        @CachedLibrary("password") PythonBufferAccessLibrary passwordLib,
+                        @CachedLibrary("salt") PythonBufferAccessLibrary saltLib,
+                        @Cached PyLongAsLongNode asLongNode,
+                        @Cached InlinedConditionProfile noDklenProfile,
+                        @Cached TruffleString.ToJavaStringNode toJavaStringNode,
+                        @Cached PRaiseNode raiseNode) {
+            try {
+                Digest digest = getDigest(toJavaStringNode.execute(hashName));
+                if (digest == null) {
+                    throw raiseNode.raise(inliningTarget, PythonBuiltinClassType.UnsupportedDigestmodError, UNSUPPORTED_HASH_TYPE, hashName);
+                }
+                if (iterations < 1) {
+                    throw raiseNode.raise(inliningTarget, PythonBuiltinClassType.ValueError, ITERATION_VALUE_MUST_BE_GREATER_THAN_ZERO);
+                }
+                if (iterations > Integer.MAX_VALUE) {
+                    throw raiseNode.raise(inliningTarget, PythonBuiltinClassType.OverflowError, ITERATION_VALUE_IS_TOO_GREAT);
+                }
+                long dklen;
+                if (noDklenProfile.profile(inliningTarget, PGuards.isPNone(dklenObj))) {
+                    dklen = digest.getDigestSize();
+                } else {
+                    dklen = asLongNode.execute(frame, inliningTarget, dklenObj);
+                }
+                dklen *= Byte.SIZE;
+                if (dklen < 1) {
+                    throw raiseNode.raise(inliningTarget, PythonBuiltinClassType.ValueError, KEY_LENGTH_MUST_BE_GREATER_THAN_ZERO);
+                }
+                if (dklen > Integer.MAX_VALUE) {
+                    throw raiseNode.raise(inliningTarget, PythonBuiltinClassType.OverflowError, ITERATION_VALUE_IS_TOO_GREAT);
+                }
+                byte[] passwordBytes = passwordLib.getInternalOrCopiedExactByteArray(password);
+                byte[] saltBytes = saltLib.getInternalOrCopiedExactByteArray(salt);
+                return PFactory.createBytes(language, generate(digest, passwordBytes, saltBytes, (int) iterations, (int) dklen));
+            } finally {
+                passwordLib.release(password);
+                saltLib.release(salt);
+            }
+        }
+
+        @TruffleBoundary
+        private static Digest getDigest(String name) {
+            name = name.toLowerCase();
+            return DigestFactory.getDigest(NAME_MAPPINGS.getOrDefault(name, name));
+        }
+
+        @TruffleBoundary
+        private static byte[] generate(Digest digest, byte[] password, byte[] salt, int iterations, int dklen) {
+            PKCS5S2ParametersGenerator generator = new PKCS5S2ParametersGenerator(digest);
+            generator.init(password, salt, iterations);
+            CipherParameters cipherParameters = generator.generateDerivedParameters(dklen);
+            if (!(cipherParameters instanceof KeyParameter keyParameter)) {
+                throw CompilerDirectives.shouldNotReachHere("unexpected cipher parameters");
+            }
+            return keyParameter.getKey();
+        }
+    }
 }

graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/objects/buffer/PythonBufferAccessLibrary.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021, 2024, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2021, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * The Universal Permissive License (UPL), Version 1.0
@@ -277,6 +277,21 @@ public final byte[] getInternalOrCopiedByteArray(Object receiver) {
         }
     }
 
+    /**
+     * Get a byte array representing the buffer contents. Unlike
+     * {@link #getInternalOrCopiedByteArray(Object)}, always returns a byte array with length equal
+     * to the buffer size, making a copy if necessary. Do not write into the byte array.
+     */
+    public final byte[] getInternalOrCopiedExactByteArray(Object receiver) {
+        if (hasInternalByteArray(receiver)) {
+            byte[] r = getInternalByteArray(receiver);
+            if (r.length == getBufferLength(receiver)) {
+                return r;
+            }
+        }
+        return getCopiedByteArray(receiver);
+    }
+
     /**
      * Read a single byte from the buffer. Bounds checks are responsibility of the caller.
      *

graalpython/com.oracle.graal.python/src/com/oracle/graal/python/nodes/ErrorMessages.java

@@ -448,6 +448,10 @@ public abstract class ErrorMessages {
     public static final TruffleString ISINSTANCE_ARG_2_MUST_BE_TYPE_OR_TUPLE_OF_TYPE = tsLiteral("isinstance() arg 2 must be a type or tuple of types (was: %s)");
     public static final TruffleString ISSUBCLASS_MUST_BE_CLASS_OR_TUPLE = tsLiteral("issubclass() arg 2 must be a class or tuple of classes");
     public static final TruffleString ITER_V_MUST_BE_CALLABLE = tsLiteral("iter(v, w): v must be callable");
+    public static final TruffleString ITERATION_VALUE_MUST_BE_GREATER_THAN_ZERO = tsLiteral("iteration value must be greater than 0.");
+    public static final TruffleString ITERATION_VALUE_IS_TOO_GREAT = tsLiteral("iteration value is too great.");
+    public static final TruffleString KEY_LENGTH_MUST_BE_GREATER_THAN_ZERO = tsLiteral("key length must be greater than 0.");
+    public static final TruffleString KEY_LENGTH_IS_TOO_GREAT = tsLiteral("key length is too great.");
     public static final TruffleString KEYWORD_NAMES_MUST_BE_STR_GOT_P = tsLiteral("keyword names must be str, get %p");
     public static final TruffleString KEYWORDS_S_MUST_BE_STRINGS = tsLiteral("keywords must be strings");
     public static final TruffleString KLASS_ARG_IS_NOT_HOST_OBJ = tsLiteral("klass argument '%p' is not a host object");
@@ -777,6 +781,7 @@ public abstract class ErrorMessages {
     public static final TruffleString UNSIGNED_BYTE_INT_GREATER_THAN_MAX = tsLiteral("unsigned byte integer is greater than maximum");
     public static final TruffleString UNSIGNED_BYTE_INT_LESS_THAN_MIN = tsLiteral("unsigned byte integer is less than minimum");
     public static final TruffleString UNSUPPORTED_FORMAT_CHAR_AT_INDEX = tsLiteral("unsupported format character '%c' (0x%x) at index %d");
+    public static final TruffleString UNSUPPORTED_HASH_TYPE = tsLiteral("unsupported hash type %s");
     public static final TruffleString UNSUPPORTED_INSTANCEOF = tsLiteral("unsupported instanceof(%p, %p)");
     public static final TruffleString UNSUPPORTED_LOCALE_SETTING = tsLiteral("unsupported locale setting");
     public static final TruffleString UNSUPPORTED_OBJ_IN = tsLiteral("unsupported object in '%s'");