mirror of
https://github.com/tahoe-lafs/tahoe-lafs.git
synced 2024-12-28 00:38:52 +00:00
code and tests to check RSA key sizes
This commit is contained in:
parent
f02f14a6e2
commit
eddfd244a7
@ -77,6 +77,18 @@ def create_signing_keypair_from_string(private_key_der):
|
|||||||
password=None,
|
password=None,
|
||||||
backend=default_backend(),
|
backend=default_backend(),
|
||||||
)
|
)
|
||||||
|
if not isinstance(priv_key, rsa.RSAPrivateKey):
|
||||||
|
raise ValueError(
|
||||||
|
"Private Key did not decode to an RSA key"
|
||||||
|
)
|
||||||
|
if priv_key.key_size < 2048:
|
||||||
|
raise ValueError(
|
||||||
|
"Private Key is smaller than 2048 bits"
|
||||||
|
)
|
||||||
|
if priv_key.key_size > (2048 * 8):
|
||||||
|
raise ValueError(
|
||||||
|
"Private Key is unreasonably large"
|
||||||
|
)
|
||||||
return priv_key, priv_key.public_key()
|
return priv_key, priv_key.public_key()
|
||||||
|
|
||||||
|
|
||||||
|
1
src/allmydata/test/data/pycryptopp-rsa-1024-priv.txt
Normal file
1
src/allmydata/test/data/pycryptopp-rsa-1024-priv.txt
Normal file
@ -0,0 +1 @@
|
|||||||
|
MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAJLEAfZueLuT4vUQ1+c8ZM9dJ/LA29CYgA5toaMklQjbVQ2Skywvw1wEkRjhMpjQAx5+lpLTE2xCtqtfkHooMRNnquOxoh0o1Xya60jUHze7VB5QMV7BMKeUTff1hQqpIgw/GLvJRtar53cVY+SYf4SXx2/slDbVr8BI3DPwdeNtAgERAoGABzHD3GTJrteQJRxu+cQ3I0NPwx2IQ/Nlplq1GZDaIQ/FbJY+bhZrdXOswnl4cOcPNjNhu+c1qHGznv0ntayjCGgJ9dDySGqknDau+ezZcBO1JrIpPOABS7MVMst79mn47vB2+t8w5krrBYahAVp/L5kY8k+Pr9AU+L9mbevFW9MCQQDA+bAeMRNBfGc4gvoVV8ecovE1KRksFDlkaDVEOc76zNW6JZazHhQF/zIoMkV81rrg5UBntw3WR3R8A3l9osgDAkEAwrLQICJ3zjsJBt0xEkCBv9tK6IvSIc7MUQIc4J2Y1hiSjqsnTRACRy3UMsODfx/Lg7ITlDbABCLfv3v4D39jzwJBAKpFuYQNLxuqALlkgk8RN6hTiYlCYYE/BXa2TR4U4848RBy3wTSiEarwO1Ck0+afWZlCwFuDZo/kshMSH+dTZS8CQQC3PuIAIHDCGXHoV7W200zwzmSeoba2aEfTxcDTZyZvJi+VVcqi4eQGwbioP4rR/86aEQNeUaWpijv/g7xK0j/RAkBbt2U9bFFcja10KIpgw2bBxDU/c67h4+38lkrBUnM9XVBZxjbtQbnkkeAfOgQDiq3oBDBrHF3/Q8XM0CzZJBWS
|
1
src/allmydata/test/data/pycryptopp-rsa-32768-priv.txt
Normal file
1
src/allmydata/test/data/pycryptopp-rsa-32768-priv.txt
Normal file
File diff suppressed because one or more lines are too long
@ -60,6 +60,28 @@ class TestRegression(unittest.TestCase):
|
|||||||
# The public key corresponding to `RSA_2048_PRIV_KEY`.
|
# The public key corresponding to `RSA_2048_PRIV_KEY`.
|
||||||
RSA_2048_PUB_KEY = b64decode(f.read().strip())
|
RSA_2048_PUB_KEY = b64decode(f.read().strip())
|
||||||
|
|
||||||
|
with RESOURCE_DIR.child('pycryptopp-rsa-1024-priv.txt').open('r') as f:
|
||||||
|
# Created using `pycryptopp`:
|
||||||
|
#
|
||||||
|
# from base64 import b64encode
|
||||||
|
# from pycryptopp.publickey import rsa
|
||||||
|
# priv = rsa.generate(1024)
|
||||||
|
# priv_str = b64encode(priv.serialize())
|
||||||
|
# pub_str = b64encode(priv.get_verifying_key().serialize())
|
||||||
|
RSA_TINY_PRIV_KEY = b64decode(f.read().strip())
|
||||||
|
assert isinstance(RSA_TINY_PRIV_KEY, native_bytes)
|
||||||
|
|
||||||
|
with RESOURCE_DIR.child('pycryptopp-rsa-32768-priv.txt').open('r') as f:
|
||||||
|
# Created using `pycryptopp`:
|
||||||
|
#
|
||||||
|
# from base64 import b64encode
|
||||||
|
# from pycryptopp.publickey import rsa
|
||||||
|
# priv = rsa.generate(32768)
|
||||||
|
# priv_str = b64encode(priv.serialize())
|
||||||
|
# pub_str = b64encode(priv.get_verifying_key().serialize())
|
||||||
|
RSA_HUGE_PRIV_KEY = b64decode(f.read().strip())
|
||||||
|
assert isinstance(RSA_HUGE_PRIV_KEY, native_bytes)
|
||||||
|
|
||||||
def test_old_start_up_test(self):
|
def test_old_start_up_test(self):
|
||||||
"""
|
"""
|
||||||
This was the old startup test run at import time in `pycryptopp.cipher.aes`.
|
This was the old startup test run at import time in `pycryptopp.cipher.aes`.
|
||||||
@ -232,6 +254,22 @@ class TestRegression(unittest.TestCase):
|
|||||||
priv_key, pub_key = rsa.create_signing_keypair_from_string(self.RSA_2048_PRIV_KEY)
|
priv_key, pub_key = rsa.create_signing_keypair_from_string(self.RSA_2048_PRIV_KEY)
|
||||||
rsa.verify_signature(pub_key, self.RSA_2048_SIG, b'test')
|
rsa.verify_signature(pub_key, self.RSA_2048_SIG, b'test')
|
||||||
|
|
||||||
|
def test_decode_tiny_rsa_keypair(self):
|
||||||
|
'''
|
||||||
|
An unreasonably small RSA key is rejected ("unreasonably small"
|
||||||
|
means less that 2048 bits)
|
||||||
|
'''
|
||||||
|
with self.assertRaises(ValueError):
|
||||||
|
rsa.create_signing_keypair_from_string(self.RSA_TINY_PRIV_KEY)
|
||||||
|
|
||||||
|
def test_decode_huge_rsa_keypair(self):
|
||||||
|
'''
|
||||||
|
An unreasonably _large_ RSA key is rejected ("unreasonably large"
|
||||||
|
means 32768 or more bits)
|
||||||
|
'''
|
||||||
|
with self.assertRaises(ValueError):
|
||||||
|
rsa.create_signing_keypair_from_string(self.RSA_HUGE_PRIV_KEY)
|
||||||
|
|
||||||
def test_encrypt_data_not_bytes(self):
|
def test_encrypt_data_not_bytes(self):
|
||||||
'''
|
'''
|
||||||
only bytes can be encrypted
|
only bytes can be encrypted
|
||||||
|
Loading…
Reference in New Issue
Block a user