diff options
| author | Alex Stapleton <alexs@prol.etari.at> | 2014-02-05 19:47:00 +0000 |
|---|---|---|
| committer | Alex Stapleton <alexs@prol.etari.at> | 2014-02-05 19:51:27 +0000 |
| commit | 5d17ab3b354fe96e94689ad012163f42cc598a27 (patch) | |
| tree | 6a6f64e20e39b78dd3be973ac3d24fdfe15ee643 | |
| parent | 52026b85c3df15476d38f308cee59a29a9b43195 (diff) | |
| download | cryptography-5d17ab3b354fe96e94689ad012163f42cc598a27.tar.gz cryptography-5d17ab3b354fe96e94689ad012163f42cc598a27.tar.bz2 cryptography-5d17ab3b354fe96e94689ad012163f42cc598a27.zip | |
Sanity check keys.
Taken from RFC 3447.
| -rw-r--r-- | cryptography/hazmat/primitives/asymmetric/rsa.py | 15 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_rsa.py | 36 |
2 files changed, 50 insertions, 1 deletions
diff --git a/cryptography/hazmat/primitives/asymmetric/rsa.py b/cryptography/hazmat/primitives/asymmetric/rsa.py index aa24aee4..c5fecbc1 100644 --- a/cryptography/hazmat/primitives/asymmetric/rsa.py +++ b/cryptography/hazmat/primitives/asymmetric/rsa.py @@ -35,6 +35,12 @@ class RSAPublicKey(object): ): raise TypeError("RSAPublicKey arguments must be integers") + if modulus < 3: + raise ValueError("modulus must be >= 3") + + if public_exponent < 3 or public_exponent >= modulus: + raise ValueError("public_exponent must be >= 3 and < modulus") + self._public_exponent = public_exponent self._modulus = modulus @@ -71,6 +77,15 @@ class RSAPrivateKey(object): ): raise TypeError("RSAPrivateKey arguments must be integers") + if modulus < 3: + raise ValueError("modulus must be >= 3") + + if private_exponent >= modulus: + raise ValueError("private_exponent must be < modulus") + + if public_exponent < 3 or public_exponent >= modulus: + raise ValueError("public_exponent must be >= 3 and < modulus") + self._p = p self._q = q self._private_exponent = private_exponent diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index e50417b8..c725c5f0 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -50,9 +50,43 @@ class TestRSA(object): assert skey.key_size == pkey.key_size assert skey.key_size == pkey2.key_size - def test_invalid_arguments(self): + def test_invalid_argument_types(self): with pytest.raises(TypeError): rsa.RSAPrivateKey(None, None, None, None, None) with pytest.raises(TypeError): rsa.RSAPublicKey(None, None) + + def test_invalid_argument_values(self): + # tiny example key + rsa.RSAPrivateKey(3, 5, 14, 8, 15) + + # modulus too small + with pytest.raises(ValueError): + rsa.RSAPrivateKey(3, 5, 14, 8, 2) + + # private exp too high + with pytest.raises(ValueError): + rsa.RSAPrivateKey(3, 5, 16, 8, 15) + + # public exp too low + with pytest.raises(ValueError): + rsa.RSAPrivateKey(3, 5, 14, 2, 15) + + # public exp too high + with pytest.raises(ValueError): + rsa.RSAPrivateKey(3, 5, 14, 16, 15) + + rsa.RSAPublicKey(8, 15) + + # modulus too small + with pytest.raises(ValueError): + rsa.RSAPublicKey(8, 2) + + # public exp too low + with pytest.raises(ValueError): + rsa.RSAPublicKey(2, 15) + + # public exp too high + with pytest.raises(ValueError): + rsa.RSAPublicKey(16, 15) |