diff options
-rw-r--r-- | cryptography/hazmat/primitives/asymmetric/rsa.py | 11 | ||||
-rw-r--r-- | docs/hazmat/primitives/asymmetric/rsa.rst | 26 | ||||
-rw-r--r-- | tests/hazmat/primitives/test_rsa.py | 37 |
3 files changed, 59 insertions, 15 deletions
diff --git a/cryptography/hazmat/primitives/asymmetric/rsa.py b/cryptography/hazmat/primitives/asymmetric/rsa.py index 481797fe..b256ddcc 100644 --- a/cryptography/hazmat/primitives/asymmetric/rsa.py +++ b/cryptography/hazmat/primitives/asymmetric/rsa.py @@ -21,6 +21,17 @@ from cryptography.hazmat.backends.interfaces import RSABackend from cryptography.hazmat.primitives import interfaces +def generate_private_key(public_exponent, key_size, backend): + if not isinstance(backend, RSABackend): + raise UnsupportedAlgorithm( + "Backend object does not implement RSABackend.", + _Reasons.BACKEND_MISSING_INTERFACE + ) + + _verify_rsa_parameters(public_exponent, key_size) + return backend.generate_rsa_private_key(public_exponent, key_size) + + def _verify_rsa_parameters(public_exponent, key_size): if public_exponent < 3: raise ValueError("public_exponent must be >= 3.") diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst index 54839119..71b7cd9c 100644 --- a/docs/hazmat/primitives/asymmetric/rsa.rst +++ b/docs/hazmat/primitives/asymmetric/rsa.rst @@ -7,13 +7,37 @@ RSA `RSA`_ is a `public-key`_ algorithm for encrypting and signing messages. + +.. function:: generate_private_key(public_exponent, key_size, backend) + + .. versionadded:: 0.5 + + Generate an RSA private key using the provided ``backend``. + + :param int public_exponent: The public exponent of the new key. + Usually one of the small Fermat primes 3, 5, 17, 257, 65537. If in + doubt you should `use 65537`_. + :param int key_size: The length of the modulus in bits. For keys + generated in 2014 it is strongly recommended to be + `at least 2048`_ (See page 41). It must not be less than 512. + Some backends may have additional limitations. + :param backend: A + :class:`~cryptography.hazmat.backends.interfaces.RSABackend` + provider. + :return: A :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey` + provider. + + :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if + the provided ``backend`` does not implement + :class:`~cryptography.hazmat.backends.interfaces.RSABackend` + .. class:: RSAPrivateKey(p, q, private_exponent, dmp1, dmq1, iqmp, public_exponent, modulus) .. versionadded:: 0.2 An RSA private key is required for decryption and signing of messages. - You should use :meth:`~generate` to generate new keys. + You should use :func:`generate_private_key` to generate new keys. .. warning:: This method only checks a limited set of properties of its arguments. diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py index 610fa625..8f10fb10 100644 --- a/tests/hazmat/primitives/test_rsa.py +++ b/tests/hazmat/primitives/test_rsa.py @@ -97,32 +97,38 @@ class TestRSA(object): ) ) def test_generate_rsa_keys(self, backend, public_exponent, key_size): - skey = rsa.RSAPrivateKey.generate(public_exponent, key_size, backend) + skey = rsa.generate_private_key(public_exponent, key_size, backend) _check_rsa_private_key(skey) assert skey.key_size == key_size assert skey.public_exponent == public_exponent + def test_generate_rsa_key_class_method(self, backend): + skey = rsa.RSAPrivateKey.generate(65537, 512, backend) + _check_rsa_private_key(skey) + assert skey.key_size == 512 + assert skey.public_exponent == 65537 + def test_generate_bad_public_exponent(self, backend): with pytest.raises(ValueError): - rsa.RSAPrivateKey.generate(public_exponent=1, - key_size=2048, - backend=backend) + rsa.generate_private_key(public_exponent=1, + key_size=2048, + backend=backend) with pytest.raises(ValueError): - rsa.RSAPrivateKey.generate(public_exponent=4, - key_size=2048, - backend=backend) + rsa.generate_private_key(public_exponent=4, + key_size=2048, + backend=backend) def test_cant_generate_insecure_tiny_key(self, backend): with pytest.raises(ValueError): - rsa.RSAPrivateKey.generate(public_exponent=65537, - key_size=511, - backend=backend) + rsa.generate_private_key(public_exponent=65537, + key_size=511, + backend=backend) with pytest.raises(ValueError): - rsa.RSAPrivateKey.generate(public_exponent=65537, - key_size=256, - backend=backend) + rsa.generate_private_key(public_exponent=65537, + key_size=256, + backend=backend) @pytest.mark.parametrize( "pkcs1_example", @@ -380,6 +386,9 @@ def test_rsa_generate_invalid_backend(): pretend_backend = object() with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): + rsa.generate_private_key(65537, 2048, pretend_backend) + + with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): rsa.RSAPrivateKey.generate(65537, 2048, pretend_backend) @@ -966,7 +975,7 @@ class TestRSAVerification(object): def test_rsa_verifier_invalid_backend(self, backend): pretend_backend = object() - private_key = rsa.RSAPrivateKey.generate(65537, 2048, backend) + private_key = rsa.generate_private_key(65537, 2048, backend) public_key = private_key.public_key() with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE): |