RSA key-size is not configurable, it's 2048bits

2025-03-22 19:55:16 +00:00 · 2022-02-16 21:46:24 -07:00 · 2022-02-16 21:46:24 -07:00 · 2928a480ff
commit 2928a480ff
parent 5cd95920b6
8 changed files with 16 additions and 54 deletions
--- a/src/allmydata/client.py
+++ b/src/allmydata/client.py
@ -168,29 +168,12 @@ class SecretHolder(object):

 class KeyGenerator(object):
    """I create RSA keys for mutable files. Each call to generate() returns a
-    single keypair. The keysize is specified first by the keysize= argument
-    to generate(), then with a default set by set_default_keysize(), then
-    with a built-in default of 2048 bits."""
-    def __init__(self):
-        self.default_keysize = 2048
+    single keypair."""

-    def set_default_keysize(self, keysize):
-        """Call this to override the size of the RSA keys created for new
-        mutable files which don't otherwise specify a size. This will affect
-        all subsequent calls to generate() without a keysize= argument. The
-        default size is 2048 bits. Test cases should call this method once
-        during setup, to cause me to create smaller keys, so the unit tests
-        run faster."""
-        self.default_keysize = keysize
-
-    def generate(self, keysize=None):
+    def generate(self):
        """I return a Deferred that fires with a (verifyingkey, signingkey)
-        pair. I accept a keysize in bits (2048 bit keys are standard, smaller
-        keys are used for testing). If you do not provide a keysize, I will
-        use my default, which is set by a call to set_default_keysize(). If
-        set_default_keysize() has never been called, I will create 2048 bit
-        keys."""
-        keysize = keysize or self.default_keysize
+        pair. The returned key will be 2048 bit"""
+        keysize = 2048
        # RSA key generation for a 2048 bit key takes between 0.8 and 3.2
        # secs
        signer, verifier = rsa.create_signing_keypair(keysize)
@ -993,9 +976,6 @@ class _Client(node.Node, pollmixin.PollMixin):
        helper_furlfile = self.config.get_private_path("helper.furl").encode(get_filesystem_encoding())
        self.tub.registerReference(self.helper, furlFile=helper_furlfile)

-    def set_default_mutable_keysize(self, keysize):
-        self._key_generator.set_default_keysize(keysize)
-
    def _get_tempdir(self):
        """
        Determine the path to the directory where temporary files for this node
@ -1096,8 +1076,8 @@ class _Client(node.Node, pollmixin.PollMixin):
    def create_immutable_dirnode(self, children, convergence=None):
        return self.nodemaker.create_immutable_directory(children, convergence)

-    def create_mutable_file(self, contents=None, keysize=None, version=None):
-        return self.nodemaker.create_mutable_file(contents, keysize,
+    def create_mutable_file(self, contents=None, version=None):
+        return self.nodemaker.create_mutable_file(contents,
                                                  version=version)

    def upload(self, uploadable, reactor=None):
--- a/src/allmydata/crypto/rsa.py
+++ b/src/allmydata/crypto/rsa.py
@ -81,13 +81,9 @@ def create_signing_keypair_from_string(private_key_der):
        raise ValueError(
            "Private Key did not decode to an RSA key"
        )
-    if priv_key.key_size < 2048:
+    if priv_key.key_size != 2048:
        raise ValueError(
-            "Private Key is smaller than 2048 bits"
-        )
-    if priv_key.key_size > (2048 * 8):
-        raise ValueError(
-            "Private Key is unreasonably large"
+            "Private Key must be 2048 bits"
        )
    return priv_key, priv_key.public_key()

--- a/src/allmydata/nodemaker.py
+++ b/src/allmydata/nodemaker.py
@ -126,12 +126,12 @@ class NodeMaker(object):
            return self._create_dirnode(filenode)
        return None

-    def create_mutable_file(self, contents=None, keysize=None, version=None):
+    def create_mutable_file(self, contents=None, version=None):
        if version is None:
            version = self.mutable_file_default
        n = MutableFileNode(self.storage_broker, self.secret_holder,
                            self.default_encoding_parameters, self.history)
-        d = self.key_generator.generate(keysize)
+        d = self.key_generator.generate()
        d.addCallback(n.create_with_keys, contents, version=version)
        d.addCallback(lambda res: n)
        return d
--- a/src/allmydata/test/common.py
+++ b/src/allmydata/test/common.py
@ -133,9 +133,6 @@ from subprocess import (
    PIPE,
 )

-TEST_RSA_KEY_SIZE = 522
-TEST_RSA_KEY_SIZE = 2048
-
 EMPTY_CLIENT_CONFIG = config_from_string(
    "/dev/null",
    "tub.port",
--- a/src/allmydata/test/common_system.py
+++ b/src/allmydata/test/common_system.py
@ -34,7 +34,6 @@ from twisted.python.filepath import (
 )

 from .common import (
-    TEST_RSA_KEY_SIZE,
    SameProcessStreamEndpointAssigner,
 )

@ -736,7 +735,6 @@ class SystemTestMixin(pollmixin.PollMixin, testutil.StallMixin):
        c = yield client.create_client(basedirs[0])
        c.setServiceParent(self.sparent)
        self.clients.append(c)
-        c.set_default_mutable_keysize(TEST_RSA_KEY_SIZE)

        with open(os.path.join(basedirs[0],"private","helper.furl"), "r") as f:
            helper_furl = f.read()
@ -754,7 +752,6 @@ class SystemTestMixin(pollmixin.PollMixin, testutil.StallMixin):
            c = yield client.create_client(basedirs[i])
            c.setServiceParent(self.sparent)
            self.clients.append(c)
-            c.set_default_mutable_keysize(TEST_RSA_KEY_SIZE)
        log.msg("STARTING")
        yield self.wait_for_connections()
        log.msg("CONNECTED")
@ -838,7 +835,6 @@ class SystemTestMixin(pollmixin.PollMixin, testutil.StallMixin):
        def _stopped(res):
            new_c = yield client.create_client(self.getdir("client%d" % num))
            self.clients[num] = new_c
-            new_c.set_default_mutable_keysize(TEST_RSA_KEY_SIZE)
            new_c.setServiceParent(self.sparent)
        d.addCallback(_stopped)
        d.addCallback(lambda res: self.wait_for_connections())
@ -877,7 +873,6 @@ class SystemTestMixin(pollmixin.PollMixin, testutil.StallMixin):

        c = yield client.create_client(basedir.path)
        self.clients.append(c)
-        c.set_default_mutable_keysize(TEST_RSA_KEY_SIZE)
        self.numclients += 1
        if add_to_sparent:
            c.setServiceParent(self.sparent)
--- a/src/allmydata/test/mutable/test_problems.py
+++ b/src/allmydata/test/mutable/test_problems.py
@ -26,7 +26,6 @@ from allmydata.mutable.common import \
     NotEnoughServersError
 from allmydata.mutable.publish import MutableData
 from allmydata.storage.common import storage_index_to_dir
-from ..common import TEST_RSA_KEY_SIZE
 from ..no_network import GridTestMixin
 from .. import common_util as testutil
 from ..common_util import DevNullDictionary
@ -219,7 +218,7 @@ class Problems(GridTestMixin, AsyncTestCase, testutil.ShouldFailMixin):
        # use #467 static-server-selection to disable permutation and force
        # the choice of server for share[0].

-        d = nm.key_generator.generate(TEST_RSA_KEY_SIZE)
+        d = nm.key_generator.generate()
        def _got_key(keypair):
            (pubkey, privkey) = keypair
            nm.key_generator = SameKeyGenerator(pubkey, privkey)
--- a/src/allmydata/test/mutable/util.py
+++ b/src/allmydata/test/mutable/util.py
@ -25,7 +25,6 @@ from allmydata.storage_client import StorageFarmBroker
 from allmydata.mutable.layout import MDMFSlotReadProxy
 from allmydata.mutable.publish import MutableData
 from ..common import (
-    TEST_RSA_KEY_SIZE,
    EMPTY_CLIENT_CONFIG,
 )

@ -287,7 +286,7 @@ def make_storagebroker_with_peers(peers):
    return storage_broker


-def make_nodemaker(s=None, num_peers=10, keysize=TEST_RSA_KEY_SIZE):
+def make_nodemaker(s=None, num_peers=10):
    """
    Make a ``NodeMaker`` connected to some number of fake storage servers.

@ -298,20 +297,20 @@ def make_nodemaker(s=None, num_peers=10, keysize=TEST_RSA_KEY_SIZE):
        the node maker.
    """
    storage_broker = make_storagebroker(s, num_peers)
-    return make_nodemaker_with_storage_broker(storage_broker, keysize)
+    return make_nodemaker_with_storage_broker(storage_broker)


-def make_nodemaker_with_peers(peers, keysize=TEST_RSA_KEY_SIZE):
+def make_nodemaker_with_peers(peers):
    """
    Make a ``NodeMaker`` connected to the given storage servers.

    :param list peers: The storage servers to associate with the node maker.
    """
    storage_broker = make_storagebroker_with_peers(peers)
-    return make_nodemaker_with_storage_broker(storage_broker, keysize)
+    return make_nodemaker_with_storage_broker(storage_broker)


-def make_nodemaker_with_storage_broker(storage_broker, keysize):
+def make_nodemaker_with_storage_broker(storage_broker):
    """
    Make a ``NodeMaker`` using the given storage broker.

@ -319,8 +318,6 @@ def make_nodemaker_with_storage_broker(storage_broker, keysize):
    """
    sh = client.SecretHolder(b"lease secret", b"convergence secret")
    keygen = client.KeyGenerator()
-    if keysize:
-        keygen.set_default_keysize(keysize)
    nodemaker = NodeMaker(storage_broker, sh, None,
                          None, None,
                          {"k": 3, "n": 10}, SDMF_VERSION, keygen)
--- a/src/allmydata/test/no_network.py
+++ b/src/allmydata/test/no_network.py
@ -61,7 +61,6 @@ from allmydata.storage_client import (
    _StorageServer,
 )
 from .common import (
-    TEST_RSA_KEY_SIZE,
    SameProcessStreamEndpointAssigner,
 )

@ -393,7 +392,6 @@ class NoNetworkGrid(service.MultiService):

        if not c:
            c = yield create_no_network_client(clientdir)
-            c.set_default_mutable_keysize(TEST_RSA_KEY_SIZE)

        c.nodeid = clientid
        c.short_nodeid = b32encode(clientid).lower()[:8]